MFA Archives - Securezoo

Meddler-in-the-Middle phishing attacks break MFA

Cybersecurity Attacks, Phishing, Social Engineering / Frank Crast / December 22, 2022 / 2FA, MFA, MITM

Security researchers have discovered “meddler-in-the-middle” (MitM) phishing attacks that can break multi-factor authentication (MFA) controls.

Meddler-in-the-Middle phishing attacks break MFA Read More »

Threat actor deploys malicious OAuth apps on compromised cloud tenants to spread spam

Access Control, Authentication, Cloud Security, Cybersecurity Attacks, Messaging Security / Frank Crast / September 25, 2022 / AAD, Cloud, MFA, Microsoft, Oauth

Microsoft has been monitoring a threat actor deploying malicious OAuth apps on compromised cloud tenants to spread spam.

Threat actor deploys malicious OAuth apps on compromised cloud tenants to spread spam Read More »

Cybercriminals use proxies and configurations to launch credential stuffing attacks

Application Security, Cybersecurity Attacks, Password Management / Frank Crast / August 22, 2022 / CDN, Cyberattack, Cybersecurity Threat Center, FBI, MFA, OWASP, passwords, SSL

The Federal Bureau of Investigation (FBI) have spotted cybercriminals using proxies and configurations to launch credential stuffing attacks against US companies.

Cybercriminals use proxies and configurations to launch credential stuffing attacks Read More »

CISA: Take these urgent steps to protect your organization against potential critical cybersecurity threats

Cloud Security, Cybersecurity Attacks, Malware, Vulnerabilities & Exploits / Frank Crast / January 20, 2022 / CISA, Cloud, Cybersecurity Threat Center, MFA

The Cybersecurity and Infrastructure Security Agency (CISA) has published a new CISA Insights guideline document with steps organizations can take against potential critical cybersecurity threats.

CISA: Take these urgent steps to protect your organization against potential critical cybersecurity threats Read More »

Nobelium targets CSPs, MSPs and IT organizations to launch broader attacks

Cybersecurity Attacks, Third-Party Security / Frank Crast / October 26, 2021 / Active Directory, CSP, MFA, Microsoft, MSP, Nobelium, SolarWinds

Microsoft has released a new report on Nobelium that has been targeting cloud service providers (CSPs), managed service providers (MSPs) and other IT organizations in order to launch broader attacks against customers they serve.

Nobelium targets CSPs, MSPs and IT organizations to launch broader attacks Read More »

NSA releases guidance on securing wireless devices in public settings

Cybersecurity Attacks, Endpoint Security, Guidelines, System Hardening, Vulnerabilities & Exploits, Wi-Fi Security / Frank Crast / August 2, 2021 / BlueBorne, Bluebugging, Bluejacking, Bluesnarfing, bluetooth, LLMNR, MFA, NFC, NIST, NSA, SP 800-121, Wi-Fi, Wireless

The National Security Agency (NSA) has released guidance on securing wireless devices in public settings for government national defense entities and the general public. The new 8-page guidance infosheet summarizes ways bad actors target wireless devices as well as good safeguards to protect against such cyberattacks. The NSA warns that although connecting to public Wi-Fi

NSA releases guidance on securing wireless devices in public settings Read More »

3 good examples of how to apply the Zero Trust Security Model

Cybersecurity Articles, Network Security, Security Monitoring, System Hardening / Frank Crast / March 7, 2021 / DAAS, Firewall, IOT, IPS, MFA, NAC, NSA, Privacy, Supply Chain, Zero Trust

The National Security Agency (NSA) has released new guidelines on the Zero Trust Security Model, a coordinated system management strategy that removes implicit trust in any one system or service and assumes breaches will or have already occurred.

3 good examples of how to apply the Zero Trust Security Model Read More »

DNS hijacking cyber attacks on domains worldwide

Application Security, Cybersecurity Attacks, Network Security / Frank Crast / January 12, 2019 / Cisco, DNS, DNS-over-TLS, FireEye, hijacking, MFA, SSL

Security researchers from FireEye have identified a wave of DNS hijacking attacks on domains owned by government, telecom and internet infrastructure organizations around the globe.

DNS hijacking cyber attacks on domains worldwide Read More »

PCI DSS 3.2.1 Security Standard update

Cryptography, Standards & Guidelines / Frank Crast / May 23, 2018 / Data Security Standards, DSS 3.2.1, MFA, PCI, PCI DSS, SSL, TLS, TLS 1.2

The PCI Security Standards Council (PCI SSC) has published a minor revision to the PCI Data Security Standard (PCI DSS) for organizations that handle branded credit cards from the major card networks.

PCI DSS 3.2.1 Security Standard update Read More »