Security News

Hackers use modified MFA tool against Indian govt employees
2022-03-29 16:29

A new campaign from the hacking group tracked as APT36, aka 'Transparent Tribe' or' Mythic Leopard,' has been discovered using new custom malware and entry vectors in attacks against the Indian government. The particular threat actor has been active since at least 2016, based in Pakistan, and its targets have historically been almost exclusively Indian defense and government entities.

Russia-linked attackers breach NGO by exploiting MFA, PrintNightmare vuln
2022-03-16 15:30

The US Cybersecurity and Infrastructure Security Agency and FBI issued a joint alert on March 15 warning organizations that state-backed criminals could use the MFA defaults and flaw to access networks. In this case, the unnamed cybercriminal gang took advantage of a misconfigured account to set default MFA protocols at the NGO. The bad actors enrolled a new device for MFA and accessed the NGO's network and then exploited the PrintNightmare flaw - tracked as CVE-2021-34527 - to run malicious code and gain system privileges, giving them access to email accounts and enabling them to move laterally to the organization's cloud environment and to steal documents.

FBI, CISA Warn of Russian Hackers Exploiting MFA and PrintNightmare Bug
2022-03-16 06:29

"As early as May 2021, Russian state-sponsored cyber actors took advantage of a misconfigured account set to default protocols at a non-governmental organization, allowing them to enroll a new device for MFA and access the victim network," the agencies said. The attack was pulled off by gaining initial access to the victim organization via compromised credentials - obtained by means of a brute-force password guessing attack - and enrolling a new device in the organization's Duo MFA. It's also noteworthy that the breached account was un-enrolled from Duo due to a long period of inactivity, but had not yet been disabled in the NGO's Active Directory, thereby allowing the attackers to escalate their privileges using the PrintNightmare flaw and disable the MFA service altogether.

FBI warns of MFA flaw used by state hackers for lateral movement
2022-03-15 21:20

The FBI says Russian state-backed hackers gained access to a non-governmental organization cloud after enrolling their own device in the organization's Duo MFA following the exploitation of misconfigured default multifactor authentication protocols. To breach the network, they used credentials compromised in a brute-force password guessing attack to access an un-enrolled and inactive account, not yet disabled in the organization's Active Directory.

Android malware Escobar steals your Google Authenticator MFA codes
2022-03-12 15:12

The Aberebot Android banking trojan has returned under the name 'Escobar' with new features, including stealing Google Authenticator multi-factor authentication codes. The malware author is renting the beta version of the malware for $3,000 per month to a maximum of five customers, with threat actors having the ability to test the bot for free for three days.

MFA market to reach $34.7 billion by 2027
2022-02-23 04:00

The global multi-factor authentication market reached a value of $12.9 billion in 2021, and is expected to reach $34.7 billion by 2027, exhibiting a CAGR of 17.8% during 2022-2027, according to ResearchAndMarkets. These insights are included in the report as a major market contributor.

Devious phishing method bypasses MFA using remote access software
2022-02-22 21:57

One of the biggest obstacles to successful phishing attacks is bypassing multi-factor authentication configured on the targeted victim's email accounts. D0x set up a phishing attack using the Evilginx2 attack framework that acts as a reverse proxy to steal credentials and MFA codes.

Traditional MFA is creating a false sense of security
2022-02-16 05:00

Traditional MFA methods falling short for most organizations. Multi-factor authentication spending and overall adoption is on the rise, following regulatory pressures from global initiatives, specifically the zero trust IT security model - but reluctance remains prominent.

Whitepaper: 5 steps to improved MFA adoption
2022-02-15 04:15

5 steps to improved MFA adoption is an unbiased, comprehensive analysis of the present and future of multi-factor authentication, and challenges to widespread adoption. ID, the mobile authentication platform, the guide is written and produced by independent cybersecurity experts The Cyber Hut.

Microsoft: Enterprise MFA adoption still low
2022-02-07 10:55

The recent growth in popularity of phishing kits that bypass MFA protection show that attackers have taken note of it and are adapting. Microsoft's inaugural Cyber Signals report shows, on the other hand, that only 22 percent of customers using Microsoft Azure Active Directory have implemented MFA protection.