#2fa-bypass

[ follow ]
#cve-2020-12812 #ldap #ai-enabled-cyberattacks #zero-day-exploits #phishing-resistant-mfa
Information security
fromSecuritymagazine
21 hours ago

What Security Leaders Say About the First AI-Developed Zero-Day Exploit

AI-generated zero-day exploitation has become operational, requiring stronger, phishing-resistant authentication and treating privileged access as a separate attack surface.
Information security
fromThe Hacker News
2 months ago

New ZeroDayRAT Mobile Spyware Enables Real-Time Surveillance and Data Theft

ZeroDayRAT is a commercial mobile spyware platform enabling real-time surveillance, data exfiltration, and financial theft on Android and iOS via a seller-provided builder and control panel.
fromTechzine Global
4 months ago

Attackers exploit five-year-old Fortinet vulnerability

The vulnerability makes it possible to bypass two-factor authentication on VPN connections, despite a patch having been available since 2020. The vulnerability CVE-2020-12812 affects the SSL VPN component of FortiOS, the operating system that runs on Fortinet devices such as firewalls and VPN systems. Attackers can bypass the enabled 2FA for a VPN account by changing the username. The problem occurs when 2FA is enabled in the "user local" setting and a remote authentication method is configured for this user.
Information security
Information security
fromThe Hacker News
4 months ago

Fortinet Warns of Active Exploitation of FortiOS SSL VPN 2FA Bypass Vulnerability

CVE-2020-12812 allows LDAP users with 2FA on FortiGate SSL VPN to bypass second-factor authentication when username case mismatches under specific configurations.
Information security
fromThe Hacker News
8 months ago

Watch Out for Salty2FA: New Phishing Kit Targeting US and EU Enterprises

Salty2FA is a PhaaS phishing kit that bypasses push, SMS, and voice 2FA to intercept credentials and codes, enabling high-impact account takeovers across industries.
[ Load more ]