Skip to the main content.
TALK TO AN EXPERT
TALK TO AN EXPERT

ABT Blog

Read about mortgage technology solutions topics

MFA Compliance

ConsentFix v3 OAuth consent phishing toolkit bypasses Microsoft 365 MFA — financial institution defense guide

13 min read

ConsentFix v3: The OAuth Consent Phishing Toolkit That Bypasses MFA for Financial Institutions

Justin Kirsch: Mon, Jun 01, 2026

In This Article The Attack That Skips MFA How ConsentFix v3 Actually Works Why Financial Institutions Are the Target What Stops This (and What Does...

phishing cybersecurity MFA Compliance Microsoft 365
Read More
Microsoft Authenticator information disclosure vulnerability illustration with the Microsoft 4-square logo and a CVSS 7.4 High badge for a financial institution security audience.

11 min read

CVE-2026-41615: Microsoft Authenticator Information Disclosure: What Financial Institutions Should Do Now

Justin Kirsch: Wed, May 27, 2026

In This Article What the patch actually fixes Why financial institutions should treat this as a tier-1 patch event The three-control playbook for...

multi-factor authentication cybersecurity microsoft MFA Compliance Microsoft 365
Read More
Critical Microsoft Entra ID token service spoofing vulnerability illustration showing the Microsoft Enterprise Security Token Service (ESTS) issuing authentication tokens for Microsoft 365 and Microsoft Azure resources, with the Microsoft 4-square logo prominently displayed and a CVSS 9.3 critical badge.

13 min read

CVE-2026-40379: Microsoft's Critical Entra ID Token Service Spoofing CVE: The FI Response

Justin Kirsch: Sat, May 23, 2026

In This Article What CVE-2026-40379 Actually Is Why "Exclusively Hosted Service" Changes Your Job The Five-Step ESTS Token Flow The FI Posture Review...

cybersecurity mortgage industry MFA Compliance Microsoft 365
Read More
Phishing-resistant MFA for financial institutions: hardware-backed FIDO2 security keys, passkeys, and Microsoft Entra ID Conditional Access protecting against AiTM, credential theft, and phishing attacks

16 min read

Phishing-Resistant MFA for Financial Institutions: Why FFIEC, NCUA, and OCC Examiners Now Expect FIDO2, Passkeys, and Hardware Keys

Justin Kirsch: Sat, May 02, 2026

In This Article What "Phishing-Resistant" Authentication Actually Means Why SMS, Push, and One-Time Codes No Longer Pass the Bar What FFIEC Examiners...

phishing multi-factor authentication cybersecurity FFIEC microsoft Data Protection MFA Compliance
Read More
VENOM PhaaS QR code AiTM phishing attack targeting financial institution executives

15 min read

VENOM PhaaS: MFA Bypass Targeting Financial Executives

Justin Kirsch: Sat, Apr 25, 2026

Prefer to watch? Why standard MFA does not stop a VENOM QR phishing attack. VENOM relays your authenticator codes in real time, then quietly...

phishing MFA Compliance
Read More
Microsoft 365 device code phishing attack pathway showing token replay from Railway PaaS infrastructure to a compromised financial institution tenant

26 min read

M365 Device Code Phishing: MFA Is Being Bypassed at Scale

Justin Kirsch: Wed, Apr 15, 2026

Prefer to watch? Every security control did its job. The tokens still went to the attacker. Watch the 26-second Short, then the 10-minute walkthrough...

phishing cybersecurity MFA Compliance Microsoft 365
Read More

13 min read

Best Practices for Configuring Microsoft 365 Email for Mortgage Offices

Justin Kirsch: Wed, Feb 11, 2026

In This Article The Microsoft 365 Email Baseline for Mortgage Offices A Configuration Checklist for FTC Safeguards and GLBA DLP, MFA, and Encryption:...

Compliance EmailGuardian email security cybersecurity FFIEC mortgage industry GLBA FTC Safeguards Rule MFA Compliance Mortgage Cybersecurity Microsoft 365
Read More
Conditional access security policies for financial institutions Microsoft 365

15 min read

Conditional Access Policies for Financial Institutions: 2026 Best Practices

Justin Kirsch: Sun, Feb 08, 2026

 In This Article Why Conditional Access Is the Foundation of Financial Institution Security Baseline Conditional Access Policies Every Financial...

cybersecurity mortgage industry MFA Compliance Microsoft 365
Read More
Company
Platform
Resources
Connect
Talk to an Expert (888) 422-3400
Microsoft Solutions Partner
Cloud Solution Provider
Tier 1 Direct Partner Authority
SOC 1 Type II · Security Controls SOC 2 Type I Defender Zero Trust GLBA / FTC Safeguards 750+ Institutions Purview Governance Copilot Governance
Terms of Service Privacy Policy Acceptable Use Policy Security and Responsible Disclosure
© 2026 Access Business Technologies. All rights reserved.