GigaTap articles tagged mfa.
- Push MFA Is the Weak Link Attackers Keep Pressing - Prompt bombing does not break MFA. It exploits weak MFA design, stolen passwords, and a user asked to approve a login with too little context.
- Chinese PhaaS moves past password theft - GTIG says Chinese-language phishing services are maturing into real-time MFA interception platforms, making OTP-based defenses a weaker line.
- SonicWall MFA bypass shows the patch gap - Attackers reportedly bypassed MFA on SonicWall Gen6 SSL-VPN devices where firmware was updated but required LDAP remediation was not completed.
- BlackFile shows how vishing turns SSO into an extortion path - GTIG says UNC6671 uses live vishing, AiTM credential capture, and SaaS access to steal corporate data. The weak point is identity workflow, not a vendor CV
- Password Manager + MFA in One Day - Tutorial: deploy a robust account security baseline in one day, with migration checklist.