multi-factor authentication (MFA)
Coverage of multi-factor authentication (MFA) in the Nexus archive.
- FBI warns of Kali365 phishing service targeting Microsoft 365 accounts
The FBI has issued a warning about the Kali365 phishing-as-a-service platform, which exploits OAuth device code authentication to hijack Microsoft 365 accounts. The service steals session tokens and bypasses multi-factor authentication (MFA), posing a significant cybersecurity threat.
- The silent “Storm”: New infostealer hijacks sessions, decrypts server-side
A new infostealer named 'Storm' bypasses local decryption by transmitting browser data to attacker servers. Varonis demonstrates how server-side decryption enables session hijacking, circumventing passwords and multi-factor authentication (MFA).
- When attackers already have the keys, MFA is just another door to open
The article discusses how stolen credentials can bypass Multi-Factor Authentication (MFA), turning authentication systems into an attack surface. A wearable biometric authentication token is presented as a solution to verify users rather than sessions, blocking phishing relays and MFA bypass attempts.