
If you are using QR codes you may want to have users stop using them. They can now be used to bypass security. https://www.bleepingcomputer.com/news/security/onnx-phishing-service-targets-microsoft-365-accounts-at-financial-firms/
I know many companies like the convenience of QR codes but anything easy will find an exploit. Regrettably, we have to continue to increase the level of security just to protect people from simple and basic attacks. I am constantly amazed at how creative hackers are in finding exploits in the system.
I have Bleepingcomputer in my RSS and several times a day I read new exploits and issues. It is remarkable. Things that you assume to be safe aren’t, and often things that are introduced to increase security become a leveraged means of disabling it. Our security model is broken, just like a society in which crime is seen as a helpful and useful activity.
If you are using QR codes I would suggest you immediately stop it and tell people never to scan a QR code with their work smartphone or device. We have to be as smart as criminals.
