Security News

As part of a broader initiative to strengthen security, Microsoft is rolling out Microsoft-managed Conditional Access policies in Entra ID to increase the use of multifactor authentication for enterprise accounts. Microsoft Entra Conditional Access policies are built with the current threat landscape in mind and with the objective to "Automatically protect tenants based on risk signals, licensing, and usage."

Microsoft will roll out Conditional Access policies requiring multifactor authentication from administrators when signing into Microsoft admin portals such as Microsoft Entra, Microsoft 365,...

Amazon will require all privileged AWS accounts to use multi-factor authentication for stronger protection against account hijacks leading to data breaches, starting in mid-2024.Amazon has been offering free MFA security keys for eligible AWS customers in the United States since 2021 and added more flexible MFA options on the platform in November 2022, allowing the registration of up to 8 MFA devices per account.

Amazon wants to make it more difficult for attackers to compromise Amazon Web Services root accounts, by requiring those account holders to enable multi-factor authentication. The root account holder is the first identity created when creating an AWS account and the most privileged user, as it has access to all AWS services and resources in the account.

A new report, produced by Osterman Research and commissioned by Silverfort, reveals that MFA and PAM solutions are almost never deployed comprehensively enough to provide resilience to identity threats. The identity attack surface is any organizational resource that can be accessed via username and password.

Hack blamed on new Google Authenticator sync feature. Retool is blaming the success of the hack on a new feature in Google Authenticator that allows users to synchronize their 2FA codes with their Google account.

A threat actor known as W3LL developed a phishing kit that can bypass multi-factor authentication along with other tools that compromised more than 8,000 Microsoft 365 corporate accounts. In ten months, security researchers discovered that W3LL's utilities and infrastructure were used to set up about 850 phishing that targeted credentials for more than 56,000 Microsoft 365 accounts.

The attackers' goal was to hijack highly-privileged Okta Super Administrator accounts to access and abuse identity federation features that allowed impersonating users from the compromised organization. After a successful compromise of a Super Admin account, the threat actor used anonymizing proxy services, a fresh IP address, and a new device.

Since March 2023, affiliates of the Akira and LockBit ransomware operators have been breaching organizations via Cisco ASA SSL VPN appliances. "In some cases, adversaries have conducted credential stuffing attacks that leveraged weak or default passwords; in others, the activity we've observed appears to be the result of targeted brute-force attacks on ASA appliances where multi-factor authentication was either not enabled or was not enforced for all users," Rapid7 researchers said on Tuesday.

The extension enabled threat actors to monitor browser history, take screenshots, and inject malicious scripts that targeted cryptocurrency exchanges. Multiple malicious extensions target user installations, leading to a real danger of data exfiltration and system compromise.