Latest news with #MFA

National Post
10 hours ago
- Business
- National Post
ManageEngine Enhances AD360 With Risk Exposure Management and Local User MFA Features to Strengthen Identity Threat Defenses
Article content New Capabilities Help Enterprises Visualize Attack Paths, Enforce MFA on Unmanaged Local Accounts, and Align Identity Security With the Zero Trust Framework Article content The identity risk exposure management feature adds identity threat detection capabilities that help uncover how attackers could escalate privileges or move laterally within the environment With local user MFA, enterprises can extend enterprise-grade MFA to previously unmanaged local accounts Read about AD360's identity risk exposure management at and local user MFA capabilities at Article content AUSTIN, Texas — ManageEngine, a division of Zoho Corporation and a leading provider of enterprise IT management solutions, today announced the general availability of identity risk exposure management and local user MFA features in AD360, its converged identity and access management (IAM) platform. The release enables security teams to detect privilege escalation risks and secure unmanaged local accounts, two common identity attack vectors that attackers continue to exploit at scale. Article content Identity remains the primary attack vector in modern enterprises, as shown by Verizon's 2025 Data Breach Investigations Report, which found that credential abuse was the initial access vector in 22% of breaches. The report also highlighted widespread abuse of poorly managed local accounts and privilege paths across over 12,000 confirmed breaches. Article content 'With this release, ManageEngine AD360 moves beyond traditional IAM by embedding identity threat defenses into core identity operations. By turning identity data into actionable security insights, we're helping customers make IAM the first line of defense, not a check box,' said Manikandan Thangaraj, vice president of ManageEngine. Article content While most IAM tools focus on provisioning and policy enforcement, AD360 adds risk exposure mapping via attack path analysis as well as local MFA enforcement, helping enterprises close attack paths that often go undetected. This marks a key step in identity management evolving from an access control layer into an active security control. New Capabilities Article content Identity risk exposure management: Graph‑based analysis maps lateral movement and privilege escalation paths in Active Directory (AD), automatically prioritizing risky configurations and recommending remediation steps. The graph engine models AD objects as nodes and privilege inheritance as lines, revealing multi‑step attack chains in real time, with actionable suggestions that IT teams can implement to close exposed paths. Local user MFA: This feature extends adaptive MFA to local accounts on non‑domain‑joined servers, DMZ assets, and test environments, thwarting credential stuffing and persistence techniques. ML‑driven access recommendations: During provisioning and access review campaigns, machine learning analyzes permission patterns and suggests adjustments to implement least privilege access, helping prevent excess entitlements. Article content Additionally, ManageEngine has enhanced AD360's access certification module, which now includes expanded entitlements for comprehensive review coverage, and the risk assessment capabilities feature new indicators for improved identity risk monitoring across AD and Microsoft 365 environments. These enhancements are designed to streamline compliance reporting and strengthen access governance across the enterprise. The new capabilities support NIST SP 800-207 on Zero Trust architecture, align with PCI DSS Version 4.0 Requirement 8, and facilitate SOX, HIPAA, and GDPR controls. Article content About AD360 Article content ManageEngine AD360 is a unified identity platform that seamlessly connects people, technology, and experiences while giving enterprises full visibility and control over their identity infrastructure. It offers automated life cycle management; secure SSO; adaptive MFA; and risk-based governance, auditing, compliance, and identity analytics—all from a single, intuitive console. With extensive out-of-the-box integrations and support for custom connectors, AD360 easily integrates into existing IT ecosystems to enhance security and streamline identity operations. Trusted by leading enterprises across healthcare, finance, education, and government, AD360 simplifies identity management, fortifies security, and ensures compliance with evolving regulatory standards. For more information, please visit Article content Article content Article content Article content Article content Contacts Article content Media Contact: Article content Article content Article content Article content


The Hindu
10 hours ago
- Business
- The Hindu
Former India international Aditi Chauhan to mentor Mumbai-based Warriorz FC
Former India international Aditi Chauhan, who announced her retirement from football last week, was named the mentor of Warriorz FC — a side competing in the MFA (Mumbai Football Association) Women's Premier League. Previously known as Rudra FC, the team was acquired by Capri Sports, and joins the Warriorz clan. First up on the agenda for the Warriorz FC will be to try and claim the coveted MFA Women's Premier League title, and then eventually earn promotion to the Indian Women's League. 'It is great to see big corporates like Capri Sports investing in women's football and taking ownership to create a better system for the players. I'm looking forward to sharing my experience and knowledge not just with the players but also the management, wherein we work towards holistic growth of everyone involved. Not just producing champions but also leaders of tomorrow,' said team mentor Aditi. 'Warriorz FC represents far more than just a football team for Capri Sports — it is a strategic opportunity to create meaningful, long-term impact on the women's football ecosystem in India. Driving that change begins at the grassroots, where foundational interventions are most critical. With Aditi Chauhan bringing her invaluable experience and expertise to the project, we believe we have all the right elements in place to build something truly transformative,' said Apurv Gupta, Director – Contact Sports, Capri Sports. Related Topics Aditi Chauhan / Maharashtra


Newsweek
a day ago
- Business
- Newsweek
Microsoft Releases Urgent Patch to Counter Server Attacks: What To Know
Based on facts, either observed and verified firsthand by the reporter, or reported and verified from knowledgeable sources. Newsweek AI is in beta. Translations may contain inaccuracies—please refer to the original content. Microsoft has released an emergency security update to address a critical vulnerability in its on-premises SharePoint Server software, following a wave of cyberattacks over the weekend. The attacks, discovered over the weekend, exploit a previously unknown vulnerability in the document-sharing software, prompting immediate action from both Microsoft and federal investigators. Newsweek reached out to Microsoft and the Cybersecurity and Infrastructure Security Agency (CISA) via email for comment. Why It Matters This high-impact breach highlights persistent risks for organizations relying on on-premises SharePoint servers for collaboration and internal document management. Attackers have reportedly bypassed advanced security measures, such as multi-factor authentication (MFA) and single sign-on, gaining privileged access to sensitive U.S. government, educational, health care, and corporate systems. What To Know On Sunday, Microsoft released a series of security patches to address the breach, saying that it was "aware of active attacks targeting on-premises SharePoint Server customers by exploiting vulnerabilities partially addressed by the July Security Update." In a statement on social media, the tech giant said that "Microsoft has released a security update for SharePoint Subscription Edition to mitigate active attacks targeting on-premises servers. SharePoint Online is not affected. Customers should apply the update immediately. We are actively working on updates for SharePoint 2016 and 2019." A Microsoft office in New York City as seen on June 24, 2025. A Microsoft office in New York City as seen on June 24, 2025. Getty Images The vulnerability CVE-2025-53770 enables attackers to execute code and bypass traditional defenses remotely. Microsoft's cloud-based SharePoint Online service remains unaffected by these exploits. Eye Security, a Dutch cybersecurity firm, uncovered the initial compromises after scanning over 8,000 SharePoint servers worldwide, identifying at least 54 organizations, including U.S. federal agencies, banks, and universities, that were breached. The FBI told Newsweek on Sunday that it is aware of the incidents and is working with federal and private-sector partners to address the threat. Who People Are Saying Michael Sikorski, CTO and head of Threat Intelligence for Unit 42 at Palo Alto Networks, told Newsweek: "If you have SharePoint on-prem exposed to the internet, you should assume that you have been compromised at this point. This is a high-severity, high-urgency threat. "We are urging organizations who are running on-prem SharePoint to take action immediately and apply all relevant patches now and as they become available, rotate all cryptographic material, and engage professional incident response." The Cybersecurity and Infrastructure Security Agency said on Sunday: "CISA is aware of active exploitation of a new remote code execution (RCE) vulnerability enabling unauthorized access to on-premise SharePoint servers. While the scope and impact continue to be assessed, the new Common Vulnerabilities and Exposures (CVE), CVE-2025-53770, is a variant of the existing vulnerability CVE-2025-49706 and poses a risk to organizations. "This exploitation activity, publicly reported as "ToolShell," provides unauthenticated access to systems and enables malicious actors to fully access SharePoint content, including file systems and internal configurations, and execute code over the network." What Happens Next Microsoft is continuing to develop patches for the legacy SharePoint 2016 version, and has advised users to disconnect affected servers from the internet if immediate updates are not available or feasible.

Bangkok Post
4 days ago
- Politics
- Bangkok Post
MFA to lodge complaint
The Ministry of Foreign Affairs (MFA) is preparing to lodge a formal protest against Cambodia after three Thai soldiers were injured by an anti-personnel landmine near the Thai-Cambodian border in what may be a breach of the Ottawa Convention. Ministry spokesman Nikorndej Balankura said the army is investigating whether the mine was a newly planted device or a remnant, with the result expected within days or early next week. If it is confirmed to be a new landmine, the army will raise the issue with its Cambodian counterpart while the MFA will proceed through proper channels in accordance with the Ottawa Convention and other frameworks such as the 2000 Memorandum of Understanding (MoU) on border demarcation, he said. Both Thailand and Cambodia are signatories to the Ottawa Convention, which officially prohibits the use of anti-personnel landmines. Cambodia ratified it in 1997, while Thailand ratified it in 1999. The incident occurred on Wednesday near Hill 481 in the Chong Bok area of Ubon Ratchathani's Nam Yuen district. According to the Second Army Region, a group of soldiers was patrolling in the area when one of them stepped on a mine, causing an explosion that injured three of them. Pvt Thanapat Huiwan, whose left foot was severed at the ankle, underwent an operation and is now in a safe condition. The other two soldiers, Sgt Patiphant Srilasak and Pvt Nathawut Srikhem, suffered chest pains. Military sources said that subsequent searches in the area also revealed three more mines identified as Russian-made PMN-2, and photographic evidence indicated these mines were planted recently. The Second Army Region yesterday dispatched bomb disposal and forensic teams to inspect the area and gather more evidence. Prior to Wednesday's incident, anti-personnel landmines and various types of ordnance were discovered during June 10-July 15 as troops from the engineering corps undertook clearance operations to make patrol routes. They included POMZ, M14 and M16 anti-personnel landmines, RPG rounds, M203 grenades, mortar shells and parts of the TM57 anti-tank device. Army spokesman Maj Gen Winthai Suvaree on Friday denied suggestions made by some Cambodian media that the mine might have been planted by the Thai side, saying the military never had or procured PMN-2 mines. He said the army will verify the type of mine and respond officially once the facts are established. Cambodian Mine Action Centre (CMAC) director-general Heng Ratana posted on social media that Thai officials have made differing claims for the July 16 mine explosion, with some saying it was the remnant of war and others claiming it was a new device. "A few reporters requested my comments, I just returned questions to them by advising them to verify whether the location of the incident occurred in Thailand or Cambodia. If the incident was in Thailand's territorial jurisdiction or control, thus Thailand knows about it," Heng Ratana wrote in a Facebook post. Deputy Defence Minister Gen Nattaphon Narkphanit on Friday acknowledged the possibility that the landmine could be new but noted that an investigation is required to determine it. He was speaking ahead of his trip to Ubon Ratchathani to visit and extend moral support to the injured soldiers. Culture Minister Paetongtarn Shinawatra, who is suspended from her duties as PM, also joined the trip. RAdm Surasant Kongsiri, spokesman for the Thai-Cambodian Border Situation Administration Centre, said yesterday the injured soldiers will receive full benefits.
Yahoo
4 days ago
- Yahoo
Microsoft Authenticator
Microsoft Authenticator makes it easy to protect and log into your online accounts using multi-factor authentication (MFA). It's free, and you don't need a Microsoft account to use it. Even though the company is sunsetting the app's password management features, Microsoft's authenticator app is still a good online privacy tool, especially for Microsoft users. That said, 2FAS is our Editors' Choice winner for authenticator apps because the software is open source and offers browser extensions for desktop users, while Aegis Authenticator is an Editors' Choice for Android devices because it collects very little data and includes helpful customization options. Getting Started With Microsoft Authenticator Microsoft Authenticator is available for Android and iOS devices. It does not support desktops. Open-source competitor 2FAS offers browser extensions, which you can use on desktops, too. There's also no Microsoft Authenticator app for Android's Wear OS or Apple's watchOS. Of the apps I've reviewed, Authy is the only one with an app for watchOS, while Stratum supports Wear OS. You don't have to create or sign into a Microsoft account to generate or store MFA codes in the app, which is great. Authentication only requires token generation, which is not a particularly complicated process, so I like it when these apps don't require an email address, phone number, or other personal information to use the app's basic functions. Since our last review of the app, Microsoft has eliminated or moved some of its features. The most notable missing feature is the app's auto-filling capabilities, which are now part of Microsoft's new, AI-enriched Edge browser. Microsoft Authenticator's simple blue-and-white layout is pretty easy to navigate. Microsoft hides your authentication codes on the dashboard by default, which is excellent. I also like that the app blocks screenshots by default on Android, though you can turn that off via the Settings menu if you prefer. On iOS, visit the Settings menu to turn on the App Lock setting, which will require your phone's passcode or a Face ID scan to open the app. Data Collection Policies Some authentication apps collect much more data than their stated functionality should require. The Android and iOS versions of the Microsoft Authenticator apps collect location and diagnostic data, which isn't unusual. In contrast, Google's Authenticator app collects data from your phone's Contact list and may even collect data from the photos and videos on your device. After installing the app, you have to tap through several introductory screens. One of these screens is a notice stating that Microsoft respects your privacy. While, as mentioned above, the company collects diagnostic data, it doesn't collect personal data in the background without your consent. You must tap to accept the privacy notice, so I suggest reading the privacy policy while you're there. I did and noted that Microsoft specifies that customers willingly give up data by opting in for features or entering personal information in forms, which is different from non-consensual data collection. If you want to opt out of specific types of data collection pertaining to advertising, I recommend doing so via Microsoft's privacy settings page. In its privacy policy, Microsoft also states that the company uses your data to train AI, which is not ideal. Hands On With Microsoft Authenticator For this review, I tested the app using an Android device. Adding accounts to the Microsoft Authenticator app is as easy as giving the app access to your camera and then scanning a QR code or typing in a verification code. To verify your identity while logging into an account, enter the six-digit code on the authenticator app dashboard. In testing, attaching Microsoft Authenticator to my social media account was easy, and I logged in without problems. If you want to remove an account from the app, tap the account on the dashboard, then tap the gear in the top right corner of the screen. From there, tap the button to remove the account. The Android and iOS apps have the Verified IDs section, where you can confirm your identity using a Microsoft Entra Verified ID if your employer uses that system. Backing Up Account Information Microsoft Authenticator can create cloud backups of your MFA tokens, which you'll need if you get a new phone or lose your old one. You can back up your data to iCloud or your Microsoft account. Tapping the Details button in the Backup menu reveals when you last backed up your data and what device was used for the transfer, which is helpful.