Episode Details

Back to Episodes
#564: Hackers can bypass Your MFA In 2026 (And How To Stop It)

#564: Hackers can bypass Your MFA In 2026 (And How To Stop It)

Season 1 Episode 1 Published 2 months, 2 weeks ago
Description

Thank you to ThreatLocker for sponsoring my trip to ZTW26 and also for sponsoring this video. To start your free trial with ThreatLocker please use the following link: https://www.threatlocker.com/davidbombal


Are your passwords and 2FA enough to stop a modern cyber attack? In this interview, Rob from

ThreatLocker breaks down the dangerous reality of password reuse, SIM swapping, and why

traditional SMS MFA is no longer bulletproof.


We dive deep into how threat actors use reverse proxies like Evilginx to steal session cookies, allowing them to bypass multi-factor authentication and hijack your accounts without ever needing your password.


Discover why relying on legacy VPNs and leaving firewall ports open to the internet massively

increases your attack surface, leaving your organization just one brute-force attack away from

ransomware. Finally, we explore the mechanics of ThreatLocker’s Zero Trust Network Access

and Cloud Access, detailing how denying by default and routing through secure proxies can lock

down Microsoft 365 and make your internal network effectively invisible to hackers.


// Rob Allen’s SOCIAL //

LinkedIn: / threatlockerrob

X: https://x.com/threatlockerrob


// David's SOCIAL //

Discord: discord.com/invite/usKSyzb

Twitter: www.twitter.com/davidbombal

Instagram: www.instagram.com/davidbombal

LinkedIn: www.linkedin.com/in/davidbombal

Facebook: www.facebook.com/davidbombal.co

TikTok: tiktok.com/@davidbombal

YouTube: / @davidbombal

Spotify: open.spotify.com/show/3f6k6gE...

SoundCloud: / davidbombal

Apple Podcast: podcasts.apple.com/us/podcast...



// MY STUFF //

https://www.amazon.com/shop/davidbombal


// SPONSORS //

Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com



// MENU //

0:00 - Coming up

0:57 - What is 2FA/MFA and why is it important?

02:54 - Reusing passwords

04:38 - Malicious Chrome extensions

05:39 - Average person vs cybersecurity

12:18 - SMS 2FA

13:37 - Authenticator apps

16:26 - Yubikeys

17:58 - No one is "unhackable"

21:52 - "Cookie stealing" explained

22:53 - ThrearLocker's new tool/solution

28:22 - How ThreatLocker protects Office365

29:06 - ThreatLocker protecting organizations

33:11 - Should I trust ThreatLocker?

35:54 - How safe is ThreatLocker?

38:00 - Conclusion


Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!


Disclaimer: This video is for educational purposes only.


#cybersecurity #hacker #hack

Listen Now

Love PodBriefly?

If you like Podbriefly.com, please consider donating to support the ongoing development.

Support Us