'itnews reports: Security researchers at Resecurity have detailed a new phishing-as-a-service kit, EvilProxy, that provides an easy to use interface to attack users with accounts for major online brands, and the ability to bypass multifactor authentication (MFA). Reverse proxies to attack multifactor authentication, such as Modlishka, have been available for several years, but EvilProxy makes it it possible to easily create and deliver advanced phishing links through a graphical user interface, Resecurity said. EvilProxy sits between a victim and the real site the user is trying to connect to, capturing their valid session cookies, to bypass the need to authenticate with user names, passwords, and / or two-factor authentication tokens, the security vendor explained. This includes accounts that have MFA enabled with short messaging text service, or application tokens.' -- source: https://www.itnews.com.au/news/slick-new-phishing-as-a-service-kit-emerges-5... Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 (office) +64 (7) 577-5304 (home office) https://www.cs.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/