CSOonline

From MFA mandates to locked-down devices, Microsoft posts a year of SFI milestones at Ignite

During its Ignite conference on Tuesday, Microsoft shared a progress update on its Secure Future Initiative (SFI), introduced a year ago, which included significant measures such as enforcing ...
ZDNet

Microsoft: Hackers are using this 'concerning' tactic to dodge multi-factor authentication

Microsoft has outlined several mitigations to protect against attacks on multi-factor authentication that will unfortunately make life more difficult for your remote workers. Three years ago, attacks ...
ZDNet

Hackers are using this sneaky exploit to bypass Microsoft's multi-factor authentication

Cyber criminals are exploiting dormant Microsoft accounts to bypass multi-factor authentication (MFA) and gain access to cloud services and networks, researchers have warned. The technique has been ...
Infosecurity-magazine.com

Russian Hackers Target Microsoft 365 Accounts with Device Code Phishing

Multiple Russian nation-state actors are targeting sensitive Microsoft 365 accounts via device code authentication phishing, a new analysis by Volexity has revealed. The firm first observed this ...

North Korean hackers using malicious QR codes in spear phishing, FBI warns

Kimsuky's latest attacks can bypass email protections and MFA to steal M365 and VPN accounts.
Bleeping Computer

Microsoft: Hackers steal emails in device code phishing attacks

An active campaign from a threat actor potentially linked to Russia is targeting Microsoft 365 accounts of individuals at organizations of interest using device code phishing. The targets are in the ...
Ars Technica

What is device code phishing, and why are Russian spies so successful at it?

Researchers have uncovered a sustained and ongoing campaign by Russian spies that uses a clever phishing technique to hijack Microsoft 365 accounts belonging to a wide range of targets, researchers ...
Dark Reading

Microsoft's Certificate-Based Authentication Enables Phishing-Resistant MFA

Microsoft has removed a key obstacle facing organizations seeking to deploy phishing-resistant multifactor authentication (MFA) by enabling certificate-based authentication (CBA) in Azure Active ...
CSOonline

Best practices for deploying multi-factor authentication on Microsoft networks

Microsoft will soon change the mandate to multi-factor authentication (MFA) with changes to Microsoft 365 defaults. As Microsoft points out, “When we look at hacked accounts, more than 99.9% don’t ...
Bleeping Computer

Microsoft: Phishing bypassed MFA in attacks against 10,000 orgs

Microsoft says a massive series of phishing attacks has targeted more than 10,000 organizations starting with September 2021, using the gained access to victims' mailboxes in follow-on business email ...
CU Boulder News & Events

Get ready for Microsoft multi-factor authentication (MFA) - coming Oct. 7

Starting Oct. 7, CU Boulder will begin using Microsoft’s multi-factor authentication (MFA) system to better protect your account. It works a lot like Duo, which you already use to log in to the ...