AiTM/ MFA phishing attacks in combination with new Microsoft protections (2023 edition)

Adversary-in-the-middle phishing attacks are still more common in use. Since the removal of basic authentication from Exchange Online more and more attackers are using more modern attacks like adversary-in-the-middle phishing, cookie theft, and other used attacks. Last year I blogged about several modern

Detecting and mitigating a multi-stage AiTM phishing and BEC campaign

Bypassing MFA: A Forensic Look at Evilginx2 Phishing Kit

What is AiTM (adversary-in-the-middle)? - Ericom Software

Phishing as a service continues to plague business users - SiliconANGLE

From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud

AiTM/ MFA phishing attacks in combination with new Microsoft protections (2023 edition)

Microsoft Says Phishing Campaign Skirted MFA to Access Email

AITM Attack Targeting Microsoft Email Users

ThreatLabz July 2022 Report: Deconstructing a massive global

Over 10,000 Organizations Targeted in AiTM Phishing Campaign That Circumvents MFA - Spiceworks

Memo 22-09 multifactor authentication requirements overview - Microsoft Entra

AITM Attack Targeting Microsoft Email Users