c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.
THE RULES
Instance Rules
Community Rules
If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.
Learn about hacking
Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected]
Notable mention to [email protected]
Not really a MFA bypass, but rather some impressive social engineering:
The attacker leverages AI-generated deepfakes to create a synthetic identity complete with a forged government document (e.g., passport) and a facial recognition bypass video.
They use this identity to gain access to the account, if I understood it right.
It's to get around the KYC (Know Your Client) requirements that many financial institutions and cryptocurrency exchanges have when creating a new account to curb money laundering. Obviously criminals using crypto for dark markets need a way to convert it back to cash without giving up their real identity.
If it can be bypassed, it's not a second factor
There are some legitimate attacks on MFA, like stealing cookies. But in most cases, MFA is solid and attackers target the humans behind it (phishing, scamming, social engineering).