Duo's Security Blog

MARCH 31, 2025

Background on the HIPAA Security Rule The last major revision of the HIPAA Security Rule dates back to 2013 and the Omnibus HIPAA Final Rule, introduced to strengthen patient privacy and security protections. 87 The implementation of multi-factor authentication (MFA) is no longer optional.

Healthcare 52

Healthcare Authentication Risk Encryption 52

Security Affairs

MARCH 8, 2022

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities , FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

Authentication 108

Authentication Hacking Cybersecurity Risk 108

Security Affairs

JULY 15, 2021

” The company states that organizations that fail to address known vulnerabilities in the firmware of SRA and SMA 100 series products are at imminent risk of a targeted ransomware attack. Continued use of this firmware or end-of-life devices is an active security risk,” states the alert. continues the alert. 34 or 9.0.0.10

Firmware 118

Firmware Ransomware Passwords Mobile 118

Troy Hunt

JULY 9, 2018

One of the most alarming trends I've seen in the world of data breaches since starting Have I Been Pwned (HIBP) back in 2013 is the rapid rise of credential stuffing attacks. Of course, use 2 factor authentication everywhere you can too.).

Passwords 221

Passwords Password Management Data breaches Accountability 221

Security Affairs

DECEMBER 13, 2020

The PGminer botnet targets Postgress that have default user “ postgres ”, and performs a brute-force attack iterating over a built-in list of popular passwords such as “ 112233 “ and “ 1q2w3e4r “ to bypass authentication. It is interesting to note that threat actors have started to weaponize disputed CVEs, not only confirmed ones.

Hacking 145

Hacking Cryptocurrency Passwords Authentication 145

Security Affairs

OCTOBER 1, 2022

The IT giant has promptly started the investigation into the two zero-day vulnerabilities that impacts Microsoft Exchange Server 2013, 2016, and 2019. Successful exploitation of the CVE-2022-41040 can allow an authenticated attacker to remotely trigger CVE-2022-41082. . ” reads the advisory published by Microsoft. .*200

Authentication 139

Authentication Hacking Cybersecurity Risk 139

The Last Watchdog

DECEMBER 3, 2018

Related: Uber hack shows DevOps risk. The Starwood hack appears to come in second in scale only to the 2013 Yahoo breac h, which affected as many as 3 billion accounts, while a subsequent Yahoo breach also hit 500 million accounts. The breach is rightly attracting attention of regulators in Europe and the United States.

Hacking 157

Hacking eCommerce Authentication Social Engineering 157

Schneier on Security

FEBRUARY 21, 2020

He didn't become a senator until 2013.) Authentication risks surrounding someone's intimate partner is a good example.). Sometime around 1993 or 1994, during the first Crypto Wars, I was part of a group of cryptography experts that went to Washington to advocate for strong encryption. They still are.

Technology 273

Technology Encryption Surveillance Government 273

SecureWorld News

DECEMBER 29, 2020

Yahoo data breach (2013). Summary: Yahoo believes that 'state-sponsored actors' compromised all of their users accounts between 2013 and 2014. Summary: This data breach was unique in the sense that there was not a breach in the company's servers, but an authentication error, meaning no authentication was required to view documents.

Data breaches 98

Data breaches Passwords Accountability Government 98

SecureWorld News

AUGUST 15, 2024

The breach, which allegedly occurred in April 2024, has raised significant concerns about data security and identity theft risks. The scale of this breach, if confirmed, would rival or exceed other notorious data breaches in history, such as the 2013 Yahoo breach that affected an estimated 3 billion accounts.

Data breaches 109

Data breaches Identity Theft Password Management Data collection 109

SecureWorld News

MAY 26, 2022

Starting in 2013, Twitter began asking users to provide a phone number or email address to improve their account security. This information would be used to help reset passwords or unlock accounts, as well as enabling two-factor authentication (2FA). Twitter sells 2FA information to advertisers.

Advertising 98

Advertising Media Accountability Account Security 98

Krebs on Security

SEPTEMBER 5, 2023

“The threat actor was able to capture the employee’s master password as it was entered, after the employee authenticated with MFA, and gain access to the DevOps engineer’s LastPass corporate vault.” ” By 2013, new LastPass customers were given 5,000 iterations by default.

Cryptocurrency 361

Cryptocurrency Passwords Encryption Accountability 361

Duo's Security Blog

MAY 17, 2023

The Universal Prompt is Duo's next-generation authentication interface that delivers a better experience for every user. Simplify Secure Access – Modernizing security can be disruptive for users, but Universal Prompt makes it painless with a smooth authentication experience, intuitive web-based design, and several self-service options.

Authentication 98

Authentication Engineering Education Phishing 98

eSecurity Planet

SEPTEMBER 25, 2022

In 2013, for example, the FIDO Alliance was created to solve the world’s password problem by replacing login technology. Microsoft is already providing passwordless features to Azure Active Directory, and for Google, multi-factor authentication (MFA) has become mandatory. The Challenges of New Authentication Technologies.

Passwords 125

Passwords Password Management Authentication Technology 125

CyberSecurity Insiders

JUNE 28, 2021

In Europe, for example, Spain’s BBVA opened its APIs in 2013 with the goal to allows companies and businesses to better manage their operations. To try and reassure citizens on this point, EU regulators are insisting that strong two-factor authentication be enabled for all PSD2-related transactions.

Banking 133

Banking Financial Services Authentication Technology 133

Krebs on Security

JANUARY 22, 2019

Virtualfirefox.com is a domain registered via GoDaddy in 2013 and currently owned by The Mozilla Corporation , a wholly owned subsidiary of the Mozilla Foundation — the makers of the popular Firefox Web browser. Contacted by KrebsOnSecurity, GoDaddy acknowledged the authentication weakness documented by Guilmette.

DNS 276

DNS Internet Internet Computers and Electronics 276

Security Boulevard

DECEMBER 28, 2021

However, the 2021 update of the Top 10 has changed the list to be more akin to an awareness document, specifically regarding patterns and risks to look out for when writing software and reviewing it for possible security issues. Risk determination. For example, broken authentication continues to be a major problem. Conclusion.

Software 116

Software Risk Authentication 116

Pen Test Partners

MAY 2, 2024

The LUCKY13 attack was a vulnerability and tied attack identified in February 2013 by AlFardan and Paterson of the Royal Holloway, University of London and given CVE-2013-0169. This can cause a time difference between the various sizes of blocks due to the way that the Message Authentication Code (MAC) is calculated. What is it?

Risk 72

Risk Software Authentication Internet 72

Adam Shostack

DECEMBER 15, 2016

Yesterday, Yahoo disclosed that attackers broke into Yahoo in 2013 and stole details on a billion accounts. Turn on two-factor authentication, whenever possible. Most banking sites and ones like Google, Apple, Twitter and Facebook offer two-factor authentication. But: authentication is hard. You must make a risk tradeoff.

Password Management 100

Password Management Passwords Encryption Accountability 100

Malwarebytes

JULY 15, 2021

Devices at risk. SSL-VPN 200/2000/400 (EOL 2013/2014) disconnect immediately and reset passwords. The devices that the security notice mentions are running 8.x x versions of the firmware. Because these versions have reached their end of life they are unpatched. This vulnerability has been patched in the later 9.x x firmware versions.

Ransomware 99

Ransomware Firmware VPN Passwords 99

Security Boulevard

JULY 21, 2022

SHA-1 was officially deprecated by NIST in 2011 and its usage for digital signatures was prohibited in 2013. For businesses still using the broken SHA-1, they were facing serious risks , including: Increased possibility of a collision or man-in-the-middle attack. Since 2020, chosen-prefix attacks against SHA-1 are feasible.

Encryption 114

Encryption Authentication Backups Architecture 114

The Last Watchdog

AUGUST 15, 2019

Beazley also reported that SMBs, which tend to spend less on information security, were at a higher risk of being hit by ransomware than larger firms, and that the healthcare sector was hardest hit by ransomware attacks, followed by financial institutions and professional services. Here’s a timeline of recent ransomware advances: •2013-2014.

Ransomware 196

Ransomware Internet Internet Hacking 196

eSecurity Planet

MARCH 25, 2022

As remote desktop solutions are prevalent among IT and managed service providers (MSP), downstream clients can be at risk, as Kaseya experienced in 2021. RDP intrusions are typically the result of two attacker methods: brute force authentication attempts or a meddler-in-the-middle (MITM) attack. Reconnaissance.

VPN 120

VPN Software Authentication Encryption 120

Security Boulevard

JANUARY 22, 2025

In response to ongoing security threats and privacy violations, the Department of Health and Human Services (HHS) has published significant updates to the HIPAA Security Rulethe first substantial revision since 2013. Regular Risk Assessments : Ensuring organizations remain vigilant against emerging threats.

Healthcare 84

Healthcare Cybersecurity Data breaches Encryption 84

Malwarebytes

MAY 5, 2022

in 2013 suffering 3 billion accounts becoming exposed to attackers, or LinkedIn discovering 117 million passwords up for sale in 2016, this can have a major impact on the users. Two-factor authentication (an additional level of security most commonly tied to your mobile device) is still not as widely adopted as it should be.

Passwords 95

Passwords Password Management Authentication Accountability 95

Security Affairs

FEBRUARY 16, 2022

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities , FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog. . ” reads the CISA’s announcement.

Risk 98

Risk Engineering Hacking Authentication 98

Thales Cloud Protection & Licensing

SEPTEMBER 2, 2024

Breaking Free from Passwords: Passkeys and the Future of Digital Services josh.pearson@t… Mon, 09/02/2024 - 15:14 As passkeys offer a more secure and convenient way to authenticate users, it is no surprise that industry experts agree that they will become the standard authentication method used worldwide. How do we get there?

Passwords 62

Passwords Authentication Social Engineering Phishing 62

Troy Hunt

JANUARY 10, 2018

Just as in my post on NatWest last month , that entry point must be as secure as possible or else everything else behind there gets put at risk. By recognising this, they also must accept that the interception may occur on that first request - the insecure one - and that subsequently leaves a very real risk in their implementation.

Hacking 279

Hacking Government Encryption Risk 279

eSecurity Planet

APRIL 26, 2022

Company Sector Year Status Vicarius Vulnerability management 2022 Private Dragos ICS and OT security 2021 Private Safeguard Cyber Risk management 2021 Private CyberGRX Risk management 2019 Private Signifyd Fraud protection 2018 Private RedOwl Security analytics 2015 Acquired: Forcepoint. Accel Investments. AllegisCyber Investments.

Cybersecurity 128

Cybersecurity Technology Marketing Healthcare 128

Malwarebytes

MAY 19, 2021

What these names have in common is that they have all experienced at least one breach in 2013—the year when threat actors started targeting organizations across industries to either steal data for profit or leak them to “teach companies a lesson about cybersecurity.” The US Department of Energy (DoE). The New York Times.

Passwords 124

Passwords Data breaches Government Accountability 124

Security Affairs

OCTOBER 6, 2019

Microsoft has been tracking the threat actors at least since 2013, but experts believe that the cyberespionage group has been active since at least 2011. . In some instances, they gathered phone numbers belonging to their targets and used them to assist in authenticating password resets.”

Accountability 105

Accountability Passwords Advertising Government 105

Security Affairs

AUGUST 27, 2020

Screenshot from the latest forum discussion about RepWatch in 2013: The CSV files appear to have included the same set of 350 million unique emails, separated into three groups: hashed, hashed and salted, and unencrypted files. Enable two-factor authentication (2FA) for as many of your online accounts as possible.

Social Engineering 145

Social Engineering Passwords Marketing Phishing 145

Security Affairs

MAY 3, 2021

The researchers discovered that the Experian API could be used without authentication, he also noticed that by providing a “date of birth” composed of all zeros it is possible to access a person’s credit score. The APT also returns for each consumer up to four “risk factors,” which are sensitive information about his habits.

Insurance 102

Insurance Identity Theft Hacking Authentication 102

Malwarebytes

DECEMBER 21, 2022

The overwhelming number of organizations filing victim complaints to the IC3 between October 2013 and December 2021 were based in the US. Copy company logos to lend authenticity to their fraudulent emails and documents. The FBI, FDA, and USDA urge businesses to use a risk-informed analysis to deal with this type of crime.

Social Engineering 96

Social Engineering Phishing Accountability Scams 96

Malwarebytes

FEBRUARY 1, 2023

When American store Target found a Trojan designed to steal card details on its POS (point-of-sale) systems in 2013, no one expected that the route into its secure environment was its heating, ventilation, and air conditioning (HVAC) supplier, Fazio Mechanical Services. Make multi-factor authentication (MFA) a norm.

Software 91

Software Risk Backups Technology 91

Security Boulevard

JUNE 8, 2021

In the third installment of our series, Protecting Industrial Control Systems Against Cyberattacks , we explore additional risk factors and vulnerabilities facing ICS SCADA systems. The most common vulnerabilities include: Lack of authentication/authorization and insecure defaults. IT/OT Convergence a Key Risk Factor. .

Ransomware 102

Ransomware Software Healthcare Risk 102

Identity IQ

FEBRUARY 8, 2024

From 2011 to 2013, the Silk Road hosted 1.2 2013: The End of the Silk Road Authorities were able to trace the pseudonym back to Ulbricht thanks to the efforts of an IRS investigator who was working with the DEA on the Silk Road case in mid-2013. The FBI shut down the Silk Road in October 2013. billion in value.

Identity Theft 98

Identity Theft Cryptocurrency Government Engineering 98