Push Fatigue: We're tired too

More and more organizations are enrolling users in Multi-Factor Authentication (henceforth referred to as MFA) wherein a secondary form of authentication takes place following a user inputting their credentials into a service to ensure a user is who they say they are. It’s an added layer of security and authentication that can help prevent compromise. But this isn’t bulletproof. Recently a few blog posts and papers have begun to come out detailing a bypass technique known as 'MFA bombing', 'MFA Fatigue', 'Push Notification Spamming', and many other terms, detailing high-profile threat actors such as LAPSUS$ who have abused the technique… [Continue Reading]