Security News

Majority of Microsoft 365 Admins Don’t Enable MFA
2020-10-27 14:49

Up to 78 percent of Microsoft 365 administrators do not have multi-factor authentication security measures enabled. A recent report by CoreView Research also found that 97 percent of all total Microsoft 365 users do not use MFA, shedding a grim light on the security issues inherent with the implementation of Microsoft's subscription service.

78% of Microsoft 365 admins don’t activate MFA
2020-10-27 04:30

On average, 50% of users at enterprises running Microsoft 365 are not managed by default security policies within the platform, according to CoreView. Microsoft 365 administrators fail to implement basic security like MFA. The survey research shows that approximately 78% of Microsoft 365 administrators do not have multi-factor authentication activated.

MFA Bypass Bugs Opened Microsoft 365 to Attack
2020-09-15 11:47

Bugs in the multi-factor authentication system used by Microsoft's cloud-based office productivity platform, Microsoft 365, opened the door for hackers to access cloud applications via a bypass of the security system, according to researchers at Proofpoint. The flaws exist in the implementation of what is called the WS-Trust specification in cloud environments where WS-Trust is enabled and used with Microsoft 365, formerly called Office 365.

ManageEngine ADSelfService Plus now supports MFA for VPNs to protect remote workforce
2020-09-03 00:30

ManageEngine announced that ADSelfService Plus, an integrated Active Directory self-service password management and single sign-on solution, now supports multi-factor authentication for VPNs to protect organizations' internal networks from unauthorized access. "VPN gateways are directly accessible through the internet and are prone to brute force and other types of attacks. Relying on credentials alone to protect VPN access to vital resources could result in immeasurable losses," said Parthiban Paramasivam, director of product management, ADSelfService Plus.

Attackers Horn in on MFA Bypass Options for Account Takeovers
2020-08-07 20:24

While brute-forcing and password spraying techniques are the most common way to mount account takeovers, more methodical cybercriminals are able to gain access to accounts even with more secure MFA protocols in place. According to Abnormal Security, cybercriminals are zeroing in on email clients that don't support modern authentication, such as mobile email clients; and legacy email protocols, including IMAP, SMTP, MAPI and POP. Thus, even if MFA is enabled on the corporate email account, an employee checking email via mobile won't be subject to that protection.

Remote working security challenges urge MFA implementation
2020-07-14 03:00

These tools can help people complete their jobs but are fraught with security challenges. Frost & Sullivan examined how threats and attacks exist around employees' external systems and devices, and found that multi-factor authentication can be easily leveraged by IT departments.

Turn on MFA Before Crooks Do It For You
2020-06-19 19:19

People who don't take advantage of these added safeguards may find it far more difficult to regain access when their account gets hacked, because increasingly thieves will enable multi-factor options and tie the account to a device they control. Dennis soon learned the unauthorized Gmail address added to his son's hacked Xbox account also had enabled MFA. Meaning, his son would be unable to reset the account's password without approval from the person in control of the Gmail account.

Week in review: EasyJet breach, shadow IT risks, phishers bypassing Office 365 MFA
2020-05-24 07:00

Over half of security leaders still rely on spreadsheetsSenior security leaders within financial services companies are being challenged with a lack of trusted data to make effective security decisions and reduce their risk from cyber incidents, according to Panaseer. Security threats associated with shadow ITAs cyber threats and remote working challenges linked to COVID-19 continue to rise, IT teams are increasingly pressured to keep organizations' security posture intact.

Phishers are trying to bypass Office 365 MFA via rogue apps
2020-05-19 13:12

Phishers are trying to bypass the multi-factor authentication protection on users' Office 365 accounts by tricking them into granting permissions to a rogue application. How? The aforementioned authorization code is exchanged for an access token that is presented by the rogue application to Microsoft Graph, which will authorize its access.

Clever Phishing Attack Bypasses MFA to Nab Microsoft Office 365 Credentials
2020-05-19 12:40

A new phishing campaign can bypass multi-factor authentication on Office 365 to access victims' data stored on the cloud and use it to extort a Bitcoin ransom or even find new victims to target, security researchers have found. The attack is different than a typical credential harvester in that it attempts to trick users into granting permissions to the application, which can bypass MFA, he said.