Microsoft Authenticator now blocks suspicious MFA alerts by default

Microsoft has introduced a new protective feature in the Authenticator app to block notifications that appear suspicious based on specific checks performed during the account login stage. Microsoft Authenticator is an app that provides multi-factor authentication, password auto-fill, and password-less sign-in to Microsoft accounts. When a user tries to log into an account with protected by multi-factor authentication, the Authenticator app sends a push notification to the user's device to grant or deny access. The app generates a temporary access code for users to manually log into their account. Hackers are known to exploit the push notification feature by performing a large number of login attempts for the target account, often at inconvenient times, hoping to frustrate or tire the recipients. If the worn-down user approves a request, the attacker gains access to the account and may alter the login protection settings to lock the legitimate user out. For additional security, Microsoft introduced "Number matching" in May, a mechanism where the user must enter a number displayed on the sign-in screen into their Authenticator app to approve the login. Although this measure has reduced the effectiveness of MFA fatigue attacks, it doesn't stop the generation of the annoying notifications themselves. To fight this malicious activity, Microsoft added new features that scrutinize details on login attempts, like if the request comes from an unfamiliar location or shows signs of anomalous activity, to blocks the notification from showing up. Instead, users receive a message that prompts them to open the Authenticator app and enter a given code. The login notifications are still generated and made available from within the Authenticator App if the user needs to access and review them. Since the roll-out of the new feature completed at the end of September, Microsoft has blocked over six million MFA notifications suspected to have been initiated by hackers. Amazon to make MFA mandatory for 'root' AWS accounts by mid-2024. Microsoft will roll out MFA-enforcing policies for admin portal access. Retool blames breach on Google Authenticator MFA cloud sync feature. New Microsoft Exchange zero-days allow RCE, data theft attacks. Microsoft pledges to bolster security as part of 'Secure Future' initiative.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000


Cyber News related to Microsoft Authenticator now blocks suspicious MFA alerts by default

Microsoft Authenticator now blocks suspicious MFA alerts by default - Microsoft has introduced a new protective feature in the Authenticator app to block notifications that appear suspicious based on specific checks performed during the account login stage. Microsoft Authenticator is an app that provides multi-factor ...
11 months ago Bleepingcomputer.com
What is adaptive multifactor authentication? - Adaptive multifactor authentication is a security mechanism intended to authenticate and authorize users through a variety of contextual authentication factors. Adaptive MFA essentially poses different sets of authentication requirements based on the ...
11 months ago Techtarget.com
Misconfigured MFA Increasingly Targeted by Cybercriminals - In the first quarter of 2024, nearly half of all security incidents our team responded to involved multi-factor authentication issues, according to the latest Cisco Talos report. A quarter of these incidents were caused by users accepting fraudulent ...
4 months ago Securityboulevard.com
MFA and supply chain security: It's no magic bullet - With attackers increasingly targeting developer accounts and using them to poison software builds, manipulate code, and access secrets and data, development teams are under pressure to lock down their development environments. Attackers are targeting ...
11 months ago Securityboulevard.com
MFA vs 2FA: Which Is Best for Your Business? - If a user falls for a phishing scam and their credentials are compromised, multi-factor authentication or two-factor authentication provide an additional safeguard against a breach. MFA uses authentication factors such as a pin, an SMS code, an ...
8 months ago Techrepublic.com
Microsoft to start enforcing Azure multi-factor authentication in July - Starting in July, Microsoft will begin gradually enforcing multi-factor authentication for all users signing into Azure to administer resources. After first completing the rollout for the Azure portal, the MFA enforcement will see a similar rollout ...
6 months ago Bleepingcomputer.com
Microsoft Incident Response lessons on preventing cloud identity compromise - Microsoft Incident Response is often engaged in cases where organizations have lost control of their Microsoft Entra ID tenant, due to a combination of misconfiguration, administrative oversight, exclusions to security policies, or insufficient ...
11 months ago Microsoft.com
Microsoft will roll out MFA-enforcing policies for admin portal access - Microsoft will soon start rolling out Conditional Access policies requiring multifactor authentication from administrators when signing into Microsoft admin portals such as Microsoft Entra, Microsoft 365, Exchange, and Azure. The company will also ...
11 months ago Bleepingcomputer.com
What to do when receiving unprompted MFA OTP codes - Receiving an unprompted one-time passcode sent as an email or text should be a cause for concern as it likely means your credentials have been stolen. One of the initial components of a cyberattack is the theft of legitimate credentials to corporate ...
11 months ago Bleepingcomputer.com
Discord adds Security Key support for all users to enhance security - Discord has made security key multi-factor authentication available for all accounts on the platform, bringing significant security and anti-phishing benefits to its 500+ million registered users. The popular social platform first highlighted the ...
11 months ago Bleepingcomputer.com
Badge Makes Device-Independent Authentication Platform Available - Badge Inc. today announced that a namesake platform that enables end users to securely be authenticated on-demand using any device is now generally available. The company has allied with Okta to provide integration with an identity access management ...
10 months ago Securityboulevard.com
CISA Warns of Compromised Microsoft Accounts - CISA issued a fresh CISA emergency directive in early April instructing U.S. federal agencies to mitigate risks stemming from the breach of numerous Microsoft corporate email accounts by the Russian APT29 hacking group. The directive is known as ...
7 months ago Securityboulevard.com
Cisco Duo and ISE: Better together in the cybersecurity battlefield - Luckily for you, Cisco Duo and ISE are the perfect pair to protect your network. Think of Cisco Duo's multi-factor authentication as the added layer of security that verifies a user's identity at the time of login, like a high-tech forcefield that ...
11 months ago Feedpress.me
New Microsoft Incident Response guides help security teams analyze suspicious activity - Today Microsoft Incident Response are proud to introduce two one-page guides to help security teams investigate suspicious activity in Microsoft 365 and Microsoft Entra. These guides contain the artifacts that Microsoft Incident Response hunts for ...
10 months ago Microsoft.com
How Data Ingestion Works in SOAR - SOAR tools work as consolidation platforms for security alerts and incident response. Endpoint security tools, network security tools, email systems, and other tools collect logs, run detection rules and generate alerts. SOAR then ingests those ...
11 months ago Securityboulevard.com
Fake Ledger Live app in Microsoft Store steals $768,000 in crypto - Microsoft has recently removed from its store a fraudulent Ledger Live app for cryptocurrency management after multiple users lost at least $768,000 worth of cryptocurrency assets. Published with the name Ledger Live Web3, the fake application ...
11 months ago Bleepingcomputer.com
3 main tactics attackers use to bypass MFA - Notable security breaches have bypassed MFA to compromise taxi broker Uber, games company EA, and authentication business Okta, according to SE Labs. SE Labs advised CISOs to step-up their efforts against attacks on systems protected by MFA in ...
10 months ago Helpnetsecurity.com
$25M gone in 12 seconds! Brothers accused of Ethereum heist The Register - These transactions are grouped onto blocks that are chained together, hence the name. As the name suggests, validator bots attest that proposed blocks of Ethereum transactions are valid and send those blocks to a committee of fellow validators to ...
6 months ago Go.theregister.com
Scattered Spider Hops Nimbly From Cloud to On-Prem in Complex Attack - The group behind the high-profile MGM cyberattack in September has resurfaced in yet another sophisticated ransomware attack, in which the actor pivoted from a third-party service environment to the target organization's on-premise network in only an ...
11 months ago Darkreading.com
Don't phish for deals this holiday season - This season is also a prime opportunity for attackers seeking to capitalize on unsuspecting individuals, employing identity-based cyberattacks such as phishing to compromise users' credentials and take control of their accounts. While education on ...
11 months ago Securityboulevard.com
Microsoft reveals how hackers breached its Exchange Online accounts - Microsoft confirmed that the Russian Foreign Intelligence Service hacking group, which hacked into its executives' email accounts in November 2023, also breached other organizations as part of this malicious campaign. On January 12, 2024, Microsoft ...
9 months ago Bleepingcomputer.com
Exploring The Benefits Of Multi-Factor Authentication For Security - That's why I want to talk about multi-factor authentication benefits, a security protocol that requires multiple methods of verification from independent categories of credentials. Traditional security often hinges on just one factor - something you ...
10 months ago Securityboulevard.com
Huawei, Vivo phones tag Google app as TrojanSMS-PA malware - Huawei, Honor, and Vivo smartphones and tablets are displaying strange 'Security threat' alerts urging the deletion of the Google app, warning that it is detected as the 'TrojanSMS-PA' malware. In what appears to be a false positive, these security ...
11 months ago Bleepingcomputer.com
Scattered Spider Hops Nimbly From Cloud to On-Prem in Complex Attack - The group behind the high-profile MGM cyberattack in September has resurfaced in yet another sophisticated ransomware attack, in which the actor pivoted from a third-party service environment to the target organization's on-premise network in only an ...
11 months ago Darkreading.com
New Microsoft Purview features use AI to help secure and govern all your data - More than 90% of organizations use multiple cloud infrastructures, platforms, and services to run their business, adding complexity to securing all data.1Microsoft Purview can help you secure and govern your entire data estate in this complex and ...
11 months ago Microsoft.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)