ICT Security-Sécurité PC et Internet

A critical vulnerability in Microsoft’s multi-factor authentication (MFA) — dubbed "AuthQuake" — could let attackers bypass MFA and gain unauthorized access to a user’s account.

Discovered by Oasis Security, the researchers reported in a Dec. 11 blog post that the bypass could let attackers access Outlook emails, OneDrive files, Teams chats, and the Azure Cloud.

Because Microsoft has more than 400 million paid Office 365 seats, the consequences of this vulnerability has potentially high impact across numerous industries, especially since there was about a four-month gap between the time it was reported and a patch was released.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Two-factor+authentication

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=2FA

https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=MFA

Attack overview
The attack that Sophos researchers analyzed started with Qilin gaining access to a network using compromised credentials for a VPN portal that lacked multi-factor authentication (MFA).

The breach was followed by 18 days of dormancy, suggesting the possibility of Qilin buying their way into the network from an initial access broker (IAB).

Possibly, Qilin spent time mapping the network, identifying critical assets, and conducting reconnaissance.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Two-factor+authentication

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=2FA

https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=MFA

Hackers have found a way to gain unauthorized access to Google accounts, bypassing any multi-factor authentication (MFA) the user may have set up. To do this they steal authentication cookies and then extend their lifespan. It doesn’t even help if the owner of the account changes their password.

Since the discovery of the exploit, numerous white and black hat security researchers have looked into and discussed the issue. As a result, the exploit is now built into various information stealers.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Two-factor+authentication

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=2FA

https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=MFA

A devious, new phishing technique allows adversaries to bypass multi-factor authentication (MFA) by secretly having victims log into their accounts directly on attacker-controlled servers using the VNC screen sharing system.

One of the biggest obstacles to successful phishing attacks is bypassing multi-factor authentication (MFA) configured on the targeted victim's email accounts.

Even if threat actors can convince users to enter their credentials on a phishing site, if MFA protects the account, fully compromising the account still requires the one-time passcode sent to the victim.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Two-factor+authentication

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=2FA

https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES

The UK’s cyber watchdog says that companies need to be more mindful with how they handle their multi-factor authentication.

The National Cyber Security Centre (NCSC) said companies can no longer rely on MFA as a blanket solution to their network security woes. The problem, say experts, is that in many cases attackers are now able to intercept MFA keys much in the same way they did passwords.

“Attackers have realized that many of the same social engineering techniques that tricked us into handing over passwords can also be updated to overcome some methods of MFA,” the NCSC said.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Two-factor+authentication

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=2FA

https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=MFA

Twilio has confirmed that an unsecured API endpoint allowed threat actors to verify the phone numbers of millions of Authy multi-factor authentication users, potentially making them vulnerable to SMS phishing and SIM swapping attacks.

Authy is a mobile app that generates multi-factor authentication codes at websites where you have MFA enabled. 

In late June, a threat actor named ShinyHunters leaked a CSV text file containing what they claim are 33 million phone numbers registered with the Authy service.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Two-factor+authentication

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=2FA

https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=MFA

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released a joint advisory warning that Russia-backed threat actors hacked the network of an unnamed non-governmental entity by exploiting a combination of flaws.

"As early as May 2021, Russian state-sponsored cyber actors took advantage of a misconfigured account set to default [multi-factor authentication] protocols at a non-governmental organization (NGO), allowing them to enroll a new device for MFA and access the victim network," the agencies said.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Two-factor+authentication

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=2FA

https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=MFA

Proofpoint researchers have found that “phish kits” available for purchase online are beginning to adapt to MFA by adding transparent reverse proxies to their list of tools.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Two-factor+authentication

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=2FA

https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=MFA