New Astaroth 2FA Phishing Kit Targeting Gmail, Yahoo, Office 365, and 3rd-Party Logins

To safeguard against sophisticated phishing attacks like the Astaroth 2FA phishing kit, users should create strong, unique passwords, enable two-factor authentication (2FA) using authenticator apps, and exercise caution when handling links or attachments from unknown sources. The Astaroth 2FA phishing kit represents a serious threat to online security, as it targets not only email services but also third-party platforms. A sophisticated phishing kit, known as the Astaroth 2FA phishing kit, has been identified targeting major email services such as Gmail, Yahoo, and Office 365, along with third-party login platforms. The Astaroth phishing kit is highly customizable and can be tailored to mimic the login pages of various services, making it difficult for users to distinguish between legitimate and fake sites. Moreover, security analysts at SlahsNext identified that t uses advanced techniques to capture login credentials and 2FA codes, often through SMS or authenticator apps. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. This kit is designed to bypass two-factor authentication (2FA) security measures, posing a significant threat to users’ online security. Users should remain vigilant and use additional security measures such as authenticator apps with push notifications instead of SMS-based 2FA. Tushar is a Cyber security content editor with a passion for creating captivating and informative content.

This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 14 Feb 2025 12:35:32 +0000

Cyber News related to New Astaroth 2FA Phishing Kit Targeting Gmail, Yahoo, Office 365, and 3rd-Party Logins

New Astaroth 2FA Phishing Kit Targeting Gmail, Yahoo, Office 365, and 3rd-Party Logins - To safeguard against sophisticated phishing attacks like the Astaroth 2FA phishing kit, users should create strong, unique passwords, enable two-factor authentication (2FA) using authenticator apps, and exercise caution when handling links or ...
1 week ago Cybersecuritynews.com

Gmail Hackers Leave Vital Clues Behind-Check These 3 Things Now - With more than 1.8 billion active accounts, Gmail is not only one of the most used services online but one of the most targeted by hackers. It's not hard to understand why, as Gmail soaks up around half of all email client usage by U.S. market share. ...
1 year ago Forbes.com

MFA vs 2FA: Which Is Best for Your Business? - If a user falls for a phishing scam and their credentials are compromised, multi-factor authentication or two-factor authentication provide an additional safeguard against a breach. MFA uses authentication factors such as a pin, an SMS code, an ...
11 months ago Techrepublic.com

Accelerating Cloud-Native Data Security Deployments at Scale with Imperva's eDSF Kit - Elastic DSF is the vision of DSF. The first phase of this vision is creating automatic, click of a button processes to deploy and upgrade DSF with the introduction of Imperva eDSF Kit. eDSF Kit simplifies the product deployment, upgrades, and ongoing ...
1 year ago Imperva.com

Microsoft 365 To Block Downloaded Excel XLL Add-Ins To Boost Security - Microsoft has recently announced that in order to help improve security, Microsoft 365 is now blocking the download of XLL add-ins for Excel on both Window PCs and Apple Macs. This new feature will be put into effect early 2021, affecting both Office ...
2 years ago Bleepingcomputer.com

10 Years After Yahoo, What's Changed? - In September 2016, Yahoo copped to a breach of 500 million user records. Even today it's one of the top five biggest data breaches in history by sheer volume, yet it's only Yahoo's second biggest. Rew Komarov already knew by September of that year ...
1 year ago Darkreading.com

Spear Phishing vs Phishing: What Are The Main Differences? - Almost half of them used phishing to obtain the passwords of users. Highly targeted phishing campaigns against specific individuals or types of individuals are known as spear phishing. It's important to be able to spot phishing in general. For ...
1 year ago Techrepublic.com

GitHub warns users to enable 2FA before upcoming deadline - GitHub is warning users that they will soon have limited functionality on the site if they do not enable two-factor authentication on their accounts. In emails sent to GitHub users on Christmas Eve, the company warned that all users contributing code ...
1 year ago Bleepingcomputer.com

New phishing attack steals your Instagram backup codes to bypass 2FA - A new phishing campaign pretending to be a 'copyright infringement' email attempts to steal the backup codes of Instagram users, allowing hackers to bypass the two-factor authentication configured on the account. Two-factor authentication is a ...
1 year ago Bleepingcomputer.com

Veeam adds BaaS capabilities for Veeam Backup for Microsoft 365 - Veeam Software has expanded its relationship with Microsoft. Veeam is making it easier for customers to protect Microsoft 365 with Cirrus by Veeam which brings the ease and flexibility of Backup-as-a-Service for Microsoft 365. Utilizing the power and ...
1 year ago Helpnetsecurity.com

Microsoft Office 2024 now available for Windows and macOS users - As announced earlier in September, starting in Office 2024, Microsoft will also turn off ActiveX controls by default in Word, Excel, PowerPoint, and Visio client apps, a measure likely prompted by ActiveX's well-known security issues. Last month, ...
4 months ago Bleepingcomputer.com

What SOCs Need to Know About Water Dybbuk - According to the Federal Bureau of Investigation, BEC costs victims more money than ransomware, with an estimated US$2.4 billion being lost to BEC in the US in 2021. Recently, BEC scammers have been using stolen accounts from legitimate Simple Mail ...
2 years ago Trendmicro.com

Flipping the BEC funnel: Phishing in the age of GenAI - For years, phishing was just a numbers game: A malicious actor would slap together an extremely generic email and fire it out to thousands of recipients in the hope that a few might take the bait. Common among these new techniques was a shift towards ...
1 year ago Helpnetsecurity.com

Mandiant says X account brute forced without 2FA protection The Register - Well, Mandiant's carefully worded response basically said it wasn't implemented. It didn't specifically point to the policy change X announced in February 2023, which was to disable SMS-based 2FA for users who didn't pay for Twitter Blue, but some ...
1 year ago Go.theregister.com

Cybersecurity Weekly Recap: Latest on Attacks, Vulnerabilities, & Data Breaches - A critical SSRF vulnerability in Microsoft Power Platform’s SharePoint connector allowed attackers to impersonate users and access sensitive data. Ivanti patched a critical command injection vulnerability in its Cloud Services Appliance (CSA), ...
5 days ago Cybersecuritynews.com

Payoneer accounts in Argentina hacked in 2FA bypass attacks - Numerous Payoneer users in Argentina report waking up to find that their 2FA-protected accounts were hacked and funds stolen after receiving SMS OTP codes while they were sleeping. Payoneer is a financial services platform providing online money ...
1 year ago Bleepingcomputer.com

"Quishing" you a Happy Holiday Season - QR Code phishing scams - What they are and how to avoid them. Originally invented to keep track of car parts in the early 90s, QR codes have been around for decades. Quishing, or QR Code phishing, exploits smartphone users scanning the 2D barcode, ...
1 year ago Netcraft.com

Combat Phishing Attacks With AI-Powered Threat Protection - According to statistics, 81% of organizations have seen an increase in phishing emails since 2020, with an estimated 3.4 billion emails sent every day. AI-generated phishing emails are a sophisticated and evolving cybersecurity threat. ...
1 year ago Gbhackers.com

Vade Releases 2023 Phishers' Favorites Report - PRESS RELEASE. SAN FRANCISCO, Feb. 15, 2024 /PRNewswire/ - Vade, a global leader in threat detection and response with more than 1.4 billion mailboxes protected, today announced its annual Phishers' Favorites report for 2023. Phishers' Favorites ...
1 year ago Darkreading.com

Phishing Campaign Exploits Open Redirection Vulnerability In 'Indeed.com' - Phishing remains one of the most prevalent challenges facing organisations, with more than three billion malicious emails estimated to be sent around the world every day. Owing to the prevalence of the problem, Verizon's 2023 Data Breach ...
11 months ago Cyberdefensemagazine.com

CVE-2021-29437 - ScratchOAuth2 is an Oauth implementation for Scratch. Any ScratchOAuth2-related data normally accessible and modifiable by a user can be read and modified by a third party. 1. Scratch user visits 3rd party site. 2. 3rd party site asks user for ...
1 year ago

The Future of Phishing Email Training for Employees in Cybersecurity - One common method they use is through phishing emails. To counter this changing threat, companies must give importance to providing phishing email training for employees on identifying and responding properly to phishing attempts. Standard training ...
9 months ago Hackread.com

TikTok's latest actions to combat misinformation shows it's not just a U.S. problem - Fake news, disinformation, misinformation - whatever label you want to put on it - will not just go away if one election in the U.S. goes one way or the other. It is an issue that is spreading on all platforms in all countries. While they have been ...
11 months ago Blog.talosintelligence.com

Phishing Campaign Targets Instagram Users, Steals Backup Codes and Circumvent 2FA Protection - A recent phishing scheme has emerged, posing as a 'copyright infringement' email to deceive Instagram users and pilfer their backup codes. These codes, integral for the recovery of accounts, are used to circumvent the two-factor authentication ...
1 year ago Cysecurity.news

2FA-less GitLab users vulnerable to account takeovers The Register - GitLab admins should apply the latest batch of security patches pronto given the new critical account-bypass vulnerability just disclosed. Tracked as CVE-2023-7028, the maximum-severity bug exploits a change introduced in version 16.1.0 back in May ...
1 year ago Go.theregister.com

Latest Cyber News

Salt Typhoon Hackers Exploit Cisco Vulnerability To Gain Access To U.S. Telecom Networks - 10 hours ago
Google Chrome disables uBlock Origin for some in Manifest v3 rollout - 18 hours ago
CVE-2025-25282 - 18 hours ago
CVE-2025-1555 - 18 hours ago
Hackers drained $1.4 billion of cryptocurrency from Bybit exchange, CEO confirms | The Record from Recorded Future News - 20 hours ago
Auto-Generated Password Vulnerability In Sitevision Leaks Signing Key - 20 hours ago
CVE-2025-25604 - 20 hours ago
CVE-2025-25605 - 20 hours ago
CVE-2025-25767 - 20 hours ago
CVE-2025-25768 - 20 hours ago
CVE-2025-25769 - 20 hours ago
CVE-2025-25770 - 20 hours ago
CVE-2025-25772 - 20 hours ago
CVE-2020-19248 - 20 hours ago
SpyLend Android malware downloaded 100,000 times from Google Play - 21 hours ago
CVE-2025-25876 - 21 hours ago
CVE-2025-25877 - 21 hours ago
CVE-2025-25878 - 21 hours ago
CVE-2025-25765 - 21 hours ago
CVE-2025-25766 - 21 hours ago

Cyber Trends (last 7 days)

Okta - 1 year ago
23andMe - 1 year ago
Kimsuky - 1 year ago
LogoFAIL - 1 year ago
Gh0st rat - 1 year ago

Trending Cyber News (last 7 days)

Salt Typhoon Hackers Exploit Cisco Vulnerability To Gain Access To U.S. Telecom Networks - 10 hours ago
CVE-2025-25958 - 1 day ago
CVE-2025-25960 - 1 day ago
CVE-2024-54756 - 1 day ago
CVE-2024-7131 - 1 day ago
CVE-2025-22973 - 1 day ago
CVE-2025-25662 - 1 day ago
CVE-2025-25663 - 1 day ago
CVE-2025-25664 - 1 day ago
CVE-2025-25667 - 1 day ago
CVE-2025-25668 - 1 day ago
CVE-2025-25674 - 1 day ago
CVE-2025-25675 - 1 day ago
CVE-2025-25676 - 1 day ago
CVE-2025-25678 - 1 day ago
CVE-2025-25679 - 1 day ago
CVE-2025-25957 - 1 day ago
CVE-2025-27088 - 1 day ago
CVE-2025-27100 - 1 day ago
CVE-2025-1001 - 1 day ago