All news with #mfa tag

Blueprint for Hardening Microsoft Exchange Servers

🔒 CISA, the NSA, and international partners released the Microsoft Exchange Server Security Best Practices blueprint to help administrators of on‑premises and hybrid Exchange environments strengthen defenses against persistent cyber threats. The guidance builds on CISA’s Emergency Directive 25‑02 and emphasizes restricting administrative access, implementing multifactor authentication, enforcing strict transport security, and adopting zero trust principles. It also urges organizations to remediate or replace end‑of‑life Exchange versions, apply recommended mitigations, and consider migrating to cloud-based email to reduce operational complexity and exposure.

Protecting Older Family Members From Financial Scams

🔒Elder fraud is rising sharply: in 2024 Americans aged 60+ reported nearly $4.9 billion lost to online scams, with an average loss of about $83,000 per victim. Effective protection pairs ongoing, shame-free family communication with practical technical measures and a clear remediation plan. Teach relatives to use a password manager, enable two-factor authentication, block popups and robocalls, keep devices updated, and verify any urgent financial request before acting.

Identity Crisis at the Perimeter: AI-Driven Impersonation

🛡️ Organizations face an identity crisis as generative AI and vast troves of breached personal data enable realistic digital doppelgangers. Attackers now automate hyper-personalized phishing, smishing and vishing, clone voices, and run coordinated multi-channel campaigns that reference real colleagues and recent projects. The article urges a shift to “never trust, always verify,” with radical visibility, rapid detection and phishing-resistant authentication such as FIDO2. It also warns of emerging agentic AI and recommends strict least-privilege controls plus continuous red-teaming.

Herodotus Android Trojan Mimics Humans to Evade Fraud

⚠️ Herodotus, a new Android banking trojan, has been observed conducting device takeover (DTO) attacks in Italy and Brazil and was advertised as a malware‑as‑a‑service supporting Android 9–16. According to ThreatFabric, it abuses accessibility services and overlay screens to steal credentials and SMS 2FA, intercept the screen, and install remote APKs. Uniquely, operators added randomized typing delays (300–3000 ms) to mimic human input and evade behaviour‑based anti‑fraud detections.

X Tells Security Key Users to Re-enroll by Nov 10, 2025

🔐 X is asking users who registered passkeys or hardware security keys (for example, YubiKey) as their two-factor authentication method to re-enroll their key by November 10, 2025. The company says current key enrollments are tied to the twitter[.]com domain and must be associated with x[.]com before the legacy domain can be retired. Accounts not re-enrolled will be locked until users re-enroll, choose a different 2FA method, or opt out of 2FA.

Phishing Campaign Targets LastPass Users with 'Death' Lure

⚠️ LastPass customers are being targeted by a phishing campaign that falsely notifies recipients that a family member uploaded a death certificate to request legacy access. Messages spoof the LastPass domain and include a cancellation link that redirects to an attacker-controlled site asking for the master password. Some victims have also received phone calls pressing the same ruse. LastPass warns it never asks for master passwords and has removed the initial phishing site.

Threat Actor Misuse of AzureHound for Cloud Discovery

🔍 AzureHound is an open-source Go-based enumeration tool designed for cloud discovery and red-team assessments that threat actors also misuse to map Entra ID and Azure resources. Unit 42 outlines how adversaries leverage Microsoft Graph and Azure REST APIs to enumerate users, groups, roles, storage and services and to identify privilege escalation paths. The report highlights observable artifacts such as the user-agent azurehound/ and discusses detection opportunities in Microsoft Graph, Entra ID sign-in logs and Cortex XQL hunts. Practical mitigations include phishing-resistant MFA, Conditional Access Policies, token binding and broad endpoint and cloud visibility.

Cut IT Costs with Secure Self-Service Password Resets

🔐 Self-service password reset (SSPR) can significantly cut help desk costs and reduce downtime by letting users securely change forgotten or expired credentials without contacting support. Industry research cited in the article highlights that password-related calls are common and expensive — Gartner and Forrester figures are referenced and a Specops analysis reports average savings per user. The piece outlines security best practices including tiered risk controls, MFA, enrollment hygiene, and detection measures like rate limiting and location checks. It describes Specops uReset capabilities for Entra ID and Active Directory, automated enrollment, reporting, and a First Day Password add-on to reduce onboarding friction.

Passwordless Authentication: Clearing Common Myths

🔐 Passwordless authentication reduces reliance on passwords by using device-bound keys and local verification. The post explains that passwordless is inherently multi-factor: a device factor plus a local secret such as a PIN or biometric. Biometrics and PINs unlock a private key stored on the device and are not transmitted or centralized, reducing theft and replay risks. It also describes protections that make this approach highly phishing-resistant.

Vietnam Actors Use Fake Job Postings to Hijack Ad Accounts

🔎 GTIG describes a targeted campaign by a Vietnam-based cluster tracked as UNC6229 that uses fake job postings on legitimate platforms to socially engineer remote digital advertising workers. Victims are enticed to open password-protected attachments or visit convincing phishing portals that harvest corporate credentials and can bypass MFA. The actors abuse reputable CRM and SaaS services to increase trust, deliver remote access trojans, and ultimately take over high-value advertising and social media accounts for sale or resale.

IR Trends Q3 2025: ToolShell Drives Access & Response

🛡️ Cisco Talos Incident Response observed a surge in attacks exploiting public-facing apps in Q3 2025, driven chiefly by ToolShell chains targeting on-premises Microsoft SharePoint servers. Rapid automated scanning and unauthenticated RCE vulnerabilities led to widespread compromise, highlighting the need for immediate patching and strict network segmentation. Post-compromise phishing from valid accounts and diverse ransomware families, including Warlock and LockBit, continued to impact victims.

CISO Imperative: Building Resilience in Accelerating Threats

🔒 The Microsoft Digital Defense Report 2025 warns that cyber threats are accelerating in speed, scale, and sophistication, driven by AI and coordinated, cross-border operations. Attack windows have shrunk—compromises can occur within 48 hours in cloud containers—while AI-powered phishing and credential theft have grown markedly more effective. For CISOs this requires reframing security as a business enabler, prioritizing resilience, automation, and modern identity controls such as phishing-resistant MFA. The Secure Future Initiative provides practitioner-tested patterns to operationalize these priorities.

Google Careers Phishing Targets Job Seekers' Credentials

🔒 Scammers are impersonating Google’s Careers recruiting outreach to trick job seekers into a fake booking flow that ends on a spoofed Google login page, harvesting account credentials and cloud data. Researchers at Sublime Security documented HTML evasion techniques, abused delivery services, dynamic phishing kits and C2 servers. Organizations should enforce strong MFA, monitor anomalous logins, and train employees to treat unsolicited recruiter invitations with skepticism.

Jingle Thief: Inside a Cloud Gift Card Fraud Campaign

🔍Unit 42 details the Jingle Thief campaign, a Morocco‑based, financially motivated operation that uses phishing and smishing to harvest Microsoft 365 credentials and abuse cloud services to commit large‑scale gift card fraud. The actors maintain prolonged, stealthy access for reconnaissance across SharePoint, OneDrive and Exchange, and rely on internal phishing, inbox rules and rogue device enrollment in Entra ID to persist and issue unauthorized cards. The report (cluster CL‑CRI‑1032) links the activity to Atlas Lion/STORM‑0539 and emphasizes identity‑centric detections and mitigations.

China Alleges NSA Cyberattack on National Time Service

🔍 China’s security authorities publicly accused the US National Security Agency of a covert operation against the National Time Service Center, alleging an SMS-service vulnerability was exploited beginning March 25, 2022 to compromise staff phones and steal data. Experts told CSO the claim is technically plausible but there is no public forensic evidence to confirm it conclusively. The alleged intrusion could affect Beijing Time, potentially disrupting communications, finance, power, transportation and space operations. Security specialists recommend hardening time infrastructure, avoiding SMS-based privileged logins, validating clocks against multiple trusted references, deploying cryptographic attestation for time signals, and following guidance from CISA.

Security Teams Must Deploy Anti-Infostealer Defenses Now

🔒 Infostealers are fuelling today’s ransomware wave and the resulting stealer logs are widely available on the dark web, sometimes for as little as $10. At ISACA Europe 2025, Tony Gee of 3B Data Security urged security teams to adopt targeted technical controls in addition to baseline measures like zero trust and network segmentation. He recommended six practical defenses — including regular password rotation, FIDO2-enabled MFA, forced authentication, shorter session tokens, cookie replay detection and impossible-travel monitoring — to reduce the usefulness of stolen credentials and session data.

Germany Is the EU's Top Target for Cyberattacks in 2025

🔒 The Microsoft Digital Defense Report 2025 finds Germany was the most targeted EU country in the first half of 2025, receiving 3.3% of global cyberattacks. Attackers are driven more by profit than espionage, with ransomware used in 52% of incidents and pure espionage accounting for 4%. The report highlights threats linked to Russia, China, North Korea and Iran and recommends MFA—which can block 99.9% of credential-based attacks.

Microsoft Digital Defense Report 2025: Threat Trends

🔒 Microsoft's 2025 Digital Defense Report finds that most attacks aim to steal data for profit, with extortion and ransomware responsible for over 52% of incidents while espionage accounts for only about 4%. Covering July 2024–June 2025, the report highlights rising use of AI, automation, and off‑the‑shelf tools that enable scalable phishing, malware, and identity theft. Microsoft urges adoption of phishing‑resistant MFA, AI‑driven defenses, and strengthened cross‑sector collaboration to protect critical public services and build resilience.

Microsoft: 100 Trillion Signals Daily as AI Fuels Risk

🛡️ The Microsoft Digital Defense Report 2025 reveals Microsoft systems analyze more than 100 trillion security signals every day and warns that AI now underpins both defense and attack. The report describes adversaries using generative AI to automate phishing, scale social engineering and discover vulnerabilities faster, while autonomous malware adapts tactics in real time. Identity compromise is the leading vector—phishing and social engineering caused 28% of breaches—and although MFA blocks over 99% of unauthorized access attempts, adoption remains uneven. Microsoft urges board-level attention, phishing-resistant MFA, cloud workload mapping and monitoring, intelligence sharing and immediate AI and quantum risk planning.

Rethinking Enterprise Phishing Training Effectiveness

🔒 Phishing remains a pervasive threat—IBM attributes roughly 15% of data breaches to these attacks—yet standard training approaches are delivering limited protection. Recent studies cited in the article show annual awareness modules and embedded simulated-phish interventions often fail to change user behavior or secure genuine engagement, with many users closing training pages outright. Security leaders are advised to treat training as one element of a broader risk-reduction strategy that pairs behavioral design, clear escalation steps, measurable metrics, incentives, and technical controls such as two-factor authentication and improved phishing detection.