Duo's Security Blog

APRIL 20, 2023

Through the first two months of 2023 alone, the Australian Competition and Consumer Commission’s Scamwatch reported more than 19,000 phishing reports with estimated financial losses of more than $5.2 With Duo, the University team stood up integrations within days instead of the predicted weeks or months , protecting their apps and VPN.

Phishing 65

Phishing Social Engineering Authentication Engineering 65

eSecurity Planet

MARCH 16, 2023

Microsoft’s Patch Tuesday for March 2023 includes patches for more than 70 vulnerabilities, including zero-day flaws in Outlook and in Windows SmartScreen. Critical Outlook Zero-Day The Outlook zero-day, CVE-2023-23397 , with a critical CVSS score of 9.8, is being actively exploited.

Energy and Utilities 98

Energy and Utilities Authentication Firewall Engineering 98

Security Affairs

MAY 5, 2023

Fortinet addressed nine security vulnerabilities affecting multiple products, including two high-severity issues, tracked as CVE-2023-27999 and CVE-2023-22640, in FortiADC, FortiOS, and FortiProxy. The CVE-2023-27999 flaw (CVSS score 7.6) The CVE-2023-22640 flaw (CVSS score 7.1) through 7.2.3 FortiOS version 7.0.0

VPN 92

VPN Authentication Hacking Cybersecurity 92

Security Affairs

MAY 4, 2023

The threat actors allegedly obtained access to Ukraine’s public networks by using compromised VPN credentials. ” CERT-UA urges Ukrainian critical organizations using multi-factor authentication for VPN accounts, network segmentation and filtering of incoming, outgoing and inter-segment information flows. .

VPN 85

VPN Education Accountability Cyber Attacks 85

eSecurity Planet

MARCH 19, 2024

The problem: The FortiOS SSL VPN feature vulnerability, CVE-2024-21762, disclosed February 8th , remains exposed to attack on nearly 150,000 devices according to the ShadowServer Foundation website. The fix: Fortinet advised users to disable SSL VPN until their FortiOS and FortiProxy deployments can be upgraded.

Authentication 118

Authentication VPN Software DDOS 118

Pen Test Partners

FEBRUARY 14, 2024

October 2023’s Cyber Security Awareness Month led to a flurry of blog posts about a new attack called Quishing (QR Code phishing) and how new AI powered email gateways can potentially block these attacks. Consider your VPN solution, many have moved to using M365 authentication to protect this. What’s the attack?

Phishing 65

Phishing Mobile Social Engineering Data breaches 65

Duo's Security Blog

MARCH 25, 2022

Problem: The Traditional VPN Is No Longer Enough Since the 1990s, virtual private networks (VPNs) have been well-suited for the purpose they were built for – to grant employees temporary access to corporate networks and resources when they weren't logging in from an office.

VPN 80

VPN Architecture Authentication Software 80

Fox IT

FEBRUARY 22, 2023

On 9 January 2023, we identified a total of 286 servers running R1Soft server software with a specific backdoor. Fox-IT informed the Dutch NCSC to coordinate the sharing of this knowledge towards the relevant national CERTs on 12 January 2023. curl [link] -F "file=@/var/tmp/[REDACTED].txt"

Backups 69

Backups Software Authentication Internet 69

Security Boulevard

JUNE 28, 2023

Overview of Confluence and Jira A full explanation of all of the features of Confluence and Jira is outside the scope of this blog post; however, I wanted to briefly provide a breakdown of the structure of each of these applications. They’d have to be on the VPN to access it”). Confluence is basically a wiki for companies.

Authentication 52

Authentication Passwords Penetration Testing Social Engineering 52

Cisco Security

AUGUST 28, 2023

XDR (eXtended Detection and Response) Integrations At Black Hat USA 2023, Cisco Secure was the official Mobile Device Management, DNS (Domain Name Service) and Malware Analysis Provider. We appreciate alphaMountain.ai , Pulsedive and Recorded Future donating full licenses to the Black Hat USA 2023 NOC. Hunter summer camp is back.

Wireless 68

Wireless DNS Mobile Technology 68

Thales Cloud Protection & Licensing

MAY 13, 2024

Multi-Factor Authentication: the mandatory first step for organizations moving to the cloud. But there is one simple solution to drastically reduce the risk of account take-over: enable Multi-Factor Authentication. markets.

Authentication 62

Authentication Phishing Marketing Cloud Migration 62

Duo's Security Blog

MARCH 6, 2024

Research by Sophos estimates that 95% of all attacks in the first half of 2023 involved RDP access and emphasizes taking steps to further secure RDP applications. Research by Sophos estimates that 95% of all attacks in the first half of 2023 involved RDP access."

Authentication 132

Authentication Accountability VPN Passwords 132

Duo's Security Blog

DECEMBER 12, 2023

In fact, IBM's 2023 Cost of a Data Breach Report found that 82% of data breaches involved data stored in the cloud. In this blog, see the depth of Duo integrations with various AWS applications and services, and learn how you can better equip your organization with security that frustrates the attackers and not the users.

Data breaches 79

Data breaches Authentication Passwords Risk 79

Security Affairs

NOVEMBER 20, 2023

pic.twitter.com/Wdj7VfkWXa — British Library (@britishlibrary) November 20, 2023 The library plans to partially restore many services in the next few weeks, but it believes that some disruption may persist for longer. The report includes IOCs and TTPs identified through investigations as recently as September 2023.

Ransomware 113

Ransomware Cyber Attacks Manufacturing Healthcare 113

NopSec

JANUARY 31, 2024

We’re going back in time – 2023 was too juicy. Microsoft Windows XAML Privilege Escalation CVE-2023-36003 Researchers have stumbled across a privilege escalation vulnerability that impacts Microsoft Windows. We encourage everyone to read the full blog at SecureLayer7. Happy New Year! The best kind of command execution.

VPN 59

VPN Government Risk Hacking 59

Hackology

DECEMBER 26, 2023

This helped them surpass the expected revenue in Q4 of 2023 , due to an overflow of new subscriptions. What is Tailscale VPN? Tailscale is a free VPN which allows you to route and monitor the traffic, you are sending or receiving from your IP. Tailscale Alternative Services Tailscale is not only the VPN offering this solution.

VPN 64

VPN Accountability Internet Internet 64

Security Boulevard

JANUARY 2, 2024

While the “prediction season” gains momentum, it's pivotal to reflect on the high impact of the 2023 cybersecurity landscape. Let's delve into the rewind of 2023, exploring five influential trends and threats that molded the cyberthreat landscape and are poised to resonate throughout enterprises in 2024.

CISO 104

CISO Social Engineering Architecture Ransomware 104

SecureList

NOVEMBER 14, 2022

We polled our experts from the GReAT team and have gathered a small number of key insights about what APT actors are likely to focus on in 2023. Last June, Google’s TAG team released a blog post documenting attacks on Italian and Kazakh users that they attribute to RCS Lab, an Italian offensive software vendor.

Firmware 111

Firmware Surveillance Mobile Telecommunications 111