Collecting Cyber-News from over 60 sources

Tag: mfa

BSI-Analyse zeigt: Nextcloud Server speicherte Passwörter im Klartext

Feb 6, 2025 10:06 PM

by

Andy Stern

in SecurityNews

Tags: authentication, bsi, mfa, password

In Nextcloud Server ließ sich die Zwei-Faktor-Authentifizierung umgehen, zeigt eine Codeanalyse des BSI. Es wurden auch Passwörter im Klartext gespeichert. First seen on heise.de Jump to article: www.heise.de/news/BSI-Analyse-zeigt-Nextcloud-Server-speicherte-Passwoerter-im-Klartext-10273106.html
Hackers Using Fake Microsoft ADFS Login Pages to Steal Credentials

Feb 5, 2025 12:12 PM

by

Andy Stern

in SecurityNews

Tags: authentication, credentials, exploit, hacker, login, mfa, microsoft, phishing

A global phishing campaign is actively exploiting a legacy Microsoft authentication system to steal user credentials and bypass multi-factor authentication (MFA), targeting over 150 organizations. First seen on hackread.com Jump to article: hackread.com/hackers-fake-microsoft-adfs-login-pages-steal-credentials/
Hackers Exploit ADFS to Bypass MFA and Access Critical Systems

Feb 5, 2025 9:12 AM

by

Andy Stern

in SecurityNews

Tags: access, authentication, credentials, cyber, data, exploit, hacker, login, mfa, microsoft, phishing, service, threat, unauthorized, vulnerability

Hackers are targeting organizations using Microsoft’s Active Directory Federation Services (ADFS) to bypass multi-factor authentication (MFA) and infiltrate critical systems. Leveraging phishing techniques, these attackers deceive users with spoofed login pages, harvest credentials, and manipulate ADFS integrations to gain unauthorized access to sensitive data, posing a significant threat to organizational security. The ADFS Vulnerability Microsoft…
Use payment tech and still not ready for PCI DSS 4.0? You could face stiff penalties

Feb 5, 2025 8:12 AM

by

Andy Stern

in SecurityNews

Tags: access, attack, authentication, awareness, best-practice, business, cloud, compliance, control, corporate, credentials, cybersecurity, data, defense, encryption, finance, firewall, flaw, framework, guide, mail, malicious, malware, mfa, password, PCI, phishing, phone, risk, risk-assessment, theft, threat, tool, training, unauthorized, update, vulnerability, waf

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security requirements introduced by the Payment Card Industry Security Standards Council (PCI SSC) to protect card information from theft or fraud. Since its 2004 inception, PCI DSS has undergone multiple revisions due to the many challenges posed by the evolving sophistication of…
Sophisticated Phishing Attack Bypasses Microsoft ADFS MFA

Feb 4, 2025 4:12 PM

by

Andy Stern

in SecurityNews

Tags: attack, mfa, microsoft, phishing

A sophisticated phishing campaign targeting Microsoft ADFS has been observed, affecting more than 150 organizations First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/phishing-attack-bypasses-microsoft/
How to Prevent Phishing Attacks with Multi-Factor Authentication

Feb 4, 2025 3:12 PM

by

Andy Stern

in SecurityNews

Tags: attack, authentication, mfa, phishing

Learn how to protect yourself and your sensitive information from phishing attacks by implementing multi-factor authentication. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/how-to-prevent-phishing-attacks-mfa/
What 2025 HIPAA Changes Mean to You

Feb 4, 2025 10:12 AM

by

Andy Stern

in SecurityNews

Tags: access, application-security, authentication, breach, business, cloud, compliance, control, cybersecurity, data, encryption, healthcare, HIPAA, identity, incident response, insurance, law, mfa, monitoring, nist, office, penetration-testing, privacy, risk, risk-analysis, service, strategy, threat, tool, vulnerability

What 2025 HIPAA Changes Mean to You madhav Tue, 02/04/2025 – 04:49 Thales comprehensive Data Security Platform helps you be compliant with 2025 HIPAA changes. You are going about your normal day, following routine process at your healthcare organization, following the same business process you’ve followed for the last twelve years. You expect Personal Health…
Change your Password Day 2025 mahnt: Höchste Zeit für Passkeys und Multi-Faktor-Authentifizierung

Feb 4, 2025 1:12 AM

by

Andy Stern

in SecurityNews

Tags: authentication, mfa, passkey, password

First seen on datensicherheit.de Jump to article: www.datensicherheit.de/change-your-password-day-2025-mahnung-zeit-einfuehrung-passkeys-multi-faktor-authentifizierung
Keir Starmer scrapped email account in 2022 after Russian hacking, says report

Feb 3, 2025 2:12 PM

by

Andy Stern

in SecurityNews

Tags: authentication, breach, email, group, hacking, mfa, russia, ukraine

Then opposition leader’s address was ‘dangerously obvious’ and lacked two-factor authentication, book reportedly saysKeir Starmer stopped using a personal email account when he was opposition leader after being warned about a suspected hack by a Russian group, it has been reported.The suspected breach happened in 2022, shortly after the Russian invasion of Ukraine, according to…
How to Find Old Accounts for Deletion

Jan 29, 2025 7:36 PM

by

Andy Stern

in SecurityNews

Tags: access, android, apple, attack, breach, browser, chrome, cloud, credentials, cybersecurity, data, data-breach, email, google, Internet, leak, login, macOS, mfa, open-source, password, phone, privacy, service, threat, unauthorized

Old accounts are often unmaintained and forgotten – which can be problematic when you want to “clean up” some of your digital footprint by deleting them or go back to secure them with stronger passwords/MFA. How do you find these old accounts when your recollection isn’t enough? Fortunately, we all have some tricks up our…
Is Online Fax Secure? Everything You Need to Know

Jan 28, 2025 11:36 PM

by

Andy Stern

in SecurityNews

Tags: authentication, encryption, mfa, service, technology

Online faxing uses the latest security technology, including end-to-end encryption, secure transmission and multi-factor authentication, to keep your information safe. How Does Online Fax Work? Online faxing is a cutting-edge technology that is much more convenient and secure than traditional faxing. Online fax services use the latest encryption, secure transmission and multi-factor authentication to keep…
US takes aim at healthcare cybersecurity with proposed HIPAA changes

Jan 28, 2025 10:03 AM

by

Andy Stern

in SecurityNews

Tags: access, authentication, best-practice, breach, compliance, control, csf, cyber, cyberattack, cybersecurity, data, defense, detection, dora, encryption, finance, framework, government, group, healthcare, HIPAA, incident response, infrastructure, insurance, intelligence, jobs, law, malware, mfa, network, nist, penetration-testing, phishing, privacy, ransom, ransomware, regulation, resilience, risk, security-incident, service, skills, technology, threat, tool, update, usa, vulnerability, vulnerability-management

The US Department of Health and Human Services (HHS) has launched a consultation on stricter rules for the safeguarding of electronic health records.The proposed revamp of security rules covered by the Health Insurance Portability and Accountability Act (HIPAA) is designed to address the increased risk from cyberattacks such as ransomware against healthcare environments.The revamped rules…
Bitwarden makes it harder to hack password vaults without MFA

Jan 27, 2025 11:03 PM

by

Andy Stern

in SecurityNews

Tags: access, authentication, email, mfa, open-source, password

Open-source password manager Bitwarden is adding an extra layer of security for accounts that are not protected by two-factor authentication, requiring email verification before allowing access to accounts. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/bitwarden-makes-it-harder-to-hack-password-vaults-without-mfa/
Three sentenced over OTP.Agency MFA fraud service

Jan 27, 2025 9:03 PM

by

Andy Stern

in SecurityNews

Tags: access, cyber, fraud, mfa, service

Three men have been sentenced over their role in a cyber criminal subscription service that offered access to online accounts using illicitly obtained one-time passcodes First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366618400/Three-sentenced-over-OTPAgency-MFA-fraud-service
HHS Office for Civil Rights Proposes Measures to Strengthen Cybersecurity in Health Care Under HIPAA

Jan 23, 2025 11:22 AM

by

Andy Stern

in SecurityNews

Tags: access, authentication, breach, business, cloud, compliance, control, cyber, cyberattack, cybersecurity, data, data-breach, defense, encryption, endpoint, hacker, healthcare, HIPAA, insurance, mfa, network, nist, office, privacy, regulation, risk, risk-assessment, service, software, strategy, threat, unauthorized, update, vulnerability

HHS Office for Civil Rights Proposes Measures to Strengthen Cybersecurity in Health Care Under HIPAA madhav Thu, 01/23/2025 – 06:25 Data Breaches in Healthcare: Why Stronger Regulations Matter A data breach involving personal health information isn’t just about stolen files”, it’s a gut punch to trust and a serious shake-up to people’s lives. Think about…
Google Cloud Security Threat Horizons Report #11 Is Out!

Jan 22, 2025 11:22 PM

by

Andy Stern

in SecurityNews

Tags: access, api, apt, attack, authentication, breach, business, cloud, corporate, credentials, cybersecurity, data, detection, exploit, extortion, google, identity, intelligence, leak, mfa, password, phishing, ransomware, service, tactics, theft, threat, tool, vulnerability

This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our next Threat Horizons Report, #11 (full version) that we just released (the official blog for #1 report, my unofficial blogs for #2, #3, #4, #5, #6, #7, #8, #9 and #10). My favorite quotes from the report follow below:…
The Quiet Rise of the ‘API Tsunami’

Jan 22, 2025 8:22 PM

by

Andy Stern

in SecurityNews

Tags: access, api, attack, authentication, breach, business, cloud, compliance, control, data, data-breach, encryption, endpoint, finance, GDPR, healthcare, HIPAA, infrastructure, law, leak, mail, malicious, mfa, mobile, monitoring, network, privacy, programming, regulation, risk, security-incident, service, threat, tool, unauthorized, update, vulnerability

As enterprises increasingly adopt cloud-native architectures, microservices, and third-party integrations, the number of Application Programming Interfaces (APIs) has surged, creating an “API tsunami” in an organization’s infrastructure that threatens to overwhelm traditional management practices. As digital services proliferate, so does the development of APIs, which allow various applications to communicate or integrate with each other…
Tycoon 2FA Phishing Kit Upgraded to Bypass Security Measures

Jan 22, 2025 6:22 PM

by

Andy Stern

in SecurityNews

Tags: 2fa, mfa, phishing, threat

Threat researchers analyzed the updated Tycoon 2FA phishing kit, which bypasses MFA First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/tycoon-2fa-phishing-kit-upgraded/
Mandatory MFA, Biometrics Make Headway in Middle East, Africa

Jan 22, 2025 4:22 PM

by

Andy Stern

in SecurityNews

Tags: identity, mfa, middle-east, technology

Despite lagging in technology adoption, African and Middle Eastern organizations are catching up, driven by smartphone acceptance and national identity systems. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/mfa-biometrics-make-headway-middle-east-africa
‘Sneaky Log’ Microsoft Spoofing Scheme Sidesteps Two-Factor Security

Jan 21, 2025 11:22 PM

by

Andy Stern

in SecurityNews

Tags: authentication, mfa, microsoft, phishing, service

The phishing-as-a-service kit from Sneaky Log creates fake authentication pages to farm account information, including two-factor security codes. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/sneaky-log-microsoft-phishing-2fa/
Yubico Warns of 2FA Security Flaw in pam-u2f for Linux and macOS Users

Jan 20, 2025 1:22 PM

by

Andy Stern

in SecurityNews

Tags: 2fa, advisory, authentication, cve, fido, flaw, linux, macOS, mfa, open-source, risk, software, threat, vulnerability

Yubico has released a security advisory, YSA-2025-01, which highlighted a vulnerability within the software module that supports two-factor authentication (2FA) for Linux and macOS platforms. This issue, tracked as CVE-2025-23013, allows for a partial 2FA bypass protections when using YubiKeys or other FIDO-compatible authenticators. The vulnerability poses a high-risk security threat and could potentially compromise…
Back to the Basics For 2025: Securing Your Business

Jan 18, 2025 1:22 AM

by

Andy Stern

in SecurityNews

Tags: business, ciso, cloud, cybersecurity, mfa, service, training

Gary Perkins, CISO at CISO Global Cybersecurity may seem complex, but it boils down to consistent implementation of best practices. Disabling unnecessary services, securing cloud configurations, enforcing MFA, training employees, and adopting a proactive security mindset are crucial steps to safeguarding your business. In 2025, prioritize these basics to significantly reduce your exposure to threats……
Hotel chain ditches Google search for DuckDuckGo, ‘subjected to fraud attempts daily’

Jan 14, 2025 8:46 AM

by

Andy Stern

in SecurityNews

Tags: apple, attack, authentication, browser, chrome, cloud, control, cybercrime, cybersecurity, data-breach, fraud, google, jobs, malware, mfa, monitoring, phishing, privacy, ransomware, risk, scam, service, tool, windows

At the end of 2021, Nordic Choice Hotels, now renamed Strawberry, was hit by a major ransomware attack that paralyzed operations for just over a week. Everything had to be done manually, says Martin Belak, who is responsible for the hotel chain’s technical security.”The receptionists worked with whiteboards to keep track of which rooms were…
Azure, Microsoft 365 MFA outage locks out users across regions

Jan 14, 2025 8:46 AM

by

Andy Stern

in SecurityNews

Tags: mfa, microsoft

It’s fixed, mostly, after Europeans had a manic Monday First seen on theregister.com Jump to article: www.theregister.com/2025/01/13/azure_m365_outage/
Microsoft 365 MFA Outage Fixed

Jan 14, 2025 8:46 AM

by

Andy Stern

in SecurityNews

Tags: access, authentication, login, mfa, microsoft, service

Microsoft confirmed an outage of its multi-factor authentication system impacting access to Microsoft 365, causing login failures and service disruption First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/mfa-disruption-impacted-access/
Microsoft Warns of MFA Issue Affecting Microsoft 365 users

Jan 13, 2025 1:26 PM

by

Andy Stern

in SecurityNews

Tags: authentication, cyber, mfa, microsoft, service

Microsoft has issued a warning regarding an ongoing issue with Multi-Factor Authentication (MFA) that is impacting some Microsoft 365 (M365) users. The problem, which surfaced earlier today, is preventing affected users from accessing certain M365 applications, raising concerns for businesses and individuals who rely on these services for essential operations. Microsoft flagged the issue via…
Microsoft MFA outage blocking access to Microsoft 365 apps

Jan 13, 2025 12:26 PM

by

Andy Stern

in SecurityNews

Tags: access, authentication, mfa, microsoft, office

Microsoft is investigating an ongoing Multi-Factor Authentication (MFA) outage that is blocking customers from accessing Microsoft 365 Office apps. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-mfa-outage-blocking-access-to-microsoft-365-apps/
8 Cyber Predictions for 2025: A CSO’s Perspective

Jan 10, 2025 1:18 AM

by

Andy Stern

in SecurityNews

Tags: access, ai, attack, authentication, business, ceo, ciso, cloud, compliance, computing, control, credentials, cryptography, cyber, cyberattack, cybercrime, cybersecurity, data, defense, detection, encryption, exploit, extortion, firewall, framework, governance, group, hacker, hacking, healthcare, identity, intelligence, international, law, leak, malicious, mfa, microsoft, network, north-korea, organized, phishing, privacy, ransom, ransomware, regulation, risk, risk-management, service, social-engineering, software, strategy, supply-chain, theft, threat, tool, update, wifi, zero-trust

As we step into 2025, the cyberthreat landscape is once again more dynamic and challenging than the year before. In 2024, we witnessed a remarkable acceleration in cyberattacks of all types, many fueled by advancements in generative AI. For security leaders, the stakes are higher than ever. In this post, I’ll explore cyberthreat projections and…
HHS Proposes Mandating MFA, Data Encryption in HIPAA

Jan 8, 2025 9:19 PM

by

Andy Stern

in SecurityNews

Tags: data, encryption, HIPAA, mfa

First seen on scworld.com Jump to article: www.scworld.com/news/hhs-proposes-mandating-mfa-data-encryption-in-hipaa
ADFS”Š”, “ŠLiving in the Legacy of DRS

Jan 7, 2025 6:18 PM

by

Andy Stern

in SecurityNews

Tags: access, api, attack, authentication, breach, cloud, computer, container, control, credentials, data, data-breach, endpoint, group, identity, infosec, Internet, login, mfa, microsoft, network, phishing, powershell, service, windows

ADFS”Š”, “ŠLiving in the Legacy of DRS It’s no secret that Microsoft have been trying to move customers away from ADFS for a while. Short of slapping a “deprecated” label on it, every bit of documentation I come across eventually explains why Entra ID should now be used in place of ADFS. And yet”¦ we still encounter…