Did you know that multi-factor authentication can be defeated by threat actors?

mfa cat

Multi-factor authentication (MFA) is not perfect and it can be compromised by threat actors. However, we still stand by our advice to all our clients: Always use MFA – using and authenticator app – whenever it is available. I published an article yesterday on CyberAwake about some of the issues …

Hacking is not just data theft and ransomware – it can be reputation damage. Some advice about your WordPress website and your reputation.

wordpress

Fast Company an American magazine was hacked and abusive articles added to its news feeds, resulting in this material getting a wider audience through syndication on the Apple News app. The Apple News channel was quickly disabled and Fast Company took its site down pending a fix but the damage was …

Mass spamming starts with no MFA and credential stuffing

Microsoft has been monitoring and seeing an increase in attacks using malicious OAuth applications, installed on compromise cloud servers that then facilitate mass spamming from Exchange Online servers. Malicious OAuth applications abuse cloud email services to spread spam – Microsoft Security Blog The attack started with the threat actor launching …

Microsoft Teams is keeping security tokens in plain text… and more UPDATED 23 September 2022

The original post was published on 16 September 2022 This is a real problem, no software or system should keep any security token in plain text, any time during operation. The user base for Microsoft Teams is in excess of 270 million users – we are part of that number …