Security Boulevard

JANUARY 24, 2023

Last week, T-Mobile disclosed that the personally identifiable information (PII) of 37 million of its past and present customers had been breached in an API attack. They also shared that the attack had been going on since November but was only caught January 5 by T-Mobile’s security team. Was the API known to T-Mobile?

Mobile 59

Mobile Social Engineering Engineering Government 59

Malwarebytes

AUGUST 4, 2023

From these instances the group reaches out through Teams messages and persuades targets to approve multi-factor authentication (MFA) prompts initiated by the attacker. In both cases they require the user to enter a code that is displayed during the authentication flow into the prompt on the Microsoft Authenticator app on their mobile device.

Authentication 89

Authentication Phishing Small Business Accountability 89

Duo's Security Blog

FEBRUARY 15, 2024

Multi-factor authentication (MFA) is a well-known and well-established protection that many organizations rely on. Several common authentication methods include the use of one-time passcodes (OTP). Social Engineering: An attacker logs in with a user’s credentials and the real user gets sent an OTP.

Social Engineering 114

Social Engineering Authentication Passwords Engineering 114

Pen Test Partners

FEBRUARY 14, 2024

October 2023’s Cyber Security Awareness Month led to a flurry of blog posts about a new attack called Quishing (QR Code phishing) and how new AI powered email gateways can potentially block these attacks. Currently, most initial access attempts are carried out with social engineering, commonly phishing. What’s the attack?

Phishing 66

Phishing Mobile Social Engineering Data breaches 66

Duo's Security Blog

APRIL 20, 2023

Accounting for nearly a quarter of reported incidents in Australia, phishing is a broad category of social engineering with several variations. These social engineering techniques tricked employees into revealing their login credentials, which allowed attackers to access additional systems and data. What is phishing?

Phishing 77

Phishing Social Engineering Authentication Engineering 77

Duo's Security Blog

MAY 23, 2023

Passwords are a weak point in modern-day secure authentication practices, with Verizon highlighting that almost 50% of breaches start with compromised credentials. Until a fully password-free environment is deployed, accepted, and adopted by all users, less secure methods of authentication will still be relied on.

Authentication 131

Authentication Passwords Data breaches Phishing 131

Security Boulevard

AUGUST 3, 2022

230 apps were leaking all four 0Auth authentication credentials and could be used to fully take over Twitter accounts to perform critical/sensitive actions. The Twitter API provides direct access to a Twitter account and OAuth tokens are used by the Twitter API for authentication. Twitter API. The vulnerability.

Mobile 98

Mobile Authentication Accountability Identity Theft 98

The Last Watchdog

APRIL 28, 2020

That, of course, presents the perfect environment for cybercrime that pivots off social engineering. Social engineering invariably is the first step in cyber attacks ranging from phishing and ransomware to business email compromise ( BEC ) scams and advanced persistent threat ( APT ) hacks. Do you really need to do it?

Social Engineering 174

Social Engineering Cyber Attacks Scams Engineering 174

Webroot

JUNE 2, 2022

Phishing and social engineering. Gaming is now an online social activity. If possible, enable two-factor authentication (2FA) on your gaming accounts as well. Watch for phishing and social engineering. The post Cyber threats in gaming—and 3 tips for staying safe appeared first on Webroot Blog.

Cyber threats 99

Cyber threats Social Engineering Accountability Malware 99

Duo's Security Blog

NOVEMBER 27, 2023

Here are a couple of tools that can help you reduce your risk for some of Scattered Spider’s techniques: SIM Swaps Remove SMS and telephony authentication methods, limiting users to stronger factors like WebAuthn and Verified Duo Push. Devices you wouldn’t expect (available to Advantage and Premier customers).

Authentication 68

Authentication Social Engineering Risk Accountability 68

Security Boulevard

AUGUST 30, 2021

<a href='/blog?tag=Endpoint tag=Endpoint Protection'>Endpoint Protection</a> <a href='/blog?tag=Data tag=Data Loss Prevention'>Data Loss Prevention</a> <a href='/blog?tag=File tag=File Transfers'>File Transfers</a> <a href='/blog?tag=Advanced Additional Resources.

Social Engineering 101

Social Engineering Cybersecurity Unstructured Data Engineering 101

NetSpi Executives

OCTOBER 31, 2023

Remediation Tip “Fine-grained access controls should be implemented to properly attribute authorization of records/objects as well as functions to the individually authenticated and authorized user.” Remediation Tip “Ensure that all cloud services are restricted to internal, authenticated access if public access is not required.

Mobile 97

Mobile Penetration Testing Social Engineering Authentication 97

CyberSecurity Insiders

JUNE 8, 2021

In this blog, I am joined by my colleague Pauline Pinzuti, Marketing Manager to discuss how the use of voice biometrics can help telecom operators fight ID fraud. What do mobile operations needs to know about telecom fraud? As a result, many have created extensive service portfolios, extending far beyond just mobile communications.

Authentication 102

Authentication Mobile Social Engineering Marketing 102

Centraleyes

FEBRUARY 25, 2024

This blog aims to dissect the nuances of cloud security risks , shedding light on the challenges commonly faced when securing digital assets in the cloud. This revelation underscored the importance of transparency in cloud security, emphasizing the need for robust measures to secure cloud authentication.

Risk 52

Risk Encryption Social Engineering Authentication 52

Duo's Security Blog

SEPTEMBER 21, 2021

For example, without a solution to enforce user identification at the help desk, organizations often rely on insecure methods like employee ID, which are vulnerable to a social engineering attack. Secure Service Desk is part of a larger authentication platform that enables self-service for password resets and encryption key recoveries.

Passwords 86

Passwords Social Engineering Authentication Engineering 86

eSecurity Planet

AUGUST 16, 2021

A phishing campaign that Microsoft security researchers have been tracking for about a year highlights not only the ongoing success of social engineering efforts by hackers to compromise systems, but also the extent to which the bad actors will go to cover their tracks while stealing user credentials. Invoice-Themed Lures.

Phishing 109

Phishing Social Engineering Passwords Engineering 109

BH Consulting

SEPTEMBER 14, 2023

The next most popular ruse is to ask for the recipient’s mobile number or personal email address. Separately, the security provider Cloudflare said that identity deception like that used in BEC scams can “easily bypass email authentication standards”. MORE As social engineering tactics improve, how can potential victims fight back?

Scams 59

Scams Passwords Social Engineering Cybersecurity 59

Identity IQ

JULY 17, 2023

In this blog, we provide you with ten actionable ways to safeguard your digital identity, focusing specifically on how to prevent compromised credentials. Social Engineering : Cybercriminals manipulate and deceive individuals into divulging their credentials through psychological manipulation or impersonation.

Identity Theft 52

Identity Theft Password Management Passwords Authentication 52

Identity IQ

JULY 17, 2023

In this blog, we provide you with ten actionable ways to safeguard your digital identity, focusing specifically on how to prevent compromised credentials. Social Engineering : Cybercriminals manipulate and deceive individuals into divulging their credentials through psychological manipulation or impersonation.

Identity Theft 52

Identity Theft Password Management Passwords Authentication 52

SC Magazine

MAY 12, 2021

In a blog, Sophos researchers explain how the attackers – which the researchers believe could all be operated by the same group – used social engineering, counterfeit websites, including a fake iOS App Store download page, and an iOS app-testing website to distribute the fake apps to their victims. Do not make it easy for them.

Scams 62

Scams Cryptocurrency Social Engineering Banking 62

Duo's Security Blog

FEBRUARY 27, 2024

The choice of which authentication methods to use is individual to every organization, but it must be informed by a clear understanding of how these methods defend against common identity threats. In the first part of this three-part blog series , we discussed the various methods available to MFA users.

Social Engineering 118

Social Engineering Authentication Phishing Engineering 118

Identity IQ

JULY 3, 2023

In this blog, we share guidance on how to detect and respond to account misuse so you can mitigate the risks associated with it. Change passwords and enable two-factor authentication Change the password for your compromised account immediately. You should also enable two-factor authentication (2FA) to add an extra layer of security.

Accountability 52

Accountability Identity Theft Passwords Social Engineering 52

Digital Shadows

NOVEMBER 10, 2022

The malicious web page where we landed after clicking on the chat box Fake mobile apps Along with a reputable domain name, most organizations have now developed their own mobile app, used to communicate with customers, create engagement, and foster brand loyalty.

Cyber threats 52

Cyber threats Media Social Engineering Mobile 52

Krebs on Security

MARCH 23, 2022

In a blog post published Mar. Microsoft says LAPSUS$ — which it boringly calls “ DEV-0537 ” — mostly gains illicit access to targets via “social engineering.” “WhiteDoxbin” offering to pay $20,000 a week to corrupt employees at major mobile providers.

Social Engineering 288

Social Engineering Accountability Mobile Passwords 288

Malwarebytes

FEBRUARY 12, 2021

In our last blog, Barcode Scanner app on Google Play infects 10 million users with one update , we wrote about a barcode scanner found on the Google Play store that was infected with Android/Trojan.HiddenAds.AdQR. Why did we find evidence of LavaBird being the owner during our last blog prior to the transfer date? Final Thoughts.

Malware 117

Malware Accountability Mobile Passwords 117

Krebs on Security

APRIL 6, 2022

Microsoft blogged about its attack at the hands of LAPSUS$, and about the group targeting its customers. “They would just keep jamming a few individuals to get [remote] access, read some onboarding documents, enroll a new 2FA [two-factor authentication method] and exfiltrate code or secrets, like a smash-and-grab,” the CXO said.

Social Engineering 243

Social Engineering Phishing Engineering Accountability 243

Zigrin Security

OCTOBER 11, 2023

For a detailed threat actor description do not forget to check out our blog article about selecting between black-box, white-box, and grey-box penetration tests and also you would know which pentest you need against a specific threat actor. Let’s have a look at the types of threat actors and what type of data they would like to obtain.

Cyber threats 52

Cyber threats Penetration Testing Passwords Backups 52

Security Boulevard

MAY 19, 2022

These variants of Vidar malware fetch the C2 configuration from attacker-controlled social media channels hosted on Telegram and Mastodon network. These binaries hosted on GitHub, distribute Vidar malware using similar tactics of abusing social media channels for C2 communication. Mobile/10A5376e Safari/8536.25. Key points.

Media 64

Media Social Engineering Backups Passwords 64

NopSec

JULY 18, 2017

With that in mind, in this blog post we’re covering 13 out of the 20 controls. We chose them because these particular controls map out directly to what our vulnerability management and risk measurement platform, Unified VRM powered by E3 Engine , covers. The CIS 20 controls are also known to be relatively difficult to implement fully.

Wireless 40

Wireless Penetration Testing Software Authentication 40

Security Boulevard

JANUARY 28, 2022

Long story short it's an OTR and OpenPGP-based communication protocol that actually has a lot of new improvements in terms of privacy and security including interoperability between multiple IM clients and mobile applications courtesy of different vendors. ChatSecure. Conversations.

Encryption 105

Encryption Cybercrime Social Engineering Mobile 105

NetSpi Technical

NOVEMBER 2, 2023

On a recent external assessment, I stumbled upon a method to bypass a client’s MFA requirement: access a single-sign on (SSO) token and leverage that token to access internal applications that—by policy—should have been locked behind an MFA prompt, all without triggering an MFA alert on the end-user’s mobile device.

Authentication 143

Authentication Accountability Social Engineering Penetration Testing 143

Security Boulevard

MARCH 31, 2022

In a blog post published on March 22nd, 2022, Microsoft confirmed that one of their user accounts had been compromised by the Lapsus$ (also known as DEV-0537) threat actor, though they claimed that the information accessed was limited and that “no customer code or data was involved”. The Compromises. Insider Threats Via Other Means.

Cybersecurity 98

Cybersecurity Social Engineering Passwords Malware 98

Troy Hunt

NOVEMBER 14, 2018

2FA, MFA, 2-Step They may all be familiar, but there are important differences that warrant explanation and we'll start with the acronym we most commonly see: 2FA is two-factor authentication. MFA is multi-factor authentication. 2-Step authentication does not necessarily require 2 discrete factors. It's a subset of MFA.

Passwords 261

Passwords Authentication Accountability Mobile 261

The Last Watchdog

JANUARY 31, 2022

Multi-factor authentication, or MFA, methods belong to this category. A popular form of MFA is where a user gets an online password via e-mail and a security code via an SMS on a mobile phone. The authentication procedure is hidden from users. AIS have no emotions and therefore cannot be attacked by social engineering methods.

Passwords 232

Passwords Computers and Electronics Password Management Artificial Intelligence 232

Duo's Security Blog

MARCH 24, 2023

How passwordless solves for password problems Chrysta: What does passwordless mean, and how does that differ from traditional password-based authentication? Christi: Passwordless authentication specifically is any primary factor authentication that is not requiring the user to remember a passphrase or password.

Passwords 97

Passwords Authentication Password Management Technology 97

The Last Watchdog

OCTOBER 21, 2021

Mobile – Reports also show that mobile threats to the web and applications have gained more traction under new campaigns. It is always a good time for zero-trust authentication and a zero trust posture throughout the organization. Always verify and never trust. This protects systems outside and inside the “castle.”.

Social Engineering 244

Social Engineering Mobile Phishing Cybersecurity 244

Security Affairs

APRIL 21, 2023

Original post at [link] While organizations must still account for flashy vulnerability exploitations, denial-of-service campaigns, or movie-themed cyber-heists, phishing-based social engineering attacks remain a perennial choice of cybercriminals when it comes to hacking their victims.

Phishing 79

Phishing Social Engineering Security Awareness Passwords 79