κατασκευή ιστοσελίδων ρόδος

TECH - WEB DEVELOPMENT NEWS

Get the latest tech - web development news and analysis on industry around the world.

  • HOME
You are here: Home / INDUSTRY NEWS / Hackers Using Dedicated Phishlet to Launch FIDO Authentication Downgrade Attacks
άμυνα
.

Hackers Using Dedicated Phishlet to Launch FIDO Authentication Downgrade Attacks

14/08/2025

A sophisticated new threat vector has emerged that could undermine one of the most trusted authentication methods in cybersecurity.

FIDO-based passkeys, long considered the gold standard for phishing-resistant authentication, are now facing a potentially devastating attack technique that forces users to downgrade to less secure authentication methods.

The attack exploits a critical vulnerability in FIDO implementation across major platforms, particularly Microsoft Entra ID, where certain web browsers lack full passkey support.

This seemingly minor compatibility gap creates an opportunity for cybercriminals to manipulate the authentication process, forcing victims into using traditional multi-factor authentication methods that are susceptible to adversary-in-the-middle attacks.

Error shown when using a standard phishlet for a user with FIDO authentication (Source – Proofpoint)

Modern phishing campaigns have evolved significantly with the rise of sophisticated AiTM phishing kits like Evilginx, EvilProxy, and Tycoon, which have made session hijacking more accessible to threat actors.

List of victim’s sessions in Evilginx (Source – Proofpoint)

These platforms provide intuitive interfaces that lower technical barriers, enabling attackers to execute complex phishing operations with unprecedented ease.

Proofpoint researchers identified this emerging threat after discovering that standard phishlets typically fail when encountering FIDO-secured accounts, prompting attackers to develop specialized techniques.

The attack begins when victims receive phishing messages containing malicious links powered by a dedicated FIDO downgrade phishlet.

Upon clicking, targets encounter what appears to be an authentication error, compelling them to select alternative sign-in methods.

This deceptive interface mirrors legitimate Microsoft authentication pages, creating a convincing illusion of system malfunction.

Technical Implementation and User Agent Spoofing

The core mechanism behind FIDO authentication downgrade attacks relies on sophisticated user agent spoofing techniques.

Attackers configure their AiTM infrastructure to present itself as an unsupported browser environment, such as Safari on Windows, which lacks FIDO2 compatibility with Microsoft Entra ID.

The attacker successfully authenticates as the victim, using the intercepted session cookie (Source – Proofpoint)

When the authentication system detects this spoofed environment, it automatically presents fallback options.

The attack sequence demonstrates remarkable technical sophistication. Once victims authenticate through the downgraded method, attackers intercept credentials and session tokens using reverse proxy servers.

The stolen session cookies can then be imported directly into the attacker’s browser, enabling complete account takeover without requiring additional authentication challenges.

This technique effectively bypasses even the most robust FIDO implementations by exploiting the human element rather than technical vulnerabilities in the cryptographic protocols themselves.

Boost your SOC and help your team protect your business with free top-notch threat intelligence: Request TI Lookup Premium Trial.
Source: cybersecuritynews.com

Filed Under: INDUSTRY NEWS Tagged With: Source-10

NotebookLM’s new Learning Guide feeature completely changed the way I study with the tool

Given how much I love NotebookLM and how often I use the tool, if it got no new features beyond its iconic Audio Overviews and Mind Maps, I’d likely not complain. At the same time, new features are always exciting, especially when they genuinely change the way you use a tool. Source: xda-developers.com … [Read More...]

Google’s latest Lab experiment is NotebookLM but better

I’ve tried every NotebookLM competitor I’ve come across, but none have managed to match its capabilities. The only tool that seemed to help me more than NotebookLM when I was studying was a Google Labs experiment called Learn About. Source: xda-developers.com … [Read More...]

The Roku Streaming Stick Plus drops to a new record-low price for Prime Day

If you're looking for a way to upgrade an old TV or add a more convenient smart interface to your main set, Roku devices are good ways to do that. Thanks to Prime Day deals that you can already get now, you can get one of our favorite Roku streaming devices for less than $30. The Roku Streaming Stick Plus is on sale for just $24 right now, which is 40 percent off and the lowest price we've seen.We … [Read More...]

Apple's AirPods 4 drop to $90 for Prime Day

If you prefer open-ear AirPods but still have an older model, this deal could be worth noting. Amazon's October Prime Day has the AirPods 4 on sale for $90, or 30 percent off their usual price. That's also the lowest we've seen them.When Apple updated its standard AirPods in 2024, it released two models: one with active noise cancellation (ANC) and one without. We consider the non-ANC models to be … [Read More...]

I ditched dynamic DNS for a new-fangled alternative

While Dynamic DNS addresses solve one problem about accessing self-hosted services outside your home network, they create their own issues. Having a public-facing IP address from your home network is never a good idea, even if you know enough to secure it against attack. Any open ports on your home IP address will get sniffed in short order. Source: xda-developers.com … [Read More...]

The developers behind a hit sausage-dueling game hope Steam launch will take it furter

EntertainmentAlready a hit in Japan, the oddball Sausage Legend is primed to go global.Oct 5, 2025, 1:00 PM UTCLife is a series of battles, and I just lost my last one against four gyoza on a skewer. It was an unexpected blow, because honestly, who could have expected me — a springy, respectably proportioned hot dog — to lose against a seemingly inflexible spear of small, unassuming dumplings? … [Read More...]

Audible deal: Get three months for only $3 with this Prime Day discount

The traditional Amazon Prime Day Audible sale has returned for October Prime Day. Audiobook fans can get three months of Audible for just $3, or $1 per month for the first three months. Once the three-month initial period is over, though, the subscription will auto-renew at $14.95 per month.Audible features thousands of titles in its catalog, including podcasts and Audible Originals. Subscribers … [Read More...]

Prime Day Apple deals include 25 percent off a four-pack of AirTags

Prime Day Apple deals can be hard to come by, but right now you can save on one of Apple's smallest (and arguably one if its most useful) gadgets. A four-pack of Apple AirTags is down to $75 right now, which is 24 percent off its usual price. That brings each AirTag in the bundle down to $18.75 each. If you're an Apple user, then the AirTag is the best Bluetooth tracker on the market for … [Read More...]

Scientists Identify Microlightning as Source of Mysterious Blue Marsh Lights

For hundreds of years, people have spun stories of ghostly balls of blue light floating above marshes and swamps, called will-o'-the-wisps or “foolish fire.” They were believed to be ghosts, spirits or tricksters luring people off the right path. Now, a new lab study has tried to determine whether those mysterious embers might actually all begin life as feeble flares, being microlightning that … [Read More...]

This obscure Windows tool has been sitting on your PC for years, and it's still useful

Windows 11 comes loaded with a ton of tools and apps right out of the box. You might call some of it bloat, while others are genuinely useful pieces of software that can help you do basic tasks or keep your PC safe. And others are simply tools you might not even know existed. Source: xda-developers.com … [Read More...]

Tags

Source-1 Source-2 Source-3 Source-4 Source-5 Source-6 Source-7 Source-8 Source-9 Source-10 Source-12 Source-13 Source-15 Source-16

Tech Web Development News

This is a PERSONAL and PRIVATE WEBPAGE. Please leave this page. Contact me via email : admin@news-6.com about anything you would like to ask or problem.

Tech News

Disclaimer!
In every post is written below the original source of the post. Copyrights belong on their owners.

Web Development News

HOTELS – CRUISES – CARS – TRAVEL

Recent Posts

  • NotebookLM’s new Learning Guide feeature completely changed the way I study with the tool
  • Google’s latest Lab experiment is NotebookLM but better
  • The Roku Streaming Stick Plus drops to a new record-low price for Prime Day
  • Apple's AirPods 4 drop to $90 for Prime Day
  • I ditched dynamic DNS for a new-fangled alternative

Technology - Seo

Categories

  • INDUSTRY NEWS

World Industry News

Privacy & Cookies: This site uses cookies.
To find out more, as well as how to remove or block these, see here: Our Cookie Policy
TECH - WEB DEVELOPMENT NEWS @ COPYRIGHTS 2023