Mitiga in the News
Advisory: Persistent MFA Circumvention in an Advanced BEC Campaign on Microsoft 365 Targets
Mitiga spotted a sophisticated, advanced business email compromise campaign, targeting Microsoft365 organizations, leveraging inherent weaknesses in Microsoft 365 MFA,Microsoft Authenticator, and Microsoft 365 Identity Protection
Sophisticated BEC scammers bypass Microsoft 365 multi-factor authentication
Analysis of the BEC campaign reveal weaknesses in Microsoft's authentication system and hackers have developed ways to bypass multi-factor authentication (MFA) on cloud productivity services like Microsoft 365 (formerly Office 365).
Hackers use AiTM attack to monitor Microsoft 365 accounts for BEC scams
A new business email compromise (BEC) campaign has been discovered combining sophisticated spear-phishing with Adversary-in-The-Middle (AiTM) tactics to hack corporate executives' Microsoft 365 accounts, even those protected by MFA.
Scammers exploit Office 365 to target high-ranking executives
A sophisticated business email compromise (BEC) campaign targets CEOs and CFOs to drain millions from corporate accounts.
Cyber breach: 5 Steps to a rapid business recovery
Cyberattacks are constant and security breach incidents inevitable. The National Cyber Security Centre offers guidance for public and private sector organisations to help minimise harm from breaches, while the UK’s data watchdog, the Information Commissioner’s Office (ICO) is focused on addressing the issues in the public sector that result in avoidable data breaches by raising data protection standards and preventing harm from occurring.
Five tips to deal with Slack’s data breach
Slack has admitted to accidentally exposing the hashed passwords of workspace users. The company says: “we notified approximately 0.5% of Slack users that we had reset their passwords in response to a bug that occurred when users created or revoked a shared invitation link for their workspace.”
Compromised Platforms – Ofer Maor, Mitiga
Mitiga CTO Ofer Maor explains how platforms such as Slack and Microsoft Office 365 are being compromised by cybercriminals.
5 Ways Organizations Can Increase Readiness and Resilience To Avoid a Major Crisis When a Breach Occurs
It is no secret that cyberattacks are inevitable, but two important words that organizations must focus on are cyber resilience. Combining elements of information security, business continuity, and organizational resilience, a cyber resilience strategy can enable rapid recovery from an inevitable attack with little to no operational disruption.
Week in review: The future of Metasploit, detecting lateral movement, new issue of (IN)SECURE Magazine
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos
