A novel phishing campaign leveraged legitimate Dropbox infrastructure and successfully bypassed multifactor authentication (MFA) protocols, new research from Darktrace has revealed. The attack highlights the growing exploitation of legitimate popular services to trick targets into downloading malware and revealing log in credentials. The findings also show how attackers are becoming adept at evading standard security […]
Multi-factor & Risk-based Authentication , Security Operations Calls Grow to Block Browser-Based Password Storage as Malware Comes Calling Mathew J. Schwartz (euroinfosec) • March 1, 2024 Hackers want you to store passwords in browsers. (Image: Shutterstock) Typing passwords is a drag. Ever-helpful browser makers and online services know this and offer to save […]
The Rhysida attackers exploit vulnerabilities like the lack of Multi-Factor Authentication (MFA) and the Zerologon vulnerability to gain initial access and maintain a presence within victims’ networks.
AWS said most-privileged users, and eventually more account types, will be required to use multifactor authentication beginning in mid-2024. The move makes the cloud giant the first of the three major hyperscalers to commit to MFA baseline controls by default. “AWS is further strengthening the default security posture of our customers’ environments by requiring the […]
Identity & Access Management , Multi-factor & Risk-based Authentication , Security Operations Uno’s Design Wisdom Will Accelerate Rollout of Okta’s First-Ever Consumer Product Michael Novinson (MichaelNovinson) • October 4, 2023 Okta purchased a password manager founded by a former Google engineer and backed by Andreessen Horowitz to get a foothold in the consumer […]
Identity & Access Management , Multi-factor & Risk-based Authentication , Security Operations Windows 11 Now Offers Passwordless Authentication, Config Refresh, Policy Control Michael Novinson (MichaelNovinson) • September 26, 2023 Image: Shutterstock Microsoft updated Windows 11 on Tuesday to simplify passwordless adoption, protect against malicious code and have the ability to refresh configuration in […]