Security News

3 main tactics attackers use to bypass MFA
2023-12-26 05:00

SE Labs advised CISOs to step-up their efforts against attacks on systems protected by MFA in response to increased attacker activity to exploit failure points. As is often the case when compromising systems, attackers have not reinvented the wheel to circumvent MFA, or 2FA, as it is also known.

What to do when receiving unprompted MFA OTP codes
2023-12-17 16:06

Marketplaces devoted to selling stolen consumer online accounts make financial fraud easy, where threat actors can buy accounts for as little as $1.50 to Amazon, Marriot Bonvoy rewards accounts, Dunkin, Instacart, and many other well-known retail stores. To better secure your online accounts, many companies offer a security feature called multi-factor authentication, which when configured, requires users to enter an additional form of verification before being allowed to log in to their account.

Money-grubbing crooks abuse OAuth – and baffling absence of MFA – to do financial crimes
2023-12-14 11:03

OAuth is an especially appealing target for criminals in cases where compromised accounts don't have strong authentication in place, and user permissions allow them to create or modify OAuth applications. Microsoft, in a threat intel report, details one cyber crime crew it tracks as Storm-1283 that used a compromised account to create an OAuth application and deploy VMs for crypto mining, while also racking up between $10,000 and $1.5 million in Azure compute fees.

MFA under fire, attackers undermine trust in security measures
2023-11-20 05:30

MFA adds security to online accounts, but MFA lookalikes are a real threat to consumers and enterprises. Consumers have come to trust MFA, but attackers can now get in the middle and take over accounts.

Microsoft Authenticator suppresses suspicious MFA notifications
2023-11-08 14:36

Microsoft has quietly rolled out a new mechanism that shields users of its mobile Authenticator app from suspicious push notifications triggered by attackers. In early May, Microsoft added the number matching feature for Microsoft Authenticator push notifications to boost account security and stymie attackers relying on multi-factor authentication fatigue.

Microsoft likens MFA to 1960s seatbelts, buckles admins in yet keeps eject button
2023-11-07 17:45

It mandates privileged admin accounts to complete MFA when accessing Microsoft admin portals such as Azure, Microsoft 365 admin center, and Exchange admin center. Admins can choose to opt out of the policy despite the warning, but Microsoft said in the future it will place an increasing number of MFA requirements on specific interactions regardless.

Microsoft Authenticator now blocks suspicious MFA alerts by default
2023-11-07 15:40

Microsoft has introduced a new protective feature in the Authenticator app to block notifications that appear suspicious based on specific checks performed during the account login stage. Microsoft Authenticator is an app that provides multi-factor authentication, password auto-fill, and password-less sign-in to Microsoft accounts.

Microsoft introduces new access policies in Entra to boost MFA usage
2023-11-07 15:06

As part of a broader initiative to strengthen security, Microsoft is rolling out Microsoft-managed Conditional Access policies in Entra ID to increase the use of multifactor authentication for enterprise accounts. Microsoft Entra Conditional Access policies are built with the current threat landscape in mind and with the objective to "Automatically protect tenants based on risk signals, licensing, and usage."

Microsoft will roll out MFA-enforcing policies for admin portal access
2023-11-06 20:00

Microsoft will roll out Conditional Access policies requiring multifactor authentication from administrators when signing into Microsoft admin portals such as Microsoft Entra, Microsoft 365,...

Amazon to make MFA mandatory for 'root' AWS accounts by mid-2024
2023-10-05 17:06

Amazon will require all privileged AWS accounts to use multi-factor authentication for stronger protection against account hijacks leading to data breaches, starting in mid-2024.Amazon has been offering free MFA security keys for eligible AWS customers in the United States since 2021 and added more flexible MFA options on the platform in November 2022, allowing the registration of up to 8 MFA devices per account.