Identity-based attacks: How attackers bypassed MFA four times in one month (opens in new tab)

This is the first edition of a new monthly identity threat brief for the Cisco Duo blog. Each month, I examine the identity-based attacks shaping the current threat environment, the structural weaknesses they exploit, and the defenses that hold up against them.Identity-based attacks target authentication systems, credentials, and identity infrastructure rather than application code or encryption. In recent weeks, four incidents made the pattern clear: attackers stole authentication tokens fro...