An article by Microsoft came out targeting LAPSU$. 🤷‍♂️ It’s not worth your time. Except for this one part.

An article by Microsoft came out targeting LAPSUS$ (aka DEV-0537). 🤷‍♂️ It’s not worth your time. That is, not if you’ve spent ten minutes in your life studying modern MFA best-practices.

MITRE Reference: https://lnkd.in/gHmUcP9T

But there was one⚱️golden nugget I’ve never considered and think is worth sharing:

“One hallmark tactic of DEV-0537 is to monitor and eavesdrop on incident response communications in the event of a cybersecurity breach. Companies should monitor these communication channels closely, and attendees should be routinely …

article cybersecurity dev dev-0537 golden life mfa microsoft practices targeting