all InfoSec news
Odd Recent M365 Compromises
Nov. 14, 2023, 9:24 p.m. | /u/reencrypt
cybersecurity www.reddit.com
We've had a few clients with M365 account compromises recently. Most, if not all have decent controls in place (MFA/Number Matching, Authenticator, GeoIp blocking, Legacy Auth disabled, etc).
Couple things to note:
First obvious suspicious sign-in are coming from within the United States. I tracked a few of the IPs to multiple VPN and/or proxy services, but a lot of them were Microsoft data centers.
The one compromise had …
account auth authenticator blocking clients coming controls cybersecurity disabled etc geoip guidance legacy m365 mfa running sign states things united united states
More from www.reddit.com / cybersecurity
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Open-Source Intelligence (OSINT) Policy Analyst (TS/SCI)
@ WWC Global | Reston, Virginia, United States
Security Architect (DevSecOps)
@ EUROPEAN DYNAMICS | Brussels, Brussels, Belgium
Infrastructure Security Architect
@ Ørsted | Kuala Lumpur, MY
Contract Penetration Tester
@ Evolve Security | United States - Remote
Senior Penetration Tester
@ DigitalOcean | Canada