CyberNews Briefs

New tool automates phishing attacks that bypass 2FA

At the start of this year, Polish researcher Piotr Duszyński published Modlishka, a new penetration testing tool that makes the automation of phishing attacks easier than ever before, and even allows attackers to bypass two-factor authentication (2FA) for targeted accounts.

Modlishka is considered a reverse proxy that sits between a user and a targeted website, like an email client. A victim that clicks on a phishing link, will be connected to the Modlishka server and end up on a fake copy of the intended website. Meanwhile, Modlishka opens a connection with the actual website and makes sure that login credentials entered by the victim on the fake website, are secretly entered on the actual site as well, allowing threat actors to gain access to the account.

Read more:

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.