AiTM/ MFA phishing attacks in combination with new Microsoft protections (2023 edition)

Adversary-in-the-middle phishing attacks are still more common in use. Since the removal of basic authentication from Exchange Online more and more attackers are using more modern attacks like adversary-in-the-middle phishing, cookie theft, and other used attacks. Last year I blogged about several modern

AiTM/ MFA phishing attacks in combination with new Microsoft protections (2023 edition)

Detecting and mitigating a multi-stage AiTM phishing and BEC campaign

AiTM/ MFA phishing attacks in combination with new Microsoft protections (2023 edition)

Microsoft Details Phishing Campaign Targeting Over 10,000 Organizations

W3LL Targets Microsoft 365 Accounts with Sophisticated Phishing Kit

Microsoft Warns of Adversary-in-the-Middle Uptick on Phishing Platform - Infosecurity Magazine

Hackers target financial giants via AiTM phishing and BEC attacks

Over 10,000 Organizations Targeted in AiTM Phishing Campaign That Circumvents MFA - Spiceworks

AiTM/ MFA phishing attacks in combination with new Microsoft protections (2023 edition)

Memo 22-09 multifactor authentication requirements overview - Microsoft Entra