Wave Systems Corp. (fka WAVXQ)

[Genz2]

FBI warns of MFA flaw used by state hackers for lateral movement

https://www.bleepingcomputer.com/news/security/fbi-warns-of-mfa-flaw-used-by-state-hackers-for-lateral-movement/

Excerpts:

The FBI says Russian state-backed hackers gained access to a non-governmental organization (NGO) cloud after enrolling their own device in the organization's Duo MFA following the exploitation of misconfigured default multifactor authentication (MFA) protocols.

To breach the network, they used credentials compromised in a brute-force password guessing attack to access an un-enrolled and inactive account, not yet disabled in the organization's Active Directory.

With the help of these compromised accounts and without MFA enforced, the Russian-backed threat actors could move laterally and gain access to the cloud storage and email accounts and exfiltrate data.
=================================================================
Use better security, use Wave VSC 2.0 (MFA)!! The Wave alternative is simpler, more secure and cheaper! It protects networks, data and devices! Try Wave, use Wave and become a happy Wave customer!!
==================================================================
http://www.wavesys.com/

http://www.wavesys.com/contact-information

Contact Wave

Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com

Gold Customer Support:

goldsupport@wavesys.com

1-800-928-3638

Support:

support@wavesys.com

1-844-250-7077

Sales:

1-877-228-WAVE