Vendor
high
advisory
PingID New MFA Method Registered For User
2 rules 3 TTPsThe creation of a new MFA registration in PingID could indicate an attacker attempting to maintain persistence after compromising a user account.
PingID +1
mfa
persistence
credential-access
2r
3t
high
advisory
PingID New MFA Method After Credential Reset
2 rules 3 TTPsDetection of a new MFA device pairing in PingID shortly after a password reset in Windows Event Logs, potentially indicating a social engineering attack and unauthorized account access.
PingID +2
mfa
credential-access
2r
3t
high
advisory
PingID MFA Bombing Attack
1 rule 3 TTPsAdversaries attempt to bypass multi-factor authentication by flooding users with push notifications, hoping they will eventually accept a fraudulent request, potentially leading to unauthorized access.
PingID
mfa
credential-access
defense-evasion
1r
3t