eSecurity Planet

NOVEMBER 21, 2022

The Microsoft Detection and Response Team (DART) recently warned that attackers are increasingly using token theft to circumvent multi-factor authentication (MFA). “After authentication to Azure AD via a browser, a cookie is created and stored for that session,” the team noted. How to Respond to Token Theft.

Authentication 130

Authentication Phishing Password Management Accountability 130

Identity IQ

AUGUST 21, 2023

What is Clone Phishing and How Do I Avoid It? In this blog post, we dive into the world of clone phishing, shedding light on what it is, the potential risks it poses, and most importantly, how to protect yourself from falling victim to it. What is Clone Phishing? How Does Clone Phishing Work?

Phishing 87

Phishing Authentication Passwords Identity Theft 87

Duo's Security Blog

JANUARY 11, 2023

What is Duo Network Gateway? Then it verifies user identity with advanced multi-factor authentication (MFA). How does DNG for SMB work? How does DNG for SMB work? This capability is generally available for Duo Beyond customers. Why do I need DNG?

VPN 94

VPN Firewall Authentication Internet 94

Duo's Security Blog

MAY 12, 2023

Our documentary, “ The Life and Death of Passwords ,” explores with industry experts the history of passwords, why passwords have become less effective over time, and how trust is established in a passwordless future. But for a long time, it wasn’t a central focus in the conversation around what’s important for security to design.

Passwords 52

Passwords Authentication Mobile Technology 52

Duo's Security Blog

AUGUST 24, 2022

It can also be challenging for school leaders to break down what new laws mean and what they can do to support pre-existing academic compliance mandates to help secure student data. However, adding two-factor or multi-factor authentication (MFA) cybersecurity may be a good place to start.

Cybersecurity 52

Cybersecurity Education Insurance Authentication 52

Duo's Security Blog

JUNE 3, 2021

Okay, there are a few lingering cases we haven’t been able to eradicate yet, such as old WiFi systems and some legacy software nobody knows how to work with anymore. Do you remember how we used to be afraid of biometrics because a few early implementations stored users’ personal information in a central database?

Authentication 77

Authentication Passwords Phishing Accountability 77

Duo's Security Blog

JUNE 24, 2021

We can map this exact example onto modern multi-factor authentication. What is Second Factor Phishing? What does it mean when users get “too used to” MFA protection? At Duo, some of our customers are worried about second factor phishing or push phishing.

Phishing 63

Phishing Authentication Education Passwords 63

Duo's Security Blog

JUNE 17, 2021

See the video at the blog post. Part of ensuring that passwordless is just as secure as multi-factor is ensuring that it is multi-factor. Part of ensuring that passwordless is just as secure as multi-factor is ensuring that it is multi-factor. See the video at the blog post.

Authentication 54

Authentication Manufacturing Passwords Accountability 54

Duo's Security Blog

OCTOBER 21, 2022

While security teams work to stay vigilant and put defenses in place, it can be difficult to keep up with the evolving threats. One of these threats that has gained attention includes circumventing an organization’s multi-factor authentication (MFA) protection. What is MFA fatigue?

Authentication 59

Authentication Risk Passwords Phishing 59

Duo's Security Blog

DECEMBER 7, 2022

Much has been published about how the demand — and subsequent cost — for cyber liability insurance has skyrocketed in line with increasing incidents of cyberattacks. But what are the risks with this approach? Tech Wire Asia cites that premiums could be expected to reach anywhere between US$500 million and US$1 billion by 2025.

Insurance 75

Insurance Cyber Insurance Ransomware Risk 75

SC Magazine

MAY 7, 2021

Google announced that it will automatically enroll users in multifactor authentication – what they are calling two-step verification. Using their mobile device to sign in gives people a safer and more secure authentication experience than passwords alone,” Risher said. Photo by Mario Tama/Getty Images).

Authentication 89

Authentication Passwords Password Management Mobile 89

Duo's Security Blog

JUNE 16, 2022

Not the ordinary kind, but the kind that makes the senior technical support engineer a top performer on his team at Duo Security — the kind that breathes life into the old cliché of working smarter, not harder. What it really helps with is support fatigue,” Kappos said. Have a great day! Neurons fire. A previous answer is recalled.

Engineering 73

Engineering Hacking Authentication Technology 73

Duo's Security Blog

FEBRUARY 8, 2021

It’s easy to look at what appears to be a badly secured situation and say, “Why didn’t they just do X?” But I’d like to show an example of the kinds of constraints that organizations have to work with, and why they may make decisions that you don’t understand from the outside. Ask me how I know this.) Don’t do it.

CISO 77

CISO Passwords Authentication Accountability 77

Duo's Security Blog

AUGUST 12, 2021

If you’ve accomplished this recently, congratulations (and please teach me how you did it)! That’s a key factor in why Gartner’s CARTA model emphasizes how important it is to “continuously discover, monitor, assess, and prioritize risk — proactively and reactively.” So what are we to do in the face of this complexity?

Retail 88

Retail Healthcare Risk Authentication 88

Centraleyes

DECEMBER 25, 2023

Understanding Zero Trust Traditionally, cybersecurity operated on a simple principle: trust what’s inside, be wary of what’s outside. Zero trust helps you track and verify who accessed what, when, and how, simplifying compliance and aiding in audit trails. This is where zero-trust steps in.

Authentication 52

Authentication Architecture Cyber threats Accountability 52

DoublePulsar

DECEMBER 3, 2023

What it means — CitrixBleed ransomware group woes grow as over 60 credit unions, hospitals, financial services and more breached in US. How CitrixBleed vulnerablity in Netscale has become the cybersecurity challenge of 2023. Hence why I published information on how organisations could identify their own assets.

Ransomware 98

Ransomware Cybersecurity Healthcare Government 98

Duo's Security Blog

JULY 13, 2021

What does this mean for Duo? PT to learn what’s what when it comes to passwordless, and come prepared to think about the implications of quick response logins (QRLs) and the type of binding necessary for secure passwordless solutions. In either case, whether live or online, this promises to be another exciting conference!

CISO 90

CISO CSO Authentication Passwords 90

Duo's Security Blog

FEBRUARY 15, 2023

Duo Care sees our with customers as true partnerships where we work with organizations to develop an ongoing security strategy. Customer Success teams at different SaaS companies have called these meetings any number of things - but what do the meetings actually entail? What is an executive business review?

Engineering 52

Engineering Accountability Information Security CISO 52

Duo's Security Blog

FEBRUARY 16, 2022

First, a Quick Overview on Retail and Cybersecurity Retail has two main types of workers — people with boots on the ground in a store who have to connect to a device that may be managed, unmanaged or shared, and people who work for the corporate or online side of the business. Almost all of these begin by stealing credentials.

Retail 76

Retail Cybersecurity Data breaches Passwords 76

Kali Linux

MAY 29, 2023

Xfce does not really “support” PipeWire per se, but it does not need to. And that’s what make the magic happens: applications that were meant to work with PulseAudio keep working as if nothing happened, blissfully unaware of the change. What should you do about it? is now here.

Firmware 52

Firmware Phishing Architecture Authentication 52

Centraleyes

DECEMBER 17, 2023

What is a PCI Audit? What’s New? Here’s a quick tour of what’s new: PCI DSS 4.0: How Long Does a PCI Audit Take? Important Note: PCI DSS current version, Version 3.2.1, is being phased out and will be replaced by the newly-released version, PCI DSS version 4.0, in March of 2024.

Passwords 52

Passwords Computers and Electronics Software Risk 52

Malwarebytes

SEPTEMBER 21, 2021

So it’s really important to talk to them about how they should use their devices responsibly, what they should and shouldn’t be doing online, and how they should be treating other people. What you should be considering is a site should have a set minimum password length of 8-characters.

Internet 106

Internet Internet Passwords Password Management 106

Krebs on Security

FEBRUARY 18, 2019

But to date, the specifics of exactly how that attack went down and who was hit have remained shrouded in secrecy. 25, 2019, when security firm CrowdStrike published a blog post listing virtually every Internet address known to be (ab)used by the espionage campaign to date. Twelve days after the FireEye report, the U.S.

DNS 262

DNS Internet Internet Government 262

CyberSecurity Insiders

SEPTEMBER 21, 2021

This blog was written by a guest blogger. But how bad are things, really? Factors impacting remediation range from a lack of resources, to challenging environments with inconsistent DevSecOps practices, to haphazard scanning frequency and security testing. How does Web Application Shielding work?

Penetration Testing 40

Penetration Testing Passwords Risk Accountability 40

Fox IT

MARCH 3, 2022

After discovery NCC Group immediately notified Google and decided to share our knowledge via this blog post. Authors: Alberto Segura, Malware analyst Rolf Govers, Malware analyst & Forensic IT Expert. NCC Group, as well as many other researchers noticed a rise in Android malware last year, especillay Android banking malware.

Banking 81

Banking Malware Encryption Antivirus 81

Duo's Security Blog

OCTOBER 6, 2023

Threat actors have dramatically escalated their attacks – targeting security controls like multi-factor authentication (MFA), conducting wily social engineering attacks and extorting businesses large and small with ransomware. So how does one go from MFA to full zero trust maturity? And I get it.

Authentication 113

Authentication Risk Social Engineering InfoSec 113

Duo's Security Blog

SEPTEMBER 1, 2023

Passkeys simplify account registration for apps and websites, are easy to use, work across most of a user’s devices, and even work on other devices within physical proximity.” - FIDO Alliance Most people know what passwords are and have experienced first-hand some of the many issues with them.

Passwords 95

Passwords Authentication Insurance Cyber Insurance 95

NetSpi Technical

NOVEMBER 2, 2023

To understand the vulnerability, there are a few things to understand about the Entra ID authentication flow. Within any Entra ID environment, there are numerous cloud applications that are leveraged when a user authenticates. This odd load-time behavior is what alerted me to the potential for an MFA bypass.

Authentication 143

Authentication Accountability Social Engineering Penetration Testing 143

Thales Cloud Protection & Licensing

JULY 24, 2018

These statistics indicate data breaches remain pervasive within the federal government, and that the current methods being used to secure agency data are not working as effectively as they could. There also appears to be some confusion over how to best protect critical data.

Encryption 48

Encryption Data breaches Government Threat Reports 48

Krebs on Security

APRIL 6, 2022

Microsoft blogged about its attack at the hands of LAPSUS$, and about the group targeting its customers. “There is a lot of speculation about how good they are, tactics et cetera, but I think it’s more than that,” said the CXO, who spoke about the incident on condition of anonymity. ” HOW DID WE GET HERE?

Social Engineering 231

Social Engineering Phishing Engineering Accountability 231

Troy Hunt

NOVEMBER 14, 2018

Last week I wrote a couple of different pieces on passwords, firstly about why we're going to be stuck with them for a long time yet and then secondly, about how we all bear some responsibility for making good password choices. Adding a second factor typically means either requiring "something that you have" or "something that you are".

Passwords 261

Passwords Authentication Accountability Mobile 261

Krebs on Security

SEPTEMBER 2, 2021

Here’s the story of a cybercrime group that compromises up to 100,000 email inboxes per day, and apparently does little else with this access except siphon gift card and customer loyalty program data that can be resold online. mail server responds “OK” = successful access).

Accountability 277

Accountability Authentication Passwords Hacking 277

Krebs on Security

MARCH 29, 2022

In the United States, when federal, state or local law enforcement agencies wish to obtain information about who owns an account at a social media firm, or what Internet addresses a specific cell phone account has used in the past, they must submit an official court-ordered warrant or subpoena.

Accountability 269

Accountability Government Hacking Social Engineering 269

Duo's Security Blog

AUGUST 1, 2022

for companies to implement security that works security framework. There were 60 changes made, with new rules around multi-factor (MFA) being one of the most significant. focuses on developing stronger authentication requirements around NIST Zero Trust Architecture guidelines. What Is PCI DSS? to PCI DSS 4.0.

Authentication 79

Authentication Passwords Accountability VPN 79

Duo's Security Blog

MARCH 24, 2023

Our documentary, “ The Life and Death of Passwords ,” explores with industry experts the history of passwords, why passwords have become less effective over time, and how trust is established in a passwordless future. And then that’s something that they know, and that’s what grants them access to the system.

Passwords 77

Passwords Authentication Password Management Technology 77

Duo's Security Blog

SEPTEMBER 20, 2022

Cisco Secure Access by Duo is a leading provider of multi-factor authentication (MFA) for the global workforce – but what does that mean? Multi-Factor Authentication (MFA) is the practice of adding multiple (two or more) identity verification dimensions at login.

Education 52

Education Authentication Passwords Technology 52

Duo's Security Blog

DECEMBER 12, 2023

In this blog, see the depth of Duo integrations with various AWS applications and services, and learn how you can better equip your organization with security that frustrates the attackers and not the users. What does that mean? What does it mean to build a successful zero trust security model?

Data breaches 79

Data breaches Authentication Passwords Risk 79