| Message-ID: <20230302122953.GA1656473@telecomdigest.us>
Date: Thu, 2 Mar 2023 07:29:53 -0500
From: Bill Horne <malQRMassimilation@gmail.com>
Subject: MFA bypass: how bad actors can circumvent strong security
Multifactor authentication, or MFA, is widely used to help prevent
malicious actors from gaining access to your accounts. Multifactor
authentication also goes by names like 2-Step Verification or
two-factor authentication. UNC-Chapel Hill uses two 2-Step services,
Microsoft and Duo Security, to protect accounts and data at the
University.
MFA means that more than one authentication method, or factor, is
required to allow you access to an account. An example would be
requiring both a password as your first factor and a code you receive
via text as your second factor.
https://its.unc.edu/2022/10/20/mfa-bypass/
--
(Please remove QRM for direct replies)
|
| Message-ID: <20230302123248.GA1656542@telecomdigest.us>
Date: Thu, 2 Mar 2023 07:32:48 -0500
From: Bill Horne <malQRMassimilation@gmail.com>
Subject: 'There's No Ceiling': Ransomware's Alarming Growth Signals
a New Era, Verizon DBIR Finds
Ransomware has become so efficient, and the underground economy so
professional, that traditional monetization of stolen data may be on
its way out.
By Tara Seals
The past year has seen a staggering acceleration in ransomware
incidents, with 25% of all breaches containing a ransomware component.
That's the top-line finding in the 2022 Verizon Data Breach
Investigations Report (DBIR), which found that ransomware events in
conjunction with breaches ballooned 13% in the past year — last year's
report found that just 12% of incidents were ransomware-related. That
translates into a rate of increase that's more than the previous five
years of growth combined.
https://www.darkreading.com/attacks-breaches/ransomware-alarming-growth-verizon-dbir
--
(Please remove QRM for direct replies)
|
| Message-ID: <20230302123056.GA1656511@telecomdigest.us>
Date: Thu, 2 Mar 2023 07:30:56 -0500
From: Bill Horne <malQRMassimilation@gmail.com>
Subject: Token tactics: How to prevent, detect, and respond to cloud
token theft
As organizations increase their coverage of multifactor authentication
(MFA), threat actors have begun to move to more sophisticated
techniques to allow them to compromise corporate resources without
needing to satisfy MFA. Recently, the Microsoft Detection and Response
Team (DART) has seen an increase in attackers utilizing token theft
for this purpose. By compromising and replaying a token issued to an
identity that has already completed multifactor authentication, the
threat actor satisfies the validation of MFA and access is granted to
organizational resources accordingly. This poses to be a concerning
tactic for defenders because the expertise needed to compromise a
token is very low, is hard to detect, and few organizations have token
theft mitigations in their incident response plan.
https://www.microsoft.com/en-us/security/blog/2022/11/16/token-tactics-how-to-prevent-detect-and-respond-to-cloud-token-theft/
--
(Please remove QRM for direct replies)
|
| Message-ID: <20230303170736.GA1669132@telecomdigest.us>
Date: Fri, 3 Mar 2023 12:07:36 -0500
From: Bill Horne <malassimQRMilation@gmail.com>
Subject: The Wall Street Journal and Baron's are offering a $2.50/
week subscription
I just came across this offer, and I was moved to sign up for a year,
so I'm passing it along FYI.
The terms are that you get the Wall Street Jounal, and Baron's, and
Market Watch for $2.50 per week, for one year. After that, it's about
$50 per "four week period" - in other words, ~$650/year.
I'm not going to get paid if you sign up for the trial, and I don't
own any stock in the Dow Jones Co.
I'm passing along the entire URL, because if you use only the web
address, the price goes up to $3.75 per week. Please feedback your
results if they differ from mine.
https://store.wsj.com/shop/us/us/wsjusnsswg217av3/?gclid=Cj0KCQiA0oagBhDHARIsAI-Bbge8VzASiNbL5DXReqRFFn_KPLmAK1cKVRcoi9BxgKIf9QGmZGzwPegaAl1-EALw_wcB&swg=true&fswg=true&trackingCode=aaqypx3k&cid=WSJ_SCH_GOO_ACQ_NA&n2IKsaD9=n2IKsaD9&Pg9aWOPT=Pg9aWOPT&Cp5dKJWb=Cp5dKJWb&APCc9OU1=APCc9OU1&cx_campaign=WSJUSSwGODS&gclsrc=aw.ds&ef_id=ZAIm-AAAAFBCn2zT:20230303165732:s
Bill Horne
--
(Please remove QRM for direct replies)
|
Message-ID: <Pine.NEB.4.64.2303031742010.17026@panix3.panix.com>
Date: 3 Mar 2023 17:43:39 +0000
From: "danny burstein" <dannyb@panix.com>
Subject: Re: The Wall Street Journal and Baron's are offering a $2.50/week subscription
I've peridcially seen the WSJ offer $1/wk (without Barrons),
and I'm now in my 2.5th year of them...
It's annoying that they play the whole "you have to call
us to cancel" deal and then go through the garbage, but
otherwise no great problem.
I start looking for a new offer at about 45 weeks in..
_____________________________________________________
Knowledge may be power, but communications is the key
dannyb@panix.com
[to foil spammers, my address has been double rot-13 encoded]
| Moderator's Note |
|---|
|
I'm shocked! SHOCKED, I tell you! To think that the Dow Jones
organization would put obstacles in the path of those seeking to
spend less on their flagship product!
I'm suddenly wondering if the Dow-Jones Industrial Average,
which is calculated in a way that makes the result highly
variable, might have been created just to sell newspapers!
Say it ain't so!
| | - Bill Horne |
|---|
|
