Accountability, eBook and Social Engineering

Phishing-Resistant MFA: Why FIDO is Essential

Thales Cloud Protection & Licensing

MAY 7, 2025

Todays threat actors use AI to craft compelling phishing campaigns and advanced social engineering tactics to slip past MFA, resulting in credential theft and account takeovers. Phishing-resistant MFA ensures that even if a bad actor deceives a user, they cannot get their hands on reusable credentials or compromise accounts.

Phishing

Phishing Authentication Passwords Social Engineering

Randall Munroe’s XKCD ‘Good Science’

Security Boulevard

JUNE 18, 2025

Podcast TechstrongTV - Twitch Library Related Sites Techstrong Group Cloud Native Now DevOps.com Security Boulevard Techstrong Research Techstrong TV Techstrong.tv Moves to Collect $7.74 Million Tied to N. Podcast DevOps Chat DevOps Dozen DevOps TV Copyright © 2025 Techstrong Group Inc.

Social Engineering

Social Engineering Data privacy Security Awareness Mobile

Retail and Hospitality Trending Holiday Cyber Threats

Duo's Security Blog

DECEMBER 12, 2022

And in our ebook, Retail Cybersecurity: The Journey to Zero Trust , we share ways that Duo can help retailers improve their security posture. Get started by downloading our ebook, Retail Cybersecurity: The Journey to Zero Trust , today. In this post, we break down some of the threats facing retail security teams.

Retail

Retail Cyber threats Social Engineering Data breaches

Intro to Phishing: How Dangerous Is Phishing in 2023?

Duo's Security Blog

APRIL 20, 2023

Accounting for nearly a quarter of reported incidents in Australia, phishing is a broad category of social engineering with several variations. These social engineering techniques tricked employees into revealing their login credentials, which allowed attackers to access additional systems and data.

Phishing

Phishing Social Engineering Authentication Engineering

Watching the Watchmen: Securing Identity Administrators

Duo's Security Blog

SEPTEMBER 19, 2024

To be clear, all administrator accounts — regardless of use case — represent accounts with elevated levels of power and access and should be a focus of heightened security controls. Identity administrator accounts have elevated permissions to deploy, configure, and modify relevant identity systems.

Accountability

Accountability Risk Authentication Social Engineering

Why Cybersecurity Strategy Must Start With Identity

Duo's Security Blog

NOVEMBER 15, 2024

Managing these diverse sets of users with multiple accounts can be challenging, especially if multiple identity stores and identity providers are involved. This is a larger ask than may seem apparent — identity infrastructure has many components and the relationships between accounts and access is often hard to parse.

Threat Detection

Threat Detection Cybersecurity Authentication Digital transformation

Identity-Based Breaches: Navigating the Aftermath

Duo's Security Blog

OCTOBER 8, 2024

Here are some best practices to put in place after an identity breach occurs: Short-term best practices Identify and Remediate Affected Accounts: Conduct a thorough investigation to identify all compromised accounts. Reset and Secure Accounts: Force a password reset for all affected accounts and consider strengthening MFA requirements.

Accountability

Accountability Passwords Social Engineering Education

Abusing Entra ID Misconfigurations to Bypass MFA

NetSpi Technical

NOVEMBER 2, 2023

The application with the misconfiguration is “My Profile” which utilizes “My Account”, “My Apps”, and “My Signins” for additional functionality within the “My Profile” portal. Find more stories like these in our Azure Pentesting eBook.

Authentication

Authentication Accountability Social Engineering Penetration Testing

Hacker Personas Explained: Know Your Enemy and Protect Your Business

Webroot

FEBRUARY 11, 2021

As we mentioned in a previous blog , hackers come in many forms, but their methods can generally be classified into three distinct types of cybercriminals: The Impersonator – Hackers that pretend to be others, often using social engineering and human psychology to trick users. Let’s look at a few primary examples.

Scams

Scams Phishing Firewall Social Engineering

How to Stop Phishing Attacks with Protective DNS

Security Boulevard

OCTOBER 2, 2023

Phishing attackers are increasingly using social engineering techniques to personalize their attacks and target specific individuals or organizations. For example, attackers may research their victims on social media or other online sources to gather personal information that can be used to make their phishing emails more believable.

DNS

DNS Phishing Social Engineering Engineering

Phishing-Resistant MFA: Why FIDO is Essential

Security Boulevard

MAY 7, 2025

Todays threat actors use AI to craft compelling phishing campaigns and advanced social engineering tactics to slip past MFA, resulting in credential theft and account takeovers. Phishing-resistant MFA ensures that even if a bad actor deceives a user, they cannot get their hands on reusable credentials or compromise accounts.

Phishing

Phishing Authentication Passwords Social Engineering

To Achieve Zero Trust Security, Trust The Human Element

Thales Cloud Protection & Licensing

MAY 6, 2021

Jenny Radcliffe, People Hacker & Social Engineer. From a social engineering perspective, Zero Trust is a good mindset to have, mostly because it avoids the “guard the perimeter”, the "castle and moat" idea of security. A malicious social engineer might gain access to a system through compromising an insider.

Social Engineering

Social Engineering Authentication Passwords Technology

Machine Identities, Human Identities, and the Risks They Pose

Security Boulevard

MAY 10, 2022

Of those employees who opened a phishing message, more than half (53%) were likely to click on an embedded link, while 23% were prone to enter their account credentials on a fake login site. They can do that by leveraging security awareness training to augment their familiarity with phishing attacks and other social engineering techniques.

Risk

Risk Phishing Digital transformation Security Awareness

Lifting Each Other Up: A Celebration of Women in Cybersecurity and Their Advocates – Part 1

Cisco Security

MARCH 4, 2021

Without knowing much about me, she was very responsive and shared trust, insights, and tips in the right direction with me that contributed to my success and towards winning the social engineering capture-the-flag contest at DEF CON. Read Cisco’s eBook, Lifting Each Other Up: A Celebration of Women in Cybersecurity and Their Advocates.

Cybersecurity

Cybersecurity Engineering Technology Education

Zero Trust Is a Journey and Businesses Have Many Rivers to Cross

Thales Cloud Protection & Licensing

MARCH 31, 2021

Jenny Radcliffe, People Hacker & Social Engineer. Although this VPN infrastructure is efficient and current on its platform and software revision, it’s still a traditional security model and does not account for proper efficiency for cloud apps. One of the challenges of a Zero Trust program is people resistance to change.

Digital transformation

Digital transformation VPN Technology Architecture

News Alert: Survey shows vast majority of IT pros consider ‘passwordless’ access a top priority

The Last Watchdog

JUNE 21, 2023

The top-five data points from the survey include: •92% of respondents are concerned about compromised credentials because of phishing or social engineering attacks, which points to the recent rise and success of both these attack vectors. •59%

Authentication

Authentication Social Engineering Passwords Phishing

Juneteenth National Independence Day 2025

Security Boulevard

JUNE 19, 2025

Podcast TechstrongTV - Twitch Library Related Sites Techstrong Group Cloud Native Now DevOps.com Security Boulevard Techstrong Research Techstrong TV Techstrong.tv Moves to Collect $7.74 Million Tied to N. Korea IT Worker Scam Guardrails Breached: The New Reality of GenAI-Driven Attacks Cities of the Future or Hacker’s Paradise? Moves to Collect $7.74

Social Engineering

Social Engineering Data privacy Security Awareness Mobile

Cyber Security Informer

Phishing-Resistant MFA: Why FIDO is Essential

Randall Munroe’s XKCD ‘Good Science’

Trending Sources

Retail and Hospitality Trending Holiday Cyber Threats

Intro to Phishing: How Dangerous Is Phishing in 2023?

Watching the Watchmen: Securing Identity Administrators

Why Cybersecurity Strategy Must Start With Identity

Identity-Based Breaches: Navigating the Aftermath

Abusing Entra ID Misconfigurations to Bypass MFA

Hacker Personas Explained: Know Your Enemy and Protect Your Business

How to Stop Phishing Attacks with Protective DNS

Phishing-Resistant MFA: Why FIDO is Essential

To Achieve Zero Trust Security, Trust The Human Element

Machine Identities, Human Identities, and the Risks They Pose

Lifting Each Other Up: A Celebration of Women in Cybersecurity and Their Advocates – Part 1

Zero Trust Is a Journey and Businesses Have Many Rivers to Cross

News Alert: Survey shows vast majority of IT pros consider ‘passwordless’ access a top priority

Juneteenth National Independence Day 2025

Stay Connected