PoisonSeed Hackers Bypass FIDO Keys Using QR Phishing and Cross-Device Sign-In Abuse The Hacker News Threat actors downgrade FIDO2 MFA auth in PoisonSeed phishing attack BleepingComputer ‘PoisonSeed’ Attacker Skates Around FIDO Keys Dark Reading | Security Phishers have found a way to downgrade—not bypass—FIDO MFA Ars Technica New PoisonSeed Attack Let Attackers Trick Users into Scanning a QR Code with an MFA Authenticator CyberSecurityNews Source …
Read More »Tag Archives: PoisonSeed
Threat actors downgrade FIDO2 MFA auth in PoisonSeed phishing attack
A PoisonSeed phishing campaign is bypassing FIDO2 security key protections by abusing the cross-device sign-in feature in WebAuthn to trick users into approving login authentication requests from fake company portals. The PoisonSeed threat actors are known to employ large-volume phishing attacks for financial fraud. In the past, distributing emails containing crypto seed phrases used to drain cryptocurrency wallets. In the recent phishing …
Read More »