CISA

CISA: The Risk of MFA Without Improving Password Security

The recent CISA Alert AA22-074A describes how Russian state-sponsored cyber actors gained access to a US NGO using compromised credentials and a flaw in default MFA protocols. This alert may help cybersecurity professionals understand that MFA alone is insufficient and the importance of securing each authentication layer. What happened, exactly?As early as May 2021, the FBI observed Russian state-sponsored cyber …

CISA

CISA Adds Single-Factor Authentication to List of Bad Practices

One Layer Isn’t Enough The Cybersecurity and Infrastructure Security Agency (CISA) in the United States recently announced adding single-factor authentication to their list of Bad Practices.  CISA’s Bad Practices list contains a collection of exceptionally risky cybersecurity practices. Although intended for all industries, the practices listed are considered especially dangerous in organizations that support critical infrastructure or National Critical Functions (NCF).  …