Security News

A new report, produced by Osterman Research and commissioned by Silverfort, reveals that MFA and PAM solutions are almost never deployed comprehensively enough to provide resilience to identity threats. The identity attack surface is any organizational resource that can be accessed via username and password.

Hack blamed on new Google Authenticator sync feature. Retool is blaming the success of the hack on a new feature in Google Authenticator that allows users to synchronize their 2FA codes with their Google account.

A threat actor known as W3LL developed a phishing kit that can bypass multi-factor authentication along with other tools that compromised more than 8,000 Microsoft 365 corporate accounts. In ten months, security researchers discovered that W3LL's utilities and infrastructure were used to set up about 850 phishing that targeted credentials for more than 56,000 Microsoft 365 accounts.

The attackers' goal was to hijack highly-privileged Okta Super Administrator accounts to access and abuse identity federation features that allowed impersonating users from the compromised organization. After a successful compromise of a Super Admin account, the threat actor used anonymizing proxy services, a fresh IP address, and a new device.

Since March 2023, affiliates of the Akira and LockBit ransomware operators have been breaching organizations via Cisco ASA SSL VPN appliances. "In some cases, adversaries have conducted credential stuffing attacks that leveraged weak or default passwords; in others, the activity we've observed appears to be the result of targeted brute-force attacks on ASA appliances where multi-factor authentication was either not enabled or was not enforced for all users," Rapid7 researchers said on Tuesday.

The extension enabled threat actors to monitor browser history, take screenshots, and inject malicious scripts that targeted cryptocurrency exchanges. Multiple malicious extensions target user installations, leading to a real danger of data exfiltration and system compromise.

LastPass password manager users have been experiencing significant login issues starting early May after being prompted to reset their authenticator apps. Since then, numerous users have been locked out of their accounts and unable to access their LastPass vault, even after successfully resetting their MFA applications.

MFA authentication has steadily gained traction across organizations and industries, largely due to its critical role in mitigating cybersecurity risks. Organizations with fewer than 300 employees exceed the MFA use of enterprises with more than 20,000 employees.

Well-designed MFA methods continue to have a place in an organization's security ecosystem, and MFA is required to comply with many global regulations such as HIPPA, Payment Card Industry Data Security Standards, the Cybersecurity and Infrastructure Security Agency, GDPR, and the EU's Payment Services Directive 2. Organizations need protections that go beyond MFA. But MFA controls also generate considerable friction, causing customer frustration and negatively impacting business revenue.

A report from the Microsoft Defender Experts reveals a new multi-staged adversary in the middle phishing attack combined with a business email compromise attack targeting banking and financial institutions. The phishing email impersonates one of the target's trusted vendors to appear more legitimate and blend with legitimate email traffic and bypass detections, especially when an organization has policies to automatically allow emails from trusted vendors.