MFA
Microsoft to enforce MFA for Azure resource management in October
Starting in October, Microsoft will enforce multi-factor authentication (MFA) for all Azure resource management actions to protect Azure clients from unauthorized access attempts. This change is part of the company’s Secure Future Initiative (SFI), will be applied gradually across tenants worldwide, and it requires users to enable MFA on Azure CLI, PowerShell, SDKs, and APIs to ensure […]
Hackers steal Microsoft logins using legitimate ADFS redirects
Hackers are using a novel technique that combines legitimate office.com links with Active Directory Federation Services (ADFS) to redirect users to a phishing page that steals Microsoft 365 logins. The method lets attackers bypass traditional URL-based detection and the multi-factor authentication process by leveraging a trusted domain on Microsoft’s infrastructure for the initial redirect. Legitimacy of a […]
Veeam Recovery Orchestrator users locked out after MFA rollout
Veeam warned customers today that a recently released version of Recovery Orchestrator blocks Web UI logins after enabling multi-factor authentication (MFA). Veeam Recovery Orchestrator (VRO) is an automated disaster recovery and orchestration solution that helps organizations automate, document, test, and execute recovery plans in the event of disasters such as data loss, site failures, or ransomware […]
Threat actors downgrade FIDO2 MFA auth in PoisonSeed phishing attack
A PoisonSeed phishing campaign is bypassing FIDO2 security key protections by abusing the cross-device sign-in feature in WebAuthn to trick users into approving login authentication requests from fake company portals. The PoisonSeed threat actors are known to employ large-volume phishing attacks for financial fraud. In the past, distributing emails containing crypto seed phrases used to drain cryptocurrency wallets. In […]
Microsoft confirms auth issues affecting Microsoft 365 users
Microsoft is investigating an ongoing incident that is causing users to experience errors with some Microsoft 365 authentication features. As the company revealed earlier today in an incident alert published in the admin center, users may experience errors during self-service password resets and when viewing or registering authentication methods in MySignIns, while admins may be unable to add multi-factor authentication […]
Hackers spoof Microsoft ADFS login pages to steal credentials
A help desk phishing campaign targets an organization’s Microsoft Active Directory Federation Services (ADFS) using spoofed login pages to steal credentials and bypass multi-factor authentication (MFA) protections. The targets of this campaign, according to Abnormal Security that discovered it, are primarily education, healthcare, and government organizations, with the attack targeting at least 150 targets. These […]
Microsoft MFA outage blocking access to Microsoft 365 apps
Microsoft is investigating an ongoing Multi-Factor Authentication (MFA) outage that is blocking customers from accessing Microsoft 365 Office apps. Some affected Microsoft 365 users have also reported that MFA registration and reset are not working. “Users may be unable to access some Microsoft 365 Apps when authenticating with MFA,” Microsoft said in an incident alert published in the admin center. “We’re re-directing traffic to […]
Google Cloud to make MFA mandatory by the end of 2025
Google has announced that multi-factor authentication (MFA) will be mandatory on all Cloud accounts by the end of 2025 to enhance security. Google Cloud is a product designed for businesses, developers, and IT teams to build, deploy, and manage applications and infrastructure in the cloud. The mandatory MFA rollout will affect both admins and any […]