Duo's Security Blog

JANUARY 21, 2021

Where is my encryption-breaking dolphin? It is set in 2021, after all. I wager, there was no better way to prepare for my predictions blog. In this fictional 2021, the act of carrying around a corporate laptop is long past. Dropping Passwords In the actual year 2021, we do have some recognition-based authentication.

Cybersecurity 54

Cybersecurity Healthcare Authentication Internet 54

Security Boulevard

FEBRUARY 3, 2021

<a href='/blog?tag='></a> tag='></a> <a href='/blog?tag='></a> tag='></a> <a href='/blog?tag='></a> What does this mean for cybersecurity in the public sector in 2021 and what can organizations do to improve their security posture? Featured: .

Cybersecurity 78

Cybersecurity Digital transformation Cyber threats Ransomware 78

The Last Watchdog

MAY 19, 2022

Wikipedia uses a CMS for textual entries, blog posts, images, photographs, videos, charts, graphics, and “ talk pages ” that help its many contributors collaborate. Nearly all CMS platforms, whether traditional or headless, offer some level of built-in security to authenticate users who are allowed to view, add, remove, or change content.

Data breaches 262

Data breaches Encryption Mobile Technology 262

Thales Cloud Protection & Licensing

MAY 16, 2022

In a previous blog post, I discussed how The White House Executive Order issued on May 12, 2021 laid out new, rigorous government cyber security standards for federal agencies. Protect – Encrypt data at rest and in-flight without costly performance impact. MFA and Encryption. Tue, 05/17/2022 - 05:36. Government.

Cybersecurity 87

Cybersecurity Encryption Architecture Technology 87

Security Affairs

FEBRUARY 28, 2024

The Mirai -based Moobot botnet was first documented by Palo Alto Unit 42 researchers in February 2021, in November 2021, it started exploiting a critical command injection flaw ( CVE-2021-36260 ) in the webserver of several Hikvision products. Since September 2022, Moobot botnet was spotted targeting vulnerable D-Link routers.

Energy and Utilities 122

Energy and Utilities Government Firewall Malware 122

Herjavec Group

SEPTEMBER 24, 2021

Ransomware is a breakout ransomware group that became operational shortly after the shutdown of the REvil Ransomware and DarkSide Ransomware operations in late Summer 2021. T1083 File and Directory Discovery BlackMatter uses native functions to enumerate files and directories searching for targets to encrypt. . BlackMatter?Ransomware

Ransomware 109

Ransomware Manufacturing Energy and Utilities Encryption 109

Security Affairs

APRIL 19, 2023

The joint advisory provides detailed info on tactics, techniques, and procedures (TTPs) associated with APT28’s attacks conducted in 2021 that exploited the flaw in Cisco routers. The Russia-linked APT28 conducted the attacks in 2021 and targeted a small number of entities in Europe, U.S. ” reads the joint advisory. through 12.4

Malware 98

Malware Firmware Government Education 98

Duo's Security Blog

SEPTEMBER 6, 2023

We have a lot of thoughts on passkeys – some of which we’ve shared in other posts in this passkey blog series – and today we’re going to explore how passkeys stack up against passwords from the perspective of cloud platforms. That’s why many tech companies are turning to passkeys as a more secure and convenient replacement.

Passwords 74

Passwords Password Management Authentication Threat Detection 74

SecureList

DECEMBER 14, 2021

The malicious module was most likely compiled between late 2020 and April 2021. The assembly default “LegalCopyright” field shows “2020” as a date, and the most recent Owowa sample we could find was detected in April 2021 in our telemetry.

Authentication 115

Authentication Encryption Accountability Passwords 115

Security Boulevard

SEPTEMBER 30, 2022

Hence, all network traffic “must be encrypted and authenticated as soon as practicable.” of all internet activity in 2021 , up from 40.8% Hence, device-to-device, API-to-API, container-to-container, or, in a word, machine-to-machine communications must be authenticated. Machine identity is key component of Zero Trust.

IoT 111

IoT Authentication Encryption Architecture 111

Thales Cloud Protection & Licensing

MAY 31, 2021

Tue, 06/01/2021 - 06:55. In our previous blog post , we discussed the challenges for securing IoT deployments, and how businesses and consumers benefit from authenticating and validating IoT software and firmware updates. Use cases of secure IoT deployment.

IoT 71

IoT Computers and Electronics Manufacturing Firmware 71

CyberSecurity Insiders

FEBRUARY 25, 2022

This blog was jointly written with Santiago Cortes. Key takeaways: The ransomware BlackCat is coded in Rust and was created in November 2021. According to these blogs, at least 10 companies may have been impacted by these ransomware campaigns in the first two weeks of February. Blog BotenaGo. Executive summary.

Ransomware 119

Ransomware Encryption Malware Backups 119

CyberSecurity Insiders

FEBRUARY 1, 2022

This blog was written by an independent guest blogger. The average cost of a data breach reached an all-time high in 2021, and the attack vector grows larger by the minute. With quantum computing looming in the not-so-distant future, the way that we think about encryption will need to evolve.

Risk 134

Risk Social Engineering Threat Detection Encryption 134

Security Boulevard

AUGUST 3, 2022

230 apps were leaking all four 0Auth authentication credentials and could be used to fully take over Twitter accounts to perform critical/sensitive actions. The Twitter API provides direct access to a Twitter account and OAuth tokens are used by the Twitter API for authentication. Twitter API. Find out how Venafi can help. "> Off.

Mobile 98

Mobile Authentication Accountability Identity Theft 98

Security Boulevard

MARCH 14, 2022

The Thales Access Management Index 2021 report illustrates a highly fragmented landscape at the enterprise level. A third (33%) of respondents said they use three or more authentication access management tools. Machine identities validate the authenticity of non-human entities connected to corporate networks. UTM Medium.

Cloud Migration 97

Cloud Migration Digital transformation Data breaches Authentication 97

The Last Watchdog

MAY 5, 2022

Well, the stats are even scarier with over 50% increase in ransomware attacks in 2021, compared to 2020. If the data is online, then it’s accessible to bad actors and just waiting to be encrypted for ransom. Ransomware? I think you may have heard of it, isn’t the news full of it? Related: Make it costly for cybercriminals.

Ransomware 247

Ransomware Risk Internet Internet 247

Notice Bored

JULY 17, 2022

Not being able to tell precisely how many steps you've taken today, or being unable to read this blog, is hardly going to stop the Earth spinning on its axis. Cryptography is the primary control, coupled with appropriate use of authentication and encryption processes in both hardware and software (e.g.'microcode' My head hurts.

Computers and Electronics 63

Computers and Electronics Authentication Software IoT 63

SecureWorld News

NOVEMBER 3, 2021

Everything is going smoothly until right up to that announcement, when suddenly all your internal servers are encrypted and your business is crippled. Then, in April 2021, Darkside operators posted this message to their blog: "Now our team and partners encrypt many companies that are trading on NASDAQ and other stock exchanges.

Ransomware 77

Ransomware Encryption Authentication Accountability 77

Malwarebytes

MAY 6, 2022

REvil (aka Sodinokibi) first appeared in May 2020 and has been responsible for numerous high-profile ransomware attacks, including arguably the biggest ransomware attack of all time—a supply-chain attack on Kaseya VSA in July 2021 that is thought to have affected over 1,000 businesses. New gangs emerge. Ransomware attacks in April 2022.

Ransomware 94

Ransomware Encryption Accountability Technology 94

The Last Watchdog

APRIL 5, 2022

’ This firewall even goes as far as to block the latest versions of the encryption service TLS (v1.3) ” Only 4 percent of respondents to an FCC poll said their organization received a new J-1 visa in 2021, and 46 percent said their bureaus were understaffed because of a lack of visas.

Hacking 243

Hacking Passwords Firewall Internet 243

The Last Watchdog

SEPTEMBER 7, 2022

The FBI’s Internet Crime Complaint Center (IC3) received 3,729 ransomware complaints in 2021, representing $49.2 This gives the perpetrator the access needed to launch the ransomware and lock the company out of its own infrastructure or encrypt files until the ransom is paid in cryptocurrency. Prevalence. million in adjusted losses.

Ransomware 124

Ransomware Education Financial Services Phishing 124

The Last Watchdog

DECEMBER 19, 2022

In some cases, they find vulnerable third parties that provide ways into larger targets, which is how hackers infiltrated the Red Cross in 2021. It’s far easier to steal and encrypt sensitive data when someone else manages the first and hardest step in the breach process. IABs can gain this access through many different means.

Cybercrime 124

Cybercrime Digital transformation Ransomware Cybersecurity 124

CyberSecurity Insiders

JUNE 24, 2021

As #RansomwareWeek draws to a close here on the (ISC)² blog, we turn our attention to how organizations can defend themselves. Be sure to use controls that prevent online backups from becoming encrypted by ransomware. Multifactor authentication should be in place wherever possible, especially for privileged accounts.

Ransomware 103

Ransomware Backups Penetration Testing Education 103

Security Affairs

SEPTEMBER 12, 2021

A new banking trojan dubbed maxtrilha (due to its encryption key) has been discovered in the last few days and targeting customers of European and South American banks. The victims’ data is encrypted and sent to the C2 server geolocated in Russia. Figure 4: Maxtrilha samples disseminated in August and September 2021.

Banking 140

Banking Malware Internet Internet 140

Duo's Security Blog

JANUARY 25, 2023

were deprecated in Mar 2021 with IETF RFC 8996. Well-known attacks like BEAST (Browser Exploit Against SSL/TLS), POODLE (Padding Oracle On Downgraded Legacy Encryption), etc. Duo is here to help you For customers starting their zero-trust network access (ZNTA) journey with Duo multi-factor authentication (MFA) , TLS 1.0

Encryption 61

Encryption Technology Risk Authentication 61

Malwarebytes

SEPTEMBER 28, 2021

Microsoft’s Threat Intelligence Center has been analyzing a custom-built backdoor that has been used by the Nobelium group since April 2021. This file is the encrypted backdoor that gets decrypted and executed by the malicious version.dll. Please read the Microsoft blog for a full list of IOCs. Mitigation and detection.

Malware 91

Malware Authentication Firewall Risk 91

Thales Cloud Protection & Licensing

FEBRUARY 16, 2021

Tue, 02/16/2021 - 16:33. There are three major threat vectors that harm IoT deployments: Devices are hijacked by malicious software; Data collected and processed in IoT ecosystems is tampered with and impacts the confidentiality, integrity and availability of the information; and, Weak user and device authentication. Encryption.

IoT 96

IoT Manufacturing Energy and Utilities Data collection 96

Malwarebytes

MAY 28, 2021

In this blog, we’ll home in on Conti, the strain identified by some as the successor, cousin or relative of Ryuk ransomware , due to similarities in code use and distribution tactics. The files are then held for ransom and the victim is threatened by data loss, because of the encryption, and leaking of the exfiltrated data.

Healthcare 124

Healthcare Ransomware Encryption Passwords 124

Security Boulevard

JULY 19, 2022

The majority (88%) of IT decision makers are exploring Kubernetes and containers, according to 2021 data from New Relic. Authenticate your K8s clusters with machine identities. Kubernetes expects that all API communication in the cluster is encrypted by default with TLS. API authentication. brooke.crothers.

Authentication 52

Authentication Digital transformation Risk Engineering 52

Centraleyes

NOVEMBER 1, 2023

This blog post will delve into the fundamental principles underpinning effective information security principles and practices. Maintaining confidentiality involves implementing access controls, encryption, and user authentication mechanisms to restrict access to data based on user roles and permissions.

Information Security 52

Information Security Encryption Risk Authentication 52

McAfee

AUGUST 10, 2021

Vulnerability Analysis: CVE-2021-34535. One such vulnerability is identified as CVE-2021-34535, which is a remote code execution flaw in the Remote Desktop client software, observed in mstscax.dll, which is used by Microsoft’s built-in RDP client (mstsc.exe). But does this flaw, despite its impressive 9.9 Mitigation: Patch.

Authentication 118

Authentication Internet Internet Software 118

SiteLock

NOVEMBER 24, 2021

Babuk ransomware was discovered fairly recently, in early 2021, but it hasn’t taken long for this destructive new malware to gain notoriety. At first, the Babuk group used file encryption to gain leverage over its victims but, because the ransomware wasn’t particularly advanced, they weren’t always successful. What Is Babuk Ransomware?

Ransomware 59

Ransomware Malware Encryption Antivirus 59

NopSec

JULY 28, 2023

Good news for blog content, but less so for production networks. On the hardware side of the spectrum, researchers discovered that AMD Zen2 CPUs are vulnerable to a memory dump vulnerability that could result in unintended disclosure of neat things like encryption keys and passwords. July was a busy month for vulnerability research.

Authentication 52

Authentication Encryption Risk Passwords 52

Security Boulevard

JULY 11, 2022

The healthcare industry continued to be one of the the most targeted sector in 2021 , witnessing a 51% increase in breaches since 2019. Lack of authentication creates man-in-the-middle risks. Machine identities identify and authenticate the various connected devices to the organization’s network. Mon, 07/11/2022 - 16:49.

Healthcare 52

Healthcare IoT Authentication Internet 52

Security Affairs

MAY 12, 2023

In this email, the bad actor pretending to be the sender may nefariously capture the individual’s authentication details or prompt a malicious download that then compromises the system. In 2022, email phishing attacks made up 24% of all spam emails — up from 11% in 2021. This can be done using encryption.

Phishing 98

Phishing Social Engineering Small Business B2B 98

McAfee

MAY 10, 2021

These are a few of the top-line findings from our 2021 Consumer Security Mindset Report: Travel Edition , which garnered responses from more than 11,000 people aged 18 to 75 in eleven countries across North and South America, Europe, Asia, and the South Pacific. People are m ore c onnected and m ore p rotected in 2021 .

Internet 108

Internet Internet Banking VPN 108

Thales Cloud Protection & Licensing

MARCH 15, 2022

On May 12, 2021, the White House released an Executive Order (E.O.) Only a fifth of organizations in a 2021 study said that they were very confident in their organization’s understanding of a zero trust model, reported TechRepublic. Why Public Agencies Are Struggling to Implement Zero Trust. Tue, 03/15/2022 - 10:01. on improving U.S.

Architecture 71

Architecture Government CSO Technology 71