All articles tagged with #mfa
Originally Published 2 months ago — by Dexerto
The Valorant 11.09 update introduces mandatory multi-factor authentication for certain accounts to combat smurfs, along with quality-of-life improvements and numerous bug fixes across maps and agents.
Originally Published 7 months ago — by BleepingComputer
Microsoft is investigating ongoing authentication issues affecting Microsoft 365 users, caused by a recent change aimed at improving MFA sign-in functionality. The incident impacts users in various regions, with Microsoft working on configuration updates to mitigate the problem while seeking a long-term solution.
Originally Published 1 year ago — by Ars Technica
Ticketmaster and several other Snowflake customers have been hacked, with threat actors obtaining credentials through info-stealing malware or purchasing them online. The hacking group ShinyHunters has claimed responsibility, seeking large sums for the stolen data. The breaches highlight the importance of multifactor authentication (MFA), which was not in place for the compromised accounts. Snowflake and security firms Mandiant and Crowdstrike are investigating, with no evidence yet of a vulnerability in Snowflake's platform.
Originally Published 1 year ago — by AdExchanger
Adalytics report exposes the prevalence of low-quality inventory in the ad tech ecosystem, despite claims of MFA prevention by vendors. The report highlights major SSPs and media companies for oversaturating the supply with garbage inventory, pointing to a systemic issue in programmatic advertising. While some companies like The Trade Desk are commended for effectively filtering out MFA, the industry's conflicting incentive structures and lack of ongoing maintenance contribute to the persistence of MFA supply.
Originally Published 1 year ago — by The Register
Microsoft confirmed that Kremlin-backed spies gained access to its network and stole internal emails and files after exploiting a legacy, non-production test tenant account that did not have multi-factor authentication (MFA) enabled. The attackers used password spray attacks and compromised a test OAuth application to access corporate inboxes belonging to top Microsoft executives and staff. Microsoft has acknowledged the need for faster implementation of MFA and has provided guides for administrators to prevent similar breaches. The incident has raised concerns about the insufficient MFA protection within the company and highlighted the importance of basic security hygiene.
Originally Published 2 years ago — by BBC.com
The US Securities and Exchange Commission (SEC) admitted that a key security procedure, multi-factor authentication (MFA), had been suspended for six months on its social media account when hackers made a fake post about Bitcoin in January. This allowed hackers to gain access to the account and make the misleading post, causing the cryptocurrency to surge in value before the post was deleted. The SEC has since confirmed the regulatory change, but the incident highlights the importance of maintaining strong cybersecurity measures, especially in government agencies, to prevent similar attacks.
Originally Published 2 years ago — by BleepingComputer
EvilProxy, a popular phishing platform, has been used in a large-scale campaign targeting Microsoft 365 accounts. Researchers have observed 120,000 phishing emails sent to over a hundred organizations, primarily impacting high-ranking executives. EvilProxy employs reverse proxies to steal authentication cookies and bypass multi-factor authentication. The campaign impersonates popular brands and utilizes open redirections to evade detection. Once an account is compromised, the threat actors establish persistence by adding their own multi-factor authentication method. Organizations are advised to increase security awareness, implement stricter email filtering rules, and adopt FIDO-based physical keys to defend against this growing threat.
Originally Published 2 years ago — by BleepingComputer
LastPass users have been locked out of their accounts and unable to access their vaults after being prompted to reset their multifactor authentication preference due to planned security upgrades. Affected customers cannot seek assistance from support since reaching out to LastPass support requires logging into their accounts which they can't do because they're locked in an infinite loop of being prompted to reset their MFA authenticator. LastPass says the MFA resets were announced via in-app messages for "several weeks" before the initial announcement.
Originally Published 2 years ago — by Neowin
Microsoft is enforcing "number matching" as an additional step in its Authenticator app to enhance the security provided by Multi-Factor Authentication (MFA) for all users starting May 8, 2023. Users will need to enter the number provided into their Authenticator app when signing in. This is to combat MFA attacks such as phishing, brute forcing, and push bombing attacks. Microsoft highly recommends enabling number matching for improved sign-in security.