Skip to main content

Tag: mfa

25 articles

Genetic testing lab with modern and traditional equipment, conveying scrutiny and security.

23andMe Agrees to $18m Settlement, New Data Security Mandates

After cracking down on 23andMe's lax security measures, a coalition of 42 US attorneys general, led by New York Attorney General Letitia James, has secured an $18 million settlement and binding data-protection commitments to safeguard customer information. This move comes after a 2023 data breach put millions of 23andMe customers at risk of having their personal info exposed.

Analyst 207
Modern office interior with laptops, smartphones, and legacy tech on a conference table near a window.

Agencies Modernize Identity Infrastructure to Counter Emerging Threats

Federal agencies are racing against the clock to modernize their identity infrastructure, securing legacy systems while navigating the rapid evolution of AI and emerging post-quantum threats. As AI continues to advance at breakneck speed, agencies must build adaptable cybersecurity strategies to stay ahead of the threat landscape.

Analyst 207
Person holding smartphone with biometric authentication, in modern office setting.

Microsoft Entra ID Shifts to Passkey Authentication Default

Microsoft is shaking things up with its Entra ID service by making passkey authentication the default method starting September 2026, and users currently relying on SMS or voice authentication will be automatically transitioned to passkeys. By February 1, 2027, SMS and voice authentication will be phased out, marking a significant shift towards more secure passkey technology.

Analyst 207
Modern Israeli government or IT office lobby with people walking in background.

Iran-Linked Hackers Deploy Cavern C2 Framework to Target Israeli Organizations

Iran-linked hackers have launched a sophisticated cyber attack campaign, dubbed Cavern Manticore, targeting Israeli organizations, particularly in the IT and government sectors, using a cutting-edge .NET-based framework. This threat cluster is affiliated with Iran's Ministry of Intelligence and Security, and its tactics overlap with other notorious groups like MuddyWater and Lyceum.

Analyst 207
Bank teller sits at desk with laptop, hinting at security vulnerability.

Banks Expose Accounts to Thieves by Making MFA Optional

Leaving multi-factor authentication optional has left countless bank accounts vulnerable to theft, with devastating consequences - just ask the 84-year-old victim who lost nearly $30,000 when thieves exploited this security gap. By making MFA optional, banks are inadvertently rolling out the red carpet for thieves.

Analyst 207
Laptop connected to external authenticator device in bright office setting.

WebAuthn Integration Breaches Windows RDP Security Gap

Prisma Browser's innovative team successfully integrated WebAuthn redirection into their RDP client, pioneering a secure solution that enables seamless authentication via local devices like YubiKey, Touch ID, or Windows Hello. This game-changing move closed a significant security gap in Windows RDP, paving the way for enhanced remote desktop security.

Analyst 207
Secure tech development environment with workstation, blurred laptop screen, and abstract whiteboard notes.

NCSC Offers Guidance on Thwarting Penetration Testers

Want to make life harder for hackers? The National Cyber Security Centre teamed up with penetration testers to share practical tips on building secure systems from the ground up.

Analyst 207
Empty office setting with laptop, papers, and supplies on a desk under soft daylight.

MFA Rollout Exposes Invoicing Software Flaws

When implementing multi-factor authentication, even a well-planned rollout can hit snags, as seen in a recent case where an invoicing software flaw was exposed. A security expert and his team had agreed on a phased rollout plan with a customer to enable MFA across their Microsoft 365 tenancy.

Analyst 207
Dimly lit underground market scene with old and new tech, hooded figures in background.

Cybercriminals Worry AI Tools Will Disrupt Their Illicit Trade

Cybercriminals are getting anxious about the impact of AI tools on their illicit trade, and experts warn that now is the time for organizations to step up their cyber hygiene game with measures like timely patching, multifactor authentication, and passkey use. By prioritizing these defenses, businesses can stay ahead of emerging threats, including AI-assisted attacks.

Analyst 207
Concerned office worker or home user sits at desk, scrutinizing laptop screen with a wary expression.

ScarCruft Targets Microsoft Users with NarwhalRAT Malware

Beware of fake Microsoft account alerts! A sneaky North Korean hacking group, ScarCruft, is sending phishing emails that mimic Microsoft security notifications to trick you into downloading the NarwhalRAT malware.

Analyst 207
Person holding smartphone stands before secure door with keycard reader and biometric scanner.

Credential Theft Spurs Demand for Secure Identity Verification

Credential theft skyrocketed 160% in 2025, fueling a critical need for secure identity verification solutions that can outsmart AI-driven attacks. To stay ahead, robust multi-factor authentication is a must-have, combining unique factors like something you know, have, and are to fortify defenses.

Analyst 207
Employees work on laptops in a brightly-lit office space with rows of computer workstations and technology equipment.

AI Agents Expose Security Risks in 93% of Organizations

Most organizations are unwittingly rolling out AI agents with access to sensitive tasks, leaving them vulnerable to security breaches. In fact, only 32% of teams feel very confident they could recover from exposed admin credentials, highlighting a disturbing gap in control and preparedness.

Analyst 207
Ukrainian government building interior with people preparing for a meeting or briefing.

Ukraine's Cybersecurity War: Resilience Trumps Reaction

In the face of uncertainty, cybersecurity experts can develop essential habits through practice, brainstorming, and preparation, turning crisis response into muscle memory. By focusing on preparation, resilience, and self-reliance, organisations and individuals can build the instincts needed to navigate turbulent times.

Analyst 207
Laptop login screen on a home office desk with soft natural light.

Dashlane Exposes Brute-Force Attack on User Accounts

Dashlane recently alerted a small group of users, fewer than 20, that an external threat actor had launched a brute-force attack on their accounts, attempting to bypass two-factor authentication and gain unauthorized access. The company quickly sprang into action, notifying affected users and taking steps to protect their accounts.

Analyst 207
Technical area with computer servers hints at disruption.

Microsoft Resolves MFA, MySignIn Outage After Infrastructure Failover

Microsoft quickly sprang into action to resolve a widespread outage that left some users unable to set up multi-factor authentication or access their accounts on My Sign-Ins. The issue, marked by 504 Gateway Timeout errors, was confirmed around 5:00 AM ET and swiftly addressed with an infrastructure failover.

Analyst 207
Person struggles to access laptop with multi-factor authentication prompt on screen amidst subtle hints of technical issues.

Microsoft Outage Disrupts Multi-Factor Authentication Setup, My Sign-Ins Platform

Microsoft is currently investigating an outage that's preventing users from setting up multi-factor authentication and accessing the My Sign-Ins platform, with the issue confirmed around 5 AM ET. The company is actively working to resolve the disruption, urging affected customers to monitor its Microsoft 365 Status account for updates.

Analyst 207
Person sitting at desk, confused, looking at smartphone with multiple push notifications.

MFA Prompt Bombing Exposes Weakness in Two-Factor Security

A shocking 2.8GB of data was stolen from Cisco after a clever attacker tricked an employee into approving a push-based MFA prompt, highlighting a disturbing vulnerability in two-factor security. This brazen hack, linked to the Yanluowang ransomware group, shows how attackers can exploit the very security measures meant to protect us.

Analyst 207
Empty office cubicle with laptop and smartphone on desk, surrounded by blurred office equipment and natural light from a…

AI Agents Expose Organizations to Identity Security Risks

Most organizations are unwittingly rolling out AI agents that can open the door to identity security breaches, with 93% using or planning to use them for sensitive tasks like password resets and VPN access. Despite this, many admit that these agents create new vulnerabilities.

Analyst 207
Brightly-lit lab with a computer workstation and technical instruments.

AI-Developed Zero-Day Exploit Exposes New Threats

Google's discovery of the first AI-generated zero-day exploit is a game-changer, revealing a new level of threat sophistication. This historic finding shows that AI can now be used not just to identify vulnerabilities, but to create and deploy malicious code.

Analyst 207
Security team members work together in a operations center surrounded by laptop screens displaying authentication logs and…

Incident Response Readiness Exposes Operational Gaps

Being incident response ready means more than just having a plan - it requires immediate visibility into identity and authentication access, including investigator-level read access to crucial systems. Without this visibility, teams are left making blind containment decisions and piecing together timelines with guesswork.

Analyst 207
Hospital corridor with people walking, laptop on administrator's desk near large windows.

Ransomware Defenses Hold, But New AI Threats Emerge

While ransomware defenses have shown significant improvement, experts warn that complacency is a luxury we can't afford, especially with hospital systems remaining prime targets. New AI threats are emerging, demanding our attention and action.

Analyst 207
Windows computer on a desk with a laptop screen showing an authentication prompt and a nearby smartphone, in a bright…

Microsoft Bolsters Entra with Passkey Support on Windows

Say goodbye to passwords! Microsoft is bolstering Entra with passkey support on Windows, allowing users to authenticate with a face scan, fingerprint, or PIN for added security and convenience.

Analyst 207
Person holds smartphone with blurred city or office background, emphasizing digital security.

NCSC Endorses Passkeys as Default Login Method

The UK's National Cyber Security Centre now recommends passkeys as the default login method, marking a significant shift away from passwords. This endorsement comes after a year of collaboration with industry and notable improvements in passkey technology.

Analyst 207
Person holding smartphone in modern conference room setting with technical diagrams.

NCSC Endorses Passkeys Over Passwords in New Guidance

Say goodbye to password headaches! The UK's National Cyber Security Centre now recommends passkeys as a user-friendly alternative that provides stronger resilience, making it easier to log in securely.

Analyst 207