< ciso
brief />
Tag Banner

All news with #mfa tag

122 articles · page 4 of 7

Phishing Exploits Misconfigured MX Records in M365 Now

📧 Microsoft Threat Intelligence warns of a surge in phishing campaigns that exploit misconfigured mail routing and domain spoofing protections to make malicious messages appear internal to Microsoft 365 tenants. Attackers target users with HR- and IT-themed lures to steal credentials, often pairing the technique with phishing-as-a-service kits like Typhoon2FA. The vector depends on tenants whose MX records are not pointed directly at Office 365, bypassing built-in spoof detection. Organizations should correct MX configuration, enforce DMARC and deploy phishing-resistant MFA for privileged roles.
read more →

ThreatsDay: Weekly roundup — hacks, vulnerabilities, trends

🛡️ This week's ThreatsDay highlights a critical RustFS gRPC authentication flaw with a hard-coded token (CVSS 9.8) that allowed network attackers to perform privileged operations and was patched in 1.0.0-alpha.78. Other notable stories include GeoServer-based XMRig miners, an evolution in Iran-linked MuddyWater custom backdoors, a surge in Taiwanese infrastructure attacks, and CISA's KEV catalog expansion. Organizations should apply patches, enable MFA, and monitor credentials and exposed services.
read more →

Microsoft Enforces MFA for Microsoft 365 Admin Center Access

🔐 Microsoft will require MFA for all users signing into the Microsoft 365 admin center and will block accounts that do not have MFA enabled starting February 9, 2026. The enforcement covers portal.office.com/adminportal/home, admin.cloud.microsoft, and admin.microsoft.com and follows an initial rollout that began in February 2025. Administrators are urged to enable MFA using Microsoft's setup wizard or official documentation to avoid service interruptions; Microsoft notes that MFA significantly reduces the risk of account compromise.
read more →

Credential stuffing: risks and protection advice today

🔐 Credential stuffing exploits reused login credentials harvested from breaches or captured by infostealer malware, then systematically automates login attempts across services. Attackers increasingly use bots, IP rotation and AI-assisted scripts to mimic human behavior and evade basic defenses, enabling stealthier and larger-scale attacks. Because it uses valid credentials, it often bypasses alarms that detect brute-force failures. Protect yourself with a password manager, enable 2FA/MFA, and monitor for exposed credentials.
read more →

ownCloud Urges MFA after Credential Theft Reports Globally

🔒 ownCloud has urged users to enable multi-factor authentication (MFA) after reports that threat actors used credentials stolen via infostealer malware to access self-hosted file-sharing instances. The company said the platform was not breached via a zero-day or vulnerability; attackers reused credentials harvested by malware such as RedLine, Lumma, and Vidar. ownCloud recommends enabling MFA, resetting passwords, invalidating sessions, and reviewing access logs to protect data.
read more →

Infostealer Exploits Lack of MFA to Breach Cloud Accounts

🔒 A recent Hudson Rock report reveals a threat actor known as Zestix (aka Sentap) harvested credentials from infostealer logs and accessed cloud file-sharing services such as ShareFile, Nextcloud and OwnCloud because affected organizations did not enforce multi-factor authentication. The actor exfiltrated and auctioned highly sensitive corporate and customer data. The incidents underscore persistent failures in credential hygiene, long-lived stolen credentials and the necessity of MFA and session invalidation.
read more →

Cloud file-sharing breaches selling corporate data

🔐 A threat actor known as Zestix is offering corporate data reportedly stolen from dozens of companies after breaching ShareFile, Nextcloud, and OwnCloud instances. Hudson Rock links initial access to credentials harvested by infostealers such as RedLine, Lumma, and Vidar, often delivered via malvertising or ClickFix campaigns. Many affected accounts lacked multi-factor authentication, enabling unauthorized access and large-scale data exfiltration.
read more →

Fortinet: Active Exploitation of SSL VPN Auth Bypass

⚠️ Fortinet warned on December 24, 2025 that attackers are actively abusing a five‑year‑old FortiOS SSL VPN flaw, CVE-2020-12812 (CVSS 5.2), to bypass two‑factor authentication under specific configurations. The issue stems from inconsistent case sensitivity between FortiGate local users and LDAP directories: if a username's case does not exactly match the local entry, FortiGate may fall back to LDAP and accept credentials without 2FA. Fortinet reiterated prior patches and published configuration mitigations and commands to disable username case sensitivity, and advised customers to contact support and reset credentials if unauthorized 2FA bypass is detected.
read more →

CERN Risk Management: Balancing Security and Science

🔒 CERN manages cybersecurity across a globally distributed research community by prioritizing risk adaptation over one-size-fits-all controls. CISO Stefan Lüders frames security as a sociological challenge—measures must be explained and adapted so academic freedom and research workflows remain viable while defending against threats from script kiddies to ransomware and espionage. With roughly 200,000 devices and extensive BYOD, CERN relies on defense-in-depth, network monitoring, segmentation for legacy and IoT systems, and mandated protections such as MFA. Governance is being formalized through audits and standards while preserving operational flexibility.
read more →

Attacks Evolve: Three Practical Protections for 2026

🔐 Small and medium-sized businesses became the primary target of data breaches in 2025, as attackers shifted focus from well-defended large enterprises to higher-volume attacks against smaller organizations. High-profile incidents at Tracelo, PhoneMondo, and SkilloVilla exposed millions of customer records—predominantly names and contact information—raising the risk of follow-on phishing and fraud. To reduce breach risk in 2026, adopt two-factor authentication, enforce the principle of least privilege for access control, and centralize credentials with a secure password manager. These steps are practical, cost-effective, and scalable for SMBs.
read more →

Observed Abuse of FG-IR-19-283: LDAP Username Case Issue

🔐 Fortinet has observed active abuse of FG-IR-19-283 (CVE-2020-12812) in environments where FortiGate and LDAP username case handling differ. In these configurations, a username entered with any case variation that does not exactly match the local FortiGate entry can bypass local 2FA and instead authenticate via an LDAP group fallback. Administrators should enable the appropriate username sensitivity setting or remove unnecessary secondary LDAP groups to block this bypass.
read more →

Amazon WorkSpaces Secure Browser Adds WebAuthn Redirection

🔒 Amazon WorkSpaces Secure Browser now supports Web Authentication (WebAuthn) redirection, enabling users to authenticate to websites from within remote browser sessions using local FIDO2 security keys, passkeys, and platform authenticators like Windows Hello or Touch ID. This capability works with Chromium‑based local browsers such as Google Chrome 136+ and Microsoft Edge 137+, but not with Safari or Firefox. Administrators must enable WebAuthn redirection in the Secure Browser portal and configure the WebAuthenticationRemoteDesktopAllowedOrigins policy on local browsers to allow secure token forwarding. The feature is available at no additional cost in all supported regions.
read more →

Credential-based attacks target Cisco and Palo Alto VPNs

🔒 Security researchers observed a coordinated credential-stuffing campaign targeting Cisco SSL VPN and Palo Alto Networks GlobalProtect portals over a two-day span in mid-December. GreyNoise reported millions of automated login sessions from more than 10,000 unique IPs, using a consistent TCP fingerprint and a Firefox-like user agent. The activity did not exploit software flaws but instead relied on large-scale username/password probes. Analysts urged enforcing strong passwords and MFA, auditing exposed edge devices, and leveraging threat-intel blocklists to filter malicious traffic.
read more →

Large Password-Spraying Campaign Targets Cisco, PAN VPNs

🔐 An automated password-spraying campaign is targeting multiple VPN platforms, with credential-based attacks observed against Palo Alto Networks GlobalProtect portals and Cisco SSL VPN gateways. GreyNoise recorded login attempts peaking at 1.7 million over 16 hours from more than 10,000 unique IPs, largely originating from the 3xK GmbH hosting space. The actor reused common username/password combinations and used an unusual Firefox user agent, indicating scripted credential probing rather than exploitation. Administrators are advised to enforce strong passwords, enable MFA, audit appliances, and block known malicious IPs.
read more →

NIS2 Compliance: Passwords and MFA Best Practices Guide

🔐 The EU's NIS2 Directive requires organizations in critical sectors to strengthen identity and access controls, with Article 21 explicitly calling for access policies and practical protections. Modern password hygiene favours long passphrases (e.g., 15+ characters), breach screening, and avoiding routine rotations unless compromise is suspected, alongside user-friendly measures like password managers. While NIS2 doesn't always explicitly mandate MFA, national guidance and ENISA expect phishing‑resistant MFA for privileged and critical accounts.
read more →

Wireless Biometric Passwordless MFA Promises Cost Savings

🔒 Sponsored content from Token presents wireless biometric passwordless authentication as a way to transform MFA from a persistent cost center into a measurable productivity gain. By replacing passwords and authenticator apps with proximity-bound biometric hardware such as Token Ring and Token BioStick, Token says average login time falls from 22 seconds to 2 seconds. The vendor asserts this yields roughly $1,466.67 per employee per year in recovered productivity while also reducing password resets and blocking phishing, session relay, and social-engineering attacks.
read more →

Integrating Cyber Hygiene into Everyday Personal Habits

🔒 Cyber hygiene is presented as an essential, routine set of practices to reduce digital risk and protect personal data. The article gives targeted, practical advice for three audiences: beginners (use a password manager, create long random passwords and enable MFA), intermediate users (prioritize patch management, remove unused extensions, secure home routers and IoT, and use VPNs), and cybersecurity professionals (model good behavior and build a security-aware culture). Small, regular actions can greatly reduce exposure and improve resilience.
read more →

New AI-enabled Phishing Kits Escalate Credential Theft

🔒Four newly documented phishing kits — BlackForce, GhostFrame, InboxPrime AI, and Spiderman — enable large-scale credential theft and advanced MFA bypass techniques. BlackForce (first seen August 2025) uses Man‑in‑the‑Browser (MitB) capabilities to capture OTPs and exfiltrate data to Telegram/C2 panels, while GhostFrame hides phishing pages inside iframes. InboxPrime AI automates high-quality mass mailings with generative assistance, and Spiderman offers full-stack banking replicas with ISP and geofence filtering. Researchers warn these kits lower the bar for attackers and recommend layered defenses including phishing-resistant MFA, strong email validation, anomaly detection, and user training.
read more →

Resilience and Security for Water Utilities in 2025

🔒 Modern water and wastewater systems face accelerating cyber threats as utilities adopt remote sensors, cloud telemetry, and integrated SCADA. Critical safeguards—multi-factor authentication, network segmentation, and unified IT/OT visibility—are often missing, increasing risk from nation-state actors and ransomware. Utilities should prioritize comprehensive asset inventories, containment architectures, anomaly detection (e.g., FortiNDR, FortiSIEM), and regularly tested recovery plans to meet rising federal expectations.
read more →

Mass Compromise of IP Cameras in South Korea Reveals Risks

📷 South Korean authorities arrested four suspects after roughly 120,000 internet-connected IP cameras in homes and businesses were breached and sexually explicit footage was sold on an overseas adult site. Investigators indicate attackers likely exploited weak or default credentials and unpatched device software. Owners should replace factory passwords, use unique credentials and enable two-factor authentication; consider a reputable password manager such as Kaspersky Password Manager to generate and store strong, random passwords and one-time codes.
read more →