![]() ![]() ![]() “The attacker ultimately succeeded in achieving an MFA push acceptance, granting them access to VPN in the context of the targeted user,” Talos noted. MFA fatigue or prompt bombing is the name given to a technique used by threat actors to flood a user’s authentication app with push notifications in hopes they will relent and therefore enable an attacker to gain unauthorized access to an account. The exfiltrated information, according to Talos, included the contents of a Box cloud storage folder that was associated with the compromised employee’s account and is not believed to have included any valuable data.īesides the credential theft, there was also an additional element of phishing wherein the adversary resorted to methods like vishing (aka voice phishing) and multi-factor authentication (MFA) fatigue to trick the victim into providing access to the VPN client. The disclosure comes as cybercriminal actors associated with the Yanluowang ransomware gang published a list of files from the breach to their data leak site on August 10. “The user had enabled password syncing via Google Chrome and had stored their Cisco credentials in their browser, enabling that information to synchronize to their Google account.” ![]() “Initial access to the Cisco VPN was achieved via the successful compromise of a Cisco employee’s personal Google account,” Cisco Talos said in a detailed write-up. Networking equipment major Cisco on Wednesday confirmed it was the victim of a cyberattack on after the attackers got hold of an employee’s personal Google account that contained passwords synced from their web browser. ![]()
0 Comments
Leave a Reply. |