tldrdailynews.com logo
Tag

Mfa Bypass

All articles tagged with #mfa bypass

FBI Warns Kali365 PhaaS Bypasses MFA on Microsoft 365
cybersecurity2 hours ago

FBI Warns Kali365 PhaaS Bypasses MFA on Microsoft 365

The FBI issued a PSA about Kali365, a phishing‑as‑a‑service that exploits Microsoft’s OAuth device-code flow to hijack Entra and Microsoft 365 accounts, stealing session tokens and bypassing MFA. Kali365, distributed via Telegram, provides AI‑generated phishing lures, automated campaigns, and real‑time dashboards, with two attack modes: device‑code phishing and a Cookie Link adversary‑in‑the‑middle. Arctic Wolf observed global campaigns targeting Microsoft 365 environments, including creating malicious inbox rules and registering new devices. The FBI urges blocking device‑code authentication with Conditional Access, auditing usage, reporting incidents to IC3, and preserving phishing emails and suspicious activity. Device-code phishing has surged in 2026, with other PhaaS tools like EvilTokens and Tycoon2FA using similar methods.

via BleepingComputer|
#cybersecurity#device-code#kali365
Consent Phishing Turns OAuth Grants into Long-Lived Access Tokens
technology4 days ago

Consent Phishing Turns OAuth Grants into Long-Lived Access Tokens

Security researchers warn that phishing via OAuth consent screens can bypass MFA by stealing refresh tokens, enabling attackers to access mail, drive, and calendars across Microsoft 365 tenants. EvilTokens reportedly compromised 340+ orgs in five countries by tricking users into approving scopes, leaving tokens valid for weeks or months unless explicitly revoked. The risk arises because consent flows sit outside traditional authentication controls and can bridge multiple apps—a 'toxic combination.' Mitigations include continuous OAuth/app inventory, monitoring grant age and re-consent, cross-application identity tracking, conditional access on consent events, and token-level revocation; platforms like Reco claim to map these grants to an identity graph for proactive detection and revocation.

via The Hacker News|
#consent-phishing#cross-application-integrations#mfa-bypass
SonicWall Faces Multiple Security Breaches and Urges Customer Action
cybersecurity7 months ago

SonicWall Faces Multiple Security Breaches and Urges Customer Action

Akira ransomware attacks on SonicWall VPNs continue despite MFA, exploiting stolen OTP seeds and a known access control flaw (CVE-2024-40766). Threat actors use stolen credentials and advanced techniques like BYOVD to bypass security, emphasizing the need for immediate credential resets and firmware updates to mitigate ongoing risks.

via BleepingComputer|
#akira-ransomware#cve-2024-40766#cybersecurity