Security News

2FA, 3FA, MFA… What does it all mean?
2022-11-09 05:30

MFA protects a system, location, or sensitive data from being accessed by an unauthorized user. MFA systems also consider a one-time password/code received by the user via SMS or authenticator app as a possession factor.

The future of MFA is passwordless
2022-10-19 03:30

Into the future with enterprise passwordless solutions. The survey isolated perceptions and adoption of newer FIDO2-certified enterprise passwordless solutions, and segregated the impact of single sign-on portal and endpoint biometric-based "Passwordless-like" experiences.

MFA Fatigue: Hackers’ new favorite tactic in high-profile breaches
2022-09-20 10:30

An MFA Fatigue attack is when a threat actor runs a script that attempts to log in with stolen credentials over and over, causing what feels like an endless stream of MFA push requests to be sent to the account's owner's mobile device. A demonstration of an MFA Fatigue attack, or MFA spam, can be seen in this YouTube video created by cybersecurity support company Reformed IT. In many cases, the threat actors will push out repeated MFA notifications and then contact the target through email, messaging platforms, or over the phone, pretending to be IT support to convince the user to accept the MFA prompt.

EvilProxy phishing-as-a-service with MFA bypass emerged on the dark web
2022-09-06 03:30

Resecurity has recently identified a new Phishing-as-a-Service called EvilProxy advertised in the Dark Web. While the incident with Twilio is solely related to the supply chain, cybersecurity risks obviously lead to attacks against downstream targets, the productized underground service like EvilProxy enables threat actors to attack users with enabled MFA on the largest scale without the need to hack upstream services.

Okta one-time MFA passcodes exposed in Twilio cyberattack
2022-08-28 17:15

The threat actor behind the Twilio hack used their access to steal one-time passwords delivered over SMS from customers of Okta identity and access management company. Okta provides its customers with multiple forms of authentication for services, including temporary codes delivered over SMS through Twilio.

Twilio breach let hackers see Okta's one-time MFA passwords
2022-08-28 17:15

The threat actor behind the Twilio hack used their access to steal one-time passwords delivered over SMS from customers of Okta identity and access management company. Okta provides its customers with multiple forms of authentication for services, including temporary codes delivered over SMS through Twilio.

Crooks target top execs on Office 365 with MFA-bypass scheme
2022-08-25 18:01

A business email compromise scheme targeting CEOs and CFOs using Microsoft Office 365 combines phishing with a man-in-the-middle attack to bypass multi-factor authentication. These attacks take advantage of a Microsoft 365 design flaw that allows miscreants to compromise accounts with MFA enabled and achieve persistence in victims' systems by adding a new, compromised, authentication method allowing them to come back at any time.

How attackers use and abuse Microsoft MFA
2022-08-24 14:34

More recently, Mandiant and Mitiga researchers have documented different approaches that allow attackers touse Microsoft MFA to their advantage. Attackers take over dormant Microsoft accounts and set up MFA. Douglas Bienstock, an IR manager at Mandiant, shared last week a new tactic by APT29 and other threat actors that involves taking advantage of the self-enrollment process for MFA in Azure Active Directory and other platforms.

Exploiting stolen session cookies to bypass multi-factor authentication (MFA)
2022-08-19 05:00

Active adversaries are increasingly exploiting stolen session cookies to bypass multi-factor authentication and gain access to corporate resources, according to Sophos. "Over the past year, we've seen attackers increasingly turn to cookie theft to work around the growing adoption of MFA. Attackers are turning to new and improved versions of information stealing malware like Raccoon Stealer to simplify the process of obtaining authentication cookies, also known as access tokens," said Sean Gallagher, principal threat researcher, Sophos.

Microsoft accounts targeted with new MFA-bypassing phishing kit
2022-08-03 18:02

A new large-scale phishing campaign targeting credentials for Microsoft email services use a custom proxy-based phishing kit to bypass multi-factor authentication. The phishing campaign's targets include fin-tech, lending, accounting, insurance, and Federal Credit Union organizations in the US, UK, New Zealand, and Australia.