Security News

Why Phishing-Resistant MFA Is No Longer Optional: The Hidden Risks of Legacy MFA
2024-10-24 11:00

Sometimes, it turns out that the answers we struggled so hard to find were sitting right in front of us for so long that we somehow overlooked them. When the Department of Homeland Security,...

Modernization of Authentication: Webinar on MFA, Passwords, and the Shift to Passwordless
2024-10-07 10:05

The interest in passwordless authentication has increased due to the rise of hybrid work environments and widespread digitization. This has led to a greater need for reliable data security and...

Session Hijacking 2.0 — The Latest Way That Attackers are Bypassing MFA
2024-09-30 11:20

Attackers are increasingly turning to session hijacking to get around widespread MFA adoption. The data supports this, as: 147,000 token replay attacks were detected by Microsoft in 2023, a 111%...

MFA bypass becomes a critical security issue as ransomware tactics advance
2024-09-24 03:00

Ransomware is seen as the biggest cybersecurity threat across every industry, with 75% of organizations affected by ransomware more than once in the past 12 months – a jump from 61% in 2023,...

Snowflake slams 'more MFA' button again – months after Ticketmaster, Santander breaches
2024-09-16 16:45

Now it's the default for all new accounts Snowflake continues to push forward in strengthening its users' cybersecurity posture by making multi-factor authentication the default for all new accounts.…

UK trio pleads guilty to running $10M MFA bypass biz
2024-09-03 21:30

Crew bragged they could help crooks raid victims' bank accounts Updated A trio of men have pleaded guilty to running a multifactor authentication (MFA) bypass ring in the UK, which authorities...

Admins of MFA bypass service plead guilty to fraud
2024-09-02 17:46

Three men have pleaded guilty to running OTP.Agency, an online platform that provided social engineering help to obtain one-time passcodes from customers of various banks and services in the U.K. [...]

Admins of MFA bypass service plead guilty to fraud
2024-09-02 17:46

Three men have pleaded guilty to running OTP.Agency, an online platform that provided social engineering help to obtain one-time passcodes from customers of various banks and services in the U.K. [...]

How AitM Phishing Attacks Bypass MFA and EDR—and How to Fight Back
2024-08-29 11:26

Attackers are increasingly using new phishing toolkits (open-source, commercial, and criminal) to execute adversary-in-the-middle (AitM) attacks. AitM enables attackers to not just harvest...

Mandatory MFA for Azure sign-ins is coming
2024-08-19 09:23

Microsoft is making multi-factor authentication - "One of the most effective security measures available" - mandatory for all Azure sign-ins. October 2024: MFA will be required to sign-in to Azure portal, Microsoft Entra admin center, and Intune admin center Early 2025: MFA required for signing in for Azure Command Line Interface, Azure PowerShell, Azure mobile app and Infrastructure as Code tools.