From: malQRMassimilation@gmail.com   
      
   As organizations increase their coverage of multifactor authentication   
   (MFA), threat actors have begun to move to more sophisticated   
   techniques to allow them to compromise corporate resources without   
   needing to satisfy MFA. Recently, the Microsoft Detection and Response   
   Team (DART) has seen an increase in attackers utilizing token theft   
   for this purpose. By compromising and replaying a token issued to an   
   identity that has already completed multifactor authentication, the   
   threat actor satisfies the validation of MFA and access is granted to   
   organizational resources accordingly. This poses to be a concerning   
   tactic for defenders because the expertise needed to compromise a   
   token is very low, is hard to detect, and few organizations have token   
   theft mitigations in their incident response plan.   
      
   https://www.microsoft.com/en-us/security/blog/2022/11/16/token-t   
   ctics-how-to-prevent-detect-and-respond-to-cloud-token-theft/   
      
   --   
   (Please remove QRM for direct replies)   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)