The Hacker News

Where Multi-Factor Authentication Stops and Credential Abuse Starts

Seven Windows authentication paths bypass MFA protections, enabling credential attacks through AD, NTLM, Kerberos, RDP, SMB, and service accounts.
Ars Technica

New Azure Active Directory password brute-forcing flaw has no fix

Imagine having unlimited attempts to guess someone’s username and password without getting caught. That would make an ideal scenario for a stealthy threat actor—leaving server admins with little to no ...
Computer Weekly

Users warned over Azure Active Directory authentication flaw

Researchers at Secureworks’ Counter Threat Unit (CTU) have warned of a new and potentially serious vulnerability affecting the pass-through authentication (PTA) hybrid identity authentication method ...