Tag

Mfa

4 briefs RSS

Successful AWS Console Login Without MFA

Successful AWS console logins without multi-factor authentication can indicate compromised credentials, misconfigured security settings, or unauthorized access attempts.

AWS Management Console aws cloudtrail mfa initial-access

2r 1t Jan 9, 2024

high advisory

Azure PIM Role Activation Without MFA

2 rules 1 TTP

Detection of Azure Privileged Identity Management (PIM) roles being activated without requiring multi-factor authentication, potentially leading to unauthorized privilege escalation and persistence.

Azure pim mfa privilege-escalation

2r 1t Jan 3, 2024

medium advisory

Okta MFA Reset or Deactivation Attempt

2 rules 1 TTP

An attacker attempts to disable or reset multi-factor authentication (MFA) for a user account in Okta, potentially leading to unauthorized access and account compromise.

Okta Identity Cloud okta mfa credential-access persistence

2r 1t Jan 3, 2024

medium advisory

Azure AD MFA Disabled to Bypass Authentication

2 rules 1 TTP

An adversary may disable multi-factor authentication (MFA) in Azure Active Directory to weaken an organization's security posture and bypass authentication mechanisms, potentially gaining unauthorized access to sensitive resources and maintaining persistence.

Azure Active Directory azure mfa credential-access persistence defense-impairment

2r 1t Jan 3, 2024