Patrick4d ago

The whole industry has been screaming at you to enable MFA. Microsoft turned it into a mandate. So you complied. And now there's a subscription service selling access to exactly those "protected" accounts, using a legitimate Microsoft authentication flow they never bothered to retire.

https://blog.ppb1701.com/the-failsafe-that-isnt-microsofts-mfa-problem

#microsoft #microsoft365 #phishing #cybersecurity #mfa #kali365 #bigtechwaronusers #security #infosec #privacy #blog

The Failsafe That Isn't: Microsoft's MFA Problem - ByteHaven - Where I ramble about bytes

Part of the ongoing Big Tech's War on Users series. The FBI issued a warning last week about a phishing-as-a-service platform called Kali365 that can...

Show threadEpic Null
@ppb1701 Mandating things without making them available seems all to common these days...
May 26 at 11:15pmWeb
Show threadPatrick4d ago
@Epic_Null I know right?
Show threadEpic Null4d ago

@ppb1701 USE FINE GRAINED TOKENS!!!!

So like... you're gonna give me the settings to use them, right?

MINIMALLY SCOPE YOUR TOKENS!!!

Okay so where's the API I can use to do an application pre-check to ensure every step succeeds before I start making changes? Or maybe a batching option similar to transactions so I can ensure the task fails completely if one middle step will fail?

Submit logs!

Where are they? Sir this was supposed to be an easy one just tell me where to get the logs. Sir please, this has gotten rediculous.

Show threadPatrick4d ago
@Epic_Null 😆 sounds legit