Multi-factor Authentication | Breaking Cybersecurity News | The Hacker News

Attackers are increasingly making use of "networkless" attack techniques targeting cloud apps and identities. Here's how attackers can (and are) compromising organizations – without ever needing to touch the endpoint or conventional networked systems and services.  Before getting into the details of the attack techniques being used, let's discuss why these attacks are becoming more prevalent.  SaaS adoption is changing the make-up of company IT  The SaaS revolution and  product-led growth  have had a huge impact on the structure of company networks, and where core business systems and data reside.  Most organizations today are using tens to hundreds of SaaS applications across business functions. Some are entirely SaaS-native, with no traditional network to speak of, but most have adopted a hybrid model with a mixture of on-premise, cloud, and SaaS services forming the backbone of business applications being used.  The bulk of SaaS adoption is user-driven, as opposed to centrally

In today's rapidly evolving digital landscape, organizations face an increasingly complex array of cybersecurity threats. The proliferation of cloud services and remote work arrangements has heightened the vulnerability of digital identities to exploitation, making it imperative for businesses to fortify their identity security measures. Our recent research report,  The Identity Underground Report , offers valuable insights into the challenges and vulnerabilities organizations encounter in managing digital identities. The report paints a vivid picture of the "hidden" identity security liabilities where attackers leverage Identity Threat Exposures (ITEs) such as forgotten user accounts and misconfigurations to breach organizations' defenses, with each ITE posing a significant threat to organizations' security posture. Discover the most common identity security gaps that lead to compromises in the first-ever threat report focused entirely on the prevalence of

In today's digital world, where connectivity is rules all, endpoints serve as the gateway to a business's digital kingdom. And because of this, endpoints are one of hackers' favorite targets.  According to the IDC,  70% of successful breaches start at the endpoint . Unprotected endpoints provide vulnerable entry points to launch devastating cyberattacks. With IT teams needing to protect more endpoints—and more kinds of endpoints—than ever before, that perimeter has become more challenging to defend. You need to improve your endpoint security, but where do you start? That's where this guide comes in.  We've curated the top 10 must-know endpoint security tips that every IT and security professional should have in their arsenal. From identifying entry points to implementing EDR solutions, we'll dive into the insights you need to defend your endpoints with confidence.  1. Know Thy Endpoints: Identifying and Understanding Your Entry Points Understanding your network's

A novel phishing kit has been observed impersonating the login pages of well-known cryptocurrency services as part of an attack cluster codenamed CryptoChameleon that's designed to primarily target mobile devices. "This kit enables attackers to build carbon copies of single sign-on (SSO) pages, then use a combination of email, SMS, and voice phishing to trick the target into sharing usernames, passwords, password reset URLs, and even photo IDs from hundreds of victims, mostly in the United States," Lookout  said  in a report. Targets of the phishing kit include employees of the Federal Communications Commission (FCC), Binance, Coinbase, and cryptocurrency users of various platforms like Binance, Coinbase, Gemini, Kraken, ShakePay, Caleb & Brown, and Trezor. More than 100 victims have been successfully phished to date. The phishing pages are designed such that the fake login screen is displayed only after the victim completes a CAPTCHA test using hCaptcha, thus preventing automa

The US National Institute of Standards and Technology (NIST) cybersecurity framework is one of the world's most important guidelines for securing networks. It can be applied to any number of applications, including SaaS.  One of the challenges facing those tasked with securing SaaS applications is the different settings found in each application. It makes it difficult to develop a configuration policy that will apply to an HR app that manages employees, a marketing app that manages content, and an R&D app that manages software versions, all while aligning with NIST compliance standards.  However, there are several settings that can be applied to nearly every app in the SaaS stack. In this article, we'll explore some universal configurations, explain why they are important, and guide you in setting them in a way that improves your SaaS apps' security posture.  Start with Admins Role-based access control (RBAC) is a key to NIST adherence and should be applied to every SaaS a

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has revealed that an unnamed state government organization's network environment was compromised via an administrator account belonging to a former employee. "This allowed the threat actor to successfully authenticate to an internal virtual private network (VPN) access point," the agency  said  in a joint advisory published Thursday alongside the Multi-State Information Sharing and Analysis Center (MS-ISAC). "The threat actor connected to the [virtual machine] through the victim's VPN with the intent to blend in with legitimate traffic to evade detection." It's suspected that the threat actor obtained the credentials following a separate data breach owing to the fact that the credentials appeared in publicly available channels containing leaked account information. The admin account, which had access to a virtualized SharePoint server, also enabled the attackers to access another set

When it comes to access security, one recommendation stands out above the rest: multi-factor authentication (MFA). With passwords alone being simple work for hackers, MFA provides an essential layer of protection against breaches. However, it's important to remember that MFA isn't foolproof. It can be bypassed, and it often is.  If a password is compromised, there are several options available to hackers looking to circumvent the added protection of MFA. We'll explore four social engineering tactics hackers successfully use to breach MFA and emphasize the importance of having a strong password as part of a layered defense.  1. Adversary-in-the-middle (AITM) attacks AITM attacks involve deceiving users into believing they're logging into a genuine network, application, or website. But really, they're giving up their information to a fraudulent lookalike. This lets hackers intercept passwords and manipulate security measures, including MFA prompts. For instance, a spear-phish

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced that it's partnering with the Open Source Security Foundation (OpenSSF) Securing Software Repositories Working Group to publish a new framework to secure package repositories. Called the  Principles for Package Repository Security , the framework  aims  to establish a set of foundational rules for package managers and further harden open-source software ecosystems. "Package repositories are at a critical point in the open-source ecosystem to help prevent or mitigate such attacks," OpenSSF  said . "Even simple actions like having a documented account recovery policy can lead to robust security improvements. At the same time, capabilities must be balanced with resource constraints of package repositories, many of which are operated by non-profit organizations." Notably, the principles lay out four security maturity levels for package repositories across four categories of authenticati

Incident response (IR) is a race against time. You engage your internal or external team because there's enough evidence that something bad is happening, but you're still blind to the scope, the impact, and the root cause. The common set of IR tools and practices provides IR teams with the ability to discover malicious files and outbound network connections. However, the identity aspect - namely the pinpointing of compromised user accounts that were used to spread in your network - unfortunately remains unattended. This task proves to be the most time-consuming for IR teams and has become a challenging uphill battle that enables attackers to earn precious time in which they can still inflict damage.  In this article, we analyze the root cause of the identity of IR blind spots and provide sample IR scenarios in which it acts as an inhibitor to a rapid and efficient process. We then introduce Silverfort's Unified Identity Protection Platform and show how its real-time MFA and ident

In today's digital landscape, traditional password-only authentication systems have proven to be vulnerable to a wide range of cyberattacks. To safeguard critical business resources, organizations are increasingly turning to multi-factor authentication (MFA) as a more robust security measure. MFA requires users to provide multiple authentication factors to verify their identity, providing an additional layer of protection against unauthorized access. However, cybercriminals are relentless in their pursuit of finding ways to  bypass MFA systems . One such method gaining traction is MFA spamming attacks, also known as MFA fatigue, or  MFA bombing . This article delves into MFA spamming attacks, including the best practices to mitigate this growing threat. What is MFA spamming? MFA spamming refers to the malicious act of inundating a target user's email, phone, or other registered devices with numerous MFA prompts or confirmation codes. The objective behind this tactic is to o

American cybersecurity firm and Google Cloud subsidiary Mandiant had its X (formerly Twitter) account compromised for more than six hours by an unknown attacker to propagate a cryptocurrency scam. As of writing, the  account has been restored  on the social media platform. It's currently not clear how the account was breached. But the hacked Mandiant account was initially renamed to "@phantomsolw" to impersonate the Phantom crypto wallet service, according to  MalwareHunterTeam  and  vx-underground . Specifically, the scam posts from the account advertised an airdrop scam that urged users to click on a bogus link and earn free tokens, with follow-up messages asking Mandiant to "change password please" and "check bookmarks when you get account back." Mandiant, a leading threat intelligence firm, was  acquired by Google  in March 2022 for $5.4 billion. It is now part of Google Cloud. "The Mandiant Twitter account takeover could have happened

As technology adoption has shifted to be employee-led, just in time, and from any location or device, IT and security teams have found themselves contending with an ever-sprawling SaaS attack surface, much of which is often unknown or unmanaged. This greatly increases the risk of identity-based threats, and according to a recent report from CrowdStrike, 80% of breaches today use compromised identities, including cloud and SaaS credentials. Given this reality, IT security leaders need practical and effective  SaaS security solutions  designed to discover and manage their expanding SaaS footprint. Here are 5 key ways Nudge Security can help. Close the visibility gap Knowing the full scope of SaaS apps in use is the foundation of a modern IT governance program. Without an understanding of your entire SaaS footprint, you cannot say with confidence where your corporate IP is stored (Did someone sync their desktop to Dropbox?), you cannot make assumptions about your customer data (Did s

Microsoft is warning of an uptick in malicious activity from an emerging threat cluster it's tracking as  Storm-0539  for orchestrating gift card fraud and theft via highly sophisticated email and SMS phishing attacks against retail entities during the holiday shopping season. The goal of the attacks is to propagate booby-trapped links that direct victims to adversary-in-the-middle (AiTM) phishing pages that are capable of harvesting their credentials and session tokens. "After gaining access to an initial session and token, Storm-0539 registers their own device for subsequent secondary authentication prompts, bypassing MFA protections and persisting in the environment using the fully compromised identity," the tech giant  said  in a series of posts on X (formerly Twitter). The foothold obtained in this manner further acts as a conduit for escalating privileges, moving laterally across the network, and accessing cloud resources in order to grab sensitive information,