Security News

Snowflake slams 'more MFA' button again – months after Ticketmaster, Santander breaches
2024-09-16 16:45

Now it's the default for all new accounts Snowflake continues to push forward in strengthening its users' cybersecurity posture by making multi-factor authentication the default for all new accounts.…

UK trio pleads guilty to running $10M MFA bypass biz
2024-09-03 21:30

Crew bragged they could help crooks raid victims' bank accounts Updated A trio of men have pleaded guilty to running a multifactor authentication (MFA) bypass ring in the UK, which authorities...

Admins of MFA bypass service plead guilty to fraud
2024-09-02 17:46

Three men have pleaded guilty to running OTP.Agency, an online platform that provided social engineering help to obtain one-time passcodes from customers of various banks and services in the U.K. [...]

Admins of MFA bypass service plead guilty to fraud
2024-09-02 17:46

Three men have pleaded guilty to running OTP.Agency, an online platform that provided social engineering help to obtain one-time passcodes from customers of various banks and services in the U.K. [...]

How AitM Phishing Attacks Bypass MFA and EDR—and How to Fight Back
2024-08-29 11:26

Attackers are increasingly using new phishing toolkits (open-source, commercial, and criminal) to execute adversary-in-the-middle (AitM) attacks. AitM enables attackers to not just harvest...

Mandatory MFA for Azure sign-ins is coming
2024-08-19 09:23

Microsoft is making multi-factor authentication - "One of the most effective security measures available" - mandatory for all Azure sign-ins. October 2024: MFA will be required to sign-in to Azure portal, Microsoft Entra admin center, and Intune admin center Early 2025: MFA required for signing in for Azure Command Line Interface, Azure PowerShell, Azure mobile app and Infrastructure as Code tools.

Microsoft: Enable MFA or lose access to admin portals in October
2024-08-16 19:06

Microsoft warned Entra global admins on Thursday to enable multi-factor authentication (MFA) for their tenants until October 15 to ensure users don't lose access to admin portals. [...]

Snowflake lets admins make MFA mandatory across all user accounts
2024-07-10 16:45

A month after incident response giant Mandiant suggested the litany of data thefts linked to Snowflake account intrusions had the common component of lacking multi-factor authentication controls, the cloud storage and data analytics company is offering a mandatory MFA option to admins. The general availability of Snowflake Trust Center was also announced concurrently - a framework for customers to monitor compliance with the MFA policies Snowflake hopes will be applied more broadly.

Hackers abused API to verify millions of Authy MFA phone numbers
2024-07-03 16:43

Twilio has confirmed that an unsecured API endpoint allowed threat actors to verify the phone numbers of millions of Authy multi-factor authentication users, potentially making them vulnerable to SMS phishing and SIM swapping attacks. In late June, a threat actor named ShinyHunters leaked a CSV text file containing what they claim are 33 million phone numbers registered with the Authy service.

How MFA Failures are Fueling a 500% Surge in Ransomware Losses
2024-07-02 11:00

The cybersecurity threat landscape has witnessed a dramatic and alarming rise in the average ransomware payment, an increase exceeding 500%. Sophos, a global leader in cybersecurity, revealed in...