The recent breach of Uber brought attention to MFA fatigue. Certainly, user behavior sometimes reflects a fall into the realm of fatigue—like clicking “approve” to stop a string of seemingly buggy MFA requests. Too often, however, it is cumbersome processes for security that cause people to make insecure choices, especially if they don’t fully understand the rationale behind those processes.

In this month’s report, we touch on the Uber breach and MFA fatigue; the flaw in Microsoft Teams that could allow a threat actor to access an organization’s Microsoft 365 infrastructure; the threat to critical infrastructure posed by Russia’s war in Ukraine; the top takeaways from CrowdStrike’s newest threat hunting report; and we discuss how security professionals can help bridge the weakest link in security—the human element—by improving processes for the user and using available detection tools.