#564: Hackers can bypass Your MFA In 2026 (And How To Stop It)
David Bombal
00:00
Outro
Closing thanks and event wrap-up; David thanks ThreatLocker for sponsoring and bringing him to ZTW.
Play episode from 38:00
Transcript
Transcript
Episode notes
Thank you to ThreatLocker for sponsoring my trip to ZTW26 and also for sponsoring this video. To start your free trial with ThreatLocker please use the following link: https://www.threatlocker.com/davidbombal
Are your passwords and 2FA enough to stop a modern cyber attack? In this interview, Rob from
ThreatLocker breaks down the dangerous reality of password reuse, SIM swapping, and why
traditional SMS MFA is no longer bulletproof.
We dive deep into how threat actors use reverse proxies like Evilginx to steal session cookies, allowing them to bypass multi-factor authentication and hijack your accounts without ever needing your password.
Discover why relying on legacy VPNs and leaving firewall ports open to the internet massively
increases your attack surface, leaving your organization just one brute-force attack away from
ransomware. Finally, we explore the mechanics of ThreatLocker’s Zero Trust Network Access
and Cloud Access, detailing how denying by default and routing through secure proxies can lock
down Microsoft 365 and make your internal network effectively invisible to hackers.
// Rob Allen’s SOCIAL //
LinkedIn: / threatlockerrob
X: https://x.com/threatlockerrob
// David's SOCIAL //
Discord: discord.com/invite/usKSyzb
Twitter: www.twitter.com/davidbombal
Instagram: www.instagram.com/davidbombal
LinkedIn: www.linkedin.com/in/davidbombal
Facebook: www.facebook.com/davidbombal.co
TikTok: tiktok.com/@davidbombal
YouTube: / @davidbombal
Spotify: open.spotify.com/show/3f6k6gE...
SoundCloud: / davidbombal
Apple Podcast: podcasts.apple.com/us/podcast...
// MY STUFF //
https://www.amazon.com/shop/davidbombal
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com
// MENU //
0:00 - Coming up
0:57 - What is 2FA/MFA and why is it important?
02:54 - Reusing passwords
04:38 - Malicious Chrome extensions
05:39 - Average person vs cybersecurity
12:18 - SMS 2FA
13:37 - Authenticator apps
16:26 - Yubikeys
17:58 - No one is "unhackable"
21:52 - "Cookie stealing" explained
22:53 - ThrearLocker's new tool/solution
28:22 - How ThreatLocker protects Office365
29:06 - ThreatLocker protecting organizations
33:11 - Should I trust ThreatLocker?
35:54 - How safe is ThreatLocker?
38:00 - Conclusion
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
Disclaimer: This video is for educational purposes only.
#cybersecurity #hacker #hack
The AI-powered Podcast Player
Save insights by tapping your headphones, chat with episodes, discover the best highlights - and more!
