Skip to content
The Nexus
DossierENTITY

Multi-factor authentication

Coverage of Multi-factor authentication in the Nexus archive.

Earliest in view: May 20 · 21:19 UTCMost recent: Jul 5 · 15:01 UTC
Co-mentioned in this coverage
Recent coverage
  • SECURITYJul 5 · 15:01 UTCTHE REGISTER
    MFA-optional banks leave safe doors (and accounts) wide open for thieves to pillage

    A 84-year-old woman lost $30,000 from her bank accounts after thieves exploited weak security practices, including the absence of mandatory multi-factor authentication (MFA). The attackers used stolen passwords from a data breach and created spam filters to block alerts, while financial institutions initially doubted the theft was fraudulent.

  • SECURITYJun 26 · 12:44 UTCMALWAREBYTES LABS
    Malware steals Chrome session cookies to take over your accounts

    A phishing email with a malicious JavaScript file disguised as a PDF installs a Chrome extension that steals session cookies and uses Chrome Native Messaging to execute PowerShell commands. The malware bypasses multi-factor authentication by hijacking active browser sessions and collects data like open tabs and system files.

  • SECURITYJun 26 · 06:30 UTCTHE REGISTER
    Security boss thought MFA would be too much security

    A senior director at a cybersecurity company, who was allegedly its COO, overreacted to a multi-factor authentication (MFA) rollout for Microsoft 365, falsely claiming it crippled an invoicing system. The actual issue was a buggy invoicing software, but the director demanded an immediate rollback, resulting in reduced security. The incident highlighted poor decision-making despite the team's successful implementation.

  • SECURITYJun 11 · 07:00 UTCTHE REGISTER
    Every employee’s password was stored in a single Excel file

    A CEO of a 2,000-employee facility services company stored all employee usernames and passwords in an Excel file on his desktop, refusing multi-factor authentication (MFA) despite prior ransomware incidents and data breaches. The company later suffered two data breaches involving sensitive client data.

  • SECURITYJun 1 · 11:40 UTCBLEEPING COMPUTER
    Microsoft confirms outage affecting MFA, My Sign-Ins platform

    Microsoft is addressing an ongoing incident that is preventing customers from setting up multi-factor authentication (MFA) or accessing the My Sign-Ins platform. The company has confirmed the outage but has not provided further details about its cause or resolution timeline.

  • TECHNOLOGYJun 1 · 11:40 UTCBLEEPING COMPUTER
    Microsoft fixes outage affecting MFA setup, MySignIn service

    Microsoft is addressing an ongoing incident that is preventing customers from setting up multi-factor authentication (MFA) or accessing the My Sign-Ins platform. The company is working to resolve the issue affecting these services.

  • SECURITYMay 26 · 10:30 UTCTHE HACKER NEWS
    MFA Prompt Bombing: Why Your Second Factor Isn't Saving You

    MFA is being bypassed as attackers exploit user behavior by tricking them into surrendering their second authentication factor, undermining the security intended by MFA. This method, known as 'prompt bombing,' bypasses the need to steal the second factor directly.

  • SECURITYMay 20 · 21:19 UTCBLEEPING COMPUTER
    Hackers bypass SonicWall VPN MFA due to incomplete patching

    Hackers have bypassed SonicWall VPN multi-factor authentication due to incomplete patching, allowing them to brute-force credentials and deploy ransomware tools. This vulnerability affects SonicWall Gen6 SSL-VPN appliances. Threat actors are exploiting this weakness to launch attacks.

Multi-factor authentication · Dossier · The Nexus