Adopting security features like multi-factor authentication (MFA) is a crucial strategy for thwarting would-be cyber criminals from stealing data, but a recent study by security firm Varonis shows it might not be enough.
Devising a proof-of-concept mock attack, researchers showed how session hijacking can grant unauthorized access to Microsoft 365 applications and enable privilege escalation, despite using MFA.