Crooks target top execs on Office 365 with MFA-bypass scheme

25 August 2022

A business email compromise scheme targeting CEOs and CFOs using Microsoft Office 365 combines phishing with a man-in-the-middle attack to bypass multi-factor authentication. These attacks take advantage of a Microsoft 365 design flaw that allows miscreants to compromise accounts with MFA enabled and achieve persistence in victims’ systems by adding a new, compromised, authentication method allowing them to come back at any time.

Read full article on The Register

Date:

25 August 2022

Categorie(s):

NEWS

Tag(s):

Cloud Computing, Cloud Software, IT, Microsoft, Office 365

CISA Director releases statement on the security of the 2024 elections8 November 2024
Microsoft adds Copilot AI features to some non-US M365 consumer plans8 November 2024
Innovator Spotlight: Push Security8 November 2024
Revolutionizing Software Supply Chain Security: A Holistic Approach8 November 2024
How to maximize cybersecurity ROI8 November 2024