3rd Party Risk Management , Account Takeover Fraud , Anti-Phishing, DMARC

EvilProxy Bypasses MFA by Capturing Session Cookies

Also: Lloyd's to Exclude Nation-State Cyberattacks; Confusion for Okta's Sales Force
EvilProxy Bypasses MFA by Capturing Session Cookies

The latest ISMG Security Report discusses a new phishing-as-a-service toolkit used by threat actors to bypass multifactor authentication, the decision by Lloyd's of London to exclude nation-state attacks from cyber insurance policies, and challenges at Okta since its acquisition of customer identity giant Auth0.

In this report, you'll hear (click on player beneath image to listen):

  • ISMG's Jeremy Kirk discuss fresh research that details a newly identified criminal service called EvilProxy that steals session cookies to bypass MFA and compromise accounts;
  • Jonathan Armstrong of Cordery law firm analyze the announcement by insurance market giant Lloyd's of London that its cyber insurance policies will no longer cover state-sponsored cyberattacks;
  • ISMG's Michael Novinson explain how Okta's acquisition of customer identity giant Auth0 has confused its own sales force.

The ISMG Security Report appears weekly on this and other ISMG websites. Don't miss the Aug. 25 and Sept. 1 editions, which respectively discuss whether ransomware-as-a-service groups are in decline and the evolving state of ransomware response.

Theme music for the ISMG Security Report is by Ithaca Audio under a Creative Commons license.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.