Recently, Microsoft and other vendors have been successfully targeted by the LAPSUS$ attack group using MFA spam as Microsoft describes in this blog post on the MSRC: https://www.microsoft.com/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction/ Analysis One of the techniques that were used in the attacks is “MFA spamming” which basically means that the attackers prompted users with MFA requests until they…
Tag: passwordless
Going passwordless with Azure Active Directory – part 2
The passwordless story is not over. A while back, I summarized the possibilites we have to reduce the usage of passwords with Azure AD. You can find this post here: https://chrisonsecurity.net/2019/07/28/going-passwordless-with-azure-active-directory/ This topic will become more and more important in the future, so I decided to to a follow up to cover some additional things….
Going passwordless with Azure Active Directory
Passwords are not ideal A world without passwords! Passwordless – seems to be the dream for anyone that has to manage a number of accounts. Who even likes passwords? Well, I know who doesn’t: IT admins don’t like passwords Why passwords are a major pain point for many organizations: reused credentials across multiple services increase…