Duo's Security Blog

OCTOBER 4, 2023

No matter how many letters, numbers, or special characters you give them and no matter how many times you change them, passwords are still @N0T_FUN! Using strong passwords and a password manager 2. Recognizing and reporting phishing 4. Held in October, each week there will be a different focus on a key behavior: 1.

Password Management 104

Password Management Passwords Authentication Social Engineering 104

NSTIC

SEPTEMBER 30, 2022

Today’s blog will jumpstart NIST’s celebration of Cybersecurity Awareness Month 2022! We have a lot in store for October and are looking forward to sharing our work, progress, events, and news with you.

Password Management 82

Password Management Cybersecurity Passwords Phishing 82

Krebs on Security

DECEMBER 1, 2022

ConnectWise , which offers a self-hosted, remote desktop software application that is widely used by Managed Service Providers (MSPs), is warning about an unusually sophisticated phishing attack that can let attackers take remote control over user systems when recipients click the included link. Pyle’s blog were coincidental.

Phishing 251

Phishing Architecture Passwords Accountability 251

Webroot

MAY 9, 2024

Real-time antivirus protection Install robust antivirus software that provides continuous protection against emerging threats like malware, ransomware, and phishing scams. appeared first on Webroot Blog. VPN for privacy Use a Virtual Private Network (VPN) to browse the internet securely and maintain control over your online privacy.

Identity Theft 75

Identity Theft VPN Password Management Antivirus 75

Krebs on Security

JANUARY 30, 2024

” Group-IB dubbed the gang by a different name — 0ktapus — which was a nod to how the criminal group phished employees for credentials. The missives asked users to click a link and log in at a phishing page that mimicked their employer’s Okta authentication page. On July 28 and again on Aug. According to an Aug.

Social Engineering 326

Social Engineering Mobile Cybercrime Passwords 326

Malwarebytes

SEPTEMBER 20, 2023

Organizations often put out a rolling statement on their website, blog, or X (Twitter). Change your password If your password has been caught up in a breach, you should immediately change it. It's easy to spoof an email to make it look like it comes from somewhere else, and then send someone malware or a link to a phishing site.

Data breaches 128

Data breaches Passwords Authentication Phishing 128

Security Through Education

SEPTEMBER 19, 2023

Utilize a Password Manager As humans we like things that are easy to remember, and that doesn’t change when it comes to passwords. However, easy to remember and reused passwords are weak passwords that can easily be cracked and leveraged across accounts. How can you do so?

Social Engineering 52

Social Engineering Cybersecurity Password Management Passwords 52

Thales Cloud Protection & Licensing

OCTOBER 25, 2023

Many organizations train employees to spot phishing emails, but few raise awareness of vishing phone scams. Most people are familiar with the term phishing, but not everyone knows about vishing. It is a type of fraudulent activity that falls under the general phishing category and aims to achieve the same objectives.

Social Engineering 83

Social Engineering Phishing Engineering Scams 83

eSecurity Planet

NOVEMBER 21, 2022

. “By compromising and replaying a token issued to an identity that has already completed multifactor authentication, the threat actor satisfies the validation of MFA and access is granted to organizational resources accordingly,” the team wrote in a blog post. ” Read next: Top Password Managers.

Authentication 145

Authentication Phishing Password Management Accountability 145

SecureWorld News

JULY 6, 2022

This includes things such as phishing, use of stolen credentials, misconfiguration, and simple mistakes. China now finds itself in the middle of one of the largest data breaches of all time after a government developer wrote a blog post on a popular forum that included the credentials to a police database.

Data breaches 75

Data breaches Password Management Passwords Government 75

Malwarebytes

DECEMBER 4, 2023

In a world where users have tens or even hundreds of logins to manage, password reuse and weak passwords that are easy to remember are inevitable.” Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you. Watch out for fake vendors.

Passwords 119

Passwords Identity Theft Accountability Data breaches 119

Security Affairs

APRIL 29, 2023

dmg’ file (Setup.dmg), upon executing it, the malicious code attempts to trick victims into entering their system password on a fake prompt. The malware also targets the password management tool using the main_keychain() function to extract sensitive information from the target machine.

Advertising 76

Advertising Passwords Malware Password Management 76

Webroot

FEBRUARY 15, 2024

If you’ve been compromised in a data breach, hackers can use your stolen email and password to try and enter thousands of other sites—and if you keep using the same credentials, they’ll be successful. Instead, use a password manager to easily generate and use strong passwords without having to recall them all.

Identity Theft 73

Identity Theft Banking Scams Passwords 73

Malwarebytes

APRIL 28, 2022

They’re actually just trying to scare users into falling for phishing attempts. How do scammers go phishing? Landing on the phish. No matter which compromised warning page you land on, they all want you to visit a phishing page. The research covers similar tactics: hijacking business pages to phish.

Phishing 99

Phishing Accountability Password Management Passwords 99

Security Affairs

MAY 3, 2023

Passwords are essential to protect services and data online, but when obtained by threat actors they can pose a risk to the users. Despite the IT giant has implemented defenses like 2-Step Verification and Google Password Manager , it recognizes that to really address password issues, it is necessary to adopt passwordless solutions.

Accountability 89

Accountability Passwords Password Management Phishing 89

CyberSecurity Insiders

APRIL 5, 2023

Employees should be trained on basic security hygiene such as strong password management, phishing awareness, and secure data handling practices. This can be done by attending industry conferences, reading security blogs, and participating in online forums.

Cyber threats 110

Cyber threats Penetration Testing Cyber Attacks Password Management 110

Identity IQ

JULY 17, 2023

In this blog, we provide you with ten actionable ways to safeguard your digital identity, focusing specifically on how to prevent compromised credentials. Use a Password Manager It may be beneficial to utilize a password manager to create and store strong passwords for all your online accounts.

Identity Theft 52

Identity Theft Password Management Passwords Authentication 52

Identity IQ

JULY 17, 2023

In this blog, we provide you with ten actionable ways to safeguard your digital identity, focusing specifically on how to prevent compromised credentials. Use a Password Manager It may be beneficial to utilize a password manager to create and store strong passwords for all your online accounts.

Identity Theft 52

Identity Theft Password Management Passwords Authentication 52

SecureWorld News

APRIL 21, 2023

According to a recent blog post : "Operation DreamJob is the name for a series of campaigns where the group uses social engineering techniques to compromise its targets, with fake job offers as the lure. Don’t make risky clicks, patch your systems and use a password manager.

Malware 69

Malware Social Engineering Password Management IoT 69

NetSpi Executives

OCTOBER 24, 2023

Use Strong Passwords and a Password Manager In 2022, threat actors leaked more than 721 million passwords. Among the passwords exposed, 72 percent of users were found to be still using already-compromised passwords. Turn on Multifactor Authentication Even strong, secure passwords can be exposed by attackers.

Social Engineering 59

Social Engineering Engineering Cybersecurity Passwords 59

Duo's Security Blog

OCTOBER 31, 2023

In today's digital landscape, organizations seek to bolster security and mitigate phishing due to the growing cyber security threats. Duo also reduces IT burden by enabling self-service for password resets, device remediation and more.

Security Awareness 76

Security Awareness Authentication Phishing Passwords 76

The Last Watchdog

OCTOBER 24, 2022

Employees are the first line of defense against cybercrime and should understand how to recognize phishing emails and what to do if they suspect them. One of the best ways to increase employee security awareness is to provide frequent training and communication about the risks of phishing and other cyberattacks.

Passwords 214

Passwords Security Awareness Data breaches Cybersecurity 214

Duo's Security Blog

JULY 7, 2023

A passkey is a phishing-resistant cryptographic keypair you register for web-based authentication. It’s the strongest authentication method available today, which is why you see passkeys moving to replace passwords altogether. See the video at the blog post. What is a passkey?

Authentication 63

Authentication Passwords Mobile Password Management 63

eSecurity Planet

MAY 4, 2023

In a brief blog post entitled “The beginning of the end of the password,” Google group product manager Christiaan Brand and senior product manager Sriram Karra called passkeys “the easiest and most secure way to sign into apps and websites and a major step toward a ‘passwordless future.'”

Authentication 98

Authentication Passwords Accountability Phishing 98

Webroot

JANUARY 4, 2023

If the beginning of the new year follows the trends of the last, there’s a good chance phishing will spike in the first four months of 2023. The post Forget the Gym – Start 2023 Right by Getting Your Digital Life in Shape appeared first on Webroot Blog. Product may be updated or modified.

Identity Theft 86

Identity Theft Insurance Password Management Phishing 86

Malwarebytes

FEBRUARY 20, 2023

From the above linked Twitter blog post: While historically a popular form of 2FA, unfortunately we have seen phone-number based 2FA be used - and abused - by bad actors. Note that you can still be phished should you enter your app generated code on a phishing page. There’s nothing to phish.

Authentication 95

Authentication Phishing Mobile Accountability 95

Malwarebytes

AUGUST 2, 2021

Spear-phishing now targets employees outside the finance and executive teams, report says. Source: Microsoft Security blog) Solarmarker malware campaign actors are focusing their energy on credential and residual information theft. BlackMatter, a new ransomware group , claims link to DarkSide, REvil.

Wireless 93

Wireless Password Management Firmware Passwords 93

eSecurity Planet

JANUARY 10, 2022

Successful attackers can then use the credentials to leverage stored credit card data to make fraudulent purchases, steal gift cards saved on the customer’s account, use the information in phishing attempts against victims or sell the login information and personal data to other bad actors. Removing the Guesswork for Cybercriminals.

Password Management 117

Password Management Passwords Authentication Accountability 117

Duo's Security Blog

SEPTEMBER 6, 2023

We have a lot of thoughts on passkeys – some of which we’ve shared in other posts in this passkey blog series – and today we’re going to explore how passkeys stack up against passwords from the perspective of cloud platforms. Google Password Manager On Android, the Google Password Manager provides backup and syncs passkeys.

Passwords 76

Passwords Password Management Authentication Threat Detection 76

Webroot

JUNE 2, 2022

Phishing and social engineering. Watch for phishing and social engineering. The best way to stay safe is to be aware of the threat—and learn how to spot phishing and social engineering attacks when you encounter them. The post Cyber threats in gaming—and 3 tips for staying safe appeared first on Webroot Blog.

Cyber threats 99

Cyber threats Social Engineering Accountability Malware 99

Duo's Security Blog

JUNE 12, 2023

Passwordless is the modern authentication method that does not rely on passwords, eliminating the risks that come with weak, lost, or stolen credentials. It is MFA Phishing Resistant. What is passwordless? Passkey “providers” achieve this by securely synchronizing passkey private keys between devices.

Authentication 116

Authentication Passwords Password Management Phishing 116

Duo's Security Blog

MAY 23, 2023

Passwords are a weak point in modern-day secure authentication practices, with Verizon highlighting that almost 50% of breaches start with compromised credentials. In our previous two features, we covered the dangers of phishing (one method of credential compromise) and how to mitigate its impact on users.

Authentication 113

Authentication Passwords Data breaches Phishing 113

Duo's Security Blog

SEPTEMBER 1, 2023

"Based on FIDO standards, passkeys are a replacement for passwords that provide faster, easier, and more secure sign-ins to websites and apps across a user’s devices. Unlike passwords, passkeys are always strong and phishing resistant. Passkeys can be used as a factor to shore up password-based MFA or can be used independently.

Passwords 98

Passwords Authentication Insurance Cyber Insurance 98

Webroot

APRIL 3, 2024

This encompasses everything from protecting your passwords to being vigilant against phishing scams and online fraud. Create strong passwords and use different ones for each account This may seem like a hassle, but it’s one of the most effective ways to thwart cyberattacks. But why dedicate an entire day to this?

VPN 83

VPN Passwords Scams Accountability 83

SiteLock

AUGUST 27, 2021

Security consultant Mark Burnett leaked 10 million usernames and passwords online through his personal blog last week, in a very risky move. Fortunately, the data was taken from random samples of passwords and data dumps already leaked previously online through sites like haveibeenpwned and pwnedlist. 2015 Cyber Security Risks.

Passwords 95

Passwords Cybersecurity Internet Internet 95

Heimadal Security

SEPTEMBER 20, 2021

Credential stuffing is a form of cyberattack where hackers are taking over massive databases of usernames and passwords, many of which are stolen in recent data breaches, and use an automated method to “stuff” the account logins into other online services.

Data breaches 78

Data breaches Passwords Phishing Accountability 78

eSecurity Planet

SEPTEMBER 15, 2021

Passwords are Unpopular. Nobody likes passwords,” Vasu Jakkal, corporate vice president for security, compliance and identity at Microsoft, wrote in a blog post today. Apple will let Safari browser users use Face ID and Touch ID to access websites and enables them to get services without passwords via the Passkeys protocol.

Accountability 122

Accountability Passwords Authentication Phishing 122