🚀 Medial Secures Investment on Shark Tank India - Fueling the Future of Professional Social Networking. 🔥
✕
Login
Home
News
Messages
Startup Showcase
Trackers
Premium
Premium Content
Jobs
Notifications
Settings
Try our Valuation Calculator →
Log In
News on Medial
“MFA Fatigue” attack targets iPhone owners with endless password reset prompts
Arstechnica
·
1y ago
Medial
Phishing attacks are exploiting human weaknesses by bombarding Apple users with multifactor authentication (MFA) prompts that cannot be skipped. Known as MFA fatigue attacks, this technique involves overwhelming users with repeated prompts, forcing them to either click "Allow" without thinking or accidentally click the wrong option. Both state-sponsored threat actor Fancy Bear and a group called Lapsus$ have successfully used this tactic. The attacks also involve spoofed Apple support calls. The vulnerability highlights the need for rate limiting or access control in Apple's password-reset system. FIDO-compliant MFA is immune to such attacks.
View Source
Related News
There's a new scam targeting iPhone owners with a barrage of notifications
Business Insider
·
1y ago
Medial
In a new phishing scam targeting Apple users, some iPhone owners have received repeated notifications to allow a reset of their Apple ID password. The attack, known as "MFA bombing," uses Apple device notifications to prompt users, preventing them from using their phone until they deny or accept the request. The scammers even went further by making spoofed calls from the Apple Support phone number to trick users into resetting their passwords. Apple has acknowledged the issue and advises customers not to provide personal information and to report any suspicious messages or calls.
View Source
ChatGPT is finally making your account more secure
Techradar
·
1y ago
Medial
OpenAI has introduced multi-factor authentication (MFA) to enhance account security on ChatGPT. Users can enable MFA through the settings on the ChatGPT web page or OpenAI Developer platform, requiring an authenticator app installed on a mobile device. MFA generates ever-changing 6-digit codes that need to be entered at login, along with the username and password. It also provides recovery codes for backup access. While using an authenticator app is considered safer than SMS codes, there have been cases of hackers circumventing MFA. Additionally, users may experience fatigue from frequent verification prompts.
View Source
Apple users targeted in phishing attack: How to protect your iPhone
Livemint
·
1y ago
Medial
Apple users are facing a phishing attack that exploits the password reset system, bombarding their devices with notifications or multi-factor authentication messages. The attack aims to trick users into authorizing a password change request, giving the attackers control of the Apple ID. The onslaught of notifications renders the devices unusable until each alert is dismissed. Attackers are even attempting to coerce victims into divulging one-time passwords sent to their phone numbers. Users are advised to be cautious and not approve suspicious password change requests, and to be wary of unsolicited calls requesting password reset codes.
View Source
Five Eyes top agencies issue warning that Russian hackers are targeting the cloud — and the human factor is once again to blame
Techradar
·
1y ago
Medial
The Five Eyes alliance issued a warning that Russian hacker groups are targeting cloud services as their preferred method of attack. Instead of focusing on on-prem infrastructure, hackers are shifting their attention to cloud-based environments. The methods used, such as password spraying and brute force attacks, remain consistent, but threat actors are now exploiting cloud services directly. The advisory provides mitigation and detection techniques, including the use of MFA, strong passwords, and restricting user access. The use of MagicWeb malware by Russian hackers is also highlighted.
View Source
How to stay safe from cybercriminal "quishing" attacks
Techradar
·
1y ago
Medial
Phishing attacks using QR codes, also known as "quishing," are gaining momentum as scammers aim to bypass multi-factor authentication (MFA). QR phishing takes advantage of users' trust and familiarity with QR codes, embedding malicious codes in seemingly legitimate emails. Scammers can then redirect users to phishing sites designed to steal business credentials and MFA tokens. The success of quishing lies in the less secure nature of mobile devices, difficulty in detecting malicious links behind QR codes, and effective social engineering techniques. Businesses need to implement stronger security measures, such as training employees to recognize these attacks, enforcing strict password policies, reducing MFA token expiration time, and implementing anomaly detection and extended detection and response (XDR) solutions for monitoring and rapid response.
View Source
Apple adds 'Activation Lock' to iPhone parts in iOS 18 to prevent theft: Report
Livemint
·
10m ago
Medial
Apple has expanded its Activation Lock feature to individual iPhone components in order to combat theft and deter the resale of stolen iPhone parts. The new feature, available with the release of iOS 18, links specific components to the original owner's Apple Account, making it harder for unauthorized repairs to be carried out using parts from other iPhones. When a replacement part is detected, the device prompts the user for the original owner's Apple Account password to verify authenticity. This move aims to close a loophole in the market for stolen iPhone parts and make iPhones less attractive for theft.
View Source
Ransomware remains the most pressing security issue worldwide — but even schools are being targeted now
Techradar
·
1y ago
Medial
According to a report from cybersecurity researchers Cisco Talos, ransomware has once again become the top cybersecurity threat in 2023. The report states that ransomware activity significantly increased in the fourth quarter, with the education sector being one of the primary targets. Furthermore, the lack of multi-factor authentication (MFA) implementation was identified as the leading security weakness, accounting for 36% of engagements. To mitigate the risk of ransomware attacks, businesses are advised to enable MFA on employee accounts whenever possible.
View Source
Exclusive: Apple warns users of "mercenary spyware" attack; India, 91 other countries impacted
Economic Times
·
1y ago
Medial
Apple is expected to notify users in India and 91 other countries that they were targets of a "mercenary spyware" attack. The attack, which used the sophisticated Pegasus spyware from NSO Group, aimed to gain unauthorized access to users' devices. Apple's threat notification warns users they are being targeted specifically and advises them to take the alert seriously. The company has updated its support page to provide tips for users who may have been targets. This is the second round of threat notifications, with the previous one in 2023 warning of a "state-sponsored" attack.
View Source
Health care giant comes clean about recent hack and paid ransom
Arstechnica
·
1y ago
Medial
Change Healthcare recently experienced a ransomware attack that disrupted the US prescription market for two weeks. The attack was made possible through a compromised account that did not have multifactor authentication (MFA) in place. Hackers gained access to the account and moved within the systems before exfiltrating data. The breach started on February 12, and after remaining undetected for nine days, the attackers deployed ransomware, forcing the company to rebuild its entire IT infrastructure. The company paid a ransom of $22 million to the attackers, but they failed to destroy the stolen data as promised. Change Healthcare has since restored its systems, with payment processing at 86% of pre-incident levels.
View Source
Apple patches 0-day exploited in “extremely sophisticated attack”
Arstechnica
·
4m ago
Medial
Apple has patched a critical zero-day vulnerability in Webkit affecting iPhones and iPads, potentially exploited in a sophisticated attack targeting specific individuals. This vulnerability allowed malicious web content to escape the security sandbox. It impacts several iPhone and iPad models, requiring users to update to iOS and iPadOS 18.3.2. While there’s no indication of widespread exploitation, targets of entities like law enforcement or nation-state spies should update immediately for security.
View Source
Trackers
Active Indian VC’s
OG Capital
Email
With a hands-on approach, OG Capital aims to invest in over 20 promising...
Accel Partners
Email
Early and growth-stage investments in disruptive technology companies with...
Blume
Email
Early-stage venture capital firm investing in technology startups in India. Focus on...
Access All Trackers
Startup Showcase Winners
June 2025
Buddy
Helping your parents when you are miles away
BiteStop
The Pit Stop Your Cravings Deserve
Bloomer
The next generation E-commerce platform
Enter Ongoing Startup Showcase
Top Users
Trending News on Medial
Download the medial app to read full posts, comements and news.
Go to Medial App
Not Now
Know everything that’s happening in the startup ecosystem, first.
Enable Notifications?
No, thanks
Count me in