It's great seeing our customers grow.
We can see that growth through metadata. What we can also see through that metadata is how many malicious messages (phishing, malware, etc) we block from ever reaching their mailboxes, and how many impersonation attacks are attempted targeting their customers with the likes of fake invoices. This is how we help them to grow their business, by helping them to reduce their losses through fraud & extortion, allowing them to hire additional staff.

If you want to grow your business too, contact us at cyberwarden.io/contact

Multi-Factor Authentication (MFA) is an absolute necessity in the modern world. Passwords just aren't enough, mainly due to breaches, stealers, and easily guessed passwords.

MFA is usually one of a few types:

• SMS OTP
• Email OTP
• Application based HOTP/TOTP codes that change automatically
• Push based via an app
• Passkeys

Not All MFA Methods are Equal.
Each type has its' own merits, for example, SMS and email are fairly ubiquitous and don't require any specific software. App based methods like HOTP & TOTP have the advantage that they phone hosting the app can be offline. Push based methods can be super convenient with just a simple yes/no answer, or a short numeric code to confirm. Certificate based methods in the modern world like Passkeys. Passkeys aren't necessarily MFA (as they can totally replace passwords), but are functionally similar to MFA, and are often referred to as "phishing resistant" because it's not something that someone can pass on over the phone or easily trick you into using.

You can read more about Passkeys at https://blog.google/inside-google/googlers/ask-a-techspert/how-passkeys-work/

In terms of security, I'd rank the methods as below (1 = best, 6 = worst):

1. Passkeys
2. Push based with a simple code
3. Application based HOTP/TOTP
4. Push based (Yes/No)
5. SMS OTP
6. Email OTP

While having some form of MFA is always better than no MFA, in reality SMS and Email OTPs should be considered to be insecure, in that they can be intercepted without huge effort or expense. Watch this video on how SMS and voice can be intercepted via SS7 https://www.youtube.com/watch?v=wVyu7NB7W6Y . Of course, SMS are also commonly intercepted by SIM swap attacks. Emails are even easier to intercept via a variety of methods. Another disadvantage of Email & SMS OTPs is that they can be delayed or blocked in transit, making these methods frustrating to use.
Yes/No based push authentication can be subject to timed attacks, such as attempting to login to a service at roughly the same time as the real user (such as at the start of the work day when a user is logging into their systems, and they really aren't paying too much attention), hence the move to the code based push method.
Some TOTP/HOTP systems don't have any limits on retries, so a brute-force approach can work on those (this has been demonstrated recently).
For the above reasons, we don't recommend the use of methods 3-6 unless there is no other option. If you're forced to use one of these, then app based HOTP/TOTP is the best choice.

So What Should I Use?
Our recommendation is to move to Passkeys wherever possible, and if these aren't possible, use the next best method.

Secret back-doors never remain secret, and they are often exploited by threat actors. just look at the recent issues with Chinese state actors utilizing the secret backdoors in the US telecoms networks.

https://archive.is/EzboV

If Apple is being asked to do this, then so will all other major cloud storage vendors.

Of major concern is that many authenicator apps store their data in a user's Onedrive/G-Drive/iCloud account (as do many password managers).
If these accounts are compromised by adversaries (including nation states, competitors, and general ne'er do wells) then the implications are significant.

This morning I spotted a message that was flagged as suspicious by Mail Aegis from a well known Cyber Security company - that was pretty unusual, especially when I saw that it had been flagged as containing zero-width spaces. Upon reading the message it was immediately apparent as to why this rule had triggered - it referenced this article ( https://isc.sans.edu/diary/An+unusual+shy+zwasp+phishing/31626/?is=dc8443240cfd5d91e014cdfac5cd6fd93d12ee66d3e23affe2dd4845ca06d8a2 ) regarding zero-width space usage in phishing emails to trick content filters…
This isn't a common attack technique, but it has been in use for about 15 years, but Mail Aegis ( cyberwarden.io/services/aegis ) is certainly protecting our customers against it.

Read the article linked above - it's quite informative on the attack, and how those not protected by Mail Aegis can identify the attack (if they're aware of it, and are suspicious of the message received)

Many of you are disgusting.

Why?

Because you hijack your customer's DNS, meaning that they have no control over it.
It also raises the risk associated with doing business with you just because you want a little convenience.

If your cloudflare account is compromised (that's where many of you move the NS records to), then multiple customers will be affected, and could result in a massive compromise.
Not only web servers require DNS records - A correctly configured mail service requires a bunch of records, including SPF, DomainKeys (Multiple), DMARC, MTA-STS (Multiple), TLS-RPT. There is also a need for the customer to add authentication TXT records among other things from time to time.

Just stop it.