CISA says unnamed US federal agency got hacked, attacker used valid credentials for users' Microsoft 365 and domain admin accounts

xeni · September 24, 2020, 8:24pm

ficuswhisperer · September 25, 2020, 2:18am

I wonder if multi-factor authentication would have largely mitigated this.

spatley · September 25, 2020, 2:35am

It undoubtedly would have avoided this particular vector.

dragonfrog · September 25, 2020, 6:31pm

Using people’s legitimate credentials is definitely not an “unusual method” of hacking - it’s by far the most common one.

system · September 29, 2020, 8:24pm

This topic was automatically closed after 5 days. New replies are no longer allowed.

Topic		Replies	Views
Equifax used "admin/admin" as login and pass for an unencrypted server full of your personal data boing	18	951	October 27, 2019
Schneier skeptical of NYT's 'over a billion passwords stolen' hack story boing	9	1507	August 12, 2014
Who really hacked the DNC? boing	21	3344	June 21, 2016
Chinese hackers pwned computers that house data for all federal employees boing	2	1060	July 15, 2014
Major Homeland Security contractor hacked, federal employee data likely stolen boing	7	1263	August 12, 2014