Duo's Security Blog

JULY 21, 2025

SE Labs security experts subjected Universal ZTNA to a rigorous round of attacks that proved Duo and the other offerings could handle a range of common threat actor tactics. Testing took place in a real network environment, targeting a Microsoft 365 deployment with privileged and non-privileged accounts. their laptop).

52

52

Zero Day

JUNE 20, 2025

And while financial costs may be a factor, individual victims may face targeted phishing campaigns, social engineering schemes, identity theft, and damage to credit. Show more Have I Been Pwned is a search engine that you can use to see if your data has been breached.   Think you've been involved in a data breach?

Passwords 106

Passwords Data breaches Password Management Identity Theft 106

Security Affairs

APRIL 4, 2022

Threat actors gained access to internal tools of the email marketing giant MailChimp to conduct phishing attacks against crypto customers. Trezor WARNING: Elaborate Phishing attack. Trazor also took the phishing domain used by threat actors offline and launched an investigation to determine how many users have been impacted.

Phishing 137

Phishing Data breaches Cryptocurrency Social Engineering 137

Google Security

MAY 11, 2022

Posted by Daniel Margolis, Software Engineer, Google Account Security Team Every year, security technologies improve: browsers get better , encryption becomes ubiquitous on the Web , authentication becomes stronger. But phishing persistently remains a threat (as shown by a recent phishing attack on the U.S.

Phishing 110

Phishing Scams Authentication Accountability 110

Malwarebytes

JANUARY 12, 2022

One may have assumed the first point of entry would be phishing gamers with fake logins and stealing their accounts. This is where additional security measures such as 2FA come in. A fake login site will ask for username and password, but then also ask the victim to enter their 2FA code on the phishing site.

Social Engineering 88

Social Engineering Engineering Accountability Phishing 88

Security Affairs

AUGUST 16, 2023

A phishing campaign employing QR codes targeted a leading energy company in the US, cybersecurity firm Cofense reported. “Beginning in May 2023, Cofense has observed a large phishing campaign utilizing QR codes targeting the Microsoft credentials of users from a wide array of industries.” com (Cloudflare’s Web3 services).

Phishing 98

Phishing Energy and Utilities Insurance Manufacturing 98

Security Boulevard

JULY 10, 2024

Google and Apple look to give users better protections against social engineering attacks like phishing, with Google giving high-risk users access to the APP service with a passkey and Apple educating users about the threats with a detailed support document in the wake of a recent smishing campaign.

Social Engineering 122

Social Engineering Education Phishing Engineering 122

Approachable Cyber Threats

SEPTEMBER 24, 2022

Category News, Social Engineering. All of the attacks were carried out with relatively simple phishing and social engineering techniques. Phishing and poor password practices. The couple claimed that they were able to trick an employee into downloading malware from a phishing email. Risk Level. The common theme?

Social Engineering 105

Social Engineering Authentication Engineering Phishing 105

Hacker Combat

OCTOBER 25, 2021

Google has reported that it disrupted the phishing attacks where threat actors had tried to hijack various YouTube accounts using cookie theft malware. The hijacker’s intent was to use those accounts to promote different crypto-currency scams. . million messages the scammers had sent other potential victims.

Accountability 126

Accountability Malware Scams Antivirus 126

Malwarebytes

SEPTEMBER 7, 2023

Controls for Microsoft employee access to production infrastructure include background checks, dedicated accounts, secure access workstations, and multi-factor authentication using hardware token devices. At some point after this occurred, Storm-0558 compromised a Microsoft engineer’s corporate account.

Authentication 132

Authentication Accountability Government Passwords 132

SecureWorld News

AUGUST 5, 2023

Multi-factor authentication (MFA) is a fundamental component of best practices for account security. It is a universal method employed for both personal and corporate user accounts globally. Take, for instance, Google's account security settings which allow you to download a list of backup codes intended for future use.

Authentication 98

Authentication Social Engineering Passwords Accountability 98

Duo's Security Blog

MAY 21, 2024

In this blog we’ll share best practices for Duo admins to continue reap the benefits of self-service after enrollment while keeping their user accounts secure. Once they do so, they gain persistent access to the account. However, actors may try to circumvent MFA using techniques such as passcode phishing or MFA fatigue attacks.

Authentication 111

Authentication Accountability Risk Account Security 111

Identity IQ

MAY 7, 2021

Social Engineering: Cybercriminals are increasingly using sophisticated social engineering tools to trick people into revealing their login credentials. Research by Verizon has shown that a third of all breaches in the past year involved phishing scams. Malware is a crucial tool used to carry out account takeover attacks.

Accountability 106

Accountability Data breaches Passwords Social Engineering 106

Google Security

FEBRUARY 13, 2023

Posted by Kent Walker, President, Global Affairs & Chief Legal Officer, Google & Alphabet and Royal Hansen, Vice President of Engineering for Privacy, Safety, and Security Should companies be responsible for cyberattacks? government thinks so – and frankly, we agree.

Government 92

Government Architecture Technology Software 92

Krebs on Security

NOVEMBER 6, 2018

Samy said a big challenge for mobile stores is balancing customer service with account security. “Ultimately, these attacks rely on the human element and the ability of an employee to override whatever security is in place.” Someone needs to light a fire under some folks to get these protections put in place.”

Mobile 277

Mobile Cryptocurrency Accountability Passwords 277

Duo's Security Blog

NOVEMBER 23, 2020

How do you protect your users from phishing attacks? Duo’s modern access security protects your users and applications by using a second source of validation. FEITIAN, a Duo Technology Partner, is well known for creating tokens and security keys that support authentication protocols OTP , FIDO U2F , and WebAuthn or FIDO2.

Authentication 76

Authentication Technology Passwords Education 76

Identity IQ

JULY 3, 2023

Receiving notifications or text messages for failed login attempts that you didn’t initiate could mean someone is trying to gain unauthorized access to your account. Unauthorized changes to account settings Another red flag that indicates account misuse is finding that your account settings have been changed without your knowledge.

Accountability 52

Accountability Identity Theft Passwords Social Engineering 52

Security Boulevard

JANUARY 2, 2024

The post Google Whistles While OAuth Burns — ‘MultiLogin’ 0-Day is 70+ Days Old appeared first on Security Boulevard. What a Mickey Mouse operation: Infostealer scrotes having a field day with unpatched vulnerability.

Social Engineering 137

Social Engineering Accountability Account Security Data privacy 137

Approachable Cyber Threats

MARCH 24, 2023

This not only enables them to perform more effective social engineering, spear phishing, or other targeted attacks against you, but also those around you whose information they have also gleaned from your public profile. Be vigilant about unsolicited messages, emails, or links that prompt you to log in to your social media accounts.

Media 52

Media Accountability Passwords Password Management 52

Approachable Cyber Threats

MARCH 24, 2023

This not only enables them to perform more effective social engineering, spear phishing, or other targeted attacks against you, but also those around you whose information they have also gleaned from your public profile. Be vigilant about unsolicited messages, emails, or links that prompt you to log in to your social media accounts.

Media 52

Media Accountability Passwords Password Management 52

Malwarebytes

MAY 14, 2021

But the moment someone calls through with one single account compromise, the customer service rep has no idea what they’re walking into. It could be a fairly straightforward phish. Did the attacker bypass text-based 2FA by social engineering the mobile provider? Perhaps the victim fell for bogus loot crates via a YouTube video.

Accountability 87

Accountability Authentication Passwords Social Engineering 87

SecureWorld News

JULY 31, 2020

Even the title of SecureWorld's first story about the incident had questions: "Famous Twitter Accounts Hacked: Insider Threat or Social Engineering Attack?". And even more recently, the Twitter account of a dead hacker was used to theorize how the attack took place. Spear phishing: what security experts are saying.

Phishing 98

Phishing Cyber Attacks Social Engineering Accountability 98

The Last Watchdog

JULY 20, 2020

Given the scope of the hack, it is unlikely the accounts were compromised via typical credentials phishing. Not only some of the most visible accounts got hacked but the hack may have permanently damaged trustworthiness of social media. Kumar Jack Dorsey confirmed that social engineering was used to compromise employees.

Accountability 259

Accountability Hacking Social Engineering Media 259

Troy Hunt

NOVEMBER 14, 2018

Passwords suffer from all the problems you're probably already aware of: they're often weak, they're regularly reused and they're also readily obtainable through attacks such as social engineering (phishing, smishing , vishing , etc.) I assumed it was then either a case of someone phishing the TOTP sent via SMS or.

Passwords 279

Passwords Authentication Accountability Mobile 279

Adam Levin

AUGUST 4, 2020

An official statement from Twitter confirmed the method of attack, announcing that a “small” number of employees had been duped by a social engineering campaign that provided hackers with unfettered access to several high-profile Twitter accounts, including those belonging to Elon Musk, Bill Gates, Joe Biden, and Barack Obama. .

Hacking 194

Hacking Social Engineering Accountability Phishing 194

SecureWorld News

JUNE 5, 2020

And according to Shane Huntley , Head of TAG, the team recently uncovered some vital security intel regarding the 2020 U.S. saw China APT group targeting Biden campaign staff & Iran APT targeting Trump campaign staff with phishing. security.". Microsoft has been increasing its Outlook security controls, as well.

Phishing 77

Phishing Telecommunications Government Hacking 77

SecureList

OCTOBER 31, 2024

Such sites can mimic reputable organizations – from social networks to banks – to extract credentials from victims (classic phishing), or they can pretend to be stores of famous brands offering super discounts on products (which mysteriously never get delivered). Among other tools, attackers use LLMs to generate content for fake websites.

Cryptocurrency 112

Cryptocurrency Scams Phishing Technology 112