Duo's Security Blog

JUNE 8, 2023

Some of it is positive, but the general consensus is that people don’t love multi-factor authentication (MFA); they see it as a necessary evil at best. That’s why I’m so excited to announce our vision to streamline Duo’s authentication workflows, a feature that will deliver seamless, secure login experiences.

Authentication 140

Authentication VPN System Administration Engineering 140

Malwarebytes

OCTOBER 6, 2023

Recently, Amazon announced that it will require all privileged Amazon Web Services (AWS) accounts to use multi-factor authentication (MFA) , starting in mid-2024. Our regular readers will know that we feel that passwords alone are not adequate protection , especially not for your important accounts. Get a free trial below.

Authentication 124

Authentication Passwords Social Engineering Accountability 124

Krebs on Security

FEBRUARY 4, 2021

Facebook, Instagram , TikTok , and Twitter this week all took steps to crack down on users involved in trafficking hijacked user accounts across their platforms. Facebook said it targeted a number of accounts tied to key sellers on OGUsers, as well as those who advertise the ability to broker stolen account sales. THE MIDDLEMEN.

Accountability 302

Accountability Hacking Media Mobile 302

Schneier on Security

DECEMBER 14, 2018

Attackers are targeting two-factor authentication systems: Attackers working on behalf of the Iranian government collected detailed information on targets and used that knowledge to write spear-phishing emails that were tailored to the targets' level of operational security, researchers with security firm Certfa Lab said in a blog post.

Authentication 205

Authentication Passwords Phishing Government 205

The Last Watchdog

DECEMBER 6, 2021

This traditional authentication method is challenging to get rid of, mostly because it’s so common. Every new account you sign up for, application you download, or device you purchase requires a password. And for businesses, transitioning to new authentication solutions can be expensive and time-consuming.

Authentication 251

Authentication Passwords Mobile Phishing 251

Malwarebytes

SEPTEMBER 1, 2023

Not long ago I wrote about a recent campaign to hold LinkedIn users' accounts to ransom. Since he doesn’t use the LinkedIn app on his mobile he checked his account on his laptop first thing in the morning. A reset of the account’s password worked, but failed to remove the unwanted active session.

Accountability 130

Accountability Passwords Mobile Authentication 130

Malwarebytes

FEBRUARY 20, 2023

From March 19, users of Twitter won’t be able to use SMS-based two-factor authentication (2FA) unless they have a subscription to the paid Twitter Blue service. You can still use the authentication app and security key methods. To avoid losing access to Twitter, remove text message two-factor authentication by Mar 19, 2023.

Authentication 93

Authentication Phishing Mobile Accountability 93

Security Boulevard

DECEMBER 5, 2023

In an increasingly digital age, the basic username-password combination is no longer sufficient to safeguard online accounts. Two words, one huge security difference: Multi-Factor Authentication (MFA).

Authentication 59

Authentication Passwords Accountability 59

Heimadal Security

OCTOBER 10, 2022

On Friday, a Twitter account going by the handle “freak” shared links to what they claimed to be the UEFI firmware source code for Intel Alder Lake, which they claim was made available by 4chan. Intel confirms the source code leak for the UEFI BIOS is authentic. Alder Lake is the name of the company’s […].

Authentication 87

Authentication Firmware Accountability Cybersecurity 87

Heimadal Security

NOVEMBER 15, 2022

BleepingComputer revealed that readers of their website also reported that Kerberos breaks in situations where they’ve set the “This account supports Kerberos AES 256-bit encryption” or “This account supports Kerberos […].

Authentication 89

Authentication Encryption Accountability Cybersecurity 89

Security Affairs

AUGUST 9, 2023

Cloud account takeover scheme utilizing EvilProxy hit over 100 top-level executives of global organizations EvilProxy was observed sending 120,000 phishing emails to over a hundred organizations to steal Microsoft 365 accounts. Proofpoint noticed a worrisome surge of successful cloud account compromises in the past five months.

Accountability 88

Accountability Phishing Authentication Architecture 88

Malwarebytes

AUGUST 4, 2023

In the phishing attacks the group leverages previously compromised Microsoft 365 instances, mostly owned by small businesses, to create new domains that look like technical support accounts. Once the target has done this, the attacker can use the gained access to further compromise the account.

Authentication 89

Authentication Phishing Small Business Accountability 89

Heimadal Security

MAY 4, 2022

As evidenced by multiple ongoing operations carried out by cybercriminals, phishing emails are increasingly targeting verified Twitter accounts with emails intended to collect their login information. On Twitter, a blue tick next to a user’s name indicates that the account has been verified. The post Watch Out!

Accountability 95

Accountability Phishing Authentication Cybersecurity 95

eSecurity Planet

MAY 4, 2023

In a major move forward for passwordless authentication, Google is introducing passkeys across Google Accounts on all major platforms. Passkeys can be created within Google accounts at g.co/passkeys. Still, passkeys do allow anyone with physical access to your unlocked device to access your account.

Authentication 86

Authentication Passwords Accountability Phishing 86

Cisco Security

MARCH 15, 2022

Guidance is provided in the Recommendations and Best Practices section of this blog. According to the FBI’s bulletin, cyber actors were able to obtain access to primary credentials for users with Duo accounts that did not have an enrolled multi-factor authentication (MFA) device.

Authentication 118

Authentication Passwords Accountability Government 118

Heimadal Security

MAY 5, 2022

For about six months, more than 100 National Health Service (NHS) employees in the United Kingdom had their email accounts used in various phishing attacks, some of which intended to steal Microsoft logins.

Accountability 101

Accountability Phishing Authentication Hacking 101

Graham Cluley

JULY 27, 2021

Twitter has revealed that the vast majority of its users have ignored advice to protect their accounts with two-factor authentication (2FA) - one of the simplest ways to harden account security. Read more in my article on the Hot for Security blog.

Authentication 98

Authentication Account Security Accountability Phishing 98

SecureWorld News

MARCH 10, 2021

GitHub announced a security update due to a bug causing issues with the authentication of sessions. On March 2, GitHub received an external report of anomalous behavior for their authenticated GitHub.com user session. This would give them the valid and authenticated session cookie for another user. How did GitHub fix the issue?

Authentication 81

Authentication CSO Accountability Engineering 81

Heimadal Security

DECEMBER 6, 2021

On Twitter, verified accounts are those that have a blue badge with a checkmark. These accounts often represent well-known influencers, celebrities, politicians, journalists, activists, as well as government and commercial entities. The blue verified badge on Twitter lets people know that an account of public interest is authentic.

Accountability 96

Accountability Phishing Authentication Government 96

Duo's Security Blog

APRIL 10, 2024

Enrolling users to use multi-factor authentication (MFA) is an essential security step for any organization. In this blog we’ll discuss enrollment options and best security practices for Duo admins, whether they are rolling out MFA for the first time or maintaining enrollment for their users.

Authentication 141

Authentication Accountability Risk Government 141

Adam Levin

JANUARY 18, 2019

Hunt transferred the compromised emails and passwords to the website haveibeenpwned.com , where users can check to see if their account data was compromised. Please don’t do that,” said security expert Brian Krebs on his blog. Don’t re-use the same passwords on multiple accounts.

Accountability 198

Accountability Passwords Data breaches Data collection 198

Security Affairs

APRIL 11, 2023

A flaw in Microsoft Azure could be exploited by attackers to gain access to storage accounts, perform lateral movements, and even execute remote code. Researchers from the security firm Orca demonstrated how to abuse Microsoft Azure Shared Key authorization to gain full access to storage accounts and potentially critical business assets.

Accountability 91

Accountability Education Media Authentication 91

Heimadal Security

OCTOBER 12, 2021

To do this, users would need to establish an SSH keypair and add the public key to their accounts’ SSH key settings. The post GitHub Revokes Duplicate SSH Authentication Keys appeared first on Heimdal Security Blog. You may use the key with a Git client to automatically log in to GitHub without […].

Authentication 72

Authentication Passwords Accountability Cybersecurity 72

Duo's Security Blog

JANUARY 18, 2023

Multi-Factor Authentication (MFA) is a security tool used by various organizations to protect user credentials, or the username and password. As a first step, organizations need to modernize their authentication, moving away from RADIUS or LDAP protocols and moving towards SAML. What can organizations do?

Authentication 99

Authentication Phishing Threat Detection Mobile 99

Heimadal Security

JUNE 30, 2022

YouTube content creators are the target of a new data-stealing malware called YTStealer, which aims to snatch their authentication tokens and take over their channels. The post YouTube Creators Have Their Accounts Stolen by the New YTStealer Malware appeared first on Heimdal Security Blog.

Accountability 89

Accountability Malware Authentication Cybersecurity 89

Heimadal Security

JULY 2, 2021

Twitter announced in March that they will change the way users login into their Twitter account, by simplifying the 2FA Method. Now, an update from this week says that you can authenticate using the security keys as the only 2FA method, as the phone number or other factors are not required anymore. What Is the […].

Authentication 74

Authentication Accountability Account Security Cybersecurity 74

Krebs on Security

MARCH 13, 2019

[ NASDAQ: SZMK ] says it is investigating a security incident in which a hacker was reselling access to a user account with the ability to modify ads and analytics for a number of big-name advertisers. He acknowledged that the purloined account had the ability to add or modify the advertising creatives that get run on customer ad campaigns.

Accountability 214

Accountability Passwords Advertising Penetration Testing 214

eSecurity Planet

SEPTEMBER 30, 2021

Underground services are cropping up that are designed to enable bad actors to intercept one-time passwords (OTPs), which are widely used in two-factor authentication programs whose purpose is to better protect customers’ online accounts. By using the services, cybercriminals can gain access to victims’ accounts to steal money.

Authentication 107

Authentication Social Engineering Phishing Banking 107

Duo's Security Blog

APRIL 8, 2024

It is a well-known and established point that a password alone is not enough to secure an account. That’s where multi-factor authentication (MFA) comes in. But what if an attacker can just send that authentication request to their own personal phone? This type of attack is known as Account Manipulation: Device Registration.

Authentication 139

Authentication Accountability Risk Phishing 139

BH Consulting

AUGUST 31, 2023

Having policies and procedures to secure social media accounts and minimise the potential for incidents can help. So in this blog, I’ll talk about the risks and steps to mitigate them. The organisation had suffered reputational damage after one of the team followed some accounts that didn’t fit with its values. More than 4.7

Media 52

Media Accountability Authentication Passwords 52

SC Magazine

APRIL 27, 2021

Mandiant Tuesday posted a blog detailing a new attack strategy against Microsoft’s Active Directory Federation Services (AD FS). But the same campaign relied on takeovers of AD FS servers to overtake Microsoft 365 accounts for espionage purposes. Photo by Drew Angerer/Getty Images).

Authentication 105

Authentication Accountability Media Government 105

Heimadal Security

OCTOBER 6, 2021

The 2FA technique, often known as two-factor authentication, is essentially a two-step verification, as the name suggests. Users log in using two authentication factors: one can be a password or a passcode, while the other can be a biometric factor (such as a facial scan or fingerprints) or a security token.

Accountability 75

Accountability Authentication Passwords Cybersecurity 75

Security Boulevard

SEPTEMBER 13, 2022

“When it comes to security, Two-Factor Authentication proves to be a treasury full of gold.” Multi-factor authentication (MFA) […]. The post Beef up your Cyber Protection with Multi Factor Authentication appeared first on Kratikal Blogs.

Authentication 52

Authentication Cybercrime Ransomware Accountability 52

Malwarebytes

NOVEMBER 1, 2022

LinkedIn knows it has a problem with bots and fake accounts, and has acknowledged this on more than one occasion. In 2018, LinkedIn rolled out a way to automatically detect fake accounts. Accounts with positive detections will be removed before they can be used to reach out to members. What's new?

Accountability 89

Accountability Cryptocurrency Education Technology 89

Heimadal Security

MAY 31, 2021

In order to confirm authentic email addresses that can be utilized in future phishing and spam operations, fraudsters are now employing false unsubscribe spam emails. Unsubscribe Spam Emails Used by Spammers to Confirm Legitimate Email Accounts appeared first on Heimdal Security Blog. The post Scam Alert!

Scams 94

Scams Accountability Phishing Authentication 94

Security Boulevard

MAY 22, 2023

Fortify The Identity Perimeter ‍The explosion of SaaS adoption has led to unprecedented identity sprawl with some employees creating hundreds of SaaS accounts over the time. Most of these accounts are created with just an email and password, and this has now become the new perimeter for the modern enterprise.

Risk 59

Risk Accountability Authentication Passwords 59

Identity IQ

JULY 3, 2023

How to Detect and Respond to Account Misuse IdentityIQ As digital connectivity continues to grow, safeguarding your online accounts from misuse is becoming increasingly crucial. Account misuse can result in alarming repercussions, including privacy breaches, financial losses, and identity theft.

Accountability 52

Accountability Identity Theft Passwords Social Engineering 52