MFA

Security

Azure AD System-Preferred Multifactor Authentication is Now Generally Available

Last year, Microsoft introduced the public preview of a system-preferred multifactor authentication (MFA) for Azure Active Directory (Azure AD). The company announced yesterday that the feature is now generally available for all commercial customers. What is system-preferred MFA authentication? With system-preferred authentication enabled, Azure AD evaluates all authentication methods registered for a user account, and...

LATEST

Security – 5

Microsoft Warns About New MFA Bypass Tool Used in AiTM Phishing Campaigns

Microsoft has warned customers about Adversary-in-the-Middle (AiTM) phishing kit available for sale on a popular cybercrime forum. The software is designed to make it easier for attackers to deploy phishing campaigns to target enterprise accounts. According to the Microsoft Threat Intelligence team, this phishing kit is an open-source tool that is developed by a hacking…

View Article
Security

Microsoft Releases Azure AD System-Preferred Authentication Policy in Preview

Microsoft has started rolling out a new system-preferred authentication policy in preview for Azure AD customers. The feature enables the system to evaluate which authentication method should be used when a user signs in to Azure AD. With system-preferred authentication, Azure AD will check all authentication methods registered for an account and only show the…

View Article
Security

Stop MFA Fatigue with Additional Context and Number Matching for Microsoft Authenticator

Last week, Uber confirmed a major cybersecurity attack that compromised its internal communications and engineering systems. The company believes that someone affiliated with the hacking group Lapsus$ leveraged the MFA fatigue attack technique to compromise an Uber employee account. According to the New York Times, the hackers social engineered the company’s worker after discovering his…

View Article
Cloud Computing

Microsoft Blocks Unmanaged Azure AD Guest Accounts

Microsoft has released an update that blocks the use of unmanaged Azure AD accounts in organizations. The company has provided a set of tools to help IT admins find existing unmanaged accounts and reset their redemption status. In 2016, Microsoft introduced a self-service sign-up feature that allowed external users to sign up as guest members…

View Article
Security – 5

Mandiant Warns Hackers Now Use New Trick to Bypass MFA

Cybersecurity company Mandiant has discovered that hackers are using a new technique to target enterprise networks. The researchers warned that threat actors exploit multifactor authentication (MFA) to gain unauthorized access to dormant Microsoft accounts. According to cybersecurity researchers at Mandiant, the exploit is being used in hacking campaigns by APT29 to bypass authentication. APT29 is…

View Article
Security – 4

Microsoft Warns About New Large-Scale Phishing Campaign Bypassing MFA

Microsoft has discovered a new massive AiTM phishing campaign that can steal credentials even if the user account is protected with multi-factor authentication (MFA). The company has warned that the threat actors have targeted over 10,000 organizations since September 2021. According to Microsoft researchers, the AiTM campaign involves inserting a proxy server between a target…

View Article

Enforce MFA for SharePoint Online Sites with Conditional Access Policies

Last Update: Jun 15, 2022

Securing Confidential SharePoint Online Data SharePoint Online sites hold some very confidential information. Now that SharePoint Online supports sensitivity labels, you can protect individual documents with encryption to stop their contents leaking. Other features, like regarding newly uploaded documents sensitive by default to stop them being shared externally until Data Loss Prevention (DLP) processing completes,…

View Article
Security

FBI and CISA Issue Advisory Over Multi-Factor Authentication Flaw Abused By Russian Hackers

The US Cybersecurity and Infrastructure Security Agency (CISA) and FBI released an alert about a Russian state-backed activity that allowed hackers to bypass multi-factor authentication (MFA) and exploit a security flaw to compromise networks. The security advisory indicates that the cyberattacks targeting a non-governmental organization (NGO) started back in May 2021. The threat actors leveraged…

View Article

Microsoft Issues Warning About Multi-Phase Phishing Attacks Targeted At Azure AD

Microsoft has warned users about a new multi-phase campaign targeting enterprise customers. The Microsoft 365 Defender Threat Intelligence Team detailed its findings on its Security blog, which indicates that these phishing attacks mainly target organizations that haven’t enabled multi-factor authentication (MFA). As the name suggests, multi-factor authentication (MFA) is an authentication technique that requires two…

View Article
Go to page