Security News

Since March 2023, affiliates of the Akira and LockBit ransomware operators have been breaching organizations via Cisco ASA SSL VPN appliances. "In some cases, adversaries have conducted credential stuffing attacks that leveraged weak or default passwords; in others, the activity we've observed appears to be the result of targeted brute-force attacks on ASA appliances where multi-factor authentication was either not enabled or was not enforced for all users," Rapid7 researchers said on Tuesday.

The extension enabled threat actors to monitor browser history, take screenshots, and inject malicious scripts that targeted cryptocurrency exchanges. Multiple malicious extensions target user installations, leading to a real danger of data exfiltration and system compromise.

LastPass password manager users have been experiencing significant login issues starting early May after being prompted to reset their authenticator apps. Since then, numerous users have been locked out of their accounts and unable to access their LastPass vault, even after successfully resetting their MFA applications.

MFA authentication has steadily gained traction across organizations and industries, largely due to its critical role in mitigating cybersecurity risks. Organizations with fewer than 300 employees exceed the MFA use of enterprises with more than 20,000 employees.

Well-designed MFA methods continue to have a place in an organization's security ecosystem, and MFA is required to comply with many global regulations such as HIPPA, Payment Card Industry Data Security Standards, the Cybersecurity and Infrastructure Security Agency, GDPR, and the EU's Payment Services Directive 2. Organizations need protections that go beyond MFA. But MFA controls also generate considerable friction, causing customer frustration and negatively impacting business revenue.

A report from the Microsoft Defender Experts reveals a new multi-staged adversary in the middle phishing attack combined with a business email compromise attack targeting banking and financial institutions. The phishing email impersonates one of the target's trusted vendors to appear more legitimate and blend with legitimate email traffic and bypass detections, especially when an organization has policies to automatically allow emails from trusted vendors.

Cybercriminals are increasingly posing as multi-factor authentication vendors and small businesses are becoming more popular targets, according to VIPRE. Attachment-based malspam is on the rise. The report also concluded that attachment-based malspam is on the rise, by a significant 22% when compared to malspam with links.

Microsoft has started enforcing number matching in Microsoft Authenticator push notifications to fend off multi-factor authentication fatigue attacks. As previously announced, Microsoft will start enforcing number matching for Microsoft Authenticator MFA alerts to block MFA fatigue attack attempts across tenants beginning today.

The report revealed a significant increase in MFA deployment for customers, which jumped to 57% from 45%. "Not all MFA is equal, and even though businesses know legacy MFA tools are not effective to stay secure, we're seeing they're still using them as primary tools of defense," said Ronnie Manning, CMO, Yubico. "Now more than ever, education around the importance of phishing-resistant MFA is critical to officially move away from legacy MFA tools that are leaving thousands of businesses exposed to cyberattacks around the world," Manning continued.

Cryptocurrency thieves are targeting users of Chromium-based browsers - Google Chrome, Microsoft Edge, Brave Browser, and Opera - with an extension that steals credentials and can grab multi-factor authentication codes. Dubbed Rilide by Trustwave researchers, the extension mimics the legitimate Google Drive extension while, in the background, it disables the Content Security Policy, collects system information, exfiltrates browsing history, takes screenshots, and injects malicious scripts.