1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Screen sharing software can bypass MFA and put you at risk of cyb

    From TechnologyDaily@1337:1/100 to All on Wed Feb 23 12:45:04 2022
    Screen sharing software can bypass MFA and put you at risk of cyberattacks

    Date:
    Wed, 23 Feb 2022 12:33:49 +0000

    Description:
    Researcher uncovers way to trick users into logging into their accounts on other people's devices

    FULL STORY ======================================================================

    A cybersecurity researcher has discovered a new and dangerous way to abuse online collaboration software to bypass multi-factor authentication (MFA) and compromise otherwise secure accounts.

    The researcher, who goes by the name mr.dox, stumbled upon the idea when
    doing penetration testing for a customer.

    Usually, MFA is a great way to protect an account from phishing because even if the victim ends up on a fake landing page and enters their login credentials, their account is still protected by the one-time passcode. TechRadar needs you!

    We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time, and entrants from the UK and US will have the chance to enter a draw for a 100 Amazon gift card (or equivalent in USD). Thank you for taking part.

    Click here to start the survey in a new window << It's not your browser

    However, what if the victim was actually accessing a noVNC session, with Firefox (or any other browser, for that matter) in kiosk mode, instead of accessing the website in the browser on their own device?

    Thats exactly what mr.dox succeeded in doing. NoVNC is, in the simplest possible terms, a remote desktop program, one that allows users to connect to a VNC (Virtual Network Computing) server directly from a browser, by simply clicking a link.

    In theory, an attacker can craft a phishing email notifying the target of a new, unread message on their LinkedIn account. The email would carry a Log in here link which would bring up the noVNC session, and the browser in kiosk mode. That way, all the user will see is a web page, as theyd expect. Read more

    What is phishing and how dangerous is it?


    LinkedIn is becoming a paradise for phishing attacks


    Monzo customers bombarded with phishing attacks

    After logging in (and even submitting their MFA key), the attacker can use various tools to steal passwords and security keys. Whats even more dangerous is the fact that some services require MFA only once, and after authorizing the device, the password would suffice.

    Also, VNC allows more than one person to monitor the same session,
    potentially allowing the attackers to disconnect the victims session after logging in, and then reconnect at a later date.

    Speaking with BleepingComputer , the researcher said the attack is still theoretical as it hasnt been observed in the wild, but he believes its only a matter of time before it does.

    As for security measures - theyre always the same with phishing. Dont
    download any email attachments, and dont open any email links, unless absolutely certain of the authenticity of the sender and their good intentions. Check out our list of the best productivity tools available now

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/screen-sharing-software-can-bypass-mfa-and-put- you-at-risk-of-cyberattacks/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)