Latest MFA news

Sponsored Content
14 Cybersecurity Best Practices to Instill In Your End-Users

While it can be difficult to prevent all users' "bad" behavior, there are several cybersecurity best practices to train and regularly remind your employees of.
- Sponsored by Specops Software
- January 04, 2023
- 10:05 AM
- 0
Sponsored Content
MFA Fatigue attacks are putting your organization at risk

A common threat targeting businesses is MFA fatigue attacks—a technique where a cybercriminal attempts to gain access to a corporate network by bombarding a user with MFA prompts. This article includes some measures you can implement to prevent these types of attacks.
- Sponsored by Specops Software
- November 15, 2022
- 10:07 AM
- 1
Robin Banks phishing service returns to steal banking accounts

The Robin Banks phishing-as-a-service (PhaaS) platform is back in action with infrastructure hosted by a Russian internet company that offers protection against distributed denial-of-service (DDoS) attacks.
- Bill Toulas
- November 04, 2022
- 11:48 AM
- 2
Sponsored Content
What the Uber Hack can teach us about navigating IT Security

The recent Uber cyberattack shows us the myriad tactics employed by threat actors to breach corporate networks. Learn more about these tactics used and how to navigate IT Security.
- Sponsored by Specops
- October 13, 2022
- 10:05 AM
- 0
Hackers stealing GitHub accounts using fake CircleCI notifications

GitHub is warning of an ongoing phishing campaign that started on September 16 and is targeting its users with emails that impersonate the CircleCI continuous integration and delivery platform.
- Bill Toulas
- September 22, 2022
- 09:40 AM
- 0
MFA Fatigue: Hackers’ new favorite tactic in high-profile breaches

Hackers are more frequently using social engineering attacks to gain access to corporate credentials and breach large networks. One component of these attacks that is becoming more popular with the rise of multi-factor authentication is a technique called MFA Fatigue.
- Lawrence Abrams
- September 20, 2022
- 06:30 AM
- 1
Okta one-time MFA passcodes exposed in Twilio cyberattack

The threat actor behind the Twilio hack used their access to steal one-time passwords (OTPs) delivered over SMS to from customers of Okta identity and access management company.
- Ionut Ilascu
- August 28, 2022
- 01:15 PM
- 0
Hackers use AiTM attack to monitor Microsoft 365 accounts for BEC scams

A new business email compromise (BEC) campaign has been discovered combining sophisticated spear-phishing with Adversary-in-The-Middle (AiTM) tactics to hack corporate executives' Microsoft 365 accounts, even those protected by MFA.
- Bill Toulas
- August 24, 2022
- 11:53 AM
- 0
Russian APT29 hackers abuse Azure services to hack Microsoft 365 users

The state-backed Russian cyberespionage group Cozy Bear has been particularly prolific in 2022, targeting Microsoft 365 accounts in NATO countries and attempting to access foreign policy information.
- Bill Toulas
- August 19, 2022
- 11:10 AM
- 0
Microsoft accounts targeted with new MFA-bypassing phishing kit

A new large-scale phishing campaign targeting credentials for Microsoft email services use a custom proxy-based phishing kit to bypass multi-factor authentication.
- Bill Toulas
- August 03, 2022
- 02:02 PM
- 0
Microsoft: Phishing bypassed MFA in attacks against 10,000 orgs

Microsoft says a massive series of phishing attacks has targeted more than 10,000 organizations starting with September 2021, using the gained access to victims' mailboxes in follow-on business email compromise (BEC) attacks.
- Sergiu Gatlan
- July 12, 2022
- 01:02 PM
- 0
Microsoft, Apple, and Google to support FIDO passwordless logins

Microsoft, Apple, and Google announced today plans to support a common passwordless sign-in standard (known as passkeys) developed by the World Wide Web Consortium (W3C) and the FIDO Alliance.
- Sergiu Gatlan
- May 05, 2022
- 12:19 PM
- 5
Okta confirms 2.5% customers impacted by hack in January

Okta, a major provider of access management systems, says that 2.5%, or approximately 375 customers, were impacted by a cyberattack claimed by the Lapsus$ data extortion group.
- Ionut Ilascu
- March 22, 2022
- 06:52 PM
- 0
FBI warns of MFA flaw used by state hackers for lateral movement

The FBI says Russian state-backed hackers gained access to a non-governmental organization (NGO) cloud after enrolling their own device in the organization's Duo MFA following the exploitation of misconfigured default multifactor authentication (MFA) protocols.
- Sergiu Gatlan
- March 15, 2022
- 05:20 PM
- 0
Android malware Escobar steals your Google Authenticator MFA codes

The Aberebot banking trojan appears to have returned, as its author is actively promoting a new version of the tool on dark web markets and forums.
- Bill Toulas
- March 12, 2022
- 10:12 AM
- 0
Devious phishing method bypasses MFA using remote access software

A devious new phishing technique allows attackers to bypass MFA by secretly having victims log in to their accounts directly on attacker-controlled servers using VNC.
- Lawrence Abrams
- February 22, 2022
- 04:57 PM
- 2
Microsoft blocked billions of brute-force and phishing attacks last year

Office 365 and Azure Active Directory (Azure AD) customers were the targets of billions of phishing emails and brute force attacks successfully blocked last year by Microsoft.
- Sergiu Gatlan
- February 03, 2022
- 11:35 AM
- 1
MFA adoption pushes phishing actors to reverse-proxy solutions

The rising adoption of multi-factor authentication (MFA) for online accounts pushes phishing actors to use more sophisticated solutions to continue their malicious operations, most notably reverse-proxy tools.
- Bill Toulas
- February 03, 2022
- 09:42 AM
- 2
Hackers rob thousands of Coinbase customers using MFA flaw

Crypto exchange Coinbase disclosed that a threat actor stole cryptocurrency from 6,000 customers after using a vulnerability to bypass the company's SMS multi-factor authentication security feature.
- Lawrence Abrams
- October 01, 2021
- 10:32 AM
- 2
Microsoft 365 MFA outage locks users out of their accounts

Microsoft is investigating an ongoing Multi-Factor Authentication (MFA) issue preventing some customers from logging into their Microsoft 365 accounts.
- Sergiu Gatlan
- September 28, 2021
- 11:19 AM
- 0