Microsoft MFA AuthQuake Flaw Enabled Unlimited Brute-Force Attempts Without Alerts Cybersecurity researchers have flagged a “critical” security vulnerability in Microsoft’s multi-factor authentication (MFA) implementation that allows an attacker to trivially sidestep the protection and gain unauthorized access to a victim’s account. “The bypass was simple: it took around an hour Read more…
US senators propose mandated MFA, encryption in healthcare • The Register American hospitals and healthcare organizations would be required to adopt multi-factor authentication (MFA) and other minimum cybersecurity standards under new legislation proposed by a bipartisan group of US senators. The Health Care Cybersecurity and Resiliency Act of 2024 [PDF], Read more…
Poor MFA, identity attacks dominate threat landscape in Q3 2024 Stop us if you have heard this one before: threat actors are preying on user identities and poor management of multi-factor authentication. The latest quarterly report from Cisco Talos detailed a number of trends emerging in the threat landscape, which Read more…
The Hidden Risks of Legacy MFA Sometimes, it turns out that the answers we struggled so hard to find were sitting right in front of us for so long that we somehow overlooked them. When the Department of Homeland Security, through the Cybersecurity and Infrastructure Security Agency (CISA), in coordination Read more…
Webinar on MFA, Passwords, and the Shift to Passwordless Oct 07, 2024The Hacker NewsPassword Security / Data Security The interest in passwordless authentication has increased due to the rise of hybrid work environments and widespread digitization. This has led to a greater need for reliable data security and user-friendly interfaces. Read more…
Threat Actors Behind MFA Bypass Service ‘OTP Agency’ Plead Guilty to Fraud
The criminal prosecution of the threat actors behind the “OTP Agency” has highlighted an ingenious new tactic that cybercriminals can use to bypass multi-factor authentication. (more…)
Session Hijacking 2.0 — The Latest Way That Attackers are Bypassing MFA Attackers are increasingly turning to session hijacking to get around widespread MFA adoption. The data supports this, as: 147,000 token replay attacks were detected by Microsoft in 2023, a 111% increase year-over-year (Microsoft). Attacks on session cookies now Read more…
4 Ways Hackers use Social Engineering to Bypass MFA Feb 12, 2024The Hacker NewsCyber Threat / Password Security When it comes to access security, one recommendation stands out above the rest: multi-factor authentication (MFA). With passwords alone being simple work for hackers, MFA provides an essential layer of protection against Read more…