Security Boulevard

FEBRUARY 5, 2024

This essential CSO guide outlines the robust account monitoring, access notifications, multi-factor authentication, deception technology, and user controls crucial for implementing unmatched account security across your organization.

Account Security 58

Account Security Accountability CSO Authentication 58

CSO Magazine

AUGUST 24, 2022

and hackers have developed ways to bypass multi-factor authentication (MFA) on cloud productivity services like Microsoft 365 (formerly Office 365). According to the researchers, the campaign they analyzed is widespread and targets large transactions of up to several million dollars each. To read this article in full, please click here

Authentication 84

Authentication Accountability Phishing 84

The Last Watchdog

MAY 5, 2022

Enable multi-factor authentication (MFA) to access your applications and services, especially for admin access to platforms and backend systems. From there, it’s possible to find devices with privileged accounts and take the attack further. •Back up your data and secure your backups in an offline location. Food for thought, eh!

Ransomware 247

Ransomware Risk Internet Internet 247

Duo's Security Blog

NOVEMBER 20, 2023

“It took nearly 11 months (328 days) to identity and contain data breaches resulting from stolen or compromised credentials.” – IBM’s Cost of Data Breach Report 2023 I recently came across a 2012 article from CSO Online , and realized that it has been more than 11 years since the phrase “Identity is the new perimeter” was coined!

Threat Detection 138

Threat Detection Authentication Accountability Data breaches 138

CSO Magazine

JULY 26, 2022

Helsinki-based cybersecurity vendor WithSecure (formerly F-Secure Business) says it has discovered an operation, dubbed “DUCKTAIL,” that uses social media-based spear phishing attacks to gain access to Facebook Business accounts. Previous attacks targeting Facebook did not target Facebook Business accounts in particular.

Accountability 80

Accountability Malware Media Phishing 80

CSO Magazine

APRIL 7, 2021

If the KRBTGT account password hash is stolen or broken with an attack, the attackers can then grant themselves full access to your network with the necessary authentication. When an attacker wiggles into a network, they can use the golden ticket attack sequence. To read this article in full, please click here (Insider Story)

Passwords 90

Passwords Accountability Authentication 90

CSO Magazine

NOVEMBER 28, 2022

Customer identity and access management (CIAM), a subset of identity access management (IAM), is used to manage authentication and authorization of account creation and login process for public facing applications. Marketers want to collect data about customers and their devices.

CSO 80

CSO Data collection Marketing Accountability 80

SC Magazine

JUNE 18, 2021

In a notice released to its customers, Wegmans said the type of customer information included names, addresses, phone numbers, birth dates, Shoppers Club numbers, and email addresses and passwords for access to Wegmans.com accounts. Tracy said companies really need to understand the shared security model of the cloud providers.

CSO 107

CSO Passwords Authentication Accountability 107

CSO Magazine

JULY 18, 2022

Stytch, a company founded to spread the adoption of passwordless authentication, has announced what it's calling a modern upgrade to passwords. The cloud-based solution addresses four common problems with passwords that create security risks and account friction. Account de-duplicating. Password reuse. Better reset.

Passwords 119

Passwords Authentication Accountability Risk 119

CSO Magazine

SEPTEMBER 29, 2021

Two-factor authentication (2FA) has been widely adopted by online services over the past several years and turning it on is probably the best thing users can do for their online account security.

Cybercrime 136

Cybercrime Authentication Passwords Accountability 136

CSO Magazine

AUGUST 4, 2021

There is considerable interest in going passwordless and adopting biometric authentication for application access. IT decision makers expressed concerns around the security of passwordless methods, especially in comparison with multifactor authentication (MFA). 79% plan to implement such a solution within the next two years.

Authentication 136

Authentication Accountability 136

CSO Magazine

OCTOBER 6, 2022

These include a new Dark Web Insights tool that provides a breakdown of compromised passwords, a standalone authenticator app for enabling account multi-factor authentication (MFA), and a low-cost starter plan for small businesses. Password manager vendor Dashlane has announced updates to its suite of enterprise offerings.

Authentication 75

Authentication Small Business Password Management Passwords 75

The Last Watchdog

MARCH 25, 2019

If I go to a CSO and say, ‘We can secure your APIs,’ he’ll say, ‘Great, can you also find them for me?’ ” observed Dwivedi, Data Theorem’s founder. Instead, what it did was allow anyone with a usps.com account to modify a wildcard search without authentication permissions. And that’s just one phone. Velocity without security.

Digital transformation 154

Digital transformation Software Data breaches Authentication 154

CSO Magazine

JUNE 3, 2021

Multi-factor authentication (MFA) continues to embody both the best and worst of business IT security practice. of compromised accounts did not use MFA at all and only 11% of enterprise accounts are protected by some MFA method. Indeed, according to a survey conducted by Microsoft last year, 99.9%

Hacking 122

Hacking Accountability Authentication 122

CSO Magazine

JUNE 23, 2021

With the recent Colonial Pipeline attack , the initial infection point was reportedly an old, unused, but still open VPN account. The VPN account did not have two-factor authentication ( 2FA ) enabled, allowing the attacker to merely log in. To read this article in full, please click here (Insider Story)

VPN 117

VPN Accountability Phishing Authentication 117

Malwarebytes

APRIL 28, 2022

This happened because they provided information in response to emergency data requests from legitimate law enforcement accounts that hackers had compromised. Third, victims can’t protect themselves from such attacks unless they completely delete their accounts. This tactic has become prevalent in recent months.

CSO 100

CSO Accountability Authentication Cybersecurity 100

Security Boulevard

MAY 2, 2025

Specifically, CISA and USCG assessors had the most success gaining initial access, attaining network permanence, evading defenses and moving laterally by using valid accounts, phishing schemes and default credentials all simple attack methods. Enforce multi-factor authentication across all software development environments.

Cybersecurity 52

Cybersecurity Software Cyber Risk Risk 52

CSO Magazine

JULY 12, 2022

Security researchers from Microsoft have uncovered a large-scale phishing campaign that uses HTTPS proxying techniques to hijack Office 365 accounts. The attack is capable of bypassing multi-factor authentication (MFA) and has targeted over 10,000 organizations since September 2021.

Phishing 98

Phishing Accountability Authentication Internet 98

CSO Magazine

MARCH 9, 2023

GitHub has begun its official rollout of two-factor authentication (2FA) for developers who contribute code to the platform to enhance the security of accounts and the software supply chain. GitHub is allowing users to choose their preferred 2FA method – SMS, TOTP, security keys, or GitHub mobile.

Mobile 104

Mobile Software Authentication Accountability 104

CSO Magazine

MAY 11, 2022

The application monitors login requests in real-time to block malicious attempts and add authentication steps for anomalous behavior, while streamlining access for authorized users. "We

Authentication 106

Authentication Accountability Risk 106

CSO Magazine

DECEMBER 7, 2022

Apple also announced hardware Security Keys for Apple ID, giving users the choice to require two-factor authentication to sign into their Apple ID account. Hardware security keys use devices, such as USB thumb drives or near-field communication (NFC) dongles, to enable access to a service or application.)

Backups 103

Backups Encryption Authentication Accountability 103

SC Magazine

MARCH 10, 2021

Kottmann also reportedly even posted some of the videos on Twitter, which later deleted the hacker’s account and their offending tweets. Thought leaders advise reducing or eliminating the use of these skeleton key-like accounts. Or another video in which Massachusetts police officers were questioning a handcuffed man in custody.

Surveillance 129

Surveillance IoT Accountability Hacking 129

The Security Ledger

FEBRUARY 19, 2019

And, in our second segment, Sam Bisbee the CSO of the firm ThreatStack joins us to talk about last month's hack of the PEAR open source package manager and why data deserialization attacks are a growing threat to projects that use open source components. They risk undermining a range of voice and image based authentication technologies.

Authentication 40

Authentication CSO Artificial Intelligence Social Engineering 40

eSecurity Planet

JANUARY 29, 2024

“The most significant risk for enterprises isn’t the speed at which they are applying critical patches; it comes from not applying the patches on every asset,” noted Brian Contos, CSO of Sevco Security. As of January 24th, Shadowserver researchers still detected 5,300 older and internet-exposed GitLab accounts.

Software 113

Software Authentication CSO Accountability 113

eSecurity Planet

SEPTEMBER 9, 2024

Companies should improve security by deploying endpoint detection and response (EDR), limiting remote access, and utilizing multi-factor authentication. Sevco’s CSO Brian Contos states, “6% of all IT assets have reached EOL, and known but unpatched vulnerabilities are a favorite target for attackers.” 13o or 6.5.4.15-116n

Firmware 109

Firmware Backups Firewall Risk 109

Security Through Education

OCTOBER 27, 2021

It speaks to reason that, to #BeCyberSmart at home, we’d need to account for this increase in connectivity by applying basic security practices to all connected devices. Typically, corporate networks are equipped with firewalls, a Chief Security Officer (CSO), and a whole cybersecurity department to keep them safe.

Cybersecurity 137

Cybersecurity Social Engineering Firewall Engineering 137

eSecurity Planet

OCTOBER 18, 2021

Machine identities now outnumber humans in enterprises, according to Nathanael Coffing, co-founder and CSO of Cloudentity. This key system ensures that only authenticated, authorized devices can access any given data packet. That way, businesses can account for the fact that a device can be trustworthy in one situation but not another.

IoT 120

IoT Risk Architecture CSO 120

CSO Magazine

MAY 31, 2023

Authentication is a main theater for this tension, directly impacting the onboarding and login experience. As end users, we are familiar with the experience of logging into an application using an account from a third party: for example, logging into Twitter using your Google account. This is one form of FIM.

Accountability 79

Accountability Authentication 79

CSO Magazine

SEPTEMBER 19, 2022

Every day, I would get a handful of two-factor authentication (2FA) text messages from Google, Microsoft, WordPress, etc., Here's what it is, what it's good for, and, how, far too often, it can be broken leaving your accounts wide open to attack. I use a lot of online services on a lot of different PCs and smartphones. What is 2FA?

Passwords 75

Passwords Authentication Accountability 75

CSO Magazine

MAY 4, 2022

GitHub has announced its largest-ever push toward two-factor authentication (2FA). The world’s leading development platform said it will require all code-contributing users to enroll in 2FA by the end of 2023 to enhance the security of developer accounts and bolster security within the software supply chain.

Authentication 74

Authentication Software Accountability Risk 74

CSO Magazine

APRIL 18, 2023

Threat actors are getting more adept at exploiting common, everyday issues in the cloud, including misconfigurations, weak credentials, lack of authentication, unpatched vulnerabilities, and malicious open-source software (OSS) packages.

Risk 81

Risk Threat Reports Authentication Accountability 81

CSO Magazine

NOVEMBER 23, 2022

Hopefully that was not the last time I suggested you change it, back in April of 2021, when I urged you to do a regular reset of the KRBTGT account password. If you’ve followed my advice, you are already one step ahead of the side effects caused by the November updates that introduced Kerberos changes.

Passwords 73

Passwords Authentication Accountability 73

CSO Magazine

MARCH 22, 2023

According to the CyberArk 2022 Identity Security Threat Landscape Report , the average staff member accesses more than 30 applications and accounts, requiring them to remember and manage countless passwords and repeatedly authenticate themselves to systems and applications.

Cloud Migration 78

Cloud Migration Digital transformation Authentication Passwords 78

Security Boulevard

NOVEMBER 24, 2022

Hopefully that was not the last time I suggested you change it, back in April of 2021, when I urged you to do a regular reset of the KRBTGT account password. Leer más CSO Online. Hopefully that was not the last time I suggested you change it, back in April of 2021, when I urged you to do a regular reset of the KRBTGT account password.

Passwords 40

Passwords CSO Authentication Accountability 40

Security Boulevard

NOVEMBER 25, 2024

Multi-factor authentication (MFA) MFA is the first principle on CISA’s pledge. The Tenable One Exposure Management Platform supports SMS for MFA and also allows customers to bring their own authenticator app. To mitigate the risk posed by default passwords, they should be replaced with more secure authentication mechanisms.

Passwords 52

Passwords Software CSO Manufacturing 52

Security Boulevard

NOVEMBER 8, 2024

Unraveling the True Security Risks ” (SecurityWeek) “ How deepfakes threaten biometric security controls ” (TechTarget) “ Deepfakes break through as business threat ” (CSO) 3 - Fake update variants dominate list of top malware in Q3 Hackers are doubling down on fake software-update attacks.

Phishing 49

Phishing Cybersecurity Ransomware Cybercrime 49

eSecurity Planet

DECEMBER 3, 2021

Here are the top Twitter accounts to follow for the latest commentary, research, and much-needed humor in the ever-evolving information security space. Lots of accounts including Bezos, Elon Musk, Joe Biden, Barack Obama, Bill Gates, Mr Beast, and a ton more getting hacked for a bitcoin scheme. Carey (@marcusjcarey) January 29, 2019.

Accountability 139

Accountability Cybersecurity Penetration Testing InfoSec 139