Duo's Security Blog

APRIL 20, 2023

Through the first two months of 2023 alone, the Australian Competition and Consumer Commission’s Scamwatch reported more than 19,000 phishing reports with estimated financial losses of more than $5.2 What is phishing? What is phishing? This is part of what makes phishing attacks so dangerous.

Phishing 91

Phishing Social Engineering Authentication Engineering 91

Security Boulevard

APRIL 18, 2023

Phishing attacks continue to be one of the most significant threats facing organizations today. As businesses increasingly rely on digital communication channels, cybercriminals exploit vulnerabilities in email, SMS, and voice communications to launch sophisticated phishing attacks.

Phishing 122

Phishing Social Engineering Education Retail 122

Pen Test Partners

FEBRUARY 14, 2024

October 2023’s Cyber Security Awareness Month led to a flurry of blog posts about a new attack called Quishing (QR Code phishing) and how new AI powered email gateways can potentially block these attacks. Currently, most initial access attempts are carried out with social engineering, commonly phishing. Why is that?

Phishing 66

Phishing Mobile Social Engineering Data breaches 66

Security Affairs

AUGUST 8, 2022

Communications company Twilio discloses a data breach after threat actors have stolen employee credentials in an SMS phishing attack. Communications company Twilio discloses a data breach, threat actors had access to the data of some of its customers. SecurityAffairs – hacking, data breach).

Data breaches 87

Data breaches Social Engineering Phishing Accountability 87

Security Affairs

APRIL 4, 2022

Threat actors gained access to internal tools of the email marketing giant MailChimp to conduct phishing attacks against crypto customers. During the weekend, multiple owners of Trezor hardware cryptocurrency wallets reported having received fake data breach notifications from Trezor, BleepingComputer first reported.

Phishing 116

Phishing Data breaches Cryptocurrency Social Engineering 116

The Last Watchdog

AUGUST 19, 2021

The attacker claims to have compromised an end-of-lifed GPRS system that was exposed to the internet and was able to pivot from it to the internal network, where they were able to launch a brute force authentication attack against internal systems. Could be phished credentials. Could be weak application security practices.

Mobile 306

Mobile Data breaches Authentication Accountability 306

Hot for Security

MARCH 29, 2021

Have you ever wondered why your email address and other information appeared in a data breach impacting a platform you never signed up for? That’s why email-validation services are an attractive target for cybercriminals looking for a fresh batch of email addresses for their next wave of social engineering attacks.

Data breaches 116

Data breaches Media Marketing Social Engineering 116

Security Affairs

SEPTEMBER 5, 2022

Cybersecurity firm Armorblox discovered a new phishing campaign aimed at American Express customers. Armorblox researchers uncovered a new phishing campaign that is targeting American Express customers. The phishing email, marked by Google as safe, was delivered to more than 16,000 users’ addresses. Pierluigi Paganini.

Phishing 97

Phishing Scams Social Engineering Password Management 97

Krebs on Security

JANUARY 30, 2024

Multiple trusted sources told KrebsOnSecurity that Sosa/King Bob was a core member of a hacking group behind the 2022 breach at Twilio , a company that provides services for making and receiving text messages and phone calls. 0ktapus often leveraged information or access gained in one breach to perpetrate another. According to an Aug.

Social Engineering 318

Social Engineering Mobile Cybercrime Passwords 318

Security Affairs

DECEMBER 17, 2023

.” At this time, we are not aware of any exposure to the data that customers store in MongoDB Atlas.” ” The US firm urges customers to be vigilant for social engineering and phishing attacks. However, the company states that the activity is not related to the security incident.

Social Engineering 118

Social Engineering Data breaches Cyber Attacks Accountability 118

Malwarebytes

OCTOBER 15, 2023

Cloud is known in the gaming world and, among other things, allows gamers to play resource heavy games on lower-end devices, The stolen data includes full customer names, email addresses, dates of birth, billing addresses, and credit card expiration dates. According to Shadow, no passwords or sensitive banking data have been compromised.

Data breaches 101

Data breaches Passwords Phishing Social Engineering 101

Security Boulevard

JUNE 26, 2023

Unfortunately, the increasing reliance on digital systems and capabilities has also attracted an ever-growing number of malicious actors seeking to defraud businesses through phishing , social engineering , or ransomware attacks. The end result of these types of cyber attacks are often highly public and damaging data breaches.

Data breaches 52

Data breaches Healthcare Telecommunications Financial Services 52

Approachable Cyber Threats

SEPTEMBER 24, 2022

Category News, Social Engineering. All of the attacks were carried out with relatively simple phishing and social engineering techniques. Phishing and poor password practices. The couple claimed that they were able to trick an employee into downloading malware from a phishing email. Risk Level.

Social Engineering 105

Social Engineering Authentication Engineering Phishing 105

Krebs on Security

AUGUST 30, 2022

A recent spate of SMS phishing attacks from one cybercriminal group has spawned a flurry of breach disclosures from affected companies, which are all struggling to combat the same lingering security threat: The ability of scammers to interact directly with employees through their mobile devices.

Mobile 291

Mobile Phishing Authentication Accountability 291

SecureWorld News

NOVEMBER 3, 2022

Dropbox recently announced it had been the target of a phishing attack that resulted in the threat actor(s) accessing some code the company had stored on GitHub. What happened in the Dropbox phishing attack? Like many persistent phishing campaigns, this eventually worked, and the threat actor copied 130 Dropbox code repositories.

Phishing 85

Phishing Passwords Social Engineering Accountability 85

SecureWorld News

JULY 31, 2020

Even the title of SecureWorld's first story about the incident had questions: "Famous Twitter Accounts Hacked: Insider Threat or Social Engineering Attack?". The hackers then used this level of account support to get through two-factor authentication (2FA) and access 130 widely followed Twitter accounts: Tweeting from 45.

Phishing 98

Phishing Cyber Attacks Social Engineering Accountability 98

Duo's Security Blog

MAY 23, 2023

Passwords are a weak point in modern-day secure authentication practices, with Verizon highlighting that almost 50% of breaches start with compromised credentials. In our previous two features, we covered the dangers of phishing (one method of credential compromise) and how to mitigate its impact on users.

Authentication 139

Authentication Passwords Data breaches Phishing 139

Duo's Security Blog

MAY 18, 2021

Verizon just released its 14th edition of the Verizon Data Breach Incident Report (DBIR) covering 2020’s foray into cybersecurity. Most of the top incident threats mirror last year’s report, with an increase in phishing, ransomware and credential theft in the wake of the worldwide pandemic and workforce’s rapid adoption of remote work.

Phishing 113

Phishing Social Engineering Data breaches Ransomware 113

CyberSecurity Insiders

JULY 21, 2021

The vast majority of cyberattacks rely on social engineering – the deception and manipulation of victims to coerce them into either opening malware or voluntarily providing sensitive information. Employees with the right training, on the other hand, have developed the right habits to help them spot and thwart cyberattacks.

Social Engineering 145

Social Engineering Password Management Passwords Phishing 145

CyberSecurity Insiders

APRIL 13, 2023

One of the main risks associated with ChatGPT is the potential for data breaches. These chatbots can be vulnerable to attacks that allow unauthorized access to sensitive data, such as customer information or financial records. Another risk associated with ChatGPT is the potential for social engineering attacks.

Risk 82

Risk Artificial Intelligence Social Engineering Engineering 82

Security Affairs

JUNE 4, 2023

Xplain hack impacted the Swiss cantonal police and Fedpol Zyxel published guidance for protecting devices from ongoing attacks Kimsuky APT poses as journalists and broadcast writers in its attacks New Linux Ransomware BlackSuit is similar to Royal ransomware CISA adds Progress MOVEit Transfer zero-day to its Known Exploited Vulnerabilities catalog (..)

Spyware 86

Spyware Hacking Malware Social Engineering 86

Security Affairs

NOVEMBER 29, 2023

In October, the Cloud identity and access management solutions provider said that threat actors broke into its support case management system and stole authentication data, including cookies and session tokens, that can be abused in future attacks to impersonate valid users. ” continues the update.

Social Engineering 107

Social Engineering Authentication Engineering Accountability 107

Security Affairs

SEPTEMBER 3, 2023

ransomware builder used by multiple threat actors Cisco fixes 3 high-severity DoS flaws in NX-OS and FXOS software Cybercrime Unpacking the MOVEit Breach: Statistics and Analysis Cl0p Ups The Ante With Massive MOVEit Transfer Supply-Chain Exploit FBI, Partners Dismantle Qakbot Infrastructure in Multinational Cyber Takedown U.S.

Social Engineering 106

Social Engineering Spyware Data breaches Surveillance 106

Thales Cloud Protection & Licensing

OCTOBER 24, 2022

Data breaches damage trust. Thales has worked together with the University of Warwick to produce the 2022 Consumer Trust Index survey, which includes some interesting findings: 33% of consumers globally have become victims of a data breach. Who most trusts digital platforms to hold and process personal data?

Security Awareness 71

Security Awareness Data breaches Social Engineering Phishing 71

CyberSecurity Insiders

APRIL 10, 2023

“In the current digital landscape, identity security has gained paramount importance due to the growing cyber risks posed by phishing and social engineering attacks utilizing AI. This lessens the possibility of data breaches and helps prevent unwanted access.

Identity Theft 105

Identity Theft Education Authentication Data breaches 105

CyberSecurity Insiders

APRIL 16, 2023

Latest email security trends Phishing and spear-phishing attacks: Phishing is a type of social engineering attack where cybercriminals use deceptive emails to trick recipients into divulging sensitive information or downloading malware. These attacks often rely on social engineering tactics and email spoofing.

Cyber threats 124

Cyber threats Phishing Encryption Small Business 124

Appknox

JUNE 23, 2022

Thus, these Australian attacks significantly contribute to the rising trend in socially engineered attacks. Cryptocurrency and NFT attacks are rising as decentralized finance, and digital art assets become sophisticated socially engineered threats. Common Trends Among the Australian Mobile Threats.

Social Engineering 92

Social Engineering Mobile Scams Engineering 92

Malwarebytes

OCTOBER 9, 2023

In other words, cybercriminals succeeded in getting access to a number of 23andMe accounts where users had used the same password on both 23andMe and a website that had suffered a data breach. As 23andMe says in its own blog post, "Since 2019 we’ve offered and encouraged users to use multi-factor authentication."

Passwords 134

Passwords Accountability Scams Social Engineering 134

Duo's Security Blog

FEBRUARY 16, 2022

Retail’s great “digital transformation” sped up, as did the number of data breaches impacting retail. The costs that follow a data breach are trending upward year over year. Data breach costs rose from $3.86 million, according to IBM and the Ponemon Institute’s Cost of Data Breach Report 2021.

Retail 100

Retail Cybersecurity Data breaches Passwords 100

Security Affairs

MAY 12, 2023

What started as notes from Nigerian princes that needed large sums of money to help them get home has evolved into bad actors that use refined social engineering tactics to convince the receiver to unknowingly share important information. In 2022, email phishing attacks made up 24% of all spam emails — up from 11% in 2021.

Phishing 88

Phishing Social Engineering Small Business B2B 88

SecureWorld News

AUGUST 29, 2023

While the exact nature of the exposed data is not specified, it is noteworthy that user passwords and client funds remained secure, as neither FTX nor BlockFi's systems were directly breached. Following the breach, reports emerged of phishing attempts targeting individuals associated with the affected crypto companies.

Cryptocurrency 82

Cryptocurrency Phishing Social Engineering Accountability 82

CyberSecurity Insiders

DECEMBER 20, 2021

Given the prominence of third-party data breaches, supply chains can’t afford to assume any device, network or user is secure. They must restrict data as much as possible and verify identities at every step. Studies show that regular education leads to a ninefold reduction in phishing vulnerability.

Data breaches 143

Data breaches Social Engineering Education Password Management 143

Security Affairs

OCTOBER 29, 2022

In the June incident, a Twilio employee was socially engineered through voice phishing (or “vishing”) to provide their credentials, and the malicious actor was able to access customer contact information for a limited number of customers.” ” reads the update to the incident report provided by the company.

Social Engineering 103

Social Engineering Phishing Authentication Hacking 103

Security Affairs

JUNE 29, 2021

The exposed records include email addresses full names, phone numbers, physical addresses, geolocation records, LinkedIn username and profile URL, personal and professional experience/background, genders, and other social media accounts and usernames. Passwords are not included in the archive. ” reported RestorePrivacy.

Identity Theft 144

Identity Theft Social Engineering Media Hacking 144

SecureWorld News

NOVEMBER 8, 2023

Social engineering attacks have long been a threat to businesses worldwide, statistically comprising roughly 98% of cyberattacks worldwide. Given the much more psychologically focused and methodical ways that social engineering attacks can be conducted, it makes spotting them hard to do.

Social Engineering 90

Social Engineering Engineering Cyber Attacks Artificial Intelligence 90

CyberSecurity Insiders

FEBRUARY 7, 2022

According to the Allianz Risk Barometer , this year companies are worried about the threat of ransomware attacks, data breaches and IT outages – even more than business and supply chain disruption, natural disasters or the Covid-19 pandemic. The rise of cyber-attacks and phishing. Maintaining compliance.

Internet 94

Internet Internet Data breaches Phishing 94

CyberSecurity Insiders

JUNE 7, 2023

Threats are also growing, with 40 percent of data breaches involving stolen credentials, according to the 2022 Verizon Data Breach Investigation Report. As technology continues to advance and digital interactions multiply, the importance and prevalence of digital identities will also expand.

Risk 118

Risk Artificial Intelligence Technology Digital transformation 118