The Hacker News

Where Multi-Factor Authentication Stops and Credential Abuse Starts

Seven Windows authentication paths bypass MFA protections, enabling credential attacks through AD, NTLM, Kerberos, RDP, SMB, and service accounts.
CSOonline

Security update causes new problem for Windows Hello for Business authentication

A fix introduced into Windows last month to close a weakness in Kerberos authentication is causing logon failures for some Windows Hello for Business (WHfB) users, Microsoft has warned. In theory, the ...
The Verge

Microsoft’s Windows Hello fingerprint authentication has been bypassed

Security researchers have found flaws in the way laptop manufacturers are implementing fingerprint authentication. Security researchers have found flaws in the way laptop manufacturers are ...
Dark Reading

Goodbye? Attackers Can Bypass 'Windows Hello' Strong Authentication

­Microsoft's Windows Hello for Business (WHfB) default phishing-resistant authentication model recently was found susceptible to downgrade attacks, allowing threat actors to crack into even ...
ZDNet

Hackers are attempting to steal millions of dollars from businesses by bypassing multi-factor authentication

A phishing and business email compromise (BEC) campaign that attempts to steal millions of dollars from victims is targeting Microsoft 365 accounts with attacks that can bypass multi-factor ...
Android

100% reliable bypass found for Windows Hello authentication

Microsoft‘s Offensive Research and Security Engineering (MORSE) asked Blackwing Intelligence to evaluate if there’s any bypass for Windows Hello fingerprint authentication. To our surprise, the ...
Bleeping Computer

Microsoft to start enforcing Azure multi-factor authentication in July

Starting in July, Microsoft will begin gradually enforcing multi-factor authentication (MFA) for all users signing into Azure to administer resources. After first completing the rollout for the Azure ...