Duo's Security Blog

SEPTEMBER 6, 2023

But conventional protection solutions, like password security, fall short when it comes to efficacy. We have a lot of thoughts on passkeys – some of which we’ve shared in other posts in this passkey blog series – and today we’re going to explore how passkeys stack up against passwords from the perspective of cloud platforms.

Passwords 80

Passwords Password Management Authentication Threat Detection 80

Malwarebytes

SEPTEMBER 26, 2022

Twitter says it has fixed a bug that meant users weren't logged out of active sessions on all devices after manually resetting their passwords. Writing on its blog , Twitter said: "We want to let you know that we recently fixed a bug that allowed Twitter accounts to stay logged in from multiple devices after a voluntary password reset.

Passwords 65

Passwords Accountability Risk 65

Anton on Security

APRIL 13, 2023

This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our sixth Threat Horizons Report ( full version ) that we just released ( the official blog for #1 report , my unofficial blogs for #2 , #3 , #4 and #5 ). You can have fun in the cloud!

Cybersecurity 221

Cybersecurity Passwords Accountability Ransomware 221

Security Affairs

APRIL 6, 2022

Ukraine’s technical security and intelligence service warns of threat actors targeting aimed at gaining access to users’ Telegram accounts. State Service of Special Communication and Information Protection (SSSCIP) of Ukraine spotted a new wave of cyber attacks aimed at gaining access to users’ Telegram accounts.

Accountability 98

Accountability Phishing Passwords Hacking 98

Duo's Security Blog

NOVEMBER 1, 2022

In the 2022 Duo Trusted Access Report: Logins in a Dangerous Time , we examine the dramatic shift beyond discussions of password complexity to those where investing in multi-factor authentication (MFA) and passwordless technology are mandatory costs of doing business. Get the full report to explore all of the data.

Authentication 117

Authentication Passwords CISO Accountability 117

SecureList

FEBRUARY 16, 2023

Fake donation sites started popping up after the Ukraine crisis broke out in 2022, pretending to accept money as aid to Ukraine. The pandemic The COVID-19 theme had lost relevance by late 2022 as the pandemic restrictions had been lifted in most countries. “Promotional campaigns by major banks” were a popular bait in 2022.

Phishing 96

Phishing Scams Accountability Energy and Utilities 96

Security Boulevard

OCTOBER 18, 2022

Spending on SaaS services is the largest of all cloud services according to Gartner, accounting for around 37% of the entire market , much larger than the infrastructure as a service (IaaS) and platform as a service (PaaS) markets. The post Grip Security Blog 2022-10-18 17:55:04 appeared first on Security Boulevard.

Risk 52

Risk CISO Architecture Marketing 52

Anton on Security

OCTOBER 12, 2022

This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our fourth Threat Horizons Report ( full version ) that we just released ( the official blog for #1 report , my unofficial blog for #2 , my unofficial blog for #3 ).

Cybersecurity 246

Cybersecurity Malware Accountability Authentication 246

Troy Hunt

MARCH 9, 2023

that was out of a total of more than 166M requests in the same period: Yep, we just hit "five nines" of cache hit ratio on Pwned Passwords being 99.999%. It also means that the 48c per day cost is going to come way down 🙂 Every time the FBI feeds new passwords into the service , the impacted file is purged from cache.

Passwords 339

Passwords Accountability 339

Malwarebytes

MAY 6, 2022

April 2022 was most notable for the emergence of three new ransomware-as-a-service ( RaaS ) groups— Onyx , Mindware , and Black Basta —as well as the unwelcome return of REvil , one of the world’s most notorious and dangerous ransomware operations. Ransomware attacks in April 2022. Known ransomware attacks in April 2022 by country.

Ransomware 86

Ransomware Encryption Accountability Technology 86

Krebs on Security

AUGUST 30, 2022

In mid-June 2022, a flood of SMS phishing messages began targeting employees at commercial staffing firms that provide customer support and outsourcing to thousands of companies. Those who submitted credentials were then prompted to provide the one-time password needed for multi-factor authentication. Image: Cloudflare.com.

Mobile 300

Mobile Phishing Authentication Accountability 300

BH Consulting

AUGUST 31, 2023

Having policies and procedures to secure social media accounts and minimise the potential for incidents can help. So in this blog, I’ll talk about the risks and steps to mitigate them. The organisation had suffered reputational damage after one of the team followed some accounts that didn’t fit with its values. More than 4.7

Media 52

Media Accountability Authentication Passwords 52

Duo's Security Blog

MARCH 24, 2023

Our documentary, “ The Life and Death of Passwords ,” explores with industry experts the history of passwords, why passwords have become less effective over time, and how trust is established in a passwordless future. Tell me a little bit about the problems with passwords and how passwordless solves for them.

Passwords 83

Passwords Authentication Password Management Technology 83

Security Affairs

APRIL 21, 2023

The ABA has 166,000 members as of 2022. ” The investigation launched into the incident revealed that that an unauthorized third party obtained usernames and hashed and salted passwords for members’ online accounts on the ABA website prior to 2018 or the ABA Career Center since 2018.

Data breaches 88

Data breaches Passwords Education Accountability 88

eSecurity Planet

OCTOBER 12, 2022

Microsoft’s October 2022 Patch Tuesday includes security updates that fix well over 80 vulnerabilities in more than 50 different parts of its product range – but the ProxyNotShell flaws in Exchange Server that were reported last month are not on the list. Please see this blog post to apply mitigations for those vulnerabilities.

Passwords 114

Passwords Accountability Internet Internet 114

Webroot

OCTOBER 14, 2022

In other words, 2022 has been an eventful year in the threat landscape, with malware continuing to take center stage. The 6 Nastiest Malware of 2022. 2022 was no different. 2022 was no different. With that, here are the 6 Nastiest Malware of 2022. Here are this year’s wicked winners.

Malware 61

Malware Antivirus DDOS Cyber Insurance 61

SecureList

NOVEMBER 1, 2022

This is our latest installment, focusing on activities that we observed during Q3 2022. We can confirm a Maui ransomware incident in 2022, but we would expand their “first seen” date from the reported May 2021 to April 15, 2021, and the geolocation of the target to Japan and India. The most remarkable findings.

Malware 142

Malware Ransomware Spyware Encryption 142

Security Boulevard

OCTOBER 13, 2022

Campaigns to-date have focused on taking over Facebook Business accounts, both to manipulate pages and to access financial information. This blog will show the attack chain, decipher and explain the stages of execution, and provide technical analysis of the PHP code of Ducktail Infostealer. Targets Facebook Business accounts.

Accountability 98

Accountability Malware Encryption Passwords 98

BH Consulting

NOVEMBER 9, 2022

The state of cybersecurity in 2022: ransomware and threats to data abound. There were 66 zero-day vulnerabilities disclosed during the reporting period between July 2021 and July 2022. Separately, the UK National Cyber Security Centre’s 2022 review is out. million cyber-related frauds in the UK in the year to March 2022.

Social Engineering 52

Social Engineering Ransomware Password Management Engineering 52

Security Boulevard

AUGUST 15, 2022

Security Week reports that Cisco released a security incident notice for a data breach they detected on May 24, 2022, sharing key details about the incident. Once the attackers gained access to the employee’s Cisco account, they were asked to complete multi factor authentication (MFA). .

Cybersecurity 96

Cybersecurity Data breaches Accountability Authentication 96

Security Affairs

APRIL 4, 2023

Cybersecurity and Infrastructure Security Agency (CISA) has added a Zimbra flaw, tracked as CVE-2022-27926 , to its Known Exploited Vulnerabilities Catalog. The CVE-2022-27926 flaw affects Zimbra Collaboration version 9.0.0, which is used to host publicly-facing webmail portals. reads the post published by Proofpoint.

Phishing 90

Phishing Spyware Government Passwords 90

Security Affairs

MAY 27, 2022

This exposure of sensitive credential and network access information, especially privileged user accounts, could lead to subsequent cyber attacks against individual users or affiliated organizations.” In 2017, crooks launched a phishing campaign against universities to compromise.edu accounts. To nominate, please visit:?.

Cybercrime 128

Cybercrime Education Accountability Phishing 128

Security Affairs

APRIL 14, 2023

. “MyBB admin logs show the account of a trusted but currently inactive member of the forum admin team was used to access the web-based MyBB admin console twice: on 16 February and again on 21 February. The account was used to create database backups which were then downloaded and deleted.

Data breaches 91

Data breaches Backups Passwords Accountability 91

BH Consulting

AUGUST 9, 2022

The ongoing campaign has targeted more than 10,000 Office 365 organisations since September 2021, using ‘adversary in the middle’ (AiTM) sites to steal passwords and hijack login sessions. Microsoft’s extensive blog has more details. The new feature will lock accounts for 10 minutes after unsuccessful login attempts.

Cybercrime 52

Cybercrime Accountability Phishing Authentication 52

Krebs on Security

DECEMBER 1, 2022

While modern Microsoft Windows operating systems by default will ask users whether they want to run a downloaded executable file, many systems set up for remote administration by MSPs disable that user account control feature for this particular application. The timing of our advisory and Mr. Pyle’s blog were coincidental.

Phishing 251

Phishing Architecture Passwords Accountability 251

Security Boulevard

APRIL 13, 2023

This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our sixth Threat Horizons Report ( full version ) that we just released ( the official blog for #1 report , my unofficial blogs for #2 , #3 , #4 and #5 ). You can have fun in the cloud!

Cybersecurity 110

Cybersecurity Passwords Accountability Ransomware 110

Krebs on Security

JUNE 1, 2023

Shortly after Russia invaded Ukraine in February 2022, someone leaked several years of internal chat logs from the Conti ransomware gang , and those logs show Megatraffer was working with the group to help code-sign their malware between July and October 2020. user account — this one on Verified[.]ru account on Carder[.]su

Malware 251

Malware Cybercrime Software Antivirus 251

Duo's Security Blog

JUNE 12, 2023

We started with usernames and passwords – something you know. Passwordless is the modern authentication method that does not rely on passwords, eliminating the risks that come with weak, lost, or stolen credentials. The number of authentications using Duo increased 41%." - Duo, The 2022 Duo Trusted Access Report What is WebAuthn?

Authentication 120

Authentication Passwords Password Management Phishing 120

SecureWorld News

DECEMBER 12, 2022

Passkeys are the next step above traditional passwords, offering users a more convenient way to secure their online accounts. In addition to providing increased security and convenience, passkeys also make it easier for users to manage their online accounts. A passkey doesn't leave your mobile device when signing in like this.

Password Management 87

Password Management Passwords Mobile Accountability 87

Malwarebytes

JULY 13, 2022

Fast forward to 2022, and the headache has become a migraine—not just for IT teams but business owners, employees, and customers as well. LockBit was the most widely-distributed ransomware in March, April, and May 2022, and its total of 263 spring attacks was more than double the number of Conti, the variant in second place.

Ransomware 110

Ransomware Manufacturing Government Computers and Electronics 110

Krebs on Security

MARCH 23, 2022

In a blog post published Mar. Our investigation has found a single account had been compromised, granting limited access. “LAPSUS$ currently does not operate a clearnet or darknet leak site or traditional social media accounts—it operates solely via Telegram and email,” Flashpoint wrote in an analysis of the group.

Social Engineering 295

Social Engineering Accountability Mobile Passwords 295

SecureList

AUGUST 15, 2022

IT threat evolution in Q2 2022. IT threat evolution in Q2 2022. IT threat evolution in Q2 2022. Late in March, researchers discovered a critical vulnerability (CVE-2022-22965) in Spring, an open-source framework for the Java platform. You can find more details, including appropriate mitigation steps, in our blog post.

Mobile 84

Mobile Ransomware Malware Encryption 84

eSecurity Planet

JANUARY 10, 2022

A report last week by the New York Attorney General’s Office put a spotlight on the ongoing threat of credential stuffing, a common technique used by cybercriminals that continues to spread and is helping to fuel the push for security practices that don’t involve usernames and passwords. Password Reuse.

Password Management 117

Password Management Passwords Authentication Accountability 117

Digital Shadows

NOVEMBER 10, 2022

Sporting events, like the upcoming FIFA World Cup Qatar 2022 (Qatar 2022 World Cup), attract massive attention from every corner of the world. After triaging said incidents to remove false positives, we collected the true positive incidents to analyze them and better comprehend how attackers were targeting the Qatar 2022 World Cup.

Cyber threats 52

Cyber threats Media Social Engineering Mobile 52

Security Affairs

APRIL 17, 2023

The attack took place in October 2022, threat actors sent phishing emails that contained links to a password-protected file hosted in Drive. The researchers noticed that the most common attack against networks and cloud instances is the account takeover. ” continues the report.

Media 93

Media Accountability Government Malware 93

Duo's Security Blog

MAY 23, 2023

Your passwords are on the internet. Talks of passkeys, passphrases, and even password less all point in one direction: eroding faith in the previously trusty password tucked under your keyboard. These habits highlight the need for more modern password technology and stronger authentication methods.

Authentication 117

Authentication Passwords Data breaches Phishing 117

Security Affairs

APRIL 12, 2023

Once the attacker gained access to BI user’s passwords and depending on the privileges of the BI user, he can perform operations that can completely compromise the application. The complete list of the notes is reported in the latest security bulletin : SAP administrators are urged to apply the available security patches as soon as possible.

Education 81

Education Media Authentication Passwords 81