Lack of MFA is Common Thread in Vast Cloud Credential Heist
An emerging threat actor that goes by "Zestix" used an assortment of infostealers to obtain credentials and breach file-sharing instances of approximately 50 enterprises.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
An emerging threat actor that goes by "Zestix" used an assortment of infostealers to obtain credentials and breach file-sharing instances of approximately 50 enterprises.
MFA and other mechanisms are critical to protect against unauthorized access to data in cloud application environments, but businesses still fall down on the job.
Threat actor dropped in to Dropbox Sign production environment and accessed emails, passwords, and other PII, along with APIs, OAuth, and MFA info.
Crypto hackers gained control of a phone number associated with the government agency's account after MFA was disabled in July.
The successful combo of stolen credentials and social engineering to breach networks is increasing demand for infostealers on the Dark Web.
After one company suffered a breach that could have been headed off by the MFA it claimed to have, insurers are looking to confirm claimed cybersecurity measures.
Ransomware gang gained access to the company's VPN in May by convincing an employee to accept a multifactor authentication (MFA) push notification.
FBI and CISA warn of attack on multifactor authentication account to exploit "PrintNightmare" exploit.