The Betterment breach should not have surprised anyone paying attention, and it certainly should have ended the long-running argument about whether modern MFA is sufficient against today’s attacks. Instead, it became just another entry in a growing list of incidents that organizations explain away as bad luck, poor training, or unfortunate human error.

Attackers Are Not Hacking In. They Are Logging In. Ransomware, phishing, and credential-based attacks are hitting small and midsize businesses every day because attackers have learned the easiest trick in the book. They do not need to hack in. They simply log in with stolen credentials. The moment an employee enters a password or approves a code, the attacker has everything.

Most organizations still think of authentication as a cost of doing business.

Device Based Biometrics Are the Only Way to Restore It.

Cyber Defense Magazine’s December issue includes a new article by Kevin Surace, Chair at Token, explaining why real time phishing relay attacks have become the most effective method for bypassing legacy MFA. These attacks are now driving many of the ransomware incidents and data breaches affecting organizations worldwide.

Another Preventable Breach Another week. Another preventable breach. This time it is Doordash, confirming that a social engineering scam gave attackers access to sensitive customer and driver information. But the real story is not the scam. The real story is the failure behind it.

What do CISA, NSA, NIST, OMB, DHS, the Department of Defense, Gartner, Microsoft, Google, the FIDO Alliance, and the entire cyber insurance industry know that so many organizations are still ignoring?

As seen in Bleeping Computer The Tycoon 2FA phishing kit signals a turning point in the battle against account takeover. This is not a tool built for elite attackers. It is a plug-and-play phishing kit that anyone can deploy, with zero coding skill required. Tycoon automates everything: setup, fake login pages, reverse proxy servers, real-time credential capture, and full MFA relay.

Ransomware attacks are rising faster than ever, and most share a common weakness — authentication that trusts too much. In his session from the recent Security Buzz webinar, Kevin Surace, Chairman of Token, explains why MFA apps and codes have become attackers’ favorite weapon instead of a defense.

A newly published academic paper introduces a new hacker tool called PixSnapping (download PDF), an advanced attack that can steal screen pixels from Android devices and reconstruct sensitive data like 2FA codes in real time. The research demonstrates that an attacker-controlled app can capture or infer the digits displayed by authenticator apps such as Google Authenticator in under thirty seconds.

A new study from UC San Diego Health should make every security leader stop and think. Researchers ran nearly 20,000 employees through ten simulated phishing campaigns over eight months. The result? Training made almost no difference. Employees who had recently completed mandatory cyber awareness courses failed phishing tests at virtually the same rate as those who hadn’t. The average gap was a sickly 1.7% improvement — effectively zero.

Last week, BleepingComputer reported on a clever new phishing campaign targeting Microsoft users. Instead of pixel-perfect fake sites or smishing lures, attackers are now abusing legitimate Microsoft ADFS redirect endpoints to steal logins.