Authentication, Blog and eBook - Cyber Security Informer

Duo vs. Fraudulent Device Registration

Duo's Security Blog

APRIL 8, 2024

That’s where multi-factor authentication (MFA) comes in. But what if an attacker can just send that authentication request to their own personal phone? For more information, on best security practices to protect against identity-based attacks, check out Duo’s new eBook, Securing Organizations Against Identity-Based Threats.

Authentication

Authentication Accountability Risk Phishing

The State of Passwordless in the Enterprise

Duo's Security Blog

JULY 6, 2023

Today we will discuss the survey makeup, review key results and explain why Duo’s Passwordless technology is well positioned to meet enterprise authentication needs highlighted in the study. Workforce authentication failures are common and MFA is still not mandatory Duo has always focused on meeting customers where they are.

Authentication

Authentication Passwords Risk Technology

New Duo E-Book, Attack Vectors Decoded: Securing Organizations Against Identity-Based Threats

Duo's Security Blog

MARCH 4, 2024

Recently, attackers have targeted multi-factor authentication (MFA). Even if an attacker has access to a username and password, they still need access to the second authentication factor to break into the organization. This becomes a constant cycle of organizations introducing new protections and attackers finding ways to exploit them.

Authentication

Authentication Social Engineering Passwords Risk

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Retail and Hospitality Trending Holiday Cyber Threats

Duo's Security Blog

DECEMBER 12, 2022

And in our ebook, Retail Cybersecurity: The Journey to Zero Trust , we share ways that Duo can help retailers improve their security posture. Add a passwordless authentication factor like a biometric and block attempts at access. Get started by downloading our ebook, Retail Cybersecurity: The Journey to Zero Trust , today.

Retail

Retail Cyber threats Social Engineering Phishing

Abusing Entra ID Misconfigurations to Bypass MFA

NetSpi Technical

NOVEMBER 2, 2023

To understand the vulnerability, there are a few things to understand about the Entra ID authentication flow. Within any Entra ID environment, there are numerous cloud applications that are leveraged when a user authenticates. This odd load-time behavior is what alerted me to the potential for an MFA bypass.

Authentication

Authentication Accountability Social Engineering Penetration Testing

Why You Need a Control Plane for Machine Identity Management

Security Boulevard

JUNE 16, 2022

Also, like humans, machines must be authenticated to be trusted. Once authenticated using their identity, the machine can then be authorized to access data or resources. Jeff recently posted a blog on Medium about how he sees the machine identity management market evolving over the coming months. Scott Carter. UTM Medium.

Digital transformation

Digital transformation Authentication Banking Software

How to Mitigate Ransomware Attacks with MFA

Duo's Security Blog

FEBRUARY 13, 2023

And for more information on protecting against ransomware, be sure to check out our ebook: Protecting Against Ransomware: Zero Trust Security for a Modern Workforce. Mitigating ransomware attacks using MFA Multi-factor authentication (MFA) is very effective at protecting credentials and limiting attackers’ access to company resources.

Ransomware

Ransomware Insurance Authentication Passwords

Intro to Phishing: How Dangerous Is Phishing in 2023?

Duo's Security Blog

APRIL 20, 2023

A major leading research and teaching institution, the University was looking for a multi-factor authentication (MFA) solution that could integrate with existing IT architecture and be rolled out easily across campus. Duo’s enrollment and authentication processes made it easy for even the most anti-tech users to get up and running with MFA.

Phishing

Phishing Social Engineering Authentication Engineering

Protecting Against Ransomware 3.0 and Building Resilience

Duo's Security Blog

JUNE 27, 2023

Multi-factor authentication (MFA) is a critical component of their security program, but the solution that was packaged with the existing enterprise suite did not meet the requirements of the IT security team. Cyber attackers are increasingly targeting gaps in weaker multi-factor authentication implementations.

Ransomware

Ransomware Healthcare Phishing Authentication

mTLS Everywhere in Kubernetes: Not Just Entry and Exit

Security Boulevard

APRIL 7, 2022

But that is a topic for another blog.). However, there is a drawback with TLS: TLS guarantees authenticity but by default this only happens in one direction: the client authenticates the server, but the server doesn’t authenticate the client. This is where mTLS comes useful—mTLS makes the authenticity symmetric.

Authentication

Authentication Encryption Digital transformation

What will be your decisive moment to secure your cloud applications in a Zero Trust world?

Thales Cloud Protection & Licensing

SEPTEMBER 10, 2019

Additionally, 58% of the data security leaders surveyed indicated that multi-factor authentication was the most likely technology to protect cloud and web-based apps. In addition, for more information on how you can secure access to your cloud services and applications, please download our eBook, Four Steps to Cloud Access Management.

Consumer Services

Consumer Services Authentication Passwords Technology

Duo Makes Verifying Device Trust as Easy as 1-2-3

Duo's Security Blog

AUGUST 16, 2021

“There are primarily three ways you can authenticate someone: with their username and password, with two-factor authentication, and with a company-supplied device that you can trace. For most stuff, you should have two of those things. For critical things, you should have all three.”.

Authentication

Authentication Data breaches Encryption Retail

How to Stop Phishing Attacks with Protective DNS

Security Boulevard

OCTOBER 2, 2023

This blog examines the escalating phishing landscape, shortcomings of common anti-phishing approaches, and why implementing a Protective DNS service as part of a layered defense provides the most effective solution. Often used to compromise executive and privileged accounts. Users still access harmful links or attachments.

DNS

DNS Phishing Social Engineering Engineering

What Security Controls Do I Need for My Kubernetes Cluster?

Security Boulevard

JULY 19, 2022

Authenticate your K8s clusters with machine identities. The primary access point for a Kubernetes cluster is the Kubernetes API, therefore we need to authenticate and authorize both developers and services accessing the API. API authentication. API authentication covers both humans and clients accessing the API.

Authentication

Authentication Digital transformation Risk Engineering

Advanced Phishing 201: How to Prevent Phishing from Impacting Your Users

Duo's Security Blog

MAY 10, 2023

Effectively protecting complex networks against sophisticated phishing attacks involves a comprehensive security stack including multi-factor authentication (MFA) , single sign-on (SSO) , and domain name system (DNS) security. Then, check out our ebook Duo for Essential Eight to see how Duo fits into an Essential Eight security strategy.

Phishing

Phishing DNS Authentication Risk

Nine Top of Mind Issues for CISOs Going Into 2023

Cisco Security

JANUARY 10, 2023

Using this information, last year I wrote a blog summing up the nine top of mind issues I believed will most impact CISOs as we headed into 2022. For more practical advice on this topic, I also wrote a blog on some of the challenges and opportunities within the cyber liability insurance market back in June which you can read here.

CISO

CISO Insurance Cyber Insurance Phishing

The Evolving Legislative and Compliance Landscape: A Roadmap for Business Leaders

Thales Cloud Protection & Licensing

APRIL 29, 2024

This blog will briefly overview the most essential developments shaping the legislative and compliance environment. PSD3 sets out more extensive Strong Customer Authentication (SCA) regulations and stricter rules on access to payment systems and account information and introduces additional safeguards against fraud.

Risk

Risk Manufacturing Digital transformation Cybersecurity

What Is SPIFFE and How Does It Impact Machine Identities?

Security Boulevard

MAY 12, 2022

SPIFFE solves the problem of workload authentication in diverse environments. Access control, secrets management, and identity are all dependent on each other,” states the SPIFFE eBook. Adopting SPIFFE allows you to mutually authenticate systems wherever they are running. That is where SPIFFE comes in. Principles of SPIFEE.

Architecture

Architecture Authentication Data breaches Software

The Evolving Legislative and Compliance Landscape: A Roadmap for Business Leaders

Security Boulevard

APRIL 29, 2024

This blog will briefly overview the most essential developments shaping the legislative and compliance environment. PSD3 sets out more extensive Strong Customer Authentication (SCA) regulations and stricter rules on access to payment systems and account information and introduces additional safeguards against fraud.

Risk

Risk Manufacturing Cybersecurity Digital transformation

Lapsus$: The New Name in Ransomware Gangs

Security Boulevard

MARCH 15, 2022

A few days later, Lapsus$ announced on its Telegram channel that it had breached Samsung and offered evidence including biometric authentication information and source code from both Samsung and one of its suppliers, Qualcomm. Read our free eBook! "> Off. Let’s take a historic look at Lapsus$ ransomware group’s infamous attacks….

Ransomware

Ransomware Telecommunications Firmware Media

How To Achieve Device Visibility & Control With Ease

Duo's Security Blog

APRIL 29, 2021

Compliance with corporate device health policy can be enforced each time the user attempts to authenticate. When deployed in this mode, the Device Health app will simply collect health data and report it back at each authentication when the application is installed on the access device.

Authentication

Authentication Encryption Firewall Risk

How have people proven their identity since the dawn of time?

CyberSecurity Insiders

JUNE 24, 2021

As part of our series on Digital Identity , this blog will look back on the personal identification techniques of previous eras to show how methods of identification have developed over the course of human history. To find out more, read Thales’ recent eBook on digital identity. 100,000 years ago – Jewellery.

Computers and Electronics

Computers and Electronics Passwords Technology Government

To Cover or Not to Cover: The Cyber Liability Insurance Quandary Facing Small- and Medium-Sized Businesses

Duo's Security Blog

DECEMBER 7, 2022

MFA is a necessity, not a luxury There is a good reason that nearly every cyber liability insurance carrier requires multi-factor authentication (MFA) and why, according to wholesale specialty insurance distributors CRC Group , clients without MFA risk non-renewal or a retention hike of 100% or more. What are you doing about backups?

Insurance

Insurance Cyber Insurance Ransomware Risk

To Achieve Zero Trust Security, Trust The Human Element

Thales Cloud Protection & Licensing

MAY 6, 2021

As such, this year’s World Password Day is in fact a timely reminder for businesses to drop passwords forever, and instead rollout access management solutions such as passwordless authentication. In our previous blogs we have discussed the many challenges that organizations face as they are seeking to embrace the Zero Trust security model.

Social Engineering

Social Engineering Authentication Passwords Technology

7 Things Every CISO Needs to Know About PKI

Security Boulevard

OCTOBER 7, 2022

With top PKI security , your business will be able to stand out to customers as a brand that provides unparalleled protection for their safety and identity through reliable encryption and authentication technologies. Read the FREE eBook. "> Off. Reduce risk and achieve compliance. Are you making any of these common PKI mistakes?

CISO

CISO Risk Cyber Attacks Technology

Understanding How Code Signing Impacts Your Organization

Security Boulevard

JUNE 2, 2022

When properly protected, code signing is an effective tool to stop the spread of malware, and nearly every organization relies on code signing to confirm their code is authentic and hasn’t been corrupted with malware. Download the eBook to learn more. Why do cybercriminals target code signing keys? UTM Medium. UTM Source. UTM Campaign.

Software

Software Malware Backups Marketing

The Latest on PCI: Minor on PCI DSS, Major on Almost Everything Else

Thales Cloud Protection & Licensing

JULY 19, 2018

Advice on how to comply with PCI DSS can be found in our recent eBook, “ PCI Compliance and Data Protection for Dummies ”. The post The Latest on PCI: Minor on PCI DSS, Major on Almost Everything Else appeared first on Data Security Blog | Thales e-Security. Major PCI initiatives in 2018.

Architecture

Architecture Software Authentication Risk

Cyber Security Informer

Duo vs. Fraudulent Device Registration

The State of Passwordless in the Enterprise

Webinars

Trending Sources

New Duo E-Book, Attack Vectors Decoded: Securing Organizations Against Identity-Based Threats

Webinars

Retail and Hospitality Trending Holiday Cyber Threats

Abusing Entra ID Misconfigurations to Bypass MFA

Why You Need a Control Plane for Machine Identity Management

How to Mitigate Ransomware Attacks with MFA

Intro to Phishing: How Dangerous Is Phishing in 2023?

Protecting Against Ransomware 3.0 and Building Resilience

mTLS Everywhere in Kubernetes: Not Just Entry and Exit

What will be your decisive moment to secure your cloud applications in a Zero Trust world?

Duo Makes Verifying Device Trust as Easy as 1-2-3

How to Stop Phishing Attacks with Protective DNS

What Security Controls Do I Need for My Kubernetes Cluster?

Advanced Phishing 201: How to Prevent Phishing from Impacting Your Users

Nine Top of Mind Issues for CISOs Going Into 2023

The Evolving Legislative and Compliance Landscape: A Roadmap for Business Leaders

What Is SPIFFE and How Does It Impact Machine Identities?

The Evolving Legislative and Compliance Landscape: A Roadmap for Business Leaders

Lapsus$: The New Name in Ransomware Gangs

How To Achieve Device Visibility & Control With Ease

How have people proven their identity since the dawn of time?

To Cover or Not to Cover: The Cyber Liability Insurance Quandary Facing Small- and Medium-Sized Businesses

To Achieve Zero Trust Security, Trust The Human Element

7 Things Every CISO Needs to Know About PKI

Understanding How Code Signing Impacts Your Organization

The Latest on PCI: Minor on PCI DSS, Major on Almost Everything Else

Stay Connected