All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

FBI warns of Kali365 phishing kit that bypasses multifactor authentication on Microsoft 365

By

Carter Pape

1d ago· 6 min readenNews
Bagel score 100 of 100
100/100
Golden Brown
Bagelometer

Sesame, salt, and substance. A flagship bake.

Score100TypenewsSentimentnegative

Summary

The FBI has issued a public service announcement about a new phishing-as-a-service kit called Kali365, which allows criminals to hijack Microsoft 365 accounts without stealing passwords and can bypass multifactor authentication (MFA). The kit is sold on Telegram as a subscription service, targeting software commonly used by bankers. This development is particularly concerning because regulators have pushed banks toward adopting MFA as a security measure, yet this kit is specifically designed to circumvent that protection.

Key quotes

· 3 pulled
The FBI's Internet Crime Complaint Center described the kit, called Kali365, in a public service announcement issued last week as a phishing-as-a-service product.
The criminals behind phishing-as-a-service products rent them to other criminals on a subscription basis.
Regulators pushed banks toward multifactor authentication. A new phishing-as-a-service kit, flagged by the FBI, is built to slip right past it.
Snippet from the RSS feed
Regulators pushed banks toward multifactor authentication. A new phishing-as-a-service kit, flagged by the FBI, is built to slip right past it.

You might also wanna read

The Risks of Collapsing Multi-Factor Authentication in Banking

The article discusses the risks associated with modern banking authentication methods that collapse multi-factor authentication (MFA) into a

blog.opencore.ch·10mo ago