MFA
-
Blog
Hackers are using this new phishing technique to bypass MFA
Microsoft has warned that a threat group known as Storm-2372 has altered its tactics using a specific ‘device code phishing’ technique to bypass multi-factor authentication (MFA) and steal access tokens. The report states that Storm-2372, which it links to Russia with ‘medium confidence’, has been conducting an active and successful device code phishing campaign since August 2024. It has been…
Read More » -
Blog
A new phishing campaign is exploiting Microsoft’s legacy ADFS identity solution to steal credentials and bypass MFA
Hackers are targeting organizations around the world that rely on Microsoft’s Active Directory Federation Services (ADFS) secure access system in an ongoing phishing campaign, according to new research. Analysis from Abnormal Security describes how Microsoft’s ADfS, a legacy single-sign-on (SSO) solution that allows employees to use one set of credentials to authenticate across multiple applications and environments, is being mimicked…
Read More » -
Blog
How hackers bypass MFA – and what to do about it
Businesses have to be increasingly wary of an industry-wide shift in phishing tactics to get around multi-factor authentication (MFA). Attackers may use tactics such as adversary in the middle (AiTM) techniques to bypass security layers such as MFA. AiTM attacks are an evolution of the man-in-the-middle (MiTM) technique, where cyber criminals intercept communications between two parties to steal sensitive data.…
Read More » -
Blog
Bitwarden makes it harder to hack password vaults without MFA
Open-source password manager Bitwarden is adding an extra layer of security for accounts that are not protected by two-factor authentication, requiring email verification before allowing access to accounts. When a potentially suspicious login attempt is detected, like from an unrecognized device, the user will now prompted to confirm the action by entering a verification code they received via email. Those…
Read More » -
Blog
Microsoft MFA outage blocking access to Microsoft 365 apps
Microsoft is investigating an ongoing Multi-Factor Authentication (MFA) outage that is blocking customers from accessing Microsoft 365 Office apps. Some affected Microsoft 365 users have also reported that MFA registration and reset are not working. “Users may be unable to access some Microsoft 365 Apps when authenticating with MFA,” Microsoft said in an incident alert published in the admin center. “We’re re-directing traffic…
Read More » -
Blog
‘Adversary in the middle attacks’ are becoming hackers’ go-to method to bypass MFA
Microsoft has announced it has taken legal action to disrupt over 240 fraudulent websites owned by an Egypt-based cyber crime group, noting the tactics deployed in the DIY phishing operation reflect a broader shift in the industry. The firm published a blog revealing its Digital Crimes Units (DCU) had disrupted the pages associated with Abanoub Nady, known online as MRxC0DER,…
Read More » -
Blog
Google Cloud will make MFA mandatory by the end of 2025 – here’s what you need to know
Google Cloud has set out its plan to raise the bar on cyber resilience and make multi-factor authentication (MFA) mandatory for all Cloud users around the world by the end of 2025. The roll-out will follow three stages aimed at ushering Google Cloud customers into a new era of improved security, the company said. Mayank Upadhyay, VP of engineering and…
Read More » -
Blog
Google Cloud to make MFA mandatory by the end of 2025
Google has announced that multi-factor authentication (MFA) will be mandatory on all Cloud accounts by the end of 2025 to enhance security. Google Cloud is a product designed for businesses, developers, and IT teams to build, deploy, and manage applications and infrastructure in the cloud. The mandatory MFA rollout will affect both admins and any users with access to Google…
Read More » -
Blog
Microsoft Entra “security defaults” to make MFA setup mandatory
Microsoft says it will improve security across Entra tenants where security defaults are enabled by making multifactor authentication (MFA) registration mandatory. This move is part of the company’s Secure Future Initiative, launched in November 2023, to boost cybersecurity protection across its products. “We’re removing the option to skip multifactor authentication (MFA) registration for 14 days when security defaults are enabled.…
Read More » -
Blog
A cyber criminal group behind an MFA bypass operation promised hackers “profit within minutes” – they’re now facing lengthy jail sentences
Three men have pleaded guilty in a UK court after operating a website assisting cyber criminals to bypass multi-factor authentication. The group, composed of Vijayasidhurshan Vijayanathan, Callum Picari, and Aza Siddeeque, ran the OTP[.]Agency site between September 2019 and March 2021, when the page was shut down. During this period, the NCA suggested the trio could have made as much…
Read More »