Detecting & Blocking Tycoon’s latest AiTM Phishing Kit | allinfosecnews.com

March 27, 2024, 7:12 p.m. | Farah Iyer

Security Boulevard securityboulevard.com

This blog details how Obsidian detects and blocks the latest version of Tycoon, an adversary-in-the-middle (AiTM), Phishing-as-a-Service (PhaaS) platform that leverages a reverse proxy to intercept and replay credentials and MFA prompts. This new version of Tycoon has recently received press from Forbes [1], Dark Reading [2], TechRadar [3], and others. Background Sekoia wrote a […]

The post Detecting & Blocking Tycoon’s latest AiTM Phishing Kit appeared first on Obsidian Security.

The post Detecting & Blocking Tycoon’s latest AiTM …

adversary adversary-in-the-middle aitm aitm phishing aitm phishing kit as-a-service blocking blog credentials dark developer field notes featured forbes intercept kit latest mfa obsidian phaas phishing phishing-as-a-service phishing kit platform press product spotlights prompts proxy replay reverse reverse proxy saas security security guidance service tycoon version

More from securityboulevard.com / Security Boulevard

What is General Data Protection Regulation Act (GDPR)? 2 hours ago | securityboulevard.com

act adoption center challenges +32

Cloud Monitor Automation Improves K-12 Cybersecurity Training & Awareness 12 hours ago | securityboulevard.com

automation awareness chief cloud +28

USENIX Security ’23 – UVSCAN: Detecting Third-Party Component Usage Violations in IoT Firmware 16 hours ago | securityboulevard.com

access authors conference events +15

Local Privilege Escalation Vulnerability in Ant Media Server (CVE-2024-32656) 17 hours ago | securityboulevard.com

ant application customers cve +21

Understanding Cybersecurity Vulnerabilities 17 hours ago | securityboulevard.com

advice attacks can cybersecurity +12

Bridging the Gap: Uniting Development and AppSec 18 hours ago | securityboulevard.com

application security appsec aspm bridging the gap +20

Open-Source Software Security 20 hours ago | securityboulevard.com

blog blog post cloud cloud-native +14

USENIX Security ’23 – Union Under Duress: Understanding Hazards of Duplicate Resource Mismediation in Android … 20 hours ago | securityboulevard.com

access android authors conference +20

How to secure GraphQL APIs: challenges and best practices 21 hours ago | securityboulevard.com

apis api security best practices challenges +9

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations

View on infosec-jobs.com

Director, Cybersecurity - Governance, Risk and Compliance (GRC)

@ Stanley Black & Decker | New Britain CT USA - 1000 Stanley Dr

View on infosec-jobs.com

Information Security Risk Metrics Lead

@ Live Nation Entertainment | Work At Home-Connecticut

View on infosec-jobs.com

IT Product Owner - Enterprise DevSec Platform (d/f/m)

@ Airbus | Hamburg - Finkenwerder

View on infosec-jobs.com

Senior Information Security Specialist

@ Arthur Grand Technologies Inc | Arlington, VA, United States

View on infosec-jobs.com

Information Security Controls SME

@ Sword | Aberdeen, Scotland, United Kingdom

View on infosec-jobs.com