Troy Hunt

NOVEMBER 14, 2018

Last week I wrote a couple of different pieces on passwords, firstly about why we're going to be stuck with them for a long time yet and then secondly, about how we all bear some responsibility for making good password choices. This week, I wanted to focus on going beyond passwords and talk about 2FA. It's a subset of MFA.

Passwords 259

Passwords Authentication Accountability Mobile 259

Security Affairs

NOVEMBER 27, 2020

The global impact of the Fortinet 50.000 VPN leak posted online, with many countries impacted, including Portugal. A compilation of one-line exploit tracked as CVE-2018-13379 and that could be used to steal VPN credentials from nearly 50.000 Fortinet VPN devices has posted online. Affected Products FortiOS 6.0 – 6.0.0

VPN 136

VPN Banking Passwords Malware 136

LRQA Nettitude Labs

MARCH 27, 2024

Direct access to the corporate network through a Virtual Private Network (VPN) or graphical access to a Virtual Desktop Infrastructure (VDI) host is unusual, meaning that in order to interact with internal corporate websites, operators must tunnel traffic from their systems to the internal network, through the in-memory implant.

Authentication 95

Authentication Passwords VPN Accountability 95

Identity IQ

MAY 2, 2023

What are the Benefits of a Password Manager? IdentityIQ Passwords are essential when keeping your information safe on your devices. But unfortunately, many people use weak or the same password, making it easy for hackers to crack them. Research shows that 52% of people reuse passwords for multiple accounts.

Password Management 52

Password Management Passwords Identity Theft Accountability 52

Malwarebytes

AUGUST 28, 2023

The Cisco Product Security Incident Response Team (PSIRT) has posted a blog about Akira ransomware targeting VPNs without Multi-Factor Authentication (MFA). The Cisco team states that it is aware of reports of the Akira ransomware group going specifically after Cisco VPNs that are not configured for MFA.

Ransomware 86

Ransomware VPN Passwords Backups 86

Heimadal Security

OCTOBER 14, 2022

MFA, or multi-factor authentication, is a security technique that requires users to verify their identities by offering multiple forms of identification before being granted access to a resource such as an application, online account, website, or VPN. appeared first on Heimdal Security Blog.

VPN 98

VPN Authentication Passwords Accountability 98

Webroot

APRIL 2, 2024

A brute force attack is a cyber attack where the attacker attempts to gain unauthorized access to a system or data by systematically trying every possible combination of passwords or keys. There are many already leaked password lists that are commonly used, and they grow after every breach. What is a Brute Force Attack?

Cybersecurity 83

Cybersecurity Passwords VPN Authentication 83

Krebs on Security

NOVEMBER 21, 2020

. “A domain hosting provider ‘GoDaddy’ that manages one of our core domain names incorrectly transferred control of the account and domain to a malicious actor,” Liquid CEO Kayamori said in a blog post. Restrict VPN access hours, where applicable, to mitigate access outside of allowed times.

Cryptocurrency 363

Cryptocurrency VPN Scams Social Engineering 363

Krebs on Security

MARCH 23, 2022

In a blog post published Mar. For a fee, the willing accomplice must provide their credentials and approve the MFA prompt or have the user install AnyDesk or other remote management software on a corporate workstation allowing the actor to take control of an authenticated system.

Social Engineering 295

Social Engineering Accountability Mobile Passwords 295

Troy Hunt

APRIL 6, 2020

That email would have been a reply to one you originally sent to me that would have sounded something like this: Hi, I came across your blog on [thing] and I must admit, it was really nicely written. I also have an article on [thing] and I think it would be a great addition to your blog. On a popular blog. Just the title.

Advertising 294

Advertising VPN Internet Internet 294

Thales Cloud Protection & Licensing

MAY 13, 2024

Multi-Factor Authentication: the mandatory first step for organizations moving to the cloud. But there is one simple solution to drastically reduce the risk of account take-over: enable Multi-Factor Authentication. markets.

Authentication 62

Authentication Phishing Marketing Cloud Migration 62

Duo's Security Blog

APRIL 7, 2021

Those wonderful words of ‘Denied Access’ appear in your browser; you need to connect to the corporate VPN to access your pay stub. If you are like me, you sigh, and put your machine to sleep because the workflow for your VPN requires far too much effort for something that should be a simple and quick process.

VPN 53

VPN Password Management Authentication Architecture 53

Webroot

FEBRUARY 26, 2024

They’ll try to sweet-talk you into clicking on suspicious links or divulging sensitive information like passwords or credit card details. Your 7 tips to stay safe online Use strong passwords Let’s kick things off with the basics. Remember: real companies don’t ask for your personal data via email. Stay safe out there!

Scams 99

Scams VPN Passwords Phishing 99

Duo's Security Blog

DECEMBER 12, 2023

In this blog, see the depth of Duo integrations with various AWS applications and services, and learn how you can better equip your organization with security that frustrates the attackers and not the users. Most AWS services leverage AWS Identity and Access Management (IAM) or AWS Identity Center to authenticate users. Did you know?

Data breaches 82

Data breaches Authentication Passwords Risk 82

Krebs on Security

APRIL 6, 2022

Microsoft blogged about its attack at the hands of LAPSUS$, and about the group targeting its customers. “They would just keep jamming a few individuals to get [remote] access, read some onboarding documents, enroll a new 2FA [two-factor authentication method] and exfiltrate code or secrets, like a smash-and-grab,” the CXO said.

Social Engineering 251

Social Engineering Phishing Engineering Accountability 251

eSecurity Planet

MARCH 11, 2024

March 4, 2024 JetBrains Server Issues Continue with New Vulnerabilities Type of vulnerability: Authentication bypass. The problem: Two authentication bypass vulnerabilities, CVE-2024-27198 and CVE-2024-27199 , allow unauthenticated attackers to exploit JetBrains TeamCity servers. The fix: Deploy JetBrains TeamCity version 2023.11.4

Authentication 107

Authentication Software VPN Security Defenses 107

Duo's Security Blog

JANUARY 27, 2022

Not all multi-factor authentication (MFA) solutions are equal. For a two-factor authentication solution, that may include hidden costs, such as upfront, capital, licensing, support, maintenance, and operating costs. Estimate and plan for how much it will cost to deploy multi-factor authentication to all of your apps and users.

Authentication 67

Authentication Software Mobile Passwords 67

Krebs on Security

OCTOBER 21, 2019

Antivirus and security giant Avast and virtual private networking (VPN) software provider NordVPN each today disclosed months-long network intrusions that — while otherwise unrelated — shared a common cause: Forgotten or unknown user accounts that granted remote access to internal systems with little more than a password.

Accountability 135

Accountability VPN Software Antivirus 135

Duo's Security Blog

MAY 5, 2022

Do you remember all the passwords to your various accounts and profiles? How many times have you forgotten your login details, attempted to reset your password, and faced the painful reminder, ‘your new password cannot be the same as previous’?

Passwords 72

Passwords Password Management Authentication Risk 72

Javvad Malik

NOVEMBER 11, 2021

Cloud usage has increased, we’ve seen VPN’s crop up everywhere, and the shiny hotness that is MFA (multi factor authentication). At the beginning of lockdown, we saw phishing emails which claimed to be from IT asking unwitting staff to download the latest VPN. Spoiler alert, it wasn’t a VPN.

VPN 100

VPN Authentication Passwords Scams 100

Security Affairs

APRIL 24, 2023

“With this level of detail, impersonating network or internal hosts would be far simpler for an attacker, especially since the devices often contain VPN credentials or other easily cracked authentication tokens.” ” concludes the report.

Hacking 87

Hacking VPN Marketing Authentication 87

Security Affairs

JUNE 8, 2022

“Upon gaining an initial foothold into a telecommunications organization or network service provider, PRC state-sponsored cyber actors have identified critical users and infrastructure including systems critical to maintaining the security of authentication, authorization, and accounting. Enforce MFA on all VPN connections [ D3-MFA ].

Telecommunications 92

Telecommunications Authentication Passwords Accountability 92

Krebs on Security

SEPTEMBER 2, 2021

For the past three years, the source — we’ll call him “Bill” to preserve his requested anonymity — has been watching one group of threat actors that is mass-testing millions of usernames and passwords against the world’s major email providers each day.

Accountability 301

Accountability Authentication Passwords Hacking 301

Security Affairs

APRIL 8, 2022

Authentication. Two-factor authentication is another important security measure for the cloud era. This means that in addition to your password, you will also need a second factor, such as a code from a key fob or a fingerprint, to access your data. Increasingly, passwordless authentication is becoming the norm.

Cybersecurity 93

Cybersecurity Passwords Penetration Testing Encryption 93

eSecurity Planet

SEPTEMBER 5, 2023

Unpatched devices can give attackers privileged access to networks, particularly those set up as VPN virtual servers, ICA proxies, RDP proxies, or AAA servers. It is suspected that the Akira ransomware organization used an undisclosed weakness in Cisco VPN software to evade authentication.

VPN 103

VPN Authentication Ransomware Antivirus 103

Webroot

OCTOBER 22, 2021

The most popular options include virtual private network (VPN) or remote desktop protocol (RDP). VPN works by initiating a secure connection over the internet through data encryption. One downside of using a VPN connection involves vulnerability. Two-factor authentication. This is where length of strength comes into play.

VPN 111

VPN Penetration Testing Education Security Awareness 111

Duo's Security Blog

MAY 13, 2024

Secure authentication isn’t fun, but you put up with it as part of your day because you know it’s keeping you safer. That’s why we’re so excited to bring to market Duo Passport — a new capability that drives secure, seamless access to all the permitted applications with just one interactive authentication.

Authentication 65

Authentication VPN Healthcare Risk 65

Duo's Security Blog

MARCH 9, 2022

Together these practices — which include multi-factor authentication (MFA), restricting administrative privileges and daily backups — provide a clear framework for businesses anywhere that are looking to improve their foundational security footing , as we’ve previously noted on the Duo Blog.

Cybersecurity 66

Cybersecurity Authentication Passwords VPN 66

Security Affairs

MAY 2, 2022

Opportunistic employees in sensitive positions can abuse network privileges to obtain sensitive information, use weak passwords, or accidentally respond to phishing. Turn off automatic connections to route each device via your VPN-secured WiFi router. Secure Your Network with a VPN. And so, the data breaches keep getting bigger.

IoT 123

IoT Cybersecurity VPN Internet 123

Duo's Security Blog

MARCH 6, 2024

In this attack method, a small number of commonly used passwords are tried over many user accounts in succession. Over authentication data from 2023, we analyzed any IPs meeting the conditions of at least 100 authentication attempts to RDP applications over at least 3 organizations deploying Duo, with at least a 70% rate of failure.

Authentication 137

Authentication Accountability VPN Passwords 137

Webroot

FEBRUARY 15, 2024

Use strong and unique passwords Passwords are your first line of defense to protecting your online accounts from hackers. That’s why your passwords should be strong : at least eight characters long with a combination of uppercase and lowercase letters, numbers, and symbols. Password management to keep your credentials safe.

Identity Theft 73

Identity Theft Banking Scams Passwords 73

Duo's Security Blog

AUGUST 1, 2022

focuses on developing stronger authentication requirements around NIST Zero Trust Architecture guidelines. now mandates that multi-factor authentication (MFA) must be used for all accounts that have access to the cardholder data, not just administrators accessing the cardholder data environment (CDE). DarkReading reports PCI DSS 4.0

Authentication 78

Authentication Passwords Accountability VPN 78

Thales Cloud Protection & Licensing

JANUARY 7, 2021

This blog will introduce access management evaluation criteria guidelines and discuss what features you should look for and what vendors to consider for your next employee access management solution. Password-based app access: convenient but risky. Cloud-based access management and authentication. FIDO Authentication.

Authentication 62

Authentication VPN Passwords Risk 62

Duo's Security Blog

JANUARY 11, 2023

This means that the DNG now enables users to access on-premises shares, without requiring a full VPN connection. It also eliminates the need for full VPN and avoids exposing those applications directly to the internet. Then it verifies user identity with advanced multi-factor authentication (MFA). What is Duo Network Gateway?

VPN 94

VPN Firewall Authentication Internet 94

Hackology

DECEMBER 26, 2023

After allowing password sharing for years, Netflix has recently changed its policy. The password sharing is now only allowed for a single physical household. Since its initial years, Netflix encouraged password sharing with your friends and family, which allowed them to generate a strong user base. What is Tailscale VPN?

VPN 64

VPN Accountability Internet Internet 64

Webroot

JUNE 13, 2022

Password integrity: Develop a password that is difficult to predict. Use a password generator , enable two-factor authentication (2FA) as much as possible and don’t reuse passwords from multiple logins. Staying resilient against ongoing threats means adopting important ways of protecting our personal information.

Education 127

Education Passwords VPN Risk 127

Security Affairs

NOVEMBER 17, 2021

Learn more from this blog summarizing these trends, as presented at #CyberWarCon : [link] — Microsoft Security Intelligence (@MsftSecIntel) November 16, 2021. “In the early part of 2021, PHOSPHORUS actors scanned millions of IPs on the internet for Fortinet FortiOS SSL VPN that were vulnerable to CVE-2018-13379.

VPN 97

VPN Social Engineering Accountability Media 97