All news with #mfa tag

Pro-Russia Hacktivists Exploit OT Exposures in US Now

🚨 A joint advisory from CISA, the FBI, the NSA and partners warns of a surge in pro‑Russia hacktivist activity exploiting exposed VNC and other internet-facing OT interfaces to breach systems across US water, food production and energy sectors. Low-skilled groups such as CARR, NoName057(16), Z-Pentest and Sector16 employ port scans, brute-force password guessing and simple reconnaissance tools to capture screenshots, alter parameters, disable alarms and force costly manual recoveries.

Polymorphic AI Malware: Hype vs. Practical Reality Today

🧠 Polymorphic AI malware is more hype than breakthrough: attackers are experimenting with LLMs, but practical advantages over traditional polymorphic techniques remain limited. AI mainly accelerates tasks—debugging, translating samples, generating boilerplate, and crafting convincing phishing lures—reducing the skill barrier and increasing campaign tempo. Many AI-assisted variants are unstable or detectable in practice; defenders should focus on behavioral detection, identity protections, and response automation rather than fearing instant, reliable self‑rewriting malware.

Pro-Russia Hacktivists Target Critical Infrastructure

⚠️ This joint advisory from CISA, FBI, NSA, and international partners details opportunistic intrusions by pro‑Russia hacktivist groups—CARR, NoName057(16), Z‑Pentest, and Sector16—against OT/ICS environments. Actors are exploiting internet‑exposed VNC services, using open‑source scanning and brute‑force tools to access HMI devices with default or weak credentials, causing loss of view, configuration changes, and operational downtime. The advisory urges organizations to reduce public exposure, apply network segmentation, enforce strong authentication (MFA where feasible), harden device credentials, and follow secure‑by‑design guidance for OT products.

Whaling attacks against executives: risks and mitigation

🎯 Whaling attacks are highly targeted social engineering campaigns aimed at senior executives that combine reconnaissance, spoofing, and urgency to trick leaders into divulging credentials, approving transfers, or executing malware-laden actions. Threat actors exploit executives’ visibility, limited time, and privileged access, and increasingly leverage generative AI and deepfakes to scale and refine impersonations. Key defenses include personalised executive simulations, strict multi-party approval flows for high-value transfers, AI-enhanced email filtering, deepfake detection, and a Zero Trust approach to access.

Balancing Cost and Cyber Resilience in Procurement Strategies

🔒 Procurement teams frequently chase short‑term savings, consolidating suppliers and selecting the lowest‑cost vendors, which can create systemic cyber fragility. The article warns that cost-focused procurement often overlooks vendor security posture and incident readiness, leading to outsized losses in breaches, ransomware or supply disruptions. It recommends cyber due diligence, risk-tiering, minimum baselines (e.g., MFA, encryption, patching), resilience KPIs (MTTD, MTTR, RTO) and cross-functional governance to align cost with resilience. Strategic partnerships, scenario testing and cultural change convert procurement from bargain hunters into resilience builders.

Preparing Retailers for Holiday Credential Threats

🔒 Retailers face concentrated credential risk during holiday peaks as bot-driven fraud, credential stuffing and pre-staged automated attacks target logins, payment tokens and loyalty balances. Effective defenses combine adaptive MFA, bot management, rate limiting and credential-stuffing detection to stop automation without harming checkout conversion. Strong controls for staff and third parties, plus tested failovers and tools like Specops Password Policy to block compromised passwords, reduce blast radius and protect revenue.

New Wave of VPN Login Attempts Targets GlobalProtect

🔐 Beginning December 2, a campaign using more than 7,000 IPs from German host 3xK GmbH (AS200373) carried out brute-force login attempts against Palo Alto GlobalProtect portals and soon pivoted to scanning SonicWall SonicOS API endpoints. GreyNoise links the activity to three recurring client fingerprints seen in prior scans and to earlier campaigns that generated millions of HTTP sessions. Organizations should monitor authentication velocity and failures, block implicated IPs and fingerprints, and enforce MFA to reduce credential abuse.

Hardening Browser Security with Zero Trust Controls

🔒 The article argues that the browser must be the primary enforcement point for enterprise zero trust, replacing outdated perimeter assumptions with per-request, context-aware controls. It synthesizes NIST SP 800-207 and 800-207A plus CISA guidance to describe identity-first access, least-privilege entitlements, continuous verification, phishing-resistant MFA (FIDO2/WebAuthn), device posture gating and remote browser isolation. Practical recommendations include SSO with short-lived tokens, SCIM-driven provisioning, ZTNA access proxies and governance-as-code to automate policy and reduce exposure.

Four Immediate Cybersecurity Priorities for Organizations

🔒 In this Deputy CISO blog, Damon Becknel, Microsoft’s VP and Deputy CISO for Regulated Industries, outlines four immediate priorities organizations should act on now. He emphasizes reinforcing essential cyber hygiene—accurate asset inventories, network segmentation, timely patching, MFA, EDR, and proxying email and web traffic—as the most effective means to reduce common intrusions. Becknel also urges adoption of modern standards like phishing-resistant MFA, secure DNS and DMARC, deployment of fingerprinting to track bad actors, and active cross-industry collaboration to share threat signals and raise the cost of attack.

Strengthening OT Security with Robust Password Policies

🔒 Operational technology (OT) environments underpin critical infrastructure but frequently lag behind IT in cybersecurity maturity. Strong password policies mitigate risks from outdated hardware, shared accounts, remote vendor access, and credential reuse. Core measures include prioritizing password length, enforcing rotation with reuse prevention, and adopting password vaults. Combined with MFA, network segmentation and Privileged Access Workstations, these practices form a resilient OT security posture.

Phishing, Privileges and Passwords: Identity Risk Guide

🔒Identity-focused attacks are driving major breaches across industries, with recent vishing incidents at M&S and Co-op enabling ransomware intrusions and combined losses exceeding £500 million. Attackers harvest credentials via infostealers, targeted phishing/smishing/vishing, breached password stores and automated attacks like credential stuffing. Implement least privilege, strong unique passwords in managers, MFA (authenticator apps or passkeys), PAM and automated identity lifecycle controls to limit blast radius.

Marquis data breach affects over 74 US banks, credit unions

🔒 Financial software provider Marquis Software Solutions disclosed a ransomware intrusion on August 14, 2025, after attackers breached a SonicWall firewall and exfiltrated certain files. The incident potentially impacted roughly 400,000 customers across 74 banks and credit unions and involved names, contact details, Social Security and Taxpayer IDs, account information (no security codes), and dates of birth. Marquis says there is no confirmed misuse or publication of the data to date and is notifying affected institutions and state regulators while implementing enhanced security measures, including MFA, patching, account cleanup, and tightened firewall policies.

AI Phishing Factories: Tools Fueling Modern BEC Attacks

🔒 Today's low-cost AI services have industrialized cybercrime, enabling novice actors to produce highly convincing BEC and phishing content at scale. Tools such as WormGPT, FraudGPT, and SpamGPT remove traditional barriers by generating personalized messages, exploit code, and automated delivery that evade static filters. Defensive detection alone is insufficient when signatures continually mutate; organizations must protect identity and neutralize credential exposure. Join the webinar to learn targeted signatures and access-point controls to stop attacks even after a click.

Browser Defense Playbook: Securing the New Work Center

🛡️ Unit 42’s Browser Defense Playbook warns that modern work happens primarily in the browser—about 85% of daily tasks—and that attackers increasingly exploit that centrality with phishing, malicious extensions, drive-by downloads and session hijacks. The guide identifies common failures such as unmanaged extensions, lax policies and blind spots in encrypted traffic. It recommends extending zero trust to the browser with strong MFA, conditional access, continuous monitoring and vetted extension allow lists, and points to Prisma Browser for agentless inspection and DLP.

When Hackers Wear Suits: Preventing Insider Impersonation

🛡️ The hiring pipeline is being exploited by sophisticated threat actors who create fake personas—complete with fabricated resumes, AI-generated videos, and stolen identities—to secure privileged remote roles inside organizations. Once hired these imposters can exfiltrate data, plant backdoors, or extort employers, making the risk especially acute for MSPs that manage multiple clients. Strengthening HR verification, staged access provisioning, hardware-based MFA, network segmentation, and ongoing security awareness training are essential to mitigate this insider impersonation threat.

Agentic AI Browsers: New Threats to Enterprise Security

🚨 The emergence of agentic AI browsers converts the browser from a passive viewer into an autonomous digital agent that can act on users' behalf. To perform tasks—booking travel, filling forms, executing payments—these agents must hold session cookies, saved credentials, and payment data, creating an unprecedented attack surface. The piece cites OpenAI's ChatGPT Atlas as an example and warns that prompt injection and the resulting authenticated exfiltration can bypass conventional MFA and network controls. Recommended mitigations include auditing endpoints for shadow AI browsers, enforcing allow/block lists for sensitive resources, and augmenting native protections with third-party browser security and anti-phishing layers.

Oversharing Risks: Employees Posting Too Much Online

🔒 Professionals routinely share work-related details on platforms such as LinkedIn, GitHub and consumer networks like Instagram and X, creating a public intelligence trove that attackers readily exploit. Job titles, project names, vendor relationships, commit metadata and travel plans are commonly weaponised into spearphishing, BEC and deepfake-enabled schemes. Organisations should emphasise security awareness, implement clear social media policies, enforce MFA and password managers, actively monitor public accounts and run red-team exercises to validate controls.

Adopting Remote Privileged Access: The Shift to RPAM

🔒 Remote Privileged Access Management (RPAM) provides a cloud-native approach to securing privileged accounts beyond traditional perimeters, enabling administrators, contractors and third-party vendors to connect securely from any device or location. RPAM enforces least-privilege, Just-in-Time access and multi-factor authentication while recording detailed session logs without relying on VPNs. By supporting zero-trust principles and scalable deployments, RPAM reduces attack surface and streamlines compliance.

Seven Security Practices That Should Be Retired Now

🔒 This article identifies seven security practices that have become obsolete in modern, cloud-first and hybrid workplaces. Contributors including Amit Basu, George Gerchow and others warn against relying on perimeter defenses, legacy VPNs, SMS-based 2FA and on-premises SIEMs, and caution about overreliance on EDR or compliance-only programs. It recommends shifting to Zero Trust, SASE, continuous monitoring and active security awareness to close visibility gaps and reduce risk.

Microsoft to Block Unauthorized Scripts in Entra ID

🔒 Microsoft will update its Content Security Policy to block unauthorized script injection during browser-based Entra ID sign-ins at login.microsoftonline.com. The policy will permit script downloads only from Microsoft-trusted CDN domains and allow inline execution solely from trusted Microsoft sources. Rolled out globally in mid-to-late October 2026 under the Secure Future Initiative, the change excludes Microsoft Entra External ID. Organizations should test sign-in flows and avoid browser extensions or tools that inject code to prevent authentication friction.