AiTM/ MFA phishing attacks in combination with new Microsoft protections (2023 edition)

Adversary-in-the-middle phishing attacks are still more common in use. Since the removal of basic authentication from Exchange Online more and more attackers are using more modern attacks like adversary-in-the-middle phishing, cookie theft, and other used attacks. Last year I blogged about several modern

Detecting and mitigating a multi-stage AiTM phishing and BEC campaign

Adversary-in-the-Middle (AiTM) phishing attack: Key tactics and defense strategies

How 1-Time Passcodes Became a Corporate Liability – Krebs on Security

AiTM/ MFA phishing attacks in combination with new Microsoft protections (2023 edition)

Microsoft accounts targeted with new MFA-bypassing phishing kit

Understanding Adversary-In-The-Middle Attacks (AiTM)

Hackers use AiTM attack to monitor Microsoft 365 accounts for BEC scams

New AiTM Phishing Attack That Bypasses MFA Sets Sights On Microsoft Email Users

New and more sophisticated phishing techniques leverage a variety of malicious tactics - SiliconANGLE

Phishing-as-a-Service Gets Smarter: Microsoft Sounds Alarm on AiTM Attacks

Memo 22-09 multifactor authentication requirements overview - Microsoft Entra

Microsoft Warns of Adversary-in-the-Middle Uptick on Phishing Platform - Infosecurity Magazine

Swedish Windows Security User Group » Identity and access management

EvilProxy Exploits indeed.coms Open Redirect for Microsoft 365 Phishing