VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

MFA Prompt Bombing: why push‑based MFA fails to protect accounts

MFA Prompt Bombing: почему push‑MFA не защищает аккаунты

Colleagues, a dangerous tactic has emerged in cybersecurity — MFA prompt bombing.

Attackers leverage leaked passwords to send repeated push notifications; through fatigue or vishing, users approve a single prompt and attackers gain access.

Example: Cisco — browser‑extracted passwords and vishing enabled VPN compromise and privilege escalation.

Recommendations: adopt phishing‑resistant factors (FIDO2, hardware keys, number‑matching); block compromised passwords in AD; deploy risk signals and conditional access.

Why it matters: push notifications are manipulable and must not be the sole defense.

How will you strengthen MFA?

#cybersecurity #MFA #IdentitySecurity #infosec

Latest comments

No comments yet.