My TechDecisions

Search Results: mfa

Threat Detection Trends, 2023 Hacking Trends, Expel

New Email Rules, MFA Bypass Are Top Hacking Tactics So Far in 2023

Cybersecurity firm Expel's 2023 first quarter threat report finds that hackers are hiding their activity with email rules and bypassing MFA.

June 1, 2023 Zachary Comeau Leave a Comment

Account compromise, new inbox rules designed to hide malicious activity, and multifactor authentication bypass are the most popular hacking tactics being utilized by threat actors so far in 2023, according to a new report from cybersecurity firm Expel. According to the managed detection and response provider, identity-based attacks such as account compromise, account takeover and […]

Read More
ManageEngine Logo, ADSelfService Plus

ManageEngine Rolls Out ADSelfService Plus Offline MFA

ADSelfService Plus allows remote users to securely authenticate via MFA even if they are offline for enhanced remote work security.

May 3, 2023 TD Staff Leave a Comment

ManageEngine, the enterprise IT management division of Zoho Corporation, announced its identity security solution, ADSelfService Plus, now offers offline MFA for Windows. The new feature allows organizations to secure their data with authentication methods that prevent unsecured access to remote machines even when they are disconnected from the internet or when the authentication server is […]

Read More
MFA bypass, AiTM

Microsoft Warns of Increasing Use of MFA Bypass Tools in Phishing Attacks

Threat actors are stepping up their use of Adversary-in-the-Middle attacks that bypass multi-factor authentication tools, Microsoft says.

March 14, 2023 Zachary Comeau Leave a Comment

Microsoft is warning organizations of an uptick in Adversary-in-the-Middle (AiTM) phishing kits that are capable of bypassing multi-factor authentication (MFA) through reverse-proxy functionality, rendering the security tool that many organizations now deploy useless. In a new blog, the Microsoft Threat Intelligence Team dives into a threat actor it calls DEV-1101, a group that develops, supports […]

Read More
Token Theft

Hackers are Increasing Token Theft Attacks to Bypass MFA

Microsoft says it has seen an increase in attackers utilizing token theft to compromise identities that have completed MFA.

November 22, 2022 Zachary Comeau Leave a Comment

Organizations are increasing their implementation of multifactor authentication (MFA) to help secure account credentials and prevent unauthorized access, but threat actors are similarly advancing their techniques and are finding ways around those protections, including stealing tokens, according to Microsoft. In a recent post, Microsoft says its Detection and Response Team has seen an increase in […]

Read More
AWS S3

AWS Identity and Access Management Supports Multiple MFA Devices

AWS is making it possible to add multiple MFA devices to AWS Account root users and AWS Identity and Access Management users.

November 17, 2022 Zachary Comeau Leave a Comment

Amazon Web Services (AWS) is making it possible to add multiple multi-factor authentication devices to AWS Account root users and AWS Identity and Access Management (IAM) users in their AWS accounts in a move to help limit access management to highly privileged principals. Previously, organizations could only have one MFA device associated with root users […]

Read More
Microsoft Windows 11 Copilot

Microsoft Rolls Out New Azure MFA Migration Tool

Microsoft is launching the general availability of the new Azure MFA Server Migration Utility to help customers modernize security.

September 2, 2022 Zachary Comeau Leave a Comment

Microsoft is launching the general availability of the new Azure MFA Server Migration Utility to help customers modernize security and migrate from on-premises MFA Server to cloud-based Azure MFA. This comes after Microsoft began blocking new downloads of the on-prem MFA Server since July 2019, pushing customers toward Azure MFA, which Microsoft calls its “premier […]

Read More
Beyond Identity

Research: Only 28% of SMBs Require MFA

Small and medium-sized businesses lack the awareness and resources to implement multi-factor authentication, Cyber Readiness Institute says.

July 6, 2022 Zachary Comeau Leave a Comment

The majority of small and medium-sized businesses (SMBs) are not leveraging multi-factor authentication (MFA) and are relying only on usernames and passwords to secure their data, according to a new study from the Cyber Readiness Institute. According to the organization’s Global Small Business Multi-Factor Authentication Study of 1,403 small and medium-sized businesses across eight countries, […]

Read More
Google, Bard

Google I/O: New Security Features in Workspace, Enrolling More Users In MFA

New phishing and malware protections in Workspace and the automatic enrollment of users in MFA highlight Google's security announcements during I/O.

May 13, 2022 Zachary Comeau Leave a Comment

In addition to a range of new developer tools and new features in Workspace and Google Meet, Google announced during its I/O conference this week several new security features to help keep users and organizations secure. The new security capabilities include account safety for apps, new phishing protections, virtual cards and automatic enrollment in multi-factor […]

Read More
Proofpoint CISO, CISOs cyberattack

CISA: Russian Hackers Leveraged Default MFA, PrintNightmare To Gain Network Access

Using stolen credentials, misconfigured MFA and PrintNightmare, Russian state-sponsored hackers compromised a victim's network, agencies say.

March 16, 2022 Zachary Comeau Leave a Comment

According to U.S. authorities, Russian state-sponsored hackers are leveraging default multi-factor authentication (MFA) protocols and the PrintNightmare vulnerabilities to gain network access. In a joint advisory, the FBI and Cybersecurity and Infrastructure Security Agency say cyber actors backed by the Russian government began pairing those attack vectors as early as May 2021 to target a […]

Read More