Duo's Security Blog

APRIL 20, 2023

Through the first two months of 2023 alone, the Australian Competition and Consumer Commission’s Scamwatch reported more than 19,000 phishing reports with estimated financial losses of more than $5.2 What is phishing? This is part of what makes phishing attacks so dangerous.

Phishing 64

Phishing Social Engineering Authentication Engineering 64

Security Affairs

SEPTEMBER 5, 2022

Cybersecurity firm Armorblox discovered a new phishing campaign aimed at American Express customers. Armorblox researchers uncovered a new phishing campaign that is targeting American Express customers. The phishing email, marked by Google as safe, was delivered to more than 16,000 users’ addresses. Pierluigi Paganini.

Phishing 96

Phishing Scams Social Engineering Password Management 96

Krebs on Security

JANUARY 30, 2024

Sources close to the investigation tell KrebsOnSecurity the accused was a key member of a criminal hacking group blamed for a string of cyber intrusions at major U.S. Multiple security firms soon assigned the hacking group the nickname “ Scattered Spider.” 9, 2024, U.S. technology companies during the summer of 2022.

Social Engineering 326

Social Engineering Mobile Cybercrime Passwords 326

Security Affairs

APRIL 15, 2024

Cisco Duo warns that a data breach involving one of its telephony suppliers exposed multifactor authentication (MFA) messages sent by the company via SMS and VOIP to its customers. The security breach occurred on April 1, 2024, the threat actors used a Provider employee’s credentials that illicitly obtained through a phishing attack.

Data breaches 108

Data breaches Social Engineering Engineering Authentication 108

Krebs on Security

AUGUST 19, 2020

The COVID-19 epidemic has brought a wave of email phishing attacks that try to trick work-at-home employees into giving away credentials needed to remotely access their employers’ networks. For now at least, they appear to be focusing primarily on companies in the financial, telecommunications and social media industries.

Phishing 360

Phishing VPN Social Engineering Media 360

SecureList

APRIL 5, 2023

They have become adept at using Telegram both for automating their activities and for providing various services — from selling phishing kits to helping with setting up custom phishing campaigns — to all willing to pay. ” Links to the channels are spread via YouTube, GitHub and phishing kits they make.

Phishing 120

Phishing Marketing Scams Accountability 120

Krebs on Security

APRIL 6, 2022

Many organizations are already struggling to combat cybersecurity threats from ransomware purveyors and state-sponsored hacking groups, both of which tend to take days or weeks to pivot from an opportunistic malware infection to a full blown data breach. In fact, the group often announces its hacks on social media.

Social Engineering 251

Social Engineering Phishing Engineering Accountability 251

Security Affairs

JULY 29, 2022

Therefore, strong authentication methods are needed. Therefore, strong authentication methods are needed to improve security without hindering user convenience. What is Strong Authentication? The IAM Security Boundary Strong authentication is a critical component of modern-day identity and access management.

Authentication 101

Authentication Passwords Data privacy Identity Theft 101

SecureList

MARCH 7, 2024

To get access to the content (or contest), phishing sites prompted the victim to sign in to one of their gaming accounts. If the victim entered their credentials on the phishing form, the account was hijacked. Cryptocurrency scams Phishing aimed at stealing crypto wallet credentials remained a common money-making tool.

Phishing 101

Phishing Scams Cryptocurrency Accountability 101

Approachable Cyber Threats

SEPTEMBER 24, 2022

Category News, Social Engineering. Several large companies were hacked in the first half of September. All of the attacks were carried out with relatively simple phishing and social engineering techniques. Phishing and poor password practices. Risk Level. The common theme?

Social Engineering 105

Social Engineering Authentication Engineering Phishing 105

eSecurity Planet

MAY 9, 2023

Passkeys are a lot easier to manage and are resistant to phishing , harvesting and other credential attacks, which is why it’s making its way into the mainstream as a more secure and convenient authentication method. Learn more about Social Engineering Attacks 2. Here are six benefits of passkeys.

Authentication 107

Authentication Passwords Password Management Accountability 107

Security Affairs

APRIL 4, 2022

Threat actors gained access to internal tools of the email marketing giant MailChimp to conduct phishing attacks against crypto customers. Trezor WARNING: Elaborate Phishing attack. Trazor also took the phishing domain used by threat actors offline and launched an investigation to determine how many users have been impacted.

Phishing 108

Phishing Data breaches Cryptocurrency Social Engineering 108

Security Affairs

APRIL 8, 2024

The Health Sector Cybersecurity Coordination Center (HC3) recently observed threat actors using sophisticated social engineering tactics to target IT help desks in the health sector. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, IT help desks)

Social Engineering 103

Social Engineering Healthcare Engineering Accountability 103

SecureList

JULY 5, 2023

Hot wallets and attempts at hacking them A hot wallet is a cryptocurrency wallet with permanent access to the internet. Hence, cybercriminals have little motivation to invest heavily into phishing campaigns, and so, techniques used in email attacks on hot wallets are hardly ever original or complex.

Scams 100

Scams Phishing Cryptocurrency Social Engineering 100

eSecurity Planet

OCTOBER 5, 2021

Passwords are the most common authentication tool used by enterprises, yet they are notoriously insecure and easily hackable. At this point, multi-factor authentication (MFA) has permeated most applications, becoming a minimum safeguard against attacks. Jump to: What is multi-factor authentication? MFA can be hacked.

Authentication 103

Authentication Passwords Mobile Accountability 103

Security Affairs

APRIL 21, 2023

Phishing attacks are a major threat to organizations, they remain a perennial choice of cybercriminals when it comes to hacking their victims.

Phishing 75

Phishing Social Engineering Security Awareness Passwords 75

Security Affairs

OCTOBER 17, 2023

With 85% of campaigns targeting victims with phishing emails containing malicious links, another form of a social engineering attack, education and cyber vigiliance remain a high priority. This method was identified as vishing – a voice-based phishing attack. Use 2FA authentication for better protection.

Social Engineering 105

Social Engineering Ransomware Engineering Phishing 105

Security Affairs

AUGUST 16, 2023

A phishing campaign employing QR codes targeted a leading energy company in the US, cybersecurity firm Cofense reported. “Beginning in May 2023, Cofense has observed a large phishing campaign utilizing QR codes targeting the Microsoft credentials of users from a wide array of industries.” com (Cloudflare’s Web3 services).

Phishing 81

Phishing Energy and Utilities Insurance Manufacturing 81

Security Affairs

SEPTEMBER 18, 2023

Software development company Retool revealed that 27 accounts of its cloud customers were compromised as a result of an SMS-based social engineering attack. The company states that one of its employees was compromised on August 27, 2023, via a spear phishing attack. ” reads a statement published by Retool.

Accountability 105

Accountability Social Engineering Authentication VPN 105

Security Affairs

DECEMBER 17, 2023

” The US firm urges customers to be vigilant for social engineering and phishing attacks. The company also recommends active multi-factor authentication (MFA), and regularly rotate their MongoDB Atlas passwords. However, the company states that the activity is not related to the security incident.

Social Engineering 110

Social Engineering Data breaches Cyber Attacks Accountability 110

Security Affairs

FEBRUARY 14, 2024

Microsoft and OpenAI warn that nation-state actors are using ChatGPT to automate some phases of their attack chains, including target reconnaissance and social engineering attacks. ” reads the report published by Microsoft.

Social Engineering 104

Social Engineering Artificial Intelligence Phishing Engineering 104

SecureWorld News

JULY 31, 2020

Even the title of SecureWorld's first story about the incident had questions: "Famous Twitter Accounts Hacked: Insider Threat or Social Engineering Attack?". How was Twitter hacked? Spear phishing: what security experts are saying. We all know how damaging a spear phishing attack can be.

Phishing 98

Phishing Cyber Attacks Social Engineering Accountability 98

eSecurity Planet

JUNE 30, 2021

A hacker who recently offered 700 million LinkedIn records for sale alarmed LinkedIn users and security specialists, but the company insists the data is linked to previously reported scraped data and wasn’t hacked. ” In response, Hodson urged all LinkedIn users to update their passwords and enable two-factor authentication.

Hacking 112

Hacking Social Engineering Identity Theft Data breaches 112

Malwarebytes

OCTOBER 15, 2023

Shadow says the incident happened at the end of September, and was the result of a social engineering attack on a Shadow employee. According to BleepingComputer , a cybercriminal claiming responsibility for the attack is selling the stolen database on a well-known hacking forum. Enable multi-factor authentication (MFA).

Data breaches 103

Data breaches Passwords Phishing Social Engineering 103

CyberSecurity Insiders

MAY 28, 2023

Password Security: Investigate different password security techniques, such as password hashing algorithms, two-factor authentication (2FA), and biometric authentication. Network Security: Study network protocols, such as TCP/IP, and analyze common network attacks like DDoS, phishing, and man-in-the-middle attacks.

Cybersecurity 111

Cybersecurity Penetration Testing Social Engineering IoT 111

Malwarebytes

SEPTEMBER 22, 2022

Last week we learned that ride-sharing giant Uber's defences had been unpicked by an attacker with a novel take on social engineering: Fatigue. “MFA fatigue”, sometimes referred to as “MFA push spam”, aims to overcome a form of multi-factor authentication people use to keep their accounts safe.

Hacking 88

Hacking Passwords Phishing Social Engineering 88

Security Affairs

JUNE 29, 2021

The threat actor that is offering for sale the data shared a sample of 1M records as proof of the authenticity of the archive. “We reached out directly to the user who is posting the data up for sale on the hacking forum. SecurityAffairs – hacking, LinkedIn). ” reported RestorePrivacy. Pierluigi Paganini.

Identity Theft 142

Identity Theft Social Engineering Media Hacking 142

Security Affairs

NOVEMBER 29, 2023

In October, the Cloud identity and access management solutions provider said that threat actors broke into its support case management system and stole authentication data, including cookies and session tokens, that can be abused in future attacks to impersonate valid users. Many users of the customer support system are Okta administrators.

Social Engineering 99

Social Engineering Authentication Engineering Accountability 99

SecureList

FEBRUARY 16, 2023

Short-lived phishing sites often offered to see the premieres before the eagerly awaited movie or television show was scheduled to hit the screen. At the beginning of that year, we still observed phishing attacks that used the themes of infection and prevention as the bait.

Phishing 95

Phishing Scams Accountability Energy and Utilities 95

The Last Watchdog

OCTOBER 15, 2019

Compromised logins continue to facilitate cyber attacks at all levels, from phishing ruses to credential stuffing to enabling hackers to probe deep inside of a breached network. That said, we may very well be in the early adopter phase of weaving leading-edge “password-less authentication” solutions into pliant areas of legacy networks.

Passwords 164

Passwords Authentication Data breaches Internet 164

Security Affairs

JUNE 4, 2023

Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Spyware 82

Spyware Hacking Malware Social Engineering 82

IT Security Guru

DECEMBER 5, 2022

Everyone in the cyber insurance industry or trying to get cyber insurance today knows that using multifactor authentication (MFA) is an absolute make-or-break requirement for getting a cyber insurance policy; or if you can get a policy without MFA, you will pay a hefty increased premium for the same amount of coverage. So much so, the U.S.

Insurance 110

Insurance Cyber Insurance Phishing Social Engineering 110

Security Affairs

DECEMBER 25, 2018

Amnesty International warns of threat actors that are launching phishing attacks aimed at bypassing Gmail, Yahoo 2FA at scale. Amnesty International published a report that details how threat actors are able to bypass 2FA authentication that leverages text message as a second factor. ” continues the analysis.

Phishing 92

Phishing Social Engineering Authentication Accountability 92

Security Affairs

OCTOBER 29, 2022

Twilio suffered another brief security incident in June 2022, the attack was conducted by the same threat actor of the August hack. At the end of August, security firm Group-IB revealed that the threat actors behind the attacks on Twilio and Cloudflare have been linked to a large-scale phishing campaign that targeted 136 organizations.

Social Engineering 96

Social Engineering Phishing Authentication Hacking 96

Krebs on Security

FEBRUARY 28, 2023

In each case, the goal of the attackers was the same: Phish T-Mobile employees for access to internal company tools, and then convert that access into a cybercrime service that could be hired to divert any T-Mobile user’s text messages and phone calls to another device. ” TMO UP!

Mobile 315

Mobile Phishing Authentication Advertising 315

The Last Watchdog

FEBRUARY 3, 2021

It’s only February, and 2021 already is rapidly shaping up to be the year of supply-chain hacks. The SolarWinds hack came to light in mid-December and has since become a red hot topic in the global cybersecurity community. Video: What all companies need to know about the SolarWinds hack. Related: The quickening of cyber warfare.

Phishing 252

Phishing Hacking Accountability Social Engineering 252

The Last Watchdog

DECEMBER 3, 2018

Related: Uber hack shows DevOps risk. The Starwood hack appears to come in second in scale only to the 2013 Yahoo breac h, which affected as many as 3 billion accounts, while a subsequent Yahoo breach also hit 500 million accounts. In 2014, a JP Morgan Chase hack exposed 76 million households.

Hacking 157

Hacking eCommerce Social Engineering Authentication 157