New Astaroth 2FA Phishing Kit Targeting Gmail, Yahoo, Office 365, and 3rd-Party Logins

To safeguard against sophisticated phishing attacks like the Astaroth 2FA phishing kit, users should create strong, unique passwords, enable two-factor authentication (2FA) using authenticator apps, and exercise caution when handling links or attachments from unknown sources. The Astaroth 2FA phishing kit represents a serious threat to online security, as it targets not only email services but also third-party platforms. A sophisticated phishing kit, known as the Astaroth 2FA phishing kit, has been identified targeting major email services such as Gmail, Yahoo, and Office 365, along with third-party login platforms. The Astaroth phishing kit is highly customizable and can be tailored to mimic the login pages of various services, making it difficult for users to distinguish between legitimate and fake sites. Moreover, security analysts at SlahsNext identified that t uses advanced techniques to capture login credentials and 2FA codes, often through SMS or authenticator apps. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. This kit is designed to bypass two-factor authentication (2FA) security measures, posing a significant threat to users’ online security. Users should remain vigilant and use additional security measures such as authenticator apps with push notifications instead of SMS-based 2FA. Tushar is a Cyber security content editor with a passion for creating captivating and informative content.

This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 14 Feb 2025 12:35:32 +0000


Cyber News related to New Astaroth 2FA Phishing Kit Targeting Gmail, Yahoo, Office 365, and 3rd-Party Logins

New Astaroth 2FA Phishing Kit Targeting Gmail, Yahoo, Office 365, and 3rd-Party Logins - To safeguard against sophisticated phishing attacks like the Astaroth 2FA phishing kit, users should create strong, unique passwords, enable two-factor authentication (2FA) using authenticator apps, and exercise caution when handling links or ...
1 month ago Cybersecuritynews.com
Gmail Hackers Leave Vital Clues Behind-Check These 3 Things Now - With more than 1.8 billion active accounts, Gmail is not only one of the most used services online but one of the most targeted by hackers. It's not hard to understand why, as Gmail soaks up around half of all email client usage by U.S. market share. ...
1 year ago Forbes.com
MFA vs 2FA: Which Is Best for Your Business? - If a user falls for a phishing scam and their credentials are compromised, multi-factor authentication or two-factor authentication provide an additional safeguard against a breach. MFA uses authentication factors such as a pin, an SMS code, an ...
1 year ago Techrepublic.com
CVE-2022-48826 - In the Linux kernel, the following vulnerability has been resolved: ...
3 months ago
Accelerating Cloud-Native Data Security Deployments at Scale with Imperva's eDSF Kit - Elastic DSF is the vision of DSF. The first phase of this vision is creating automatic, click of a button processes to deploy and upgrade DSF with the introduction of Imperva eDSF Kit. eDSF Kit simplifies the product deployment, upgrades, and ongoing ...
1 year ago Imperva.com
10 Years After Yahoo, What's Changed? - In September 2016, Yahoo copped to a breach of 500 million user records. Even today it's one of the top five biggest data breaches in history by sheer volume, yet it's only Yahoo's second biggest. Rew Komarov already knew by September of that year ...
1 year ago Darkreading.com
Google rolls out easy end-to-end encryption for Gmail business users - Google says that after Gmail's new E2EE model rolls out, business users will be able to send fully encrypted emails to any user on any email service or platform without having to worry about complex certificate requirements. ​Google has started ...
11 hours ago Bleepingcomputer.com
Microsoft 365 To Block Downloaded Excel XLL Add-Ins To Boost Security - Microsoft has recently announced that in order to help improve security, Microsoft 365 is now blocking the download of XLL add-ins for Excel on both Window PCs and Apple Macs. This new feature will be put into effect early 2021, affecting both Office ...
2 years ago Bleepingcomputer.com
Spear Phishing vs Phishing: What Are The Main Differences? - Almost half of them used phishing to obtain the passwords of users. Highly targeted phishing campaigns against specific individuals or types of individuals are known as spear phishing. It's important to be able to spot phishing in general. For ...
1 year ago Techrepublic.com
GitHub warns users to enable 2FA before upcoming deadline - GitHub is warning users that they will soon have limited functionality on the site if they do not enable two-factor authentication on their accounts. In emails sent to GitHub users on Christmas Eve, the company warned that all users contributing code ...
1 year ago Bleepingcomputer.com
New phishing attack steals your Instagram backup codes to bypass 2FA - A new phishing campaign pretending to be a 'copyright infringement' email attempts to steal the backup codes of Instagram users, allowing hackers to bypass the two-factor authentication configured on the account. Two-factor authentication is a ...
1 year ago Bleepingcomputer.com
Veeam adds BaaS capabilities for Veeam Backup for Microsoft 365 - Veeam Software has expanded its relationship with Microsoft. Veeam is making it easier for customers to protect Microsoft 365 with Cirrus by Veeam which brings the ease and flexibility of Backup-as-a-Service for Microsoft 365. Utilizing the power and ...
1 year ago Helpnetsecurity.com
Microsoft Office 2024 now available for Windows and macOS users - As announced earlier in September, starting in Office 2024, Microsoft will also turn off ActiveX controls by default in Word, Excel, PowerPoint, and Visio client apps, a measure likely prompted by ActiveX's well-known security issues. Last month, ...
5 months ago Bleepingcomputer.com
What SOCs Need to Know About Water Dybbuk - According to the Federal Bureau of Investigation, BEC costs victims more money than ransomware, with an estimated US$2.4 billion being lost to BEC in the US in 2021. Recently, BEC scammers have been using stolen accounts from legitimate Simple Mail ...
2 years ago Trendmicro.com
Flipping the BEC funnel: Phishing in the age of GenAI - For years, phishing was just a numbers game: A malicious actor would slap together an extremely generic email and fire it out to thousands of recipients in the hope that a few might take the bait. Common among these new techniques was a shift towards ...
1 year ago Helpnetsecurity.com
Mandiant says X account brute forced without 2FA protection The Register - Well, Mandiant's carefully worded response basically said it wasn't implemented. It didn't specifically point to the policy change X announced in February 2023, which was to disable SMS-based 2FA for users who didn't pay for Twitter Blue, but some ...
1 year ago Go.theregister.com
Cybersecurity Weekly Recap: Latest on Attacks, Vulnerabilities, & Data Breaches - A critical SSRF vulnerability in Microsoft Power Platform’s SharePoint connector allowed attackers to impersonate users and access sensitive data. Ivanti patched a critical command injection vulnerability in its Cloud Services Appliance (CSA), ...
1 month ago Cybersecuritynews.com CVE-2025-0108 CVE-2024-53704 CVE-2024-52875 CVE-2023-20198 CVE-2023-20273 Winnti Group
Payoneer accounts in Argentina hacked in 2FA bypass attacks - Numerous Payoneer users in Argentina report waking up to find that their 2FA-protected accounts were hacked and funds stolen after receiving SMS OTP codes while they were sleeping. Payoneer is a financial services platform providing online money ...
1 year ago Bleepingcomputer.com
"Quishing" you a Happy Holiday Season - QR Code phishing scams - What they are and how to avoid them. Originally invented to keep track of car parts in the early 90s, QR codes have been around for decades. Quishing, or QR Code phishing, exploits smartphone users scanning the 2D barcode, ...
1 year ago Netcraft.com
Microsoft launches ad-supported Office apps for Windows users - Microsoft has released ad-supported versions of its Office desktop apps, which have limited features but allow Windows users to edit their documents for free. While Microsoft allows customers to use Word, Excel, PowerPoint, and other Microsoft ...
1 month ago Bleepingcomputer.com
Combat Phishing Attacks With AI-Powered Threat Protection - According to statistics, 81% of organizations have seen an increase in phishing emails since 2020, with an estimated 3.4 billion emails sent every day. AI-generated phishing emails are a sophisticated and evolving cybersecurity threat. ...
1 year ago Gbhackers.com
Vade Releases 2023 Phishers' Favorites Report - PRESS RELEASE. SAN FRANCISCO, Feb. 15, 2024 /PRNewswire/ - Vade, a global leader in threat detection and response with more than 1.4 billion mailboxes protected, today announced its annual Phishers' Favorites report for 2023. Phishers' Favorites ...
1 year ago Darkreading.com
CVE-2021-29437 - ScratchOAuth2 is an Oauth implementation for Scratch. Any ScratchOAuth2-related data normally accessible and modifiable by a user can be read and modified by a third party. 1. Scratch user visits 3rd party site. 2. 3rd party site asks user for ...
1 year ago
Phishing Campaign Exploits Open Redirection Vulnerability In 'Indeed.com' - Phishing remains one of the most prevalent challenges facing organisations, with more than three billion malicious emails estimated to be sent around the world every day. Owing to the prevalence of the problem, Verizon's 2023 Data Breach ...
1 year ago Cyberdefensemagazine.com
TikTok's latest actions to combat misinformation shows it's not just a U.S. problem - Fake news, disinformation, misinformation - whatever label you want to put on it - will not just go away if one election in the U.S. goes one way or the other. It is an issue that is spreading on all platforms in all countries. While they have been ...
1 year ago Blog.talosintelligence.com Volt Typhoon

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)