AiTM/ MFA phishing attacks in combination with new Microsoft protections (2023 edition)

Adversary-in-the-middle phishing attacks are still more common in use. Since the removal of basic authentication from Exchange Online more and more attackers are using more modern attacks like adversary-in-the-middle phishing, cookie theft, and other used attacks. Last year I blogged about several modern

From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud

Detecting and mitigating a multi-stage AiTM phishing and BEC campaign

Detecting and mitigating a multi-stage AiTM phishing and BEC campaign

How to use Microsoft Entra, Internet Access to prevent AiTM attack(s), by Derk van der Woude

AiTM/ MFA phishing attacks in combination with new Microsoft protections (2023 edition)

What is an Adversary-In-The-Middle (AiTM) Phishing Attack? - 1Kosmos

Jeffrey Appel on LinkedIn: Tips for preventing against new modern identity attacks (AiTM, MFA…

Swedish Windows Security User Group » Identity and access management

W3LL oiled machine: Group-IB uncovers covert BEC phishing empire targeting Microsoft 365 – report

Memo 22-09 multifactor authentication requirements overview - Microsoft Entra

Microsoft Says Phishing Campaign Skirted MFA to Access Email

Hackers target financial giants via AiTM phishing and BEC attacks

From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud