Microsoft has been pushing for the use of multi-factor authentication (MFA) to thwart attackers for many years. But threat actors are keeping up with the increasing enterprise adoption of MFA and are constantly coming up with ways to bypass the additional protection it offers. We have already seen attacks involving SIM swapping, exploitation of vulnerabilities, rogue apps, legacy authentication protocols, MFA prompt bombing (aka MFA fatigue), stolen session cookies, and (custom) phishing kits with MFA-bypassing … Continue reading How attackers use and abuse Microsoft MFA