Duo's Security Blog

OCTOBER 13, 2023

Multi-factor Authentication (MFA) protects your environment by guarding against password weaknesses with strong authentication methods. In today’s blog, we’re unpacking why MFA is a cornerstone topic in this year’s Cybersecurity Awareness Month and how it can keep your organization safe from potentially devastating cyber attacks.

Authentication 145

Authentication Accountability Passwords Mobile 145

The Last Watchdog

AUGUST 29, 2023

Here’s what you should know about the risks, what aviation is doing to address those risks, and how to overcome them. It is difficult to deny that cyberthreats are a risk to planes. Risks delineated Still, there have been many other incidents since. Fortunately, there are ways to address the risks.

Software 264

Software Risk Artificial Intelligence Cyber Attacks 264

The Last Watchdog

FEBRUARY 5, 2024

One critical issue faced by organizations that rely on Exchange Server is the risk of a corrupt Exchange Server database cropping up. Navigating new risks Today, heavy reliance on cloud-centric IT infrastructure and cloud-hosted applications has become the norm. Here are a few ‘dos:’ •Rigorous vulnerability management.

Risk 264

Risk Backups Software Education 264

Duo's Security Blog

JUNE 8, 2023

Some of it is positive, but the general consensus is that people don’t love multi-factor authentication (MFA); they see it as a necessary evil at best. They’ve seen it drive down incidents and help desk tickets, reduce their risks, and make compliance programs a lot easier. See the video at the blog post.

Authentication 144

Authentication VPN System Administration Engineering 144

Thales Cloud Protection & Licensing

NOVEMBER 26, 2024

Protecting Retailers Against Cyber Risks on Black Friday and Cyber Monday josh.pearson@t… Tue, 11/26/2024 - 08:01 As Black Friday and Cyber Monday loom, the stakes for retailers extend far beyond enticing deals and record sales. trillion, the risk of a data breach extends beyond immediate financial losses. trillion and $5.28

Retail 71

Retail Cyber Risk Risk DDOS 71

The Last Watchdog

MARCH 1, 2023

The IT world relies on digital authentication credentials, such as API keys, certificates, and tokens, to securely connect applications, services, and infrastructures. The increasing prevalence of code and services means that software- and code-related risks will not dissipate any time soon.

Authentication 222

Authentication CISO Software Passwords 222

Duo's Security Blog

APRIL 3, 2025

While the enforcement of multi-factor authentication (MFA) makes logging in more secure, it inevitably runs the risk of adding steps to a process users already find annoying. While this may avoid authentication fatigue, it certainly risks and may even violate some security standards.

Authentication 52

Authentication Passwords Risk VPN 52

The Last Watchdog

MAY 5, 2022

Let’s walk through some practical steps organizations can take today, implementing zero trust and remote access strategies to help reduce ransomware risks: •Obvious, but difficult – get end users to stop clicking unknown links and visiting random websites that they know little about, an educational challenge. Best practices.

Ransomware 247

Ransomware Risk Internet Internet 247

The Last Watchdog

SEPTEMBER 24, 2024

This drives public awareness of the risks associated with identity theft. Online credit bureaus, like Equifax, Experian, and TransUnion, often see an uptick in new users after breaches because consumers realize the potential risks to their financial well-being and identity.

Authentication 216

Authentication Identity Theft Banking Data breaches 216

IT Security Guru

FEBRUARY 25, 2025

A prime example is multi-factor authentication (MFA), a security process that requires users to verify their identity in two or more ways, such as a password, a code sent to their phone, or a fingerprint. Advanced authentication systems can analyse contextual factors, like location, device, and login behaviour, to detect anomalies.

Social Engineering 118

Social Engineering Authentication Risk Accountability 118

Security Affairs

NOVEMBER 2, 2024

is an inadequate authentication mechanisms that could allow an attacker to access sensitive information like usernames, MD5 password hashes, and configuration data. Attackers can also trigger flaws to extract network details to infiltrate connected systems, increasing the risk of data breaches and ransomware attacks.

Firmware 123

Firmware Manufacturing IoT Healthcare 123

Malwarebytes

NOVEMBER 24, 2023

Researchers have found several weaknesses in Windows Hello fingerprint authentication on Dell Inspiron 15, Lenovo ThinkPad T14, and Microsoft Surface Pro X laptops. They found vulnerabilities that allowed them to completely bypass Windows Hello authentication on all three. The input has to be authenticated.

Authentication 141

Authentication Manufacturing Engineering Hacking 141

NetSpi Technical

NOVEMBER 14, 2024

It focuses on distilling data related to shares configured with excessive privileges to better understand their relationships and risk. For those interested in the previous PowerHuntShares release, here is the blog and presentation. Risk Scoring “Be honest, how bad is it?” Let the pseudo-TLDR/release notes begin!

Passwords 145

Passwords Risk Data collection Backups 145

Security Affairs

NOVEMBER 5, 2024

is an inadequate authentication mechanisms that could allow an attacker to access sensitive information like usernames, MD5 password hashes, and configuration data. Attackers can also trigger flaws to extract network details to infiltrate connected systems, increasing the risk of data breaches and ransomware attacks.

Firmware 127

Firmware Manufacturing Authentication IoT 127

Duo's Security Blog

OCTOBER 23, 2024

Available now in all paid Duo subscriptions The launch of Duo Mobile in the early 2010s changed how businesses enabled secure authentication. Other means of authentication outside of smartphones — hardware tokens, phone call authentication, SMS, etc. have proven to be either antiquated, expensive or vulnerable.

Authentication 116

Authentication Manufacturing Mobile Risk 116

Krebs on Security

AUGUST 30, 2022

The missives asked users to click a link and log in at a phishing page that mimicked their employer’s Okta authentication page. Those who submitted credentials were then prompted to provide the one-time password needed for multi-factor authentication. Image: Cloudflare.com. ” On July 28 and again on Aug. In an Aug.

Mobile 342

Mobile Phishing Authentication Accountability 342

Duo's Security Blog

MAY 2, 2024

We are excited to have partnered closely with Microsoft in the co-development of Microsoft Entra ID External Authentication Methods, available in Public Preview May 2024! External Authentication Methods (EAM) enables frictionless integration of Duo’s full security feature set.

Authentication 144

Authentication Phishing Passwords Risk 144

Security Boulevard

MARCH 21, 2025

Check out key findings and insights from the Tenable Cloud AI Risk Report 2025. 1 - Tenable: Orgs using AI in the cloud face thorny cyber risks Using AI tools in cloud environments? 1 - Tenable: Orgs using AI in the cloud face thorny cyber risks Using AI tools in cloud environments?

Risk 69

Risk IoT Cybersecurity Manufacturing 69

Duo's Security Blog

JUNE 15, 2023

Third party security risk is an issue that frequently comes up in my discussions with clients. Meanwhile, Prevalent noted that companies are currently big on exposure but small on preparation, with a staggering 45% still relying on manual spreadsheets to assess third party risk. Control the risk. How simple is the solution?

Risk 145

Risk Authentication Phishing Insurance 145

Duo's Security Blog

SEPTEMBER 5, 2024

Without an accurate user inventory, it becomes difficult to identify and mitigate security risks. ISPM involves continuously monitoring and analyzing identities, access rights and authentication processes across your entire ecosystem to inform the current identity security posture. Why are dormant accounts a risk?

Accountability 142

Accountability Risk Authentication Passwords 142

Duo's Security Blog

MARCH 25, 2025

This innovative approach helps organizations manage user-related risks more efficiently by assigning trust levels based on a comprehensive evaluation of user behavior and context. The User Trust Level is a dynamic assessment of risk associated with each user in your organization. The algorithm first sets out a framework of risk types.

Risk 59

Risk Accountability Threat Detection Firewall 59

Security Boulevard

MAY 15, 2025

API testing can fall into lots of different categories, even if only focusing on security testing of APIs: Each of these categories of tests will check for a different set of security risks. And it may be important to run these tests either as a completely external user, modeling an anonymous threat actor, or as a valid authenticated user.

Internet 52

Internet Internet Data breaches Authentication 52

Heimadal Security

SEPTEMBER 7, 2023

They can be exploited remotely and without authentication, potentially leading to remote code execution, service interruptions, and unauthorized operations on the […] The post Vulnerabilities Uncovered: Critical Remote Code Execution Risks in ASUS Routers appeared first on Heimdal Security Blog. score of 9.8 out of 10.0.

Risk 119

Risk Authentication Cybersecurity 119

The Last Watchdog

JULY 11, 2024

Related: Passwordless workpace long way off However, as users engage with more applications across multiple devices, the digital security landscape is shifting from passwords and password managers towards including passwordless authentication, such as multi-factor authentication (MFA), biometrics, and, as of late, passkeys.

Authentication 124

Authentication Passwords Malware Accountability 124

Krebs on Security

DECEMBER 4, 2018

I asked if this notice had been sent to everyone, and inquired whether ShareFile offers any form(s) of multi-factor authentication options that customers could use to supplement the security of passwords. Our objective was to minimize the risk to our customers. ET: Citrix just published its own blog post about this here.

Passwords 265

Passwords Authentication Accountability Password Management 265

Malwarebytes

OCTOBER 6, 2023

Recently, Amazon announced that it will require all privileged Amazon Web Services (AWS) accounts to use multi-factor authentication (MFA) , starting in mid-2024. Multi-factor authentication is so much more secure, and with that a lot more forgiving, than passwords alone. So we wholeheartedly agree with Amazon on this.

Authentication 137

Authentication Passwords Accountability Social Engineering 137

IT Security Guru

JUNE 13, 2024

These attackers appear to be using the stolen GitHub credentials of users who have not enabled two-factor authentication (2FA). Our data shows that between 93-97% of OX Security users have activated two-factor authentication (2FA), which helps keep accounts, data, and secrets private.

Backups 134

Backups Authentication Data breaches Social Engineering 134

The Last Watchdog

APRIL 22, 2025

security professionals, highlighting a few worrisome findings: Deepfake risks increasingly target vulnerable board members and executives. Typically, the attacker collects authentic media samples of their target, including still images, videos, and audio clips, to train the deep learning model.

Authentication 100

Authentication Social Engineering Technology Media 100

CyberSecurity Insiders

JANUARY 15, 2023

billion users have been put to risk because of a vulnerability in Google Chrome and chromium browsers. Imperva Red issued a blog update on this note and essayed that hackers could induce a ‘Symlink-Symbolic Link’ into the directory that allows the OS to treat it as a file linked to a location in directory, which is not in reality.

Risk 140

Risk Authentication Software Cybersecurity 140

Malwarebytes

APRIL 28, 2025

Ive lost count of how many blogs Ive written about stalkerware -type apps that not only exposed the people they spied on but also ended up exposing the spies themselves. Enable two-factor authentication (2FA). Some forms of two-factor authentication (2FA) can be phished just as easily as a password.

Passwords 100

Passwords Phishing Spyware Password Management 100

Malwarebytes

MAY 2, 2025

The alternative: passkeys Passkeys are an alternative, more modern authentication method designed to replace passwords with a safer, simpler alternative. This blog post will try to explain what passkeys are, how to use them, and why they are better than passwords, helping you embrace this next step in online security. And its faster.

Passwords 97

Passwords Password Management Authentication Accountability 97

Duo's Security Blog

MAY 28, 2025

The Duo difference: End-to-end phishing resistance For too long, defenders have focused solely on login protection with multi-factor authentication (MFA). Organizations also need tools to continuously monitor and respond to changes in identity risk. Proactive Security Insights: Stay ahead of risks with actionable recommendations.

Social Engineering 126

Social Engineering Engineering Phishing Marketing 126

Duo's Security Blog

FEBRUARY 13, 2025

In one of their documented cases, an organization reported that 13 million authentication attempts were made in 24 hours against known accounts. In the case of password spray, looking for startling increase in authentication traffic can be vital.

Authentication 80

Authentication Accountability Passwords Risk 80

Jane Frankland

FEBRUARY 7, 2025

But as a CISO or cyber risk owner, it’s not just about locking down sensitive informationits about doing it without slowing down your people. This is where the real opportunity lies, and what Im exploring in this blog. For CISOs and cyber risk owners, this isnt just a riskits a gamble no one can afford to take.

Cyber Risk 130

Cyber Risk CISO Risk Encryption 130

Krebs on Security

FEBRUARY 8, 2021

Perhaps the biggest selling point for U-Admin is a module that helps phishers intercept multi-factor authentication codes. Qbot) — to harvest one-time codes needed for multi-factor authentication. 2020 blog post on an ongoing Qakbot campaign that was first documented three months earlier by Check Point Research. .

Phishing 341

Phishing Scams Banking Mobile 341

eSecurity Planet

DECEMBER 4, 2024

David Weston, VP of enterprise and OS security, said in a blog post , “We are committed to ensuring that Windows remains the most reliable and resilient open platform for our customers.” The new “Smart App Control” feature will reduce the risk of malicious software infiltrating systems by ensuring only verified apps can run on the PC.

Encryption 107

Encryption Phishing Authentication Passwords 107

Adam Shostack

JANUARY 2, 2025

The board has clearly given Microsoft the benefit of the doubt, pushed them to correct visible failings like the blog post, and (reading between the lines) pushed them to reach a conclusion about the breakin. Running 46 parallel teams is an interesting approach, with some risks of silos. Page iv) [Happy to help all y'all!]

Government 130

Government Risk Authentication Technology 130