Duo's Security Blog

FEBRUARY 29, 2024

The choice of authentication methods plays a key role in defending against identity threats. In the first two blogs of this three-part series, we discussed the MFA methods available to users and their strengths and weaknesses in defending against five types of cyberattack. What authentication methods are right for you?

Authentication 128

Authentication Social Engineering Phishing Software 128

The Last Watchdog

FEBRUARY 20, 2024

Authentication and authorization vulnerabilities: Weak authentication methods and compromised access tokens can provide unauthorized access. Malicious intent or manipulation: AI chatbots can be exploited to spread misinformation, execute social engineering attacks or launch phishing. Using MFA can prevent 99.9%

Cybersecurity 273

Cybersecurity Penetration Testing Authentication Social Engineering 273

eSecurity Planet

SEPTEMBER 30, 2021

Underground services are cropping up that are designed to enable bad actors to intercept one-time passwords (OTPs), which are widely used in two-factor authentication programs whose purpose is to better protect customers’ online accounts. Phishing, Social Engineering are Still Problems.

Authentication 111

Authentication Social Engineering Phishing Banking 111

The Last Watchdog

MAY 5, 2022

Let’s walk through some practical steps organizations can take today, implementing zero trust and remote access strategies to help reduce ransomware risks: •Obvious, but difficult – get end users to stop clicking unknown links and visiting random websites that they know little about, an educational challenge. Best practices. Let’s talk VPNs.

Ransomware 247

Ransomware Risk Internet Internet 247

Centraleyes

FEBRUARY 25, 2024

However, critical security risks and threats inherent in cloud environments come alongside the myriad benefits. This blog aims to dissect the nuances of cloud security risks , shedding light on the challenges commonly faced when securing digital assets in the cloud. Who’s Responsible for Security in the Cloud?

Risk 52

Risk Encryption Social Engineering Authentication 52

Security Boulevard

JULY 3, 2023

It involves verifying user identities, controlling access to resources and ensuring proper authentication and authorization processes. By focusing on identity security, organizations can mitigate risks associated with unauthorized access, data breaches and insider threats.

Authentication 59

Authentication Accountability Risk Data breaches 59

Malwarebytes

AUGUST 4, 2023

From these instances the group reaches out through Teams messages and persuades targets to approve multi-factor authentication (MFA) prompts initiated by the attacker. In both cases they require the user to enter a code that is displayed during the authentication flow into the prompt on the Microsoft Authenticator app on their mobile device.

Authentication 93

Authentication Phishing Small Business Accountability 93

Duo's Security Blog

FEBRUARY 15, 2024

Multi-factor authentication (MFA) is a well-known and well-established protection that many organizations rely on. Several common authentication methods include the use of one-time passcodes (OTP). Social Engineering: An attacker logs in with a user’s credentials and the real user gets sent an OTP.

Social Engineering 124

Social Engineering Authentication Passwords Engineering 124

Duo's Security Blog

NOVEMBER 20, 2023

One piece of evidence to support this hypothesis is the low adoption of a basic security control that protects against identity-based attacks - multi-factor authentication (MFA). Add to this, the risks of weak authentication factors such as SMS one-time passcodes and dormant or inactive accounts.

Threat Detection 134

Threat Detection Authentication Accountability Data breaches 134

CyberSecurity Insiders

FEBRUARY 1, 2022

This blog was written by an independent guest blogger. In the future, quantum computing has the potential to contribute to finance, military intelligence, pharmaceutical development, aerospace engineering, nuclear power, 3D printing, and so much more. What are the security risks?

Risk 134

Risk Social Engineering Threat Detection Encryption 134

Duo's Security Blog

MARCH 4, 2024

Recently, attackers have targeted multi-factor authentication (MFA). Even if an attacker has access to a username and password, they still need access to the second authentication factor to break into the organization. This becomes a constant cycle of organizations introducing new protections and attackers finding ways to exploit them.

Authentication 79

Authentication Social Engineering Passwords Risk 79

Security Boulevard

JANUARY 2, 2024

This past year set a profound stage, from the advent of stringent cyber regulations to the convergence of generative AI, social engineering, and ransomware. Last year, we witnessed the fast-evolving nature of social engineering attacks, and this evolution poses greater challenges for detection and defense. The solution?

CISO 104

CISO Social Engineering Architecture Ransomware 104

Krebs on Security

JANUARY 30, 2024

2022 that an intrusion had exposed a “limited number” of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials. The missives asked users to click a link and log in at a phishing page that mimicked their employer’s Okta authentication page.

Social Engineering 326

Social Engineering Mobile Cybercrime Passwords 326

The Last Watchdog

FEBRUARY 14, 2022

Which topics should CEOs, CIOs and CISOs have on their radar when it comes to Identity and Access Management ( IAM ) and cyber security risks in 2022? Related: How IAM authenticates users. Multi-Factor Authentication ( MFA ) can tremendously increase their access security and prevent phishing and social engineering attacks.

CISO 245

CISO Social Engineering Authentication Risk 245

Krebs on Security

MARCH 23, 2022

In a blog post published Mar. Microsoft does not rely on the secrecy of code as a security measure and viewing source code does not lead to elevation of risk.” Microsoft says LAPSUS$ — which it boringly calls “ DEV-0537 ” — mostly gains illicit access to targets via “social engineering.”

Social Engineering 295

Social Engineering Accountability Mobile Passwords 295

Krebs on Security

AUGUST 30, 2022

The missives asked users to click a link and log in at a phishing page that mimicked their employer’s Okta authentication page. Those who submitted credentials were then prompted to provide the one-time password needed for multi-factor authentication. Image: Cloudflare.com. On that last date, Twilio disclosed that on Aug.

Mobile 299

Mobile Phishing Authentication Accountability 299

Duo's Security Blog

NOVEMBER 27, 2023

Here are a couple of tools that can help you reduce your risk for some of Scattered Spider’s techniques: SIM Swaps Remove SMS and telephony authentication methods, limiting users to stronger factors like WebAuthn and Verified Duo Push. Devices you wouldn’t expect (available to Advantage and Premier customers).

Authentication 79

Authentication Social Engineering Risk Accountability 79

Webroot

JUNE 2, 2022

If you’re the parent of a gamer, or if you’re a gamer yourself, it’s important to learn about the risks. Many gamers are unaware of the cybersecurity risks that they face. Phishing and social engineering. Gaming is now an online social activity. As such, downloading a pirated game simply isn’t worth the risk.

Cyber threats 99

Cyber threats Social Engineering Accountability Malware 99

Duo's Security Blog

OCTOBER 6, 2023

Threat actors have dramatically escalated their attacks – targeting security controls like multi-factor authentication (MFA), conducting wily social engineering attacks and extorting businesses large and small with ransomware. Step up access based on increased risk and ease up access requirements based on lowered risk.

Authentication 112

Authentication Risk Social Engineering InfoSec 112

CyberSecurity Insiders

APRIL 10, 2023

We spoke with our blog volunteers to get their insights into what best practices their companies are following, along with how you can get on a path to better identity management. For instance, popular social media platforms such as YouTube and Twitter have seen a surge in account takeovers and impersonation incidents.

Identity Theft 105

Identity Theft Education Authentication Data breaches 105

Malwarebytes

OCTOBER 9, 2023

On Friday October 6, 2023, 23andMe confirmed via a somewhat opaque blog post that threat actors had "obtained information from certain accounts, including information about users’ DNA Relatives profiles." As 23andMe says in its own blog post, "Since 2019 we’ve offered and encouraged users to use multi-factor authentication."

Passwords 132

Passwords Accountability Scams Social Engineering 132

The Last Watchdog

APRIL 14, 2022

For starters, attackers leverage social engineering tactics and information gleaned from websites and social media profiles to determine employees’ working relationships and connections. Today’s BEC attempts aren’t the easy-to-spot, typo-laden phishing campaigns of the past.

Phishing 247

Phishing Accountability Scams Social Engineering 247

Duo's Security Blog

MAY 23, 2023

Passwords are a weak point in modern-day secure authentication practices, with Verizon highlighting that almost 50% of breaches start with compromised credentials. Until a fully password-free environment is deployed, accepted, and adopted by all users, less secure methods of authentication will still be relied on.

Authentication 112

Authentication Passwords Data breaches Phishing 112

The Last Watchdog

JANUARY 31, 2022

However, password managers introduce the problem of risk concentration, or putting all of one’s eggs in a single basket. Multi-factor authentication, or MFA, methods belong to this category. The authentication procedure is hidden from users. AIS have no emotions and therefore cannot be attacked by social engineering methods.

Passwords 232

Passwords Computers and Electronics Password Management Artificial Intelligence 232

Duo's Security Blog

APRIL 20, 2023

Totaling up to billions of Australian Dollars at risk each year from hackers and various online scams, it's crucial that organisations (and individuals!) Accounting for nearly a quarter of reported incidents in Australia, phishing is a broad category of social engineering with several variations. What is phishing?

Phishing 64

Phishing Social Engineering Authentication Engineering 64

Security Boulevard

SEPTEMBER 17, 2022

How to protect your organization from a social engineering attack. This tactic is called social engineering and is one of the key methods used in attacks that result in data breaches. Cyberhacks are commonplace in today's world, and they can happen to any company. dollars to remediate per incident.

Social Engineering 78

Social Engineering Education Technology Engineering 78

Security Through Education

OCTOBER 27, 2021

Social-Engineer, LLC saw an almost 350% increase in recognition of phishing emails when using a similar training platform in 2020. It is to these carefully crafted campaigns that Social-Engineer, LLC can attribute their success. The answer is simple; with simulated attacks and subsequent training.

Cybersecurity 137

Cybersecurity Social Engineering Firewall Engineering 137

BH Consulting

AUGUST 16, 2023

This could include malware that antivirus and security solutions can’t detect; a secure internet connection to prevent tracing; initial access to victim companies’ networks or mailboxes (which is also key to many ransomware infections); effective social engineering content; fraudulent content hosting, and more.

Social Engineering 52

Social Engineering Cybercrime Data privacy Engineering 52

Duo's Security Blog

JUNE 1, 2023

In Verizon’s 2022 Data Breach Investigations Report (DBIR) , although the category of “Social Engineering” has gone down from 2021 for “External” threats, the “Hacking” category from “External” threats for both the “Person and User Device” category has doubled from the previous year. The world has changed.

Passwords 98

Passwords Social Engineering Data breaches Engineering 98

The Last Watchdog

FEBRUARY 21, 2022

The risks are real, and the impact of cybersecurity events continues to grow. A cyber catastrophe may seem inevitable, but there are basic practices and actionable steps any healthcare organization can take to begin reducing the clear and present risk of being impacted by a cybersecurity event. Evaluate data inventory.

Healthcare 214

Healthcare Cyber Attacks Education Social Engineering 214

Webroot

FEBRUARY 13, 2024

These scams don’t just harm individuals financially and emotionally; they can also pose significant risks to businesses. When their judgment is clouded by personal issues, such as those stemming from a romance scam, this line of defense can weaken, exposing the organization to increased risk.

Scams 80

Scams Cryptocurrency Media Education 80

Security Affairs

APRIL 28, 2022

Social engineering is a prerequisite to almost all cyberattacks. Hardware-based attacks require physical access to the target entity, and employee carelessness and negligence make social engineering the perfect tool to gain said access. It is unlikely one would question its integrity. To nominate, please visit:?

Social Engineering 86

Social Engineering Engineering Insurance DDOS 86

Security Boulevard

AUGUST 30, 2021

<a href='/blog?tag=Endpoint tag=Endpoint Protection'>Endpoint Protection</a> <a href='/blog?tag=Data tag=Data Loss Prevention'>Data Loss Prevention</a> <a href='/blog?tag=File tag=File Transfers'>File Transfers</a> <a href='/blog?tag=Advanced Additional Resources.

Social Engineering 101

Social Engineering Cybersecurity Unstructured Data Engineering 101

Thales Cloud Protection & Licensing

OCTOBER 25, 2018

In this blog post, I’ll discuss: Our current perimeter defense; The need to shift to a data-centric security approach; and, The need to educate the public to strengthen our critical infrastructure security posture. Some of these include: Advanced persistent threats (APTs); Insider threats; Social engineering; and, Human error.

Technology 66

Technology Cybersecurity Education Unstructured Data 66

Duo's Security Blog

OCTOBER 1, 2022

The Universal Prompt is Duo's next-generation authentication experience that delivers an easier, more secure, and more accessible authentication experience for every user. Strengthen security – Bad actors continue to develop more sophisticated means of social engineering attacks to bypass security controls.

Authentication 54

Authentication Social Engineering Risk Software 54

Security Through Education

JANUARY 18, 2023

We can benefit from these the most if we are aware of the possible risks and take measures to use them wisely. The Cybersecurity & Infrastructure Security Agency , lists the following 4 steps to protect yourself: Implement multi-factor authentication on your accounts and make it significantly less likely you’ll get hacked.

Cybersecurity 98

Cybersecurity Social Engineering Scams IoT 98

Thales Cloud Protection & Licensing

APRIL 9, 2020

The scam is frequently carried out when a criminal compromises legitimate business e-mail accounts through social engineering or computer intrusion techniques. Authentication assurance to the rescue! An organisation’s authentication solution need not to be monolithic.

Internet 86

Internet Internet Scams Authentication 86