🚀 Medial Secures Investment on Shark Tank India - Fueling the Future of Professional Social Networking. 🔥

Startup Showcase

Premium Content

Try our Valuation Calculator →

News on Medial

“MFA Fatigue” attack targets iPhone owners with endless password reset prompts

Arstechnica

Arstechnica · 1y ago

“MFA Fatigue” attack targets iPhone owners with endless password reset prompts

Phishing attacks are exploiting human weaknesses by bombarding Apple users with multifactor authentication (MFA) prompts that cannot be skipped. Known as MFA fatigue attacks, this technique involves overwhelming users with repeated prompts, forcing them to either click "Allow" without thinking or accidentally click the wrong option. Both state-sponsored threat actor Fancy Bear and a group called Lapsus$ have successfully used this tactic. The attacks also involve spoofed Apple support calls. The vulnerability highlights the need for rate limiting or access control in Apple's password-reset system. FIDO-compliant MFA is immune to such attacks.

Related News

There's a new scam targeting iPhone owners with a barrage of notifications

Business Insider

Business Insider · 1y ago

There's a new scam targeting iPhone owners with a barrage of notifications

In a new phishing scam targeting Apple users, some iPhone owners have received repeated notifications to allow a reset of their Apple ID password. The attack, known as "MFA bombing," uses Apple device notifications to prompt users, preventing them from using their phone until they deny or accept the request. The scammers even went further by making spoofed calls from the Apple Support phone number to trick users into resetting their passwords. Apple has acknowledged the issue and advises customers not to provide personal information and to report any suspicious messages or calls.

ChatGPT is finally making your account more secure

Techradar

Techradar · 1y ago

ChatGPT is finally making your account more secure

OpenAI has introduced multi-factor authentication (MFA) to enhance account security on ChatGPT. Users can enable MFA through the settings on the ChatGPT web page or OpenAI Developer platform, requiring an authenticator app installed on a mobile device. MFA generates ever-changing 6-digit codes that need to be entered at login, along with the username and password. It also provides recovery codes for backup access. While using an authenticator app is considered safer than SMS codes, there have been cases of hackers circumventing MFA. Additionally, users may experience fatigue from frequent verification prompts.

Apple users targeted in phishing attack: How to protect your iPhone

Livemint

Livemint · 1y ago

Apple users targeted in phishing attack: How to protect your iPhone

Apple users are facing a phishing attack that exploits the password reset system, bombarding their devices with notifications or multi-factor authentication messages. The attack aims to trick users into authorizing a password change request, giving the attackers control of the Apple ID. The onslaught of notifications renders the devices unusable until each alert is dismissed. Attackers are even attempting to coerce victims into divulging one-time passwords sent to their phone numbers. Users are advised to be cautious and not approve suspicious password change requests, and to be wary of unsolicited calls requesting password reset codes.

Five Eyes top agencies issue warning that Russian hackers are targeting the cloud — and the human factor is once again to blame

Techradar

Techradar · 1y ago

Five Eyes top agencies issue warning that Russian hackers are targeting the cloud — and the human factor is once again to blame

The Five Eyes alliance issued a warning that Russian hacker groups are targeting cloud services as their preferred method of attack. Instead of focusing on on-prem infrastructure, hackers are shifting their attention to cloud-based environments. The methods used, such as password spraying and brute force attacks, remain consistent, but threat actors are now exploiting cloud services directly. The advisory provides mitigation and detection techniques, including the use of MFA, strong passwords, and restricting user access. The use of MagicWeb malware by Russian hackers is also highlighted.

How to stay safe from cybercriminal "quishing" attacks

Techradar

Techradar · 1y ago

How to stay safe from cybercriminal "quishing" attacks

Phishing attacks using QR codes, also known as "quishing," are gaining momentum as scammers aim to bypass multi-factor authentication (MFA). QR phishing takes advantage of users' trust and familiarity with QR codes, embedding malicious codes in seemingly legitimate emails. Scammers can then redirect users to phishing sites designed to steal business credentials and MFA tokens. The success of quishing lies in the less secure nature of mobile devices, difficulty in detecting malicious links behind QR codes, and effective social engineering techniques. Businesses need to implement stronger security measures, such as training employees to recognize these attacks, enforcing strict password policies, reducing MFA token expiration time, and implementing anomaly detection and extended detection and response (XDR) solutions for monitoring and rapid response.

Apple adds 'Activation Lock' to iPhone parts in iOS 18 to prevent theft: Report

Livemint

Livemint · 11m ago

Apple adds 'Activation Lock' to iPhone parts in iOS 18 to prevent theft: Report

Apple has expanded its Activation Lock feature to individual iPhone components in order to combat theft and deter the resale of stolen iPhone parts. The new feature, available with the release of iOS 18, links specific components to the original owner's Apple Account, making it harder for unauthorized repairs to be carried out using parts from other iPhones. When a replacement part is detected, the device prompts the user for the original owner's Apple Account password to verify authenticity. This move aims to close a loophole in the market for stolen iPhone parts and make iPhones less attractive for theft.

Ransomware remains the most pressing security issue worldwide — but even schools are being targeted now

Techradar

Techradar · 1y ago

Ransomware remains the most pressing security issue worldwide — but even schools are being targeted now

According to a report from cybersecurity researchers Cisco Talos, ransomware has once again become the top cybersecurity threat in 2023. The report states that ransomware activity significantly increased in the fourth quarter, with the education sector being one of the primary targets. Furthermore, the lack of multi-factor authentication (MFA) implementation was identified as the leading security weakness, accounting for 36% of engagements. To mitigate the risk of ransomware attacks, businesses are advised to enable MFA on employee accounts whenever possible.

Exclusive: Apple warns users of "mercenary spyware" attack; India, 91 other countries impacted

Economic Times

Economic Times · 1y ago

Exclusive: Apple warns users of "mercenary spyware" attack; India, 91 other countries impacted

Apple is expected to notify users in India and 91 other countries that they were targets of a "mercenary spyware" attack. The attack, which used the sophisticated Pegasus spyware from NSO Group, aimed to gain unauthorized access to users' devices. Apple's threat notification warns users they are being targeted specifically and advises them to take the alert seriously. The company has updated its support page to provide tips for users who may have been targets. This is the second round of threat notifications, with the previous one in 2023 warning of a "state-sponsored" attack.

Health care giant comes clean about recent hack and paid ransom

Arstechnica

Arstechnica · 1y ago

Health care giant comes clean about recent hack and paid ransom

Change Healthcare recently experienced a ransomware attack that disrupted the US prescription market for two weeks. The attack was made possible through a compromised account that did not have multifactor authentication (MFA) in place. Hackers gained access to the account and moved within the systems before exfiltrating data. The breach started on February 12, and after remaining undetected for nine days, the attackers deployed ransomware, forcing the company to rebuild its entire IT infrastructure. The company paid a ransom of $22 million to the attackers, but they failed to destroy the stolen data as promised. Change Healthcare has since restored its systems, with payment processing at 86% of pre-incident levels.

Apple patches 0-day exploited in “extremely sophisticated attack”

Arstechnica

Arstechnica · 5m ago

Apple patches 0-day exploited in “extremely sophisticated attack”

Apple has patched a critical zero-day vulnerability in Webkit affecting iPhones and iPads, potentially exploited in a sophisticated attack targeting specific individuals. This vulnerability allowed malicious web content to escape the security sandbox. It impacts several iPhone and iPad models, requiring users to update to iOS and iPadOS 18.3.2. While there’s no indication of widespread exploitation, targets of entities like law enforcement or nation-state spies should update immediately for security.

Trackers

Active Indian VC’s

OG Capital Email

With a hands-on approach, OG Capital aims to invest in over 20 promising...

Accel Partners Email

Early and growth-stage investments in disruptive technology companies with...

Early-stage venture capital firm investing in technology startups in India. Focus on...

Access All Trackers

Startup Showcase Winners

June 2025

Helping your parents when you are miles away

The Pit Stop Your Cravings Deserve

The next generation E-commerce platform

Enter Ongoing Startup Showcase

Top Users

Trending News on Medial

Just Months After Promotion, Open ...

Exclusive: Robotics startup Miko ...

“Your Phone Is Outdated”: Sam Alt ...

Download the medial app to read full posts, comements and news.