Duo's Security Blog

APRIL 19, 2022

OTPs (One-time passwords) have become mainstream because a randomly generated one-time use code solves many of the security problems associated with a static password associated with a static account. However, recent trends show that bad actors are targeting organizations by using OTPs in phishing attacks.

Passwords 96

Passwords Authentication Phishing Accountability 96

Duo's Security Blog

APRIL 20, 2023

Through the first two months of 2023 alone, the Australian Competition and Consumer Commission’s Scamwatch reported more than 19,000 phishing reports with estimated financial losses of more than $5.2 What is phishing? This is part of what makes phishing attacks so dangerous.

Phishing 77

Phishing Social Engineering Authentication Engineering 77

Duo's Security Blog

MAY 4, 2023

Our documentary, “ The Life and Death of Passwords ,” explores with industry experts the history of passwords, why passwords have become less effective over time, and how trust is established in a passwordless future. The problems with passwords Chrysta: Why was passwordless needed in the first place?

Passwords 97

Passwords Authentication DNS Technology 97

Google Security

MAY 11, 2022

But phishing persistently remains a threat (as shown by a recent phishing attack on the U.S. Department of Labor ) because users retain the ability to log into their online accounts, often with a simple password, from anywhere in the world. This blog will deep dive into the method of phishing and how it has evolved today.

Phishing 106

Phishing Scams Authentication Accountability 106

eSecurity Planet

AUGUST 16, 2021

A phishing campaign that Microsoft security researchers have been tracking for about a year highlights not only the ongoing success of social engineering efforts by hackers to compromise systems, but also the extent to which the bad actors will go to cover their tracks while stealing user credentials.

Phishing 109

Phishing Social Engineering Passwords Engineering 109

Duo's Security Blog

JULY 15, 2021

Part of our Administrator's Guide to Passwordless blog series See the video at the blog post. Yes, it’s a password-less authentication method, greatly streamlining the login experience, and while that’s a great incentive to use passwordless for logging in, it’s not an improvement in authentication security in and of itself.

Phishing 100

Phishing Authentication Passwords Risk 100

SecureList

FEBRUARY 16, 2023

Short-lived phishing sites often offered to see the premieres before the eagerly awaited movie or television show was scheduled to hit the screen. At the beginning of that year, we still observed phishing attacks that used the themes of infection and prevention as the bait.

Phishing 89

Phishing Scams Accountability Energy and Utilities 89

The Last Watchdog

OCTOBER 24, 2022

It involves regularly changing passwords and inventorying sensitive data. Employees are the first line of defense against cybercrime and should understand how to recognize phishing emails and what to do if they suspect them. Change passwords regularly. Changing passwords regularly will make the lives of cyberbullies much harder.

Passwords 214

Passwords Security Awareness Data breaches Cybersecurity 214

Duo's Security Blog

DECEMBER 14, 2023

The email informs John that the company suffered a security breach, and it is essential for all employees to update their passwords immediately. A few days later, John finds himself locked out of his account, and quickly learns that the password reset link he clicked earlier did not come from his company. So clearly, John isn’t alone.

Social Engineering 111

Social Engineering Engineering Phishing Passwords 111

SecureList

FEBRUARY 15, 2021

The Kaspersky Anti-Phishing component blocked 434,898,635 attempts at accessing scam sites. The most frequent targets of phishing attacks were online stores (18.12 The contact phone trick was heavily used both in email messages and on phishing pages. To access a real Zoom meeting, you need to know the meeting ID and password.

Phishing 135

Phishing Malware Scams Accountability 135

Malwarebytes

MAY 10, 2023

In a recent blog post , the tech giant introduced the option to create and use a safer, more convenient alternative to passwords: Passkeys , a form of digital credential. It also means the account cannot be subject to an attack as a result of a weak password or password re-use, because there is no password.

Passwords 94

Passwords Accountability Phishing Mobile 94

The Last Watchdog

DECEMBER 6, 2021

For IT leaders, passwords no longer cut it. Every new account you sign up for, application you download, or device you purchase requires a password. Every new account you sign up for, application you download, or device you purchase requires a password. Lowering password use. So why are they still around?

Authentication 251

Authentication Passwords Mobile Phishing 251

Duo's Security Blog

JULY 7, 2023

A passkey is a phishing-resistant cryptographic keypair you register for web-based authentication. It’s the strongest authentication method available today, which is why you see passkeys moving to replace passwords altogether. See the video at the blog post. What is a passkey?

Authentication 83

Authentication Passwords Mobile Password Management 83

Duo's Security Blog

MAY 23, 2023

Your passwords are on the internet. Talks of passkeys, passphrases, and even password less all point in one direction: eroding faith in the previously trusty password tucked under your keyboard. These habits highlight the need for more modern password technology and stronger authentication methods.

Authentication 131

Authentication Passwords Data breaches Phishing 131

Security Affairs

APRIL 4, 2023

The attacker can also use the compromised accounts to carry out lateral phishing attacks and further infiltrate the target organizations TA473 targeted US elected officials and staffers since at least February 2023. The threat actors created bespoke JavaScript payloads designed for each government targets’ webmail portal.

Phishing 91

Phishing Spyware Government Passwords 91

Webroot

APRIL 3, 2024

This encompasses everything from protecting your passwords to being vigilant against phishing scams and online fraud. Create strong passwords and use different ones for each account This may seem like a hassle, but it’s one of the most effective ways to thwart cyberattacks. But why dedicate an entire day to this?

VPN 83

VPN Passwords Scams Accountability 83

Digital Shadows

AUGUST 17, 2021

What is Phish(ing)? But, never mind the dozens of other reports and white papers about phishing that come out every year from security industry leaders, let’s take a look at the 2021 Verizon DBIR. Why should I care about Phish? The reason why phishing is still reigning supreme?

Phishing 52

Phishing Accountability Social Engineering Mobile 52

Malwarebytes

SEPTEMBER 1, 2023

His story begins with an SMS text from LinkedIn telling him to reset his password. He found this confusing: It arrived in the middle of the night, and he hadn't asked for a password reset. Since he doesn’t use the LinkedIn app on his mobile he checked his account on his laptop first thing in the morning.

Accountability 128

Accountability Passwords Mobile Authentication 128

Thales Cloud Protection & Licensing

OCTOBER 25, 2023

Many organizations train employees to spot phishing emails, but few raise awareness of vishing phone scams. Most people are familiar with the term phishing, but not everyone knows about vishing. It is a type of fraudulent activity that falls under the general phishing category and aims to achieve the same objectives.

Social Engineering 83

Social Engineering Phishing Engineering Scams 83

Malwarebytes

FEBRUARY 20, 2023

From the above linked Twitter blog post: While historically a popular form of 2FA, unfortunately we have seen phone-number based 2FA be used - and abused - by bad actors. As Twitter is so mobile-centric and likely already has your mobile number, SMS 2FA is for many people a natural fit for the platform. Out of those, 74.4%

Authentication 92

Authentication Phishing Mobile Accountability 92

Troy Hunt

SEPTEMBER 9, 2021

But doesn't this all make biometrics like passwords? What happens if someone obtains, say, my fingerprint just like they may obtain my password in a data breach or a phishing attack? So, what was required to obtain the print and how does it differ from obtaining a password? A password? because you can.

Authentication 336

Authentication Passwords Data breaches Risk 336

NetSpi Executives

OCTOBER 24, 2023

Use Strong Passwords and a Password Manager In 2022, threat actors leaked more than 721 million passwords. Among the passwords exposed, 72 percent of users were found to be still using already-compromised passwords. Turn on Multifactor Authentication Even strong, secure passwords can be exposed by attackers.

Social Engineering 59

Social Engineering Engineering Cybersecurity Passwords 59

The Last Watchdog

SEPTEMBER 6, 2023

These wallets are available in a variety of formats, including hardware wallets, online wallets, mobile wallets, and desktop wallets. Use strong passwords, 2FA. The security of your Bitcoin wallet is mostly dependent on the strength of your passwords. Select a reliable wallet. Update frequently. Ashford Be wary of fraud.

Cryptocurrency 100

Cryptocurrency Backups Passwords Software 100

Duo's Security Blog

JUNE 3, 2021

Introduction It’s 2030, and passwords are a thing of the past. And then even if we did our due diligence, sometimes a database would get popped and we’d have to go reset our passwords anyway! (If We’ve been using passwords for decades. See the video at the blog post. It’s been an interesting decade. Forget about it.

Authentication 97

Authentication Passwords Phishing Accountability 97

Duo's Security Blog

FEBRUARY 15, 2024

The benefit of these codes is that they are random numbers, so they can be difficult to guess, and they cannot be reused across a user’s different accounts (like passwords typically are). Phishing: An attacker sends a user a link to a fake website to capture the user’s username and password.

Social Engineering 114

Social Engineering Authentication Passwords Engineering 114

Webroot

OCTOBER 25, 2021

The respected technology blog TechRadar has even referred to 2021 as “the year of the Chromebook.”. Even strong security can’t prevent an account from being hacked if account credentials are stolen in a phishing attack, one of the most common causes of identity theft. But many types of malware aren’t immediately obvious.

Identity Theft 120

Identity Theft Spyware Phishing Antivirus 120

Malwarebytes

AUGUST 23, 2021

How to spot a DocuSign phish and what to do about it. T-Mobile customers, change your PINs. Source: BleepingComputer) A job ad blunder by the UK’s Ministry of Defence has accidentally revealed the existence of a secret SAS mobile hacker squad. Analysts “strongly believe” the Russian state colludes with ransomware gangs.

Small Business 91

Small Business Mobile Ransomware DDOS 91

Duo's Security Blog

DECEMBER 6, 2022

When someone is told that passwords are going away in favor of a new, “password-less” authentication method, a healthy dose of skepticism is not unwarranted. While this isn’t entirely wrong, passwords are difficult to remember and rarely secure. How does passwordless authentication work?

Architecture 94

Architecture Authentication Passwords Technology 94

Webroot

FEBRUARY 22, 2022

Some malicious actors might trick you into giving your password or financial information away. They may also try and convince you to provide remote access to your computer or mobile devices. According to the latest IDG report, phishing attacks are on the rise. What does social engineering look like?

Social Engineering 105

Social Engineering Engineering Cybercrime Hacking 105

Duo's Security Blog

JANUARY 18, 2023

Multi-Factor Authentication (MFA) is a security tool used by various organizations to protect user credentials, or the username and password. MFA has been recommended, or required, by governments and has grown in popularity as a measure to quickly add a layer of security, especially if credentials are compromised as part of a phishing attack.

Authentication 89

Authentication Phishing Threat Detection Mobile 89

Identity IQ

JULY 17, 2023

In this blog, we provide you with ten actionable ways to safeguard your digital identity, focusing specifically on how to prevent compromised credentials. Credential Stuffing : Attackers use leaked usernames and passwords from one website to attempt unauthorized access on other platforms. How Can Your Credentials Become Compromised?

Identity Theft 52

Identity Theft Password Management Passwords Authentication 52

Identity IQ

JULY 17, 2023

In this blog, we provide you with ten actionable ways to safeguard your digital identity, focusing specifically on how to prevent compromised credentials. Credential Stuffing : Attackers use leaked usernames and passwords from one website to attempt unauthorized access on other platforms. How Can Your Credentials Become Compromised?

Identity Theft 52

Identity Theft Password Management Passwords Authentication 52

SecureWorld News

JANUARY 31, 2023

Mänôz summarized his findings in a blog post: "I discovered the lack of rate-limiting issue in Instagram which could have allowed an attacker to bypass two factor authentication on Facebook by confirming the targeted user's already-confirmed Facebook mobile number using the Meta Accounts Center."

Accountability 75

Accountability Authentication Mobile Phishing 75

eSecurity Planet

SEPTEMBER 30, 2021

Underground services are cropping up that are designed to enable bad actors to intercept one-time passwords (OTPs), which are widely used in two-factor authentication programs whose purpose is to better protect customers’ online accounts. Phishing, Social Engineering are Still Problems. OTP Interception Services Emerge.

Authentication 107

Authentication Social Engineering Phishing Banking 107

BH Consulting

SEPTEMBER 14, 2023

Longer is stronger: why password length matters How long is your password? That’s one of the many fascinating insights from Hive Systems’ 2023 Password Table. For example, NIST recommends eight-character passwords but an attacker using RTX 4090 hardware could guess it in under an hour.)

Scams 59

Scams Passwords Social Engineering Cybersecurity 59

Malwarebytes

SEPTEMBER 17, 2023

MGM made the hasty decision to shut down each and every one of their Okta Sync servers after learning that we had been lurking on their Okta Agent servers sniffing passwords of people whose passwords couldn't be cracked from their domain controller hash dumps. We've written about BlackCat/ALPHV many times on the Malwarebytes Labs Blog.

Ransomware 121

Ransomware Social Engineering Passwords Backups 121

Duo's Security Blog

MARCH 2, 2022

Year after year, the Verizon Data Breach Report highlights the fact that compromised credentials contribute to the majority of breaches — and MFA remains the strongest mechanism to deter the use of stolen passwords. For example, recently there has been news regarding MFA phishing kits.

Authentication 88

Authentication Phishing DNS Passwords 88