Duo's Security Blog

SEPTEMBER 4, 2023

And when it comes to managing access for this plethora of devices, password security just isn’t cutting it anymore. In our recent passkey blog series , we’ve been unpacking the difference between new passkey technology and more conventional password security in light of some of the most critical authentication scenarios.

Passwords 63

Passwords Authentication Accountability Password Management 63

CyberSecurity Insiders

APRIL 1, 2022

UPS Devices are emergency power backup solutions that offer electric power help in the time of emergency to hospitals, industries, data centers and utilities. Therefore, system administrators are being advised to put the connected UPS devices behind a virtual private network (VPN) and use them with a multifactor authentication in place.

Cyber threats 110

Cyber threats Internet Internet Energy and Utilities 110

The Last Watchdog

SEPTEMBER 6, 2023

Use strong passwords, 2FA. The security of your Bitcoin wallet is mostly dependent on the strength of your passwords. Use uppercase, lowercase, digits, special characters, and a combination of them to create strong, one-of-a-kind passwords. Backup, backup, backup. Update frequently.

Cryptocurrency 100

Cryptocurrency Backups Passwords Software 100

Security Affairs

FEBRUARY 13, 2019

A destructive cyberattack hit the email provider VFEmail, a hacker wiped its servers in the United States, including the backup systems. An unknown attacker has launched a destructive cyber attack against the email provider VFEmail, he erased information on its server including backups, 18 years’ worth of customer emails were lost. “We

Backups 81

Backups Advertising VPN Cyber Attacks 81

Malwarebytes

SEPTEMBER 13, 2023

If you see iCloud Backup is Turned Off , tap Turn On Backup to Transfer. Wait for the backup to complete. You have 21 days to restore your temporary backup to your new iPhone or iPad before your temporary iCloud storage expires and your backup is permanently deleted. Choose your most recent iCloud backup.

Backups 124

Backups Accountability VPN Scams 124

Security Affairs

AUGUST 31, 2023

The National Safety Council leaked thousands of emails and passwords of their members, including companies such as NASA and Tesla. The National Safety Council has leaked nearly 10,000 emails and passwords of their members, exposing 2000 companies, including governmental organizations and big corporations.

Backups 137

Backups Manufacturing Passwords Internet 137

eSecurity Planet

DECEMBER 2, 2022

You have the disaster recovery (DR) site, backups, and storage area network (SAN) snapshots. As you try each one, that pit in your stomach grows as you experience the worst feeling in IT: the realization you have no backup for recovery. Your backups, the backup server, and all the backup storage — all encrypted by ransomware.

Architecture 112

Architecture Ransomware Backups Firewall 112

Malwarebytes

MARCH 5, 2023

Backup before you go The consequences of losing your device or having it stolen are worse when you are outside of your own environment. So make sure that you have recent backups of your important data, and don't keep the backups on the devices you are taking. Use a VPN with strong encryption.

Backups 89

Backups Cybersecurity Password Management Passwords 89

CyberSecurity Insiders

MARCH 21, 2021

All businesses online and brick-and-mortar must have a cyber security plan in place because it is crucial for keeping your user data including passwords, and credit card numbers, secure and protected. . Some key points in a cyber security plan that you must consider are as follows: Strong passwords . Backup data on Cloud .

Small Business 145

Small Business Cyber Attacks VPN Backups 145

Malwarebytes

FEBRUARY 28, 2023

After this, the attacker was able to wait until the employee entered their master password and authenticated themselves with multi-factor authentication. Use a VPN to connect to the office network. A corporate VPN protects traffic from prying eyes as it travels over the Internet. Change your router password.

VPN 88

VPN Media Backups Passwords 88

Webroot

FEBRUARY 26, 2024

They’ll try to sweet-talk you into clicking on suspicious links or divulging sensitive information like passwords or credit card details. Your 7 tips to stay safe online Use strong passwords Let’s kick things off with the basics. Remember: real companies don’t ask for your personal data via email.

Scams 99

Scams VPN Passwords Phishing 99

CyberSecurity Insiders

JUNE 13, 2023

Learn about strong password creation, multi-factor authentica-tion, secure browsing habits, and data encryption. Avoid sharing sensitive information on public Wi-Fi networks and use a virtual private network (VPN) when connecting to public networks. Utilize a password manager to securely store and generate strong passwords.

Cybersecurity 93

Cybersecurity Education Cyber threats Passwords 93

DoublePulsar

JANUARY 4, 2020

A security vulnerability in a popular enterprise remote access product is being used to deliver ransomware into organisations , with targeted delivery to also delete backups and disable endpoint security controls. I realised in some recent incidents, impacted companies ran Pulse Secure VPN (it’s super easy to spot with Shodan).

VPN 52

VPN Ransomware Passwords Internet 52

SecureWorld News

JANUARY 21, 2024

Having basic cyber hygiene Advanced technology is important, but basics like regular data backups, software updates, strong password policies, and multi-factor authentication are fundamental. Nonprofits should also consider investing in a virtual private network, also known as a VPN.

Cybersecurity 92

Cybersecurity Backups Cyber threats Software 92

eSecurity Planet

JULY 12, 2022

The guys in the SOC discovered that the virus came in via a remote user , had spread over the VPN and then began to look for security flaws,” said Mendoza. Backups Wiped Out But Tape, Snapshots Survive. As the backup account had been compromised and the backup server wiped out, online backups were useless.

Ransomware 137

Ransomware Cyber Insurance Backups Insurance 137

Webroot

OCTOBER 22, 2021

The most popular options include virtual private network (VPN) or remote desktop protocol (RDP). VPN works by initiating a secure connection over the internet through data encryption. One downside of using a VPN connection involves vulnerability. RDP, on the other hand, functions by initiating a remote desktop connection option.

VPN 111

VPN Penetration Testing Education Security Awareness 111

Malwarebytes

MARCH 9, 2022

The FBI lists: Use multi-factor authentication with strong passwords, including for remote access services. Monitor cyberthreat reporting regarding the publication of compromised VPN login credentials and change passwords and settings. Keep computers, devices, and applications patched and up-to-date.

Ransomware 108

Ransomware Backups VPN Encryption 108

Malwarebytes

FEBRUARY 27, 2023

Consider how many folks will only decide to start making backups once they've lost everything for the first time. This isn't mentioned, but you should consider changing the default password when you first boot up the router. Use a password manager and two-factor authentication (2FA).

Social Engineering 96

Social Engineering Backups VPN Passwords 96

Security Affairs

OCTOBER 22, 2022

The Daixin Team group gains initial access to victims through virtual private network (VPN) servers. In one successful attack, the attackers likely exploited an unpatched vulnerability in the organization’s VPN server. In another compromise, the group leveraged on compromised credentials to access a legacy VPN server.

Ransomware 69

Ransomware VPN Cybercrime Accountability 69

Security Affairs

JANUARY 24, 2024

Threat actors are wiping NAS and backup devices. The ransomware attack reported in late 2023, targeted organizations’ networks using poorly secured VPN gateway on Cisco ASA or FTD devices. Akira ransomware infections were first reported in Finland in June 2023, however, in December the number of attacks increased.

Ransomware 108

Ransomware VPN Government Retail 108

Malwarebytes

OCTOBER 20, 2022

The victim notes that RDP was password protected, but it seems the password may not have been enough. This—and the timeless classic of having backup devices available but not getting round to doing the actual backing up—proved to be a dreadful combination blow. Tips for avoiding the RDP to ransomware pipeline.

Ransomware 87

Ransomware Encryption VPN Passwords 87

CyberSecurity Insiders

SEPTEMBER 14, 2021

Use of a VPN – virtual private networks (VPN) create a secure connection to other networks over the internet. Backup and recovery – according to FEMA , 40% of small businesses never reopen after a disaster. At the most basic level, it’s critical to change default passwords on routers at home and in the workplace.

Small Business 98

Small Business Cybersecurity Passwords Education 98

Security Boulevard

JUNE 11, 2021

Start with smart passwords. Every program you use should have a strong password that utilises a combination of letters, numbers, and special characters, and every password you use should be unique. If you have a backup, you can recover the data without playing into the hacker’s game.

Cybersecurity 136

Cybersecurity Scams Backups Passwords 136

Approachable Cyber Threats

OCTOBER 16, 2020

During the COVID-19 pandemic for example, you may use a Virtual Private Network (VPN) to connect to your organization’s network as if you’re sitting in the office, or you might use Remote Desktop Protocol (RDP) to connect to your computer that’s now collecting dust on your office desk. VPNs continue to be problematic as well.

Ransomware 98

Ransomware VPN Internet Internet 98

Google Security

OCTOBER 11, 2022

Your protection, built into Pixel Your digital life and most sensitive information lives on your phone: financial information, passwords, personal data, photos – you name it. Tensor’s built-in security core works with our Titan M2 security chip to keep your personal information, PINs and passwords safe.

Mobile 132

Mobile VPN Penetration Testing Encryption 132

Security Affairs

MARCH 19, 2022

Implement network segmentation and maintain offline backups of data to ensure limited interruption to the organization. Regularly back up data, password protect backup copies offline. Avoid reusing passwords for multiple accounts. Consider installing and using a VPN. hard drive, storage device, the cloud).

Ransomware 98

Ransomware DDOS Passwords Backups 98

Security Affairs

SEPTEMBER 3, 2021

The good news is in the latter attack the victims restored its backups. The FBI provided the following mitigations to protect against ransomware attacks: Regularly back up data, air gap, and password protect backup copies offline. Avoid reusing passwords for multiple accounts. Consider installing and using a VPN.

Ransomware 97

Ransomware Passwords Backups Firmware 97

NopSec

JUNE 30, 2023

Leading this month’s advisories we have a duo of pre-auth RCE vulnerabilities that impact Fortinet’s Fortigate SSL VPN and VMWare’s VRealize Network Insight. Researchers also discovered that ArcServe UDP backup software is prone to an RCE vulnerability. The vulnerability is accessible via the VPN authentication mechanism.

VPN 52

VPN Backups Authentication Encryption 52

Malwarebytes

DECEMBER 21, 2022

Apparently the incident disabled at least a part of the internal network as employees were asked to stay at home and not use the VPN to log in. And due to the lack of adequate, recent, and actionable backups, they end up with no other choice. Maintain offsite, offline backups and test that you can restore from them.

Ransomware 85

Ransomware Backups VPN Internet 85

Adam Levin

JANUARY 2, 2019

Backup data storage will become more universal: There are still people who ride motorcycles without helmets, and there are still folks who don’t backup their data regularly, but whether or not we’re talking about storage on the cloud or an external drive, that’s going to become less prevalent in 2019.

Cybersecurity 157

Cybersecurity Identity Theft Passwords Password Management 157

Security Affairs

APRIL 8, 2022

This means that in addition to your password, you will also need a second factor, such as a code from a key fob or a fingerprint, to access your data. This makes it much more difficult for hackers to gain access to your data, as they would need to have both your password and the second factor. Use strong passwords.

Cybersecurity 101

Cybersecurity Passwords Penetration Testing Encryption 101

eSecurity Planet

SEPTEMBER 29, 2021

But more and more, organizations need to plan for the possibility that the worst may happen – and that involves ransomware-proof backups and ransomware removal tools and services. Free VPN with up to 300 MB of traffic per day. Free Kaspersky Password Manager Premium. Automatic, secure 50 GB cloud backup. BitDefender.

Ransomware 102

Ransomware VPN Backups Malware 102

Krebs on Security

APRIL 22, 2022

In most cases, this involved social engineering employees at the targeted firm into adding one of their computers or mobiles to the list of devices allowed to authenticate with the company’s virtual private network (VPN). T-Mobile currently has approximately 75,000 employees worldwide.

Mobile 352

Mobile Computers and Electronics VPN Marketing 352

eSecurity Planet

MARCH 21, 2022

Hackers gained initial access by brute-forcing an existing account via “a simple, predictable password” to enroll a new device in the MFA procedures, the agencies said. They then authenticated to the victim’s VPN to initiate a remote desktop protocol (RDP) connection to the domain controllers. Security Best Practices.

VPN 108

VPN Accountability Authentication Passwords 108

Duo's Security Blog

MARCH 9, 2022

Together these practices — which include multi-factor authentication (MFA), restricting administrative privileges and daily backups — provide a clear framework for businesses anywhere that are looking to improve their foundational security footing , as we’ve previously noted on the Duo Blog.

Cybersecurity 89

Cybersecurity Authentication Passwords VPN 89

Malwarebytes

JUNE 20, 2022

Then make backups of the files in them. So update those apps that need updating and uninstall those that waste space; scan your devices with a trusty malware scanner , and change any duplicate passwords. Feel free to use a VPN. But if you still can’t shake the feeling of being “exposed,” use a VPN you trust.

Internet 93

Internet Internet VPN Scams 93

Krebs on Security

DECEMBER 3, 2021

More commonly, that access is purchased from a cybercriminal broker who specializes in acquiring remote access credentials — such as usernames and passwords needed to remotely connect to the target’s network. Gmail’s password recovery function says the backup email address for devrian27@gmail.com is bo3 *@gmail.com.

Ransomware 296

Ransomware Passwords Accountability Cybercrime 296