All news with #mfa tag

Jingle Thief: Inside a Cloud Gift Card Fraud Campaign

🔍Unit 42 details the Jingle Thief campaign, a Morocco‑based, financially motivated operation that uses phishing and smishing to harvest Microsoft 365 credentials and abuse cloud services to commit large‑scale gift card fraud. The actors maintain prolonged, stealthy access for reconnaissance across SharePoint, OneDrive and Exchange, and rely on internal phishing, inbox rules and rogue device enrollment in Entra ID to persist and issue unauthorized cards. The report (cluster CL‑CRI‑1032) links the activity to Atlas Lion/STORM‑0539 and emphasizes identity‑centric detections and mitigations.

China Alleges NSA Cyberattack on National Time Service

🔍 China’s security authorities publicly accused the US National Security Agency of a covert operation against the National Time Service Center, alleging an SMS-service vulnerability was exploited beginning March 25, 2022 to compromise staff phones and steal data. Experts told CSO the claim is technically plausible but there is no public forensic evidence to confirm it conclusively. The alleged intrusion could affect Beijing Time, potentially disrupting communications, finance, power, transportation and space operations. Security specialists recommend hardening time infrastructure, avoiding SMS-based privileged logins, validating clocks against multiple trusted references, deploying cryptographic attestation for time signals, and following guidance from CISA.

Security Teams Must Deploy Anti-Infostealer Defenses Now

🔒 Infostealers are fuelling today’s ransomware wave and the resulting stealer logs are widely available on the dark web, sometimes for as little as $10. At ISACA Europe 2025, Tony Gee of 3B Data Security urged security teams to adopt targeted technical controls in addition to baseline measures like zero trust and network segmentation. He recommended six practical defenses — including regular password rotation, FIDO2-enabled MFA, forced authentication, shorter session tokens, cookie replay detection and impossible-travel monitoring — to reduce the usefulness of stolen credentials and session data.

Germany Is the EU's Top Target for Cyberattacks in 2025

🔒 The Microsoft Digital Defense Report 2025 finds Germany was the most targeted EU country in the first half of 2025, receiving 3.3% of global cyberattacks. Attackers are driven more by profit than espionage, with ransomware used in 52% of incidents and pure espionage accounting for 4%. The report highlights threats linked to Russia, China, North Korea and Iran and recommends MFA—which can block 99.9% of credential-based attacks.

Microsoft Digital Defense Report 2025: Threat Trends

🔒 Microsoft's 2025 Digital Defense Report finds that most attacks aim to steal data for profit, with extortion and ransomware responsible for over 52% of incidents while espionage accounts for only about 4%. Covering July 2024–June 2025, the report highlights rising use of AI, automation, and off‑the‑shelf tools that enable scalable phishing, malware, and identity theft. Microsoft urges adoption of phishing‑resistant MFA, AI‑driven defenses, and strengthened cross‑sector collaboration to protect critical public services and build resilience.

Microsoft: 100 Trillion Signals Daily as AI Fuels Risk

🛡️ The Microsoft Digital Defense Report 2025 reveals Microsoft systems analyze more than 100 trillion security signals every day and warns that AI now underpins both defense and attack. The report describes adversaries using generative AI to automate phishing, scale social engineering and discover vulnerabilities faster, while autonomous malware adapts tactics in real time. Identity compromise is the leading vector—phishing and social engineering caused 28% of breaches—and although MFA blocks over 99% of unauthorized access attempts, adoption remains uneven. Microsoft urges board-level attention, phishing-resistant MFA, cloud workload mapping and monitoring, intelligence sharing and immediate AI and quantum risk planning.

Rethinking Enterprise Phishing Training Effectiveness

🔒 Phishing remains a pervasive threat—IBM attributes roughly 15% of data breaches to these attacks—yet standard training approaches are delivering limited protection. Recent studies cited in the article show annual awareness modules and embedded simulated-phish interventions often fail to change user behavior or secure genuine engagement, with many users closing training pages outright. Security leaders are advised to treat training as one element of a broader risk-reduction strategy that pairs behavioral design, clear escalation steps, measurable metrics, incentives, and technical controls such as two-factor authentication and improved phishing detection.

Hardening Customer Support Tools to Prevent Lateral Attacks

🔐 Microsoft Deputy CISO Raji Dani outlines the importance of hardening customer support tools and identities to reduce the risk of lateral movement and data exposure. The post recommends dedicated, isolated support identities protected by Privileged Role MFA and strict device controls. It advocates case-based RBAC with just-in-time and just-enough access, minimizing service-to-service trust, and deploying robust telemetry to speed detection and response. These layered controls apply to in-house teams and third-party providers.

Whisper 2FA Drives Nearly One Million Phishing Attacks

🛡️ Whisper 2FA has emerged as a highly active phishing kit, responsible for almost one million attacks since July 2025, according to Barracuda. The platform leverages AJAX to create a live relay between victims and attackers, repeatedly capturing passwords and MFA codes until a valid token is obtained. Campaigns impersonate services like DocuSign, Adobe and Microsoft 365 and use urgent lures such as invoices or voicemail notices. Rapid evolution, dense obfuscation and anti-debugging measures make detection and analysis increasingly difficult.

Synced Passkeys: Enterprise Risks and Mitigations Guide

🔒 The article warns that deploying synced passkeys introduces enterprise exposure because they inherit risks tied to cloud accounts and recovery processes. It highlights practical attack vectors — including AiTM-based authentication downgrades and malicious browser extensions — that can bypass or capture passkeys. The author recommends mandatory use of device-bound, hardware-backed authenticators and strict enrollment and recovery controls to preserve phishing-resistant access.

13 Cybersecurity Myths Organizations Must Stop Believing

🛡️ This article debunks 13 persistent cybersecurity myths that no longer hold up against rapidly evolving threats such as AI-generated deepfakes and accelerating digitalization. Experts contend that AI augments rather than replaces human analysts, because human context and judgment remain essential. They warn that identity verification, MFA, and buying more tools or people are insufficient without mature operations, automated certificate management, and a defense-in-depth posture tuned for modern attacker behaviors.

Pixnapping: Pixel-by-pixel Android MFA code theft

🔍 A new side‑channel attack called Pixnapping allows a permissionless Android app to infer and reconstruct on‑screen pixels and steal sensitive content such as one‑time authentication codes, chat messages, and emails. The technique abuses Android intents and SurfaceFlinger compositing to isolate and enlarge individual pixels, then uses a GPU compression side channel to leak visual data. The proof‑of‑concept from a team of seven U.S. university researchers works on modern Pixel and Samsung devices and can extract 2FA codes in under 30 seconds; Google issued an initial mitigation (CVE‑2025‑48561) in September that was bypassed, and a broader fix is planned for December 2025, with Samsung committing to patches as well.

New SonicWall SSLVPN Compromises Linked to Credentials

🔒 Huntress reports a fresh wave of compromises targeting SonicWall SSLVPN appliances in early October, affecting at least 16 organizations and more than 100 accounts. Attackers are authenticating with valid credentials rather than brute forcing, often from recurring attacker-controlled IPs. Some sessions involved internal reconnaissance and attempts against Windows administrative accounts, but Huntress says it has no evidence linking the activity to September’s MySonicWall cloud backup disclosure. It urges administrators to reset credentials, restrict remote management, review SSLVPN logs, and enable MFA.

Dull but Dangerous: 15 Overlooked Cybersecurity Gaps

🔒 This article catalogs 15 frequently overlooked security blind spots that quietly increase organizational risk across six domains: time & telemetry, identity & edge, configuration & crypto, DNS & web trust, cloud & SaaS sprawl, and software supply chain & recovery readiness. It explains how mundane issues — NTP drift, orphaned DNS records, default IoT credentials, stale backups — become high-impact failures. The piece recommends immediate inventories, enforced baselines and a 90-day action plan to measure and close these gaps, and highlights metrics to track such as log coverage, patching cadence and backup restore success.

Strengthening Access Controls to Prevent Ransomware

🔐 Ransomware intrusions increasingly begin with compromised identities: recent analyses attribute roughly three quarters of incidents to stolen or misused credentials. Defenses must shift from infrastructure-centric controls to identity-first models like Zero Trust, combining RBAC, MFA and context-aware authentication. Adaptive, risk-based access and passwordless methods reduce friction while improving detection and auditability. Regulatory regimes such as NIS2 and DORA further mandate auditable access controls.

Microsoft: 'Payroll Pirates' Hijack HR SaaS Accounts

🔒 Microsoft warns that a financially motivated group tracked as Storm-2657 is hijacking employee accounts to redirect payroll by altering profiles in third-party HR SaaS platforms such as Workday. Attacks rely on AitM phishing, MFA gaps and SSO abuse rather than software vulnerabilities. Observed tactics include creating inbox rules to delete warning notifications and enrolling attacker-controlled phone numbers for persistent access. Microsoft reported compromises at multiple U.S. universities and recommends phishing-resistant, passwordless MFA such as FIDO2 keys, and reviews of MFA devices and mailbox rules to detect takeover.

Investigating Payroll Pirate Attacks on US Universities

🔍 Microsoft Threat Intelligence observed a financially motivated actor tracked as Storm-2657 conducting targeted 'payroll pirate' intrusions against US universities to divert salary payments. The actor used realistic phishing and adversary-in-the-middle (AiTM) links to harvest credentials and MFA codes, gained access to Exchange Online, abused SSO to reach Workday profiles, and created inbox rules to hide payroll notifications. Microsoft recommends adopting phishing-resistant, passwordless MFA and provides detections and remediation guidance.

ThreatsDay: Teams Abuse, MFA Hijack, $2B Crypto Heist

🛡️ Microsoft and researchers report threat actors abusing Microsoft Teams for extortion, social engineering, and financial theft after hijacking MFA with social engineering resets. Separate campaigns use malicious .LNK files to deliver PowerShell droppers and DLL implants that establish persistent command-and-control. Analysts also link over $2 billion in 2025 crypto thefts to North Korean‑linked groups and identify AI-driven disinformation, IoT flaws, and cloud misconfigurations as multiplying risk. Defenders are urged to harden identity, secure endpoints and apps, patch exposed services, and limit long-lived cloud credentials.

Reassignment of CISA Staff Raises National Cyber Risks

🔔 The US Department of Homeland Security has reassigned hundreds of cybersecurity personnel from the Cybersecurity and Infrastructure Security Agency to non-cyber roles supporting immigration and border enforcement, reports say. This shift has most impacted CISA’s Capacity Building team, which writes emergency directives and oversees protections for the government’s highest-value assets; refusal to accept new roles reportedly risks termination. Analysts warn that reductions in specialized threat hunting, vulnerability scanning, and coordinated advisories will slow response times and create exploitable gaps. Enterprises are urged to tighten patch cycles, adopt phishing-resistant MFA, review privileges, and rely on sector ISACs and private intel sharing while federal capacity is strained.

Microsoft 365 Outage Disrupts Teams, Exchange, and MFA

⚠️ Microsoft is addressing an ongoing outage that is preventing users from accessing Microsoft 365 services, including Teams, Exchange Online, and the Microsoft 365 admin center. The incident is being tracked on the Service Health Dashboard and Microsoft is publishing updates on its Service Health Status page. The outage is also affecting Microsoft Entra single sign-on and Multi-Factor Authentication, with some users unable to receive MFA prompts or authenticate.