Schneier on Security

DECEMBER 14, 2018

Attackers are targeting two-factor authentication systems: Attackers working on behalf of the Iranian government collected detailed information on targets and used that knowledge to write spear-phishing emails that were tailored to the targets' level of operational security, researchers with security firm Certfa Lab said in a blog post.

Authentication 206

Authentication Passwords Phishing Government 206

Troy Hunt

SEPTEMBER 9, 2021

As technology has evolved, fingers (and palms and irises and faces) have increasingly been used as a means of biometric authentication. But doesn't this all make biometrics like passwords? What happens if someone obtains, say, my fingerprint just like they may obtain my password in a data breach or a phishing attack?

Authentication 335

Authentication Passwords Data breaches Risk 335

Malwarebytes

OCTOBER 6, 2023

Recently, Amazon announced that it will require all privileged Amazon Web Services (AWS) accounts to use multi-factor authentication (MFA) , starting in mid-2024. Our regular readers will know that we feel that passwords alone are not adequate protection , especially not for your important accounts.

Authentication 121

Authentication Passwords Social Engineering Accountability 121

eSecurity Planet

MAY 4, 2023

In a major move forward for passwordless authentication, Google is introducing passkeys across Google Accounts on all major platforms. ” Google’s move will make passkeys an additional verification option alongside passwords and two-factor verification. .'” Step 2: Yeet the password.”

Authentication 98

Authentication Passwords Accountability Phishing 98

Malwarebytes

FEBRUARY 20, 2023

From March 19, users of Twitter won’t be able to use SMS-based two-factor authentication (2FA) unless they have a subscription to the paid Twitter Blue service. You can still use the authentication app and security key methods. To avoid losing access to Twitter, remove text message two-factor authentication by Mar 19, 2023.

Authentication 91

Authentication Phishing Mobile Accountability 91

Adam Levin

JANUARY 23, 2019

A Google offshoot is trying to teach people to be more circumspect about phishing attempts. Jigsaw, an incubator owned by Google parent company Alphabet, has released an online quiz that displays examples of phishing emails side by side with legitimate ones and asks users to guess which is which. Take the quiz here.

Phishing 166

Phishing Authentication Accountability Passwords 166

Krebs on Security

AUGUST 30, 2022

A recent spate of SMS phishing attacks from one cybercriminal group has spawned a flurry of breach disclosures from affected companies, which are all struggling to combat the same lingering security threat: The ability of scammers to interact directly with employees through their mobile devices. Image: Cloudflare.com.

Mobile 288

Mobile Phishing Authentication Accountability 288

Duo's Security Blog

SEPTEMBER 1, 2023

Nobody likes passwords. And is it realistic to consider passkeys – and the passwordless solutions they support – as a valid alternative for traditional password security? And is it realistic to consider passkeys – and the passwordless solutions they support – as a valid alternative for traditional password security?

Passwords 57

Passwords Authentication Phishing Technology 57

Identity IQ

AUGUST 21, 2023

What is Clone Phishing and How Do I Avoid It? One of the most devious tricks that they use is called clone phishing. In this blog post, we dive into the world of clone phishing, shedding light on what it is, the potential risks it poses, and most importantly, how to protect yourself from falling victim to it.

Phishing 95

Phishing Authentication Passwords Identity Theft 95

Duo's Security Blog

SEPTEMBER 6, 2023

But conventional protection solutions, like password security, fall short when it comes to efficacy. We have a lot of thoughts on passkeys – some of which we’ve shared in other posts in this passkey blog series – and today we’re going to explore how passkeys stack up against passwords from the perspective of cloud platforms.

Passwords 86

Passwords Password Management Authentication Threat Detection 86

Google Security

MAY 11, 2022

Posted by Daniel Margolis, Software Engineer, Google Account Security Team Every year, security technologies improve: browsers get better , encryption becomes ubiquitous on the Web , authentication becomes stronger. But phishing persistently remains a threat (as shown by a recent phishing attack on the U.S.

Phishing 106

Phishing Scams Authentication Accountability 106

Duo's Security Blog

APRIL 19, 2022

OTPs (One-time passwords) have become mainstream because a randomly generated one-time use code solves many of the security problems associated with a static password associated with a static account. However, recent trends show that bad actors are targeting organizations by using OTPs in phishing attacks.

Passwords 87

Passwords Authentication Phishing Accountability 87

Duo's Security Blog

JULY 15, 2021

Part of our Administrator's Guide to Passwordless blog series See the video at the blog post. Yes, it’s a password-less authentication method, greatly streamlining the login experience, and while that’s a great incentive to use passwordless for logging in, it’s not an improvement in authentication security in and of itself.

Phishing 100

Phishing Authentication Passwords Risk 100

Duo's Security Blog

MAY 4, 2023

Our documentary, “ The Life and Death of Passwords ,” explores with industry experts the history of passwords, why passwords have become less effective over time, and how trust is established in a passwordless future. The problems with passwords Chrysta: Why was passwordless needed in the first place?

Passwords 89

Passwords Authentication DNS Technology 89

Graham Cluley

MARCH 27, 2024

Hardware wallet manufacturer Trezor has explained how its Twitter account was compromised - despite it having sensible security precautions in place, such as strong passwords and multi-factor authentication. Read more in my article on the Hot for Security blog.

Accountability 115

Accountability Cryptocurrency Manufacturing Authentication 115

eSecurity Planet

SEPTEMBER 30, 2021

Underground services are cropping up that are designed to enable bad actors to intercept one-time passwords (OTPs), which are widely used in two-factor authentication programs whose purpose is to better protect customers’ online accounts. Phishing, Social Engineering are Still Problems. OTP Interception Services Emerge.

Authentication 111

Authentication Social Engineering Phishing Banking 111

Krebs on Security

JANUARY 30, 2024

.” Group-IB dubbed the gang by a different name — 0ktapus — which was a nod to how the criminal group phished employees for credentials. The missives asked users to click a link and log in at a phishing page that mimicked their employer’s Okta authentication page. On July 28 and again on Aug.

Social Engineering 315

Social Engineering Mobile Cybercrime Passwords 315

Duo's Security Blog

JANUARY 18, 2023

Multi-Factor Authentication (MFA) is a security tool used by various organizations to protect user credentials, or the username and password. As a first step, organizations need to modernize their authentication, moving away from RADIUS or LDAP protocols and moving towards SAML. What can organizations do?

Authentication 78

Authentication Phishing Threat Detection Mobile 78

Duo's Security Blog

APRIL 20, 2023

Through the first two months of 2023 alone, the Australian Competition and Consumer Commission’s Scamwatch reported more than 19,000 phishing reports with estimated financial losses of more than $5.2 What is phishing? This is part of what makes phishing attacks so dangerous.

Phishing 68

Phishing Social Engineering Authentication Engineering 68

SecureWorld News

AUGUST 28, 2023

In May 2023, a phishing campaign was launched that targeted a major U.S. The emails in the campaign purported to be from Microsoft, and they claimed that the recipient needed to update their account security settings or activate two-factor authentication (2FA)/multi-factor authentication (MFA) within 72 hours.

Phishing 80

Phishing Scams Mobile Media 80

SecureList

JULY 5, 2023

Hence, cybercriminals have little motivation to invest heavily into phishing campaigns, and so, techniques used in email attacks on hot wallets are hardly ever original or complex. Sample phishing email that targets Coinbase users After the user clicks the link, they are redirected to a page where they are asked to enter their seed phrase.

Scams 101

Scams Phishing Cryptocurrency Social Engineering 101

Thales Cloud Protection & Licensing

OCTOBER 2, 2023

Implement Passwordless Strong Authentication Strong authentication is crucial in enhancing cybersecurity. Instead of relying solely on traditional passwords, consider passwordless methods for added security. By adopting passwordless authentication, you can enhance security while simplifying the user experience.

Cybersecurity 149

Cybersecurity Cyber threats Authentication Phishing 149

Duo's Security Blog

MARCH 2, 2022

Multi-factor authentication is one of the best ways to thwart bad actors using stolen credentials — but it’s not foolproof. Year after year, the Verizon Data Breach Report highlights the fact that compromised credentials contribute to the majority of breaches — and MFA remains the strongest mechanism to deter the use of stolen passwords.

Authentication 77

Authentication Phishing DNS Passwords 77

Duo's Security Blog

OCTOBER 4, 2023

No matter how many letters, numbers, or special characters you give them and no matter how many times you change them, passwords are still @N0T_FUN! Using strong passwords and a password manager 2. Enabling multi-factor authentication 3. Recognizing and reporting phishing 4.

Password Management 109

Password Management Passwords Authentication Social Engineering 109

Malwarebytes

SEPTEMBER 5, 2022

Microsoft has posted a reminder on the Exchange Team blog that Basic authentication for Exchange Online will be disabled in less than a month, on October 1, 2022. For many years, client apps have used Basic authentication to connect to servers, services and endpoints. Goodbye "Basic", hello "Modern". token-based authorization).

Authentication 73

Authentication Phishing Passwords 73

Duo's Security Blog

SEPTEMBER 16, 2021

At Duo, we're building a passwordless authentication solution that’s as easy to set up as it is to use – with our world-class security baked in. See the video at the blog post. Your Journey Begins with Multi-Factor Authentication See the video at the blog post. No Phishing, Please See the video at the blog post.

Authentication 100

Authentication Passwords Phishing CISO 100

Duo's Security Blog

JANUARY 29, 2024

The attack methods included a mixture of passcode phishing and push harassment, with the intent to access university VPNs or register a malicious authentication device on one or more user accounts for continued access. The attacker sends a flurry of Push requests to each user, in the hopes that a user will inadvertently grant access.

Education 116

Education Authentication Passwords Phishing 116

Duo's Security Blog

DECEMBER 14, 2023

The email informs John that the company suffered a security breach, and it is essential for all employees to update their passwords immediately. A few days later, John finds himself locked out of his account, and quickly learns that the password reset link he clicked earlier did not come from his company. So clearly, John isn’t alone.

Social Engineering 115

Social Engineering Engineering Phishing Passwords 115

Anton on Security

OCTOBER 12, 2022

This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our fourth Threat Horizons Report ( full version ) that we just released ( the official blog for #1 report , my unofficial blog for #2 , my unofficial blog for #3 ).

Cybersecurity 246

Cybersecurity Malware Accountability Authentication 246

Security Boulevard

AUGUST 9, 2022

This blog is a follow-up to our recent publication which described the details of a large-scale phishing campaign targeting enterprise users of Microsoft email services. Beginning in mid-July 2022, ThreatLabz started observing instances of adversary-in-the-middle (AiTM) phishing attacks targeted towards enterprise users of Gmail.

Phishing 64

Phishing Authentication Passwords 64

Malwarebytes

DECEMBER 4, 2023

In October we reported that the data of as many as seven million 23andMe customers were for sale on criminal forums following a password attack against the genomics company. Because people often reuse passwords across accounts, cybercriminals buy those combinations and then use them to login on other services and platforms.

Passwords 114

Passwords Identity Theft Accountability Data breaches 114

SecureList

FEBRUARY 16, 2023

Short-lived phishing sites often offered to see the premieres before the eagerly awaited movie or television show was scheduled to hit the screen. At the beginning of that year, we still observed phishing attacks that used the themes of infection and prevention as the bait.

Phishing 97

Phishing Scams Accountability Energy and Utilities 97

Malwarebytes

JULY 23, 2021

The Dutch police announced that they arrested two Dutch citizens, aged 24 and 15, for developing and selling phishing panels. For cybercriminals that lacked the technical knowledge or means, the Fraud Family also offered to host the phishing sites and backend panels. 2FA bypass.

Phishing 114

Phishing Banking Password Management Scams 114

Duo's Security Blog

JUNE 12, 2023

Before we can discuss passkeys, we need to lay some groundwork and discuss authentication, Passwordless and WebAuthn. What is authentication? Authentication is the process of verifying your online identity. We started with usernames and passwords – something you know. It is MFA Phishing Resistant.

Authentication 119

Authentication Passwords Password Management Phishing 119

Identity IQ

AUGUST 14, 2023

Spam vs. Phishing: What’s the Difference? Among these threats, spam and phishing are two commonly misunderstood but distinct challenges. In this blog, we shed light on the differences between spam and phishing and provide valuable insights to help you avoid falling victim to these malicious activities What is Spam?

Phishing 52

Phishing Identity Theft Authentication Passwords 52

Duo's Security Blog

MAY 23, 2023

Your passwords are on the internet. Talks of passkeys, passphrases, and even password less all point in one direction: eroding faith in the previously trusty password tucked under your keyboard. These habits highlight the need for more modern password technology and stronger authentication methods.

Authentication 122

Authentication Passwords Data breaches Phishing 122

eSecurity Planet

AUGUST 16, 2021

A phishing campaign that Microsoft security researchers have been tracking for about a year highlights not only the ongoing success of social engineering efforts by hackers to compromise systems, but also the extent to which the bad actors will go to cover their tracks while stealing user credentials.

Phishing 107

Phishing Social Engineering Passwords Engineering 107