All news with #mfa tag

Under Lock and Key: Strengthening Business Encryption

🔒 Encryption is a critical layer in modern data protection, safeguarding sensitive and business‑critical information both at rest and in transit. The article outlines key drivers — remote/hybrid work, explosive data growth, device loss, third‑party risks, ransomware and insider threats — that make encryption essential. It recommends robust algorithms such as AES-256, centralized management and solutions for disks, files, removable media and email, alongside minimal end‑user friction. The piece also warns that regulators and insurers increasingly expect strong encryption as part of compliance and underwriting.

Principal Financial Adopts Biometrics to Stop Account Fraud

🔐 Principal Financial replaced brittle knowledge-based authentication with a digital ID verification and biometric platform to block account takeovers. Using DIVA with a focus on facial recognition and an implementation by Onfido (an Entrust company), the insurer completed rollout within months. The change has virtually eliminated fraudulent registrations and improved user success and completion rates while preserving usability.

Six Browser-Based Attack Techniques to Watch in 2025

🔒 This article outlines six browser-based attack techniques—phishing with reverse-proxy AitM kits, ClickFix/FileFix command-injection lures, malicious OAuth grants, rogue extensions, weaponized file downloads, and credential attacks exploiting MFA gaps—that security teams must prioritize in 2025. It explains why the browser has become the primary attack surface as users access hundreds of cloud apps, and why traditional email/network controls and endpoint defenses often miss these threats. The piece argues that effective detection requires real-time browser-level visibility and management across managed and unmanaged apps, highlighting Push Security as a vendor offering such capabilities.

Tycoon Phishing Kit Uses New Link Obfuscation Techniques

🔐 Barracuda researchers have detailed new link-obfuscation capabilities in the Tycoon Phishing-as-a-Service kit that hide malicious destinations from scanners and recipients. Observed techniques include URL encoding with '%20' invisible spaces, deceptive Unicode characters, hidden codes appended to links, redundant protocol prefixes, and subdomain manipulation. Attacks also incorporate a fake CAPTCHA stage and tools aimed at bypassing multi-factor authentication, enabling more effective email-based social engineering and evasion of traditional filters.

Google provides ChromeOS workarounds for ClassLink/Clever

⚠️ Google is investigating authentication failures that prevent sign-ins to Clever and ClassLink on affected ChromeOS devices running build 16328.55.0 with Chrome 139.0.7258.137. The problem can disrupt Single Sign‑On and some 2‑Step Verification flows, blocking access to educational platforms. As temporary mitigations, administrators can roll back devices to ChromeOS M138 via the Google Admin console or change LoginAuthenticationBehavior to use the default GAIA authentication flow while Google validates a fix.

Cloud CISO Perspectives: Fighting Cyber-Enabled Fraud

🔒 David Stone and Marina Kaganovich from Google Cloud’s Office of the CISO warn that cyber-enabled fraud (CEF) is scaling rapidly and presents severe financial and reputational risk. The post cites FBI data — $13.7 billion in losses in 2024 — and highlights common tactics such as phishing, ransomware, account takeover, and business email compromise. It urges CISOs and boards to shift from siloed defenses to a proactive, enterprise-wide posture using frameworks like FS-ISAC’s Cyber Fraud Prevention Framework and Google Cloud detection and protection capabilities.

Storm-0501 Deletes Azure Data and Backups After Exfiltration

🔒 Microsoft Threat Intelligence details a campaign by Storm-0501 that exfiltrated data from a large enterprise’s Azure environment, then deleted backups and encrypted remaining resources to block recovery. The actor abused Entra Connect synchronization, elevated to Global Administrator, and used Azure Owner privileges to steal storage keys and transfer blobs via AzCopy. Microsoft recommends enabling blob backups, least privilege, logging, and Azure Backup to mitigate these cloud-native ransomware tactics.

Storm-0501 Exploits Entra ID to Exfiltrate Azure Data

🔐 Microsoft Threat Intelligence reports that the financially motivated actor Storm-0501 has refined cloud-native techniques to rapidly exfiltrate and delete data in hybrid Azure environments. The group leveraged on-premises footholds—using tools such as Evil-WinRM and a DCSync attack—to compromise an Entra Connect server and identify a non-human synced Global Admin account without MFA. With that account the attackers registered a threat actor-owned federated tenant as a backdoor, escalated Azure privileges, and proceeded to mass-extract data and remove resources and backups before extorting victims through compromised Microsoft Teams accounts. Microsoft has updated Entra ID behavior, released Entra Connect 2.5.3.0 to support Modern Authentication, and recommended enabling TPM, enforcing MFA, and other hardening controls.

Cephalus Ransomware: Emergence and Threat Profile

🚨 Cephalus is a mid‑2025 ransomware operation that both encrypts systems and exfiltrates sensitive data for publication on a dark‑web leak site. The group commonly gains initial access via Remote Desktop Protocol (RDP) accounts lacking multi‑factor authentication and uses a DLL sideloading chain that abuses SentinelOne's SentinelBrowserNativeHost.exe to load a malicious DLL and execute the payload. Infected files are renamed with the .sss extension, Volume Shadow Copies are deleted, and Windows Defender is disabled. Organisations should prioritise MFA, timely patching, secure offline backups, network segmentation and staff training to reduce risk.

Storm-0501 Shifts to Cloud-Based Ransomware Tactics

🔒 Microsoft Threat Intelligence reports that financially motivated actor Storm-0501 has shifted from on‑premises endpoint encryption toward cloud‑native ransomware tactics emphasizing rapid data exfiltration, destruction of backups, and extortion. The actor leverages compromised Entra Connect sync accounts, DCSync, and hybrid‑joined devices to escalate to Global Administrator and gain full Azure control. In cloud environments they abuse Azure operations (listing storage keys, AzCopy exfiltration, snapshot and resource deletions) and create malicious federated domains for persistence and impersonation. Microsoft recommends hardening sync configurations, enforcing phishing‑resistant MFA, enabling Defender for Cloud and storage protections, and applying least‑privilege access controls.

Weak Passwords Fuel Rise in Compromised Accounts in 2025

🔐 The Picus Blue Report 2025 finds that password cracking succeeded in 46% of tested environments, while Valid Accounts (T1078) exploitation achieved a 98% success rate. Many organizations still rely on weak passwords, outdated hashing, and lax internal controls, leaving credential stores exposed. The report urges adoption of widespread MFA, stronger password policies, routine credential-validation simulations, and improved behavioral detection to reduce undetected lateral movement and data theft.

MURKY PANDA: Trusted-Relationship Cloud Threats and TTPs

🔒 Since late 2024 CrowdStrike's Counter Adversary Operations has tracked MURKY PANDA, a China‑nexus actor targeting government, technology, academic, legal and professional services in North America. The group exploits internet‑facing appliances, rapidly weaponizes n‑day and zero‑day flaws, and deploys web shells (including Neo‑reGeorg) and the Golang RAT CloudedHope. CrowdStrike recommends auditing Entra ID service principals and activity, enabling Microsoft Graph logging, hunting for anomalous service principal sign‑ins, prioritizing patching of cloud and edge devices, and leveraging Falcon detection and SIEM capabilities.

SIM-Swapper Scattered Spider Hacker Sentenced 10 Years

🔒 A 20-year-old Florida man, Noah Michael Urban, was sentenced to 10 years in federal prison and ordered to pay about $13 million in restitution after pleading guilty to wire fraud and conspiracy. Prosecutors say Urban acted with members of Scattered Spider, using SIM-swapping and SMS phishing to divert calls and one-time codes and to phish employees into fake Okta pages. The campaign compromised access at more than 130 firms and enabled thefts of proprietary data and millions in cryptocurrency.

Helping Child Bloggers: Practical Safety Guidance for Parents

📸 Parents should engage when children show interest in blogging, using open discussion to build trust and teach online safety. The article recommends creating accounts together, reviewing privacy settings, disabling geolocation, choosing strong unique passwords, and enabling two-factor authentication to reduce account-takeover risk. It also outlines what not to post, how to monitor usernames, and how to spot scams, doxing, and stalker behavior.

Mobile Phishers Target Brokerage Accounts in Ramp-and-Dump

📈 Cybercriminals selling advanced mobile phishing kits have shifted from converting stolen cards into mobile wallets to hijacking brokerage accounts for a coordinated ramp and dump scheme that inflates and then collapses foreign and penny stock prices. Vendors such as Outsider (aka Chenlun) offer templates that spoof brokers via iMessage and RCS to harvest logins and SMS one-time codes. Operators use banks of phones and human handlers to preposition, trade, and liquidate positions, leaving victims with worthless shares while brokers and regulators contend with the fallout.

Defending Against SCATTERED SPIDER with Falcon SIEM

🔒 Falcon Next-Gen SIEM provides real-time, cross-domain detection to help organizations detect and respond to the identity-centric eCrime group SCATTERED SPIDER. The platform correlates identity, cloud, SaaS, network and email telemetry, offering out-of-the-box rule templates for phishing, MFA fatigue, suspicious SSO events and exfiltration. CrowdStrike recommends comprehensive log ingestion and tuning of these templates to improve detection and response across the full attack lifecycle.

How Young People Can Level Up Their Cybersecurity Practices

🔒 Digital natives often spend more time online and maintain large numbers of accounts, which increases exposure to scams, phishing and account takeovers. Research shows Gen Z is less likely to use unique passwords, enable MFA, or install updates regularly, and some admit sharing sensitive data with AI or bypassing corporate security tools. Simple, practical steps — stick to official app stores, keep software updated, deploy trusted security software, review privacy settings and treat unsolicited offers with skepticism — can significantly reduce risk.

Black Hat USA 2025: Insurers Limit Vendor Exposure

🛡️ At Black Hat USA 2025 speakers warned that high cyber-insurance premiums can reflect insurers capping exposure to specific third-party vendors rather than a direct finding of poor security in a customer’s environment. Insurers may respond to exceeded vendor thresholds by issuing prohibitively high quotes instead of declining coverage, effectively pricing some customers out. Claims data presented showed 45% of new claims in H1 2025 involved an SSL VPN lacking MFA, and Coalition reported 55% of ransomware begins at perimeter devices.

Black Hat USA 2025: Policy, Compliance and AI Limits

🛡️ At Black Hat USA 2025 a policy panel debated whether regulation, financial risk and AI can solve rising compliance burdens. Panelists said no single vendor or rule is a silver bullet; cybersecurity requires coordinated sharing between organisations and sustained human oversight. They warned that AI compliance tools should complement experts, not replace them, because errors could still carry regulatory and financial penalties. The panel also urged nationwide adoption of MFA as a baseline.

Google survey: U.S. consumers report rising online scams

🔒 Google’s latest survey with Morning Consult shows U.S. consumers increasingly aware of online scams and taking new protective steps. Over 60% report an uptick in scams and one-third say they experienced a data breach, with texts and email the most common vectors. The report highlights generational differences in sign-in preferences — older adults rely on passwords while Gen Z favors passkeys and social sign-ins — and recommends Google Password Manager, 2‑Step Verification and modern authentication methods.