Duo's Security Blog

DECEMBER 21, 2021

The Remote Desktop Protocol (RDP) feature for the Duo Network Gateway prompts users to authenticate only when necessary, instead of first having them try and fail, forcing them to try again after logging into the company’s virtual private network (VPN). Otherwise, the DNG stays out of the way.

VPN 67

VPN Authentication DNS Architecture 67

Krebs on Security

AUGUST 19, 2020

But one increasingly brazen group of crooks is taking your standard phishing attack to the next level, marketing a voice phishing service that uses a combination of one-on-one phone calls and custom phishing sites to steal VPN credentials from employees. The employee phishing page bofaticket[.]com. Image: urlscan.io. ” SPEAR VISHING.

Phishing 354

Phishing VPN Social Engineering Media 354

Krebs on Security

NOVEMBER 21, 2020

In response to questions from KrebsOnSecurity, GoDaddy acknowledged that “a small number” of customer domain names had been modified after a “limited” number of GoDaddy employees fell for a social engineering scam. Restrict VPN access hours, where applicable, to mitigate access outside of allowed times.

Cryptocurrency 363

Cryptocurrency VPN Scams Social Engineering 363

Krebs on Security

FEBRUARY 26, 2023

GoDaddy described the incident at the time in general terms as a social engineering attack, but one of its customers affected by that March 2020 breach actually spoke to one of the hackers involved. But we do know the March 2020 attack was precipitated by a spear-phishing attack against a GoDaddy employee.

Hacking 260

Hacking Social Engineering Phishing Scams 260

Krebs on Security

JUNE 15, 2023

The directive applies to any networking devices — such as firewalls, routers and load balancers — that allow remote authentication or administration. The researchers found that just being able to reach the management interface for a vulnerable Fortinet SSL VPN appliance was enough to completely compromise the devices.

Risk 206

Risk VPN Internet Internet 206

Malwarebytes

OCTOBER 24, 2022

Cisco has published a security advisory for a vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) that could allow an authenticated, remote attacker to read and delete files on an affected device. The bug, with a CVSS score of 7.1 has no patch and no workaround. in January, 2023.

VPN 80

VPN Authentication Engineering Internet 80

Security Affairs

OCTOBER 21, 2023

Okta says that threat actors broke into its support case management system and stole authentication data, including cookies and session tokens, that can be abused in future attacks to impersonate valide users. HAR files can also contain sensitive data, including authentication information. ” concludes the advisory.

Social Engineering 119

Social Engineering Data breaches Authentication VPN 119

Malwarebytes

FEBRUARY 28, 2023

After this, the attacker was able to wait until the employee entered their master password and authenticated themselves with multi-factor authentication. The attacker was able to access the DevOps engineer’s LastPass corporate vault. Use a VPN to connect to the office network. LastPass supports several kinds of MFA.

VPN 93

VPN Media Backups Passwords 93

Security Affairs

JANUARY 13, 2024

Akira ransomware targets Finnish organizations GitLab fixed a critical zero-click account hijacking flaw Juniper Networks fixed a critical RCE bug in its firewalls and switches Vast Voter Data Leaks Cast Shadow Over Indonesia ’s 2024 Presidential Election Researchers created a PoC for Apache OFBiz flaw CVE-2023-51467 Team Liquid’s wiki leak exposes (..)

VPN 110

VPN Cybercrime Ransomware Hacking 110

Security Affairs

AUGUST 21, 2020

Voice phishing is a form of criminal phone fraud, using social engineering over the telephone system to gain access to private personal and financial information for the purpose of financial reward. . “The actors then convinced the targeted employee that a new VPN link would be sent and required their login, including any 2FA or OTP.”

Social Engineering 121

Social Engineering VPN Phishing Authentication 121

Cisco Security

NOVEMBER 9, 2021

Over the last several months, our teams from product, design and engineering have come together to make trusted access as frictionless as possible for end-users by getting out of the way of the employees and their jobs, at the same time enhancing the security of the workflows. The New Duo Authentication Experience . is helpful.

VPN 110

VPN Authentication Digital transformation Technology 110

Security Affairs

JANUARY 18, 2024

Citrix NetScaler ADC and NetScaler Gateway contain a code injection vulnerability that allows for authenticated remote code execution on the management interface with access to NSIP, CLIP, or SNIP. The vulnerability CVE-2023-6548 is an authenticated (low privileged) remote code execution affecting Management Interface.

Authentication 119

Authentication VPN Software Engineering 119

eSecurity Planet

APRIL 15, 2024

Threats range from severe weaknesses in Ivanti’s VPN appliances to zero-day exploits in popular software such as Palo Alto Networks’ PAN-OS and Telegram’s Windows client. You can strengthen your cybersecurity defenses by using reliable antivirus software, firewalls, intrusion detection systems, and virtual private networks (VPNs).

Firewall 109

Firewall VPN Software Risk 109

SC Magazine

FEBRUARY 17, 2021

Growing security risks have prompted companies to move away from virtual private networks (VPNs) in favor of a zero-trust model. Most organizations, 72 percent, plan to ditch VPNs , according to Zscaler’s 2021 VPN Risk Report , which found that 67 percent of organizations are considering remote access alternatives.

VPN 135

VPN Social Engineering Authentication Architecture 135

eSecurity Planet

AUGUST 28, 2023

OpenFire vulnerability persists Open-source chat server OpenFire has been affected by an authentication bypass vulnerability (CVE-2023-32315) since May. August 24, 2023 Akira ransomware targeting Cisco, but MFA helps Akira ransomware groups have been exploiting Cisco’s virtual private network ( VPN ) tools.

VPN 98

VPN Authentication Mobile Firewall 98

Duo's Security Blog

JANUARY 11, 2023

This means that the DNG now enables users to access on-premises shares, without requiring a full VPN connection. It also eliminates the need for full VPN and avoids exposing those applications directly to the internet. Then it verifies user identity with advanced multi-factor authentication (MFA). What is Duo Network Gateway?

VPN 94

VPN Firewall Authentication Internet 94

eSecurity Planet

AUGUST 28, 2023

OpenFire vulnerability persists Open-source chat server OpenFire has been affected by an authentication bypass vulnerability (CVE-2023-32315) since May. August 24, 2023 Akira ransomware targeting Cisco, but MFA helps Akira ransomware groups have been exploiting Cisco’s virtual private network ( VPN ) tools.

VPN 93

VPN Authentication Mobile Firewall 93

Malwarebytes

JULY 5, 2021

Lil’ skimmer, the Magecart impersonator What is the WireGuard VPN protocol ? Last week on Malwarebytes Labs: Is it Game Over for VR Advergaming ?

Cyber Insurance 101

Cyber Insurance Social Engineering Scams Insurance 101

eSecurity Planet

MARCH 16, 2023

. “An attacker who successfully exploited this vulnerability could access a user’s Net-NTLMv2 hash which could be used as a basis of an NTLM Relay attack against another service to authenticate as the user,” the company wrote. This will prevent the sending of NTLM authentication messages to remote file shares.

Energy and Utilities 98

Energy and Utilities Authentication Firewall Engineering 98

Security Boulevard

MARCH 29, 2023

Read First: Configure a Temporary Access Pass in Azure AD to register Passwordless authentication methods - Microsoft Entra Microsoft identity platform and OAuth2.0 On our red team engagements and penetration tests, conditional access policies (CAP) often hinder our ability to directly authenticate as a target user.

VPN 63

VPN Authentication Passwords Social Engineering 63

Pen Test Partners

FEBRUARY 14, 2024

Currently, most initial access attempts are carried out with social engineering, commonly phishing. Consider your VPN solution, many have moved to using M365 authentication to protect this. If an attacker can get credentials or even session information using an Attacker in The Middle (AiTM) attack your VPN is now accessible.

Phishing 66

Phishing Mobile Social Engineering Data breaches 66

Security Affairs

OCTOBER 20, 2021

a demo for anti-virus software, VPN, music players, photo editing or online games) to hijack the channel of YouTube creators. According to Google’s Threat Analysis Group (TAG) researchers, who spotted the campaign, the attacks were launched by multiple hack-for-hire actors recruited on Russian-speaking forums.

Accountability 129

Accountability Malware Phishing Social Engineering 129

NopSec

JUNE 30, 2023

Leading this month’s advisories we have a duo of pre-auth RCE vulnerabilities that impact Fortinet’s Fortigate SSL VPN and VMWare’s VRealize Network Insight. It’s not a pre-auth vuln, but it does enable admin authentication bypass, so it’s apples-to-apples from the attackers perspective. In a surprise (sad?) Patch your product ASAP!

VPN 52

VPN Backups Authentication Encryption 52

Malwarebytes

APRIL 23, 2021

Pulse Secure VPN. According to its investigation, the threat actor connected to the entity’s network via a Pulse Secure Virtual Private Network (VPN) appliance. CISA believes that a vulnerability listed as CVE-2020-10148 was used to bypass the authentication to the SolarWinds appliance. HF 5, 2020.2 HF 1 are affected.

Malware 95

Malware VPN Authentication Passwords 95

Krebs on Security

JULY 10, 2022

John Turner is a software engineer based in Salt Lake City. “I was able to answer the credit report questions successfully, which authenticated me to their system,” Turner said. That’s because Experian does not offer any type of multi-factor authentication options on consumer accounts.

Accountability 310

Accountability Passwords Authentication Password Management 310

Security Affairs

APRIL 23, 2022

The VPN credentials for initial access are said to have been obtained from illicit websites like Russian Market with the goal of gaining control of T-Mobile employee accounts, ultimately allowing the threat actor to carry out SIM swapping attacks at will. ” wrote Krebs. – Source KrebsOnSecurity. “Our

Mobile 98

Mobile VPN Social Engineering Telecommunications 98

Malwarebytes

MAY 31, 2022

Phishing, social engineering, and credential stuffing are often the end result. January 2022 : “Russian cyber criminal forums” were offering network and VPN credentials, both for sale or free to access. Implement user training to reduce the risk of phishing and social engineering. Data for sale is not unusual.

Education 70

Education Social Engineering VPN Accountability 70

Identity IQ

OCTOBER 3, 2023

Two-Factor Authentication Two-factor authentication , also known as 2FA, is a security process that requires two different methods of identity verification. Military personnel should consider enabling two-factor authentication for their email, banking, and social media accounts. This can be used for online accounts and systems.

Identity Theft 94

Identity Theft Social Engineering Passwords Media 94

Security Affairs

DECEMBER 16, 2021

of all systems targeted by the PseudoManuscrypt malware are part of industrial control systems (ICS) used by organizations in multiple industries, including Engineering, Building Automation, Energy, Manufacturing, Construction, Utilities, and Water Management. The experts revealed that at least 7.2% ” concludes the report.

Spyware 113

Spyware Energy and Utilities Malware Engineering 113

SecureWorld News

JUNE 28, 2020

is an electronic cyberattack that targets a user by email and falsely poses as an authentic entity to bait individuals into providing sensitive data, corporate passwords, clicks on a malicious web link, or execute malware. SMishing is social engineering in the form of SMS text messages.

Penetration Testing 90

Penetration Testing Social Engineering VPN Phishing 90

Duo's Security Blog

MARCH 25, 2022

Problem: The Traditional VPN Is No Longer Enough Since the 1990s, virtual private networks (VPNs) have been well-suited for the purpose they were built for – to grant employees temporary access to corporate networks and resources when they weren't logging in from an office.

VPN 76

VPN Architecture Authentication Software 76

Security Affairs

MAY 7, 2021

Such lapses in database security can (and often do) lead to hundreds of millions of people having their personal information exposed on the internet, allowing threat actors to use that data for a variety of malicious purposes, including phishing and other types of social engineering attacks , as well as identity theft.

Passwords 132

Passwords Authentication Identity Theft Engineering 132

Centraleyes

FEBRUARY 25, 2024

This challenge aligns with risks such as Broken Authentication (OWASP API2) and Broken Function Level Authorization (OWASP API5), where weak authentication mechanisms or flawed access controls can result in unauthorized access. Implementing multi-factor authentication, security software, and regular training are essential measures.

Risk 52

Risk Encryption Social Engineering Authentication 52

SecureList

DECEMBER 16, 2021

of all computers attacked by the PseudoManuscrypt malware are part of industrial control systems (ICS) used by organizations in various industries, including Engineering, Building Automation, Energy, Manufacturing, Construction, Utilities, and Water Management. According to our telemetry, at least 7.2%

Spyware 92

Spyware Energy and Utilities Malware VPN 92

Duo's Security Blog

APRIL 20, 2023

Accounting for nearly a quarter of reported incidents in Australia, phishing is a broad category of social engineering with several variations. These social engineering techniques tricked employees into revealing their login credentials, which allowed attackers to access additional systems and data. What is phishing?

Phishing 63

Phishing Social Engineering Authentication Engineering 63

Duo's Security Blog

AUGUST 25, 2022

We’re excited to announce early access release of the Verified Duo Push, which will increase the security of our push-based multi-factor authentication (MFA) solution. With modern phishing-resistant authentication methods, we need to ensure that organizations continue to have the best security around push-based MFA.

Authentication 70

Authentication Mobile VPN Threat Detection 70

eSecurity Planet

MARCH 14, 2021

Cisco Identity Services Engine. ClearPass is especially suited for high-volume authentication environments, offering more than 10 million authentications a day, as well as distributed environments requiring local authentication survivability across multiple geographies. Cisco Identity Services Engine. Auconet BICS.

Education 118

Education Authentication Healthcare Engineering 118