Last week I wrote about some of the issues with multi-factor authentication: On the same day that I published, The Register also ran an article looking at MFA issues. I am continuing my story next week, but Jeff Burt’s article is worth reading as the more you know about this …
Did you know that multi-factor authentication can be defeated by threat actors?
Multi-factor authentication (MFA) is not perfect and it can be compromised by threat actors. However, we still stand by our advice to all our clients: Always use MFA – using and authenticator app – whenever it is available. I published an article yesterday on CyberAwake about some of the issues …
Continue reading “Did you know that multi-factor authentication can be defeated by threat actors?”
How a phishing attack works
Today there is an excellent illustration of how a phishing attack works on SANS Internet Storm. It is complete with the offer of something the victim wants and then simply steals the Microsoft credentials the victim supplies – all because of a well-crafted spam email. Credential Harvesting with Telegram API …
Hacking is not just data theft and ransomware – it can be reputation damage. Some advice about your WordPress website and your reputation.
Fast Company an American magazine was hacked and abusive articles added to its news feeds, resulting in this material getting a wider audience through syndication on the Apple News app. The Apple News channel was quickly disabled and Fast Company took its site down pending a fix but the damage was …
Mass spamming starts with no MFA and credential stuffing
Microsoft has been monitoring and seeing an increase in attacks using malicious OAuth applications, installed on compromise cloud servers that then facilitate mass spamming from Exchange Online servers. Malicious OAuth applications abuse cloud email services to spread spam – Microsoft Security Blog The attack started with the threat actor launching …
Continue reading “Mass spamming starts with no MFA and credential stuffing”
