Mitiga in the News
Microsoft 365 business users targeted with new DocuSign phishing scam
A new business email compromise (BEC) campaign has been targeting Microsoft 365 organizations in a bid to hack corporate executives’ accounts and maliciously divert business payments.
Hackers are attempting to steal millions of dollars from businesses by bypassing multi-factor authentication
Cybersecurity researchers detail a BEC scam targeting high-level Microsoft Office 365 accounts, even if they're protected with MFA.
Advanced business email compromise campaign targeting Microsoft 365 organizations
Researchers spotted a sophisticated business email compromise (BEC) campaign targeting Microsoft 365 organizations, leveraging inherent weaknesses in Microsoft 365 Multi-Factor Authentication (MFA), Microsoft Authenticator, and Microsoft 365 Identity Protection.
How attackers use and abuse Microsoft MFA
Microsoft has been pushing for the use of multi-factor authentication (MFA) to thwart attackers for many years. But threat actors are keeping up with the increasing enterprise adoption of MFA and are constantly coming up with ways to bypass the additional protection it offers.
Advisory: Persistent MFA Circumvention in an Advanced BEC Campaign on Microsoft 365 Targets
Mitiga spotted a sophisticated, advanced business email compromise campaign, targeting Microsoft365 organizations, leveraging inherent weaknesses in Microsoft 365 MFA,Microsoft Authenticator, and Microsoft 365 Identity Protection
Sophisticated BEC scammers bypass Microsoft 365 multi-factor authentication
Analysis of the BEC campaign reveal weaknesses in Microsoft's authentication system and hackers have developed ways to bypass multi-factor authentication (MFA) on cloud productivity services like Microsoft 365 (formerly Office 365).
Hackers use AiTM attack to monitor Microsoft 365 accounts for BEC scams
A new business email compromise (BEC) campaign has been discovered combining sophisticated spear-phishing with Adversary-in-The-Middle (AiTM) tactics to hack corporate executives' Microsoft 365 accounts, even those protected by MFA.
Scammers exploit Office 365 to target high-ranking executives
A sophisticated business email compromise (BEC) campaign targets CEOs and CFOs to drain millions from corporate accounts.
Cyber breach: 5 Steps to a rapid business recovery
Cyberattacks are constant and security breach incidents inevitable. The National Cyber Security Centre offers guidance for public and private sector organisations to help minimise harm from breaches, while the UK’s data watchdog, the Information Commissioner’s Office (ICO) is focused on addressing the issues in the public sector that result in avoidable data breaches by raising data protection standards and preventing harm from occurring.
