Tag

Mfa

All articles tagged with #mfa

cybersecurity19 days ago•60 min saved

MuddyWater Uses Teams to Harvest Credentials and Subvert MFA in Chaos False-Flag Campaign

Security researchers describe a MuddyWater operation that exploited Microsoft Teams for external contact and screen-sharing to harvest user credentials (credentials.txt/cred.txt) and push MFA changes, followed by backdoor access using DWAgent and AnyDesk. The attackers deployed a custom RAT (Game.exe) and used C2 domains linked to MuddyWater, framing the intrusion as a Chaos ransomware false-flag campaign focused on credential theft and data exfiltration rather than encryption. The campaign featured indicators like a forged code-signing certificate and stolen credentials enabling lateral movement to Domain Controllers.

via CyberSecurityNews|

#credential-harvesting #cybersecurity #mfa

technology2 months ago•3 min saved

CISA urges tightening Intune controls after Stryker wipe incident

CISA urged U.S. organizations to harden Microsoft Intune following Stryker's breach, recommending least-privilege admin access, MFA, RBAC, and multi-admin approvals to prevent the wipe of nearly 80,000 devices.

via BleepingComputer|

#cisa #intune #mfa

security2 months ago•2 min saved

CISA Pushes Hardened Endpoint Security Following Stryker Incident

CISA urges U.S. organizations to harden endpoint-management configurations after the Stryker breach, calling for least-privilege RBAC, phishing-resistant MFA, Entra ID/Conditional Access, and Multi Admin Approval, with guidance drawn from Microsoft Intune best practices to prevent abuse of legitimate endpoint-management tools.

via CISA (.gov)|

#cisa #endpoint-management #mfa

security2 months ago•3 min saved

OAuth Redirect Attacks Deliver Malware and Bypass MFA

Microsoft Defender researchers warn attackers abuse OAuth 2.0 redirect flows to bypass phishing protections by registering malicious OAuth apps and directing users to attacker-controlled redirect URIs, sometimes via PDFs; victims are taken to phishing pages or intermediaries like EvilProxy that can intercept session cookies to bypass MFA. Other campaigns deliver ZIPs with LNK files that launch PowerShell and DLL side-loading to drop payloads. These are identity-based threats exploiting standard OAuth error handling; Microsoft advises tighter OAuth permissions, stronger identity protections, Conditional Access, and cross-domain detection across email, identity, and endpoints.

via BleepingComputer|

#malware #mfa #oauth

gaming7 months ago•5 min saved

Valorant 11.09 Update Introduces MFA and Anti-Smurf Measures

The Valorant 11.09 update introduces mandatory multi-factor authentication for certain accounts to combat smurfs, along with quality-of-life improvements and numerous bug fixes across maps and agents.

via Dexerto|

#gaming #mfa #patch-notes

technology11 months ago•2 min saved

Microsoft 365 Authentication Problems Impact Users Worldwide

Microsoft is investigating ongoing authentication issues affecting Microsoft 365 users, caused by a recent change aimed at improving MFA sign-in functionality. The incident impacts users in various regions, with Microsoft working on configuration updates to mitigate the problem while seeking a long-term solution.

via BleepingComputer|

#authentication-issues #incident #mfa

cybersecurity2 years ago•3 min saved

"Ticketmaster Data Breach Exposes Millions, Sparks Lawsuits"

Ticketmaster and several other Snowflake customers have been hacked, with threat actors obtaining credentials through info-stealing malware or purchasing them online. The hacking group ShinyHunters has claimed responsibility, seeking large sums for the stolen data. The breaches highlight the importance of multifactor authentication (MFA), which was not in place for the compromised accounts. Snowflake and security firms Mandiant and Crowdstrike are investigating, with no evidence yet of a vulnerability in Snowflake's platform.

via Ars Technica|

#cybersecurity #data-breach #mfa

advertising-technology2 years ago•7 min saved

"Uncovering Ad Tech Failures: The Costly Truth Behind Made-for-Advertising Sites"

Adalytics report exposes the prevalence of low-quality inventory in the ad tech ecosystem, despite claims of MFA prevention by vendors. The report highlights major SSPs and media companies for oversaturating the supply with garbage inventory, pointing to a systemic issue in programmatic advertising. While some companies like The Trade Desk are commended for effectively filtering out MFA, the industry's conflicting incentive structures and lack of ongoing maintenance contribute to the persistence of MFA supply.

via AdExchanger|

#ad-tech #adalytics #advertising-technology

technology2 years ago•3 min saved

"Learning from Microsoft's Russian Hacking Incident: New Guidance and Mistakes to Avoid"

Microsoft confirmed that Kremlin-backed spies gained access to its network and stole internal emails and files after exploiting a legacy, non-production test tenant account that did not have multi-factor authentication (MFA) enabled. The attackers used password spray attacks and compromised a test OAuth application to access corporate inboxes belonging to top Microsoft executives and staff. Microsoft has acknowledged the need for faster implementation of MFA and has provided guides for administrators to prevent similar breaches. The incident has raised concerns about the insufficient MFA protection within the company and highlighted the importance of basic security hygiene.

via The Register|

#cybersecurity #email-breach #mfa

cybersecurity2 years ago•2 min saved

SEC Acknowledges Cybersecurity Failure in Bitcoin-Related Hack

The US Securities and Exchange Commission (SEC) admitted that a key security procedure, multi-factor authentication (MFA), had been suspended for six months on its social media account when hackers made a fake post about Bitcoin in January. This allowed hackers to gain access to the account and make the misleading post, causing the cryptocurrency to surge in value before the post was deleted. The SEC has since confirmed the regulatory change, but the incident highlights the importance of maintaining strong cybersecurity measures, especially in government agencies, to prevent similar attacks.

via BBC.com|

#bitcoin #cyber-security #cybersecurity

cybersecurity2 years ago•2 min saved

EvilProxy Phishing Campaign Exploits Microsoft 365 Users and Executives

EvilProxy, a popular phishing platform, has been used in a large-scale campaign targeting Microsoft 365 accounts. Researchers have observed 120,000 phishing emails sent to over a hundred organizations, primarily impacting high-ranking executives. EvilProxy employs reverse proxies to steal authentication cookies and bypass multi-factor authentication. The campaign impersonates popular brands and utilizes open redirections to evade detection. Once an account is compromised, the threat actors establish persistence by adding their own multi-factor authentication method. Organizations are advised to increase security awareness, implement stricter email filtering rules, and adopt FIDO-based physical keys to defend against this growing threat.

via BleepingComputer|

#account-takeover #cybersecurity #evilproxy

technology2 years ago•3 min saved

"Fury Among LastPass Users Locked Out by MFA Resets"

LastPass users have been locked out of their accounts and unable to access their vaults after being prompted to reset their multifactor authentication preference due to planned security upgrades. Affected customers cannot seek assistance from support since reaching out to LastPass support requires logging into their accounts which they can't do because they're locked in an infinite loop of being prompted to reset their MFA authenticator. LastPass says the MFA resets were announced via in-app messages for "several weeks" before the initial announcement.

via BleepingComputer|

#authentication #lastpass #mfa

technology3 years ago•1 min saved

Microsoft's Authenticator now defaults to number matching for MFA security.

Microsoft is enforcing "number matching" as an additional step in its Authenticator app to enhance the security provided by Multi-Factor Authentication (MFA) for all users starting May 8, 2023. Users will need to enter the number provided into their Authenticator app when signing in. This is to combat MFA attacks such as phishing, brute forcing, and push bombing attacks. Microsoft highly recommends enabling number matching for improved sign-in security.

via Neowin|

#authenticator #mfa #microsoft