Tag Archives: FIDO

Security researchers have created a new FIDO downgrade attack against Microsoft Entra ID that tricks users into authenticating with weaker login methods, making them susceptible to phishing and session hijacking. These weaker login channels are vulnerable to adversary-in-the-middle phishing attacks that employ tools like Evilginx, enabling attackers to snatch valid session cookies and hijack the accounts. Although the attack doesn’t prove …

PoisonSeed Hackers Bypass FIDO Keys Using QR Phishing and Cross-Device Sign-In Abuse  The Hacker News Threat actors downgrade FIDO2 MFA auth in PoisonSeed phishing attack  BleepingComputer ‘PoisonSeed’ Attacker Skates Around FIDO Keys  Dark Reading | Security Phishers have found a way to downgrade—not bypass—FIDO MFA  Ars Technica New PoisonSeed Attack Let Attackers Trick Users into Scanning a QR Code with an MFA Authenticator  CyberSecurityNews Source …