Security experts are warning about a phishing scam that can help hackers bypass two-factor authentication (2FA).
The attack was demonstrated for the first time at the Hack in the Box Security Conference in Amsterdam last month, according to Fortune. It showed how the scam uses two new tools, Muraena and NecroBrowser, to potentially trick users into sharing their private credentials.
Here’s how it works: Muraena intercepts traffic between the user and the target website. Once it has the victim on the fraudulent site, the user is asked to enter their login credentials, as well as their 2FA code. Once Muraena authenticates the session’s cookie, it is passed to NecroBrowser, which can create windows to keep track of the private accounts of tens of thousands of victims.
Amit Sethi, a senior principal consultant at Synopsys who was not a part of the presentation, said these tools “make one of these attacks easier to execute for lower-skilled attackers.”
Experts noted that 2FA is still the industry’s best practice to protect users against cyber threats. However, if available, universal second factor (U2F) is a stronger alternative. A U2F key is a secondary, physical device that users can plug into a computer port as an additional step in verifying a person’s identity after they enter their username or password.
If that’s not an option, Sethi recommended some guidelines that users can put into effect to protect themselves against 2FA phishing attacks. These include not clicking on links in suspicious emails, checking a web address in the browser before entering any credentials and avoiding entering sensitive information when using public Wi-Fi.
“If you suspect that your credentials for a website have been compromised, act quickly to change your password, and report the event to the website,” said Sethi.
Work marketplace Upwork earned record revenue in 2024 and attributed its gains in part to artificial intelligence (AI).
In an earnings release and other materials issued Wednesday (Feb. 12), the company highlighted AI innovations it added to its marketplace platform and AI talent the platform connects with its clients.
“We’ve rapidly unlocked demand for AI-related work on our platform,” Upwork President and CEO Hayden Brown said in prepared remarks for the company’s quarterly earnings call.
Upwork reported full-year revenue of $769.3 million, which marked a 12% year-over-year gain and an all-time high, according to the earnings release.
The company achieved this gain during a year in which the broader staffing industry saw a 9% decline in revenue, Brown said in her prepared remarks.
During the year, the gross services volume (GSV) from AI-related work grew 60% and the number of clients engaging in AI-related projects grew 42%.
In addition, in 2024, the hourly earnings of freelancers engaged in AI-related work were 44% higher than those of other freelancers, per the release.
AI has been the fastest growing major category on the Upwork platform for several quarters, with clients seeking talent in prompt engineering, AI integration, generative AI modeling, and data labeling and annotation, according to an investor presentation released Wednesday.
During the Q&A portion of the earnings call, Brown said Upwork has grown and “shape-shifted” to meet the emerging demand for AI talent just as it did in the past, when there was newly created demand for social media managers and mobile developers.
“We are also leveraging AI on our platform to underpin the evolution of predictive and delightful conversational customer experiences,” Brown said in her prepared remarks.
Upwork enhanced its platform in April by adding an AI assistant called Uma that performs tasks like creating tailored proposal drafts for freelancers, evaluating candidates for clients, and scoping projects and designing optimal teams of experts for larger clients, according to the earnings release and the presentation.
The firm also acquired AI-native search-as-a-service company Objective, a move it said allowed Upwork to enhance the search and match performance of its platform, strengthen the company’s AI and machine learning teams, and continue to develop new capabilities for Uma.
“As the AI work tide builds, organizations of all sizes are seeking out more flexible talent models that match their needs for new and emerging skills, with partners who integrate cutting edge AI technology and valued human workers seamlessly and at scale to rapidly deliver on their priorities,” Brown said in her remarks.
“At the same time, professionals across geographies, specialties and industries want digitally powered ways of working that give them easy access to more autonomy, flexibility and earning power.”