Cyber Safety
Posts
The Security Gaps You Missed: MFA Fatigue, Orphaned Apps & Data Backdoors

The Security Gaps You Missed: MFA Fatigue, Orphaned Apps & Data Backdoors

August 14, 2025

In partnership with

From Italy to a Nasdaq Reservation

How do you follow record-setting success? Get stronger. Take Pacaso. Their real estate co-ownership tech set records in Paris and London in 2024. No surprise. Coldwell Banker says 40% of wealthy Americans plan to buy abroad within a year. So adding 10+ new international destinations, including three in Italy, is big. They even reserved the Nasdaq ticker PCSO.

Invest for $2.90/Share

_{Paid advertisement for Pacaso’s Regulation A offering. Read the offering circular at}_{invest.pacaso.com}_{. Reserving a ticker symbol is not a guarantee that the company will go public. Listing on the NASDAQ is subject to approvals.}

LLM Data Poisoning: The Quiet Sabotage of AI Models

As enterprises fine-tune AI on proprietary or scraped datasets, attackers are injecting harmful data designed to bias outputs, degrade performance, or embed backdoors in future model behavior.

Use dataset validation tools, restrict sources, and maintain audit trails of training inputs. Treat training data like code—versioned, tested, and reviewed.

The Fall of 2FA: MFA Fatigue and Notification Bombing

Attackers are bypassing multi-factor authentication through “fatigue attacks,” sending endless push prompts until users approve out of frustration.

Defend with phishing-resistant MFA (like hardware tokens), risk-based authentication, and time-based rate limits. Educate users to report instead of approve when overwhelmed.

Compromised Cookies: The Rise of Session Hijacking

Stolen session cookies are being traded on dark web markets, allowing attackers to bypass logins entirely and impersonate users in active sessions.

Secure with short cookie lifetimes, device binding, and anomaly detection on session activity. Consider auto-expiration policies when accessing sensitive functions.

Phantom SaaS: Orphaned Accounts & Forgotten Permissions

Shadow IT isn't just new apps—it’s old ones too. Orphaned SaaS accounts, lingering admin roles, and unused APIs create persistent exposure.

Conduct quarterly SaaS permission reviews, use SSO with auto-deprovisioning, and scan for legacy access left behind after team or vendor changes.

Threat Emulation in 2025: Go Beyond the Pentest

Penetration testing is evolving into full-spectrum threat emulation—simulating end-to-end attacks using tools like Atomic Red Team, SCYTHE, or MITRE ATT&CK.

Security teams should combine red/blue/purple team exercises to validate controls, refine response playbooks, and shift from reactive to proactive defense.

Start learning AI in 2025

Keeping up with AI is hard – we get it!

That’s why over 1M professionals read Superhuman AI to stay ahead.

Get daily AI news, tools, and tutorials
Learn new AI skills you can use at work in 3 mins a day
Become 10X more productive