Duo's Security Blog

JULY 15, 2021

But on top of all of that, passwordless should also raise the bar by substantially reducing or even eliminating the risk of phishing attacks. That isn’t to say that every password-less solution needs to be phish-proof. Doing anything else would make push phishing attacks viable.

Phishing 99

Phishing Authentication Passwords Risk 99

Duo's Security Blog

MAY 6, 2024

The security industry has diligently battled compromised credentials, evolving from passwords to multifactor authentication (MFA) to passwordless — our most secure and phishing-resistant method to date — and one that is fully supported in Duo. Despite these advancements, we still see many identity-based breaches year over year.

Authentication 93

Authentication Accountability VPN Phishing 93

Security Affairs

AUGUST 28, 2020

The Iran-linked Charming Kitten APT group leveraged on WhatsApp and LinkedIn to carry out phishing attacks, researchers warn. Clearsky security researchers revealed that Iran-linked Charming Kitten APT group is using WhatsApp and LinkedIn to conduct spear-phishing attacks. Israel, Iraq, and Saudi Arabia.

Phishing 118

Phishing Accountability Advertising Media 118

Security Affairs

MAY 8, 2020

Group-IB, a Singapore-based cybersecurity company, observed the growth of the lifespan of phishing attacks in the second half of 2019. Figure 1 The distribution of web-phishing among target categories . CERT-GIB’s findings indicate that phishing attack perpetrators have revised their so-called target pool. Target reshuffle.

Phishing 56

Phishing Spyware Banking Malware 56

CyberSecurity Insiders

APRIL 10, 2023

“In the current digital landscape, identity security has gained paramount importance due to the growing cyber risks posed by phishing and social engineering attacks utilizing AI. These attacks have become more complex and challenging to detect, leading to increased instances of data breaches, account takeovers, and impersonation attacks.

Identity Theft 105

Identity Theft Education Authentication Data breaches 105

SecureWorld News

OCTOBER 19, 2021

TAG reported that Iranian-government-backed actors, known as APT35 and by the aliases Rocket Kitten and Charming Kitten, are quickly picking up speed, especially when it comes to implementing slick phishing attacks. Developing advanced phishing techniques to lure victims. Rocket Kitten successfully attacks university website.

Phishing 75

Phishing Social Engineering Authentication Government 75

Duo's Security Blog

SEPTEMBER 1, 2023

Unlike passwords, passkeys are always strong and phishing resistant. Passkeys based on Webauthn are proven to be resistant to phishing, credential stuffing, adversary-in-the-middle (AITM), server breaches and may other cyberattacks. If you are new to passkeys, you can get up to speed with our primer: What Are Passkeys?

Passwords 102

Passwords Authentication Insurance Cyber Insurance 102

Security Boulevard

JULY 6, 2023

It's no secret that the bad guys are training their artificial intelligence (AI) engines to crack passwords, perform account takeovers (ATO), and automate their ransomware demands. Modern solutions need to take into account the new behavioral situation of the user and allow some flexibility – for a defined period of time.

Artificial Intelligence 105

Artificial Intelligence Passwords Authentication Accountability 105

Duo's Security Blog

FEBRUARY 6, 2024

Reducing the risk of identity-based attacks Picture a scenario where an attacker acquires a list of dormant accounts, performs credential-stuffing, and gets the necessary credentials to log-in. Stay tuned!

Accountability 77

Accountability Authentication Risk Marketing 77

Duo's Security Blog

MAY 23, 2023

In our previous two features, we covered the dangers of phishing (one method of credential compromise) and how to mitigate its impact on users. Types of stronger authenticators Biometrics and FIDO2 are both examples of stronger authenticators that can help to secure online accounts from the impacts of credential compromise.

Authentication 117

Authentication Passwords Data breaches Phishing 117

SecureWorld News

SEPTEMBER 29, 2020

Office supply phishing cyberattack campaign. A federal judge just sentenced a Nigerian national to three years in prison for being part of a phishing ring that effectively stole office supplies so it could resell them. It turns out, cybercriminals would like that person's login credentials because they have value. government agencies.

Phishing 70

Phishing Government Cyber Risk Cybercrime 70

Security Boulevard

JULY 21, 2023

It comprises technologies and best practices to protect against unauthorized access, account takeover, credential misuse, privilege escalation, and other malicious activities that target user accounts and credentials. These changes may include the creation of unusual accounts or registering new authentication devices.

Threat Detection 98

Threat Detection Authentication Passwords Accountability 98

NopSec

FEBRUARY 15, 2017

Do you feel confident that everyone in your organization could identify a phishing email that contained ransomware? In today’s post, we share information with the goal that it will help everyone in your organization protect themselves from phishing attacks.

Phishing 40

Phishing Social Engineering Engineering Healthcare 40

SecureList

MAY 27, 2022

The attackers are mainly interested in collecting data on user accounts, IP addresses and session information; and they steal configuration files from programs that work directly with cryptocurrency and may contain account credentials. You can find the recording of the webinar here and a summary/Q&A here. zip”).

Phishing 110

Phishing Spyware Firmware Malware 110

Duo's Security Blog

NOVEMBER 6, 2023

Passwords that are easily detectable or reused often are vulnerable to phishing attacks. It’s also the foundation for a passwordless future, powering-up phishing resistance and user experience to defend against attackers. The problem with balancing many identities Conventional passwords create separate lines for each account.

Passwords 74

Passwords Authentication Risk Technology 74

Webroot

FEBRUARY 11, 2021

An impersonation attack recently made headlines with the 2020 Twitter/Bitcoin scam , in which 130 high-profile Twitter accounts were compromised by outside parties to steal bitcoin. This is why a multi-layered approach that can block phishing sites (including HTTPS) in real time, is key for staying safe. Who is the Impersonator?

Scams 108

Scams Phishing Firewall Social Engineering 108

Duo's Security Blog

SEPTEMBER 6, 2023

Be sure to tune into our webinar, The State of Passkeys in the Enterprise , on September 7th at 9am PST | 12pm EST. Passkeys on Cloud Platforms Passkeys have growing support from significant vendors. And when users re-use passwords across different websites, they risk password spraying attacks and put all of their accounts at risk.

Passwords 80

Passwords Password Management Authentication Threat Detection 80

Security Boulevard

FEBRUARY 14, 2022

ForgeRock's enterprise CIAM solution also offers a user-friendly privacy and consent dashboard that enables your customers to manage their data privacy settings, along with the ability to safely share their data with third-parties, such as family members, physicians, accountants, and so on. Learn More In Our Webinar.

Passwords 97

Passwords Retail Digital transformation Risk 97

Duo's Security Blog

JULY 6, 2023

Multiple account or credential compromise is the norm This result is surprising, but it’s not entirely new. Also, be sure to register for the state of Passwordless in the Enterprise webinar with Jack Poller and I on July 19th at 1:00pm EDT. Jack will discuss key result from the survey and share his extensive industry experience.

Authentication 64

Authentication Passwords Risk Technology 64

SecureWorld News

DECEMBER 2, 2021

Ryan Witt, Proofpoint's Managing Director for Healthcare, who joined the SecureWorld webinar Protecting Healthcare from Email Fraud Attacks, also shared the sentiment that BEC attacks have a larger impact than ransomware. Educate and defend against phishing attacks. Old accounts could be an access point for hackers.

Cybercrime 81

Cybercrime Healthcare Social Engineering Banking 81

Security Affairs

FEBRUARY 7, 2020

. “ Certfa Lab has identified a new series of phishing attacks from the Charming Kitten 1 , the Iranian hacking group who has a close relationship with Iran’s state and Intelligence services. As a result, this method makes it harder for different pages and sections of phishing websites to be exposed to the public.”

Phishing 74

Phishing Advertising Malware Media 74

Jane Frankland

OCTOBER 17, 2023

By mid-year, there’s been a staggering 156% growth in the total number compared to the previous quarter, with a whopping 855 accounts worldwide being leaked every minute. Emphasising continuous education and providing access to resources like webinars and online courses further reinforce the importance of staying updated on security trends.

Security Awareness 124

Security Awareness Education Cybersecurity Data breaches 124

Duo's Security Blog

OCTOBER 18, 2021

Recently, while co-hosting a webinar that kicked off Cybersecurity Awareness Month, a panelist commented that cybersecurity and privacy are team sports on a campus, much like our athletic teams. The use of phishing to take over user accounts as a first step to gain access to a campus for a ransomware attack has been making the headlines.

Insurance 69

Insurance Education Risk Cyber Insurance 69

BH Consulting

AUGUST 9, 2022

Researchers from Microsoft identified a phishing campaign that bypasses MFA. Ars Technica’s writeup includes this important caveat: “Nothing in Microsoft’s account should be taken to say that deploying MFA isn’t one of the most effective measures to prevent account takeovers. That said, not all MFA is equal.”

Cybercrime 52

Cybercrime Accountability Phishing Authentication 52

Security Boulevard

JULY 20, 2023

They can also automate the process of eliminating over-provisioned access that enables attackers to use one compromised account to move laterally to higher-value targets. Organizations with AI-powered identity and access management can detect unexpected activity, stopping intruders in real time as they try to authenticate.

Artificial Intelligence 98

Artificial Intelligence Authentication Education Risk 98

Duo's Security Blog

MARCH 9, 2022

As a foundation of a zero trust security model, MFA can assist with mitigating cyberattacks that target user passwords and accounts, such as phishing, credential theft, keyloggers and brute-force attacks. This insight allows you to observe access patterns, review risky logins, and investigate compromised accounts.

Cybersecurity 71

Cybersecurity Authentication Passwords VPN 71

Security Affairs

OCTOBER 5, 2023

With over 100,000 exposed invoices, this situation highlights the vulnerability that can allow anyone with an internet connection to see who are Really Simple System’s customers, how much they are spending, their storage plans, account numbers, and other information that was not intended to be public.

Data breaches 104

Data breaches B2B Education Identity Theft 104

McAfee

APRIL 14, 2020

Compromised credentials: Stolen or compromised credentials of users or administrators through various means such as phishing can result in data breaches by letting the adversaries get access to sensitive data of the organization stored in the cloud. For more information please join us for a webinar on May 20th.

Risk 55

Risk Data breaches Accountability Phishing 55

eSecurity Planet

MAY 28, 2024

Malware in Cloud Storage Buckets Malware threatens cloud storage buckets due to misconfigurations, infected data, and phishing. Excessive Account Permissions Excessive account permissions occur when organizations allow user accounts more rights than necessary, thus increasing the risk of security breaches.

Risk 67

Risk Cloud Migration DDOS Encryption 67

CyberSecurity Insiders

JANUARY 19, 2022

Businesses try to build a secure online presence through blogs, webinars, training, and more. Phishing is one of the most common ways criminals gain entry to private data, sending email attachments that host malicious threats. The vocabulary of cybersecurity. Key financial attributes.

Insurance 99

Insurance Cybercrime Cybersecurity Phishing 99

NopSec

MARCH 25, 2019

In this blog post, we summarize the first part of that webinar, without going into the three specific applications and the challenges. For more details, that entire webinar is now available on demand here. For every email received, is it a phishing attempt? Data preprocessing.

Cybersecurity 52

Cybersecurity Artificial Intelligence Phishing Malware 52

Security Boulevard

APRIL 12, 2022

In terms of CIAM, self-service is a feature that allows users to manage their accounts on their own rather than relying on an organization's support staff. According to ZenDesk, 69% of consumers prefer to resolve their customer service problems on their own before seeking help from agents 1.

Healthcare 52

Healthcare Authentication Passwords CISO 52

NopSec

JULY 25, 2017

Password Guessing Requires a User List – You can’t crack a password without an account to attack. Assume one account is protected by ‘Password1’ or ‘Spring2017’, and see if it sticks (asmith, bsmith, csmith, dsmith, etc.) Starting with password guessing. So how do you get a user list?

Passwords 40

Passwords Penetration Testing Phishing Accountability 40

NopSec

OCTOBER 4, 2022

AI/ML algorithms sort emails to identify phishing attempts and malware attachments. CVSS base scores, the scores that are most commonly used, only measure the intrinsic properties of the vulnerability and do not take into account the behavior of threat actors or the specifics of an organization’s environment such as mitigating controls.

Artificial Intelligence 52

Artificial Intelligence Risk Malware Big data 52

Security Boulevard

AUGUST 26, 2021

Global organizations are being overrun by a flood of malware, phishing, and ransomware attacks and compromised credentials. In the 2021 ForgeRock Consumer Identity Breach Report , ”for the third consecutive year unauthorized access was the most common type of breach, accounting for 43% of breaches.”. What Is RBAC?

Data breaches 59

Data breaches Artificial Intelligence Retail Architecture 59

LRQA Nettitude Labs

JULY 5, 2023

In addition to the topics below that you can expect to see reviewed and discussed in the forms of blog posts or webinars, LRQA Nettitude would also like to extend an open invitation for feedback and collaboration. In the initial stages of implementation, regulators might provide guidance on how to demonstrate accountability.

Artificial Intelligence 52

Artificial Intelligence Data privacy Social Engineering Risk 52

Security Affairs

JULY 9, 2019

Zoom is the leader in enterprise video communications, it is one of the most popular and reliable cloud platform for video and audio conferencing, chat, and webinars. . All the attacker need to do is to create an invite link through his account on the Zoom website and embed it on a website as an image tag or using an iFrame.

Software 71

Software Advertising Hacking Accountability 71