MFA-Minded Attackers Continue to Figure Out Workarounds

From darkreading.com

While MFA can improve overall security posture, it’s not a “silver bullet” — and hacks continue.

As online users become increasingly aware of and use multifactor authentication (MFA), attackers are devising new ways to circumvent the technology — and often with great success.

Earlier this month, for example, security firm Proofpoint reported its disclosure of critical vulnerabilities in Microsoft WS-Trust that could be used to circumvent MFA on cloud services that use the technology — chief among them, Microsoft 365. An attack could have allowed a cybercriminal to use credentials obtained from phishing and credential dumps to log into Office 365, Azure, and other Microsoft services, Proofpoint stated.

Read more…