今日のガジェットニュース速報！REGZA 65インチ4KテレビやHUAWEIスマートウォッチがAmazonで超特価！✨ シャープAQUOS R11発表予告、メルセデスSクラスにChatGPT搭載、指紋認証FIDO2キーも登場！最新テック情報を見逃すな！👇 #ガジェット #テック #Amazonセール gagimo.com/digests/814

ACS製品専門店 人気ランキングTOP5｜FIDO2セキュリティキーとNFCリーダーを比較 | 宏福商事合同会社　KOFUKU TRADING L.L.C. kofukutrading.com/acs-produc…

ACS PocketKey Bioが販売開始｜指紋認証とNFC対応のFIDO2キー | 宏福商事合同会社　KOFUKU TRADING L.L.C. kofukutrading.com/acs-pocket…

Pink data extortion group emerges with voice phishing campaigns targeting US 🇺🇸 organizations using evasive phishing kits that bypass MFA and manipulate passkey enrollment. Active since March 2026, likely a rebrand of BlackFile/Redacted group. Campaign mechanics: • Vishing attacks impersonate IT personnel to direct targets to personalized phishing pages • Dual phishing kits target Microsoft Entra ID and Okta with backend-controlled access gates • Advanced evasion: WebGL fingerprinting, headless browser detection, ASN filtering, human interaction requirements • Real-time C2 heartbeat enables dynamic MFA bypass and passkey manipulation (T1557) • Post-compromise: SharePoint/OneDrive exfiltration, Teams messaging for extortion demands Technical artifacts: • Phishing infrastructure uses Cloudflare/DDoS-Guard hosting, Tucows/Nicenic registration • Domain pattern: {target_brand}.passkeysetup[.]com variants • Backend authorization required via /api_FyekIDWY.php polling • Beacon API exfiltration ensures data theft even if victim closes browser tab • 72-hour extortion timeline with qTox communication Big Game Hunting focus: 92% US 🇺🇸 targets across Healthcare (26.7%), Technology (21.3%), Financial Services (21.3%). Victims include major corporations like IBM, BlackRock, Disney. Monitor for anomalous authentication registrations and implement hardware-backed FIDO2 tokens. Full IOC list with 35 domains in the report. #DFIR_Radar

アプリのFIDO2は解除が必要かな？ とりあえずアプリをアプデしてみるか🤔

指一つで安全ログイン。指紋認証＆NFC対応の最新FIDO2キー『ACS PocketKey Bio』が本日、Amazon等で販売開始 digigadget.jp/584400/

指一つで安全ログイン。指紋認証＆NFC対応の最新FIDO2キー『ACS PocketKey Bio』が本日、Amazon等で販売開始 prtimes.jp/main/html/rd/p/00…

We also implemented completely passwordless Single Sign-on with Google Workspace as our SSO identity provider authenticated by FIDO2 hardware tokens by @Yubikey and setup SSO into @Slack and our other SaaS systems. No additional charge to use Google Workspace as your SSO IDP.

パスワード認証の限界は、「正しいパスワードで入る攻撃」に無力なこと。 フィッシングで盗んだ後、正規ユーザーとして操作される。ログには「正常ログイン」として残る。 パスワードレス認証（FIDO2/WebAuthn）——盗めないものを認証に使う、という設計の転換。

FIDO2那种U盘的密钥嘛？实体Passkey这块我不太懂

We moved our domains from another registrar (still a good provider, so I won't name them) to @Dynadot and found their security to be the best in the industry. Even if someone stole our browser session cookies and got into our account, they'd still need our PIN and FIDO2 key.

How to reduce risk and strengthen your posture: • Train staff heavily on vishing tactics. • Ditch push MFA for hardware-backed FIDO2/WebAuthn. • Set up timely alerts for suspicious new auth registrations. Get the full teardown, IoCs, and MITRE ATT&CK mapping here: hubs.la/Q04lbtbh0 #ThreatIntel #DataExtortion #Vishing #SOCRadar