[Heads-up] New Exploit Hacks LinkedIn 2-factor Auth. See This Kevin Mitnick VIDEO

(Howard) #1

Posted by Stu Sjouwerman May 8th!
"OK, here is something really scary.

KnowBe4’s Chief Hacking Officer Kevin Mitnick now and then calls me with some chilling news. This time, a white hat hacker friend of his developed a tool to bypass 2-factor authentication, and it can be weaponized for any site! My first thought when I heard about this was: “Holy cr@p!”

I asked him: “Can you show it to me?”, and Kevin just sent me a video demo, you can see it below."

This particular attack is based on proxying the user through the attacker’s system with a credentials phish that uses a typo-squatting domain. Once the user falls for this social engineering tactic and enters their credentials, their authenticated session cookie gets intercepted and it’s trivial to hack into the target’s account.