Blog - Cyber Security Informer

Why You Should Start Using Two-Factor Authentication Now

Heimadal Security

MARCH 4, 2022

Two-factor authentication, also called multiple-factor or multiple-step verification, is an authentication mechanism used to double-check that your identity is legitimate. How Does Two-Factor Authentication Work? Two-factor authentication works as an […].

Authentication

Authentication Passwords Accountability

Multi-factor authentication has proven it works, so what are we waiting for?

Malwarebytes

OCTOBER 6, 2023

Recently, Amazon announced that it will require all privileged Amazon Web Services (AWS) accounts to use multi-factor authentication (MFA) , starting in mid-2024. Multi-factor authentication is so much more secure, and with that a lot more forgiving, than passwords alone.

Authentication

Authentication Passwords Social Engineering Accountability

Google Cybersecurity Action Team Threat Horizons Report #4 Is Out!

Anton on Security

OCTOBER 12, 2022

This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our fourth Threat Horizons Report ( full version ) that we just released ( the official blog for #1 report , my unofficial blog for #2 , my unofficial blog for #3 ). login once?—?get

Cybersecurity

Cybersecurity Malware Accountability Authentication

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

MFA bombing taken to the next level

Malwarebytes

MARCH 29, 2024

Cybercriminals use MFA bombing to break into accounts that are protected by multi-factor authentication (MFA). They do this by using stolen credentials to try logging in, or by trying to reset a user’s password over and over again. Now, according to this blog by Bran Krebs , these attacks have evolved.

Passwords

Passwords Accountability Mobile Authentication

Researchers Quietly Cracked Zeppelin Ransomware Keys

Krebs on Security

NOVEMBER 17, 2022

After two weeks of stalling their extortionists, Peter’s bosses were ready to capitulate and pay the ransom demand. “What motivated us the most during the leadup to our action was the targeting of homeless shelters, nonprofits and charity organizations,” the two wrote. A typical Zeppelin ransomware note.

Ransomware

Ransomware Encryption Backups Manufacturing

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

JANUARY 30, 2024

authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. The missives asked users to click a link and log in at a phishing page that mimicked their employer’s Okta authentication page. 9, 2024, U.S. According to an Aug.

Social Engineering

Social Engineering Mobile Cybercrime Passwords

The Life and Death of Passwords: Driving Passwordless Forward With WebAuthn

Duo's Security Blog

MAY 4, 2023

And humans also tend to use heuristics and elements that they can reuse over and over. See the video at the blog post. Passwordless is this next paradigm in authentication where we don’t have to rely on human-created passwords and credentials. And start going through different websites, trying to crack those accounts as well.

Passwords

Passwords Authentication DNS Technology

What Are Passkeys?

Duo's Security Blog

JUNE 12, 2023

Before we can discuss passkeys, we need to lay some groundwork and discuss authentication, Passwordless and WebAuthn. What is authentication? Authentication is the process of verifying your online identity. We started with usernames and passwords – something you know. It is MFA Phishing Resistant.

Authentication

Authentication Passwords Password Management Phishing

Why TOTP Won’t Cut It (And What to Consider Instead)

NetSpi Technical

JANUARY 18, 2024

Time-Based One-Time Password (TOTP) Time-Based One-Time Password (TOTP) is a common two-factor authentication (2FA) mechanism used across the internet. During authentication, the secret is used in combination with the time in a cryptographic hash function to produce a secure 6-digit passcode.

Authentication

Authentication Passwords Accountability Penetration Testing

(VIDEO) Getting Started With Duo - Step 1: Authentication Methods

Duo's Security Blog

FEBRUARY 26, 2021

Duo's two-factor authentication (2FA)/ multi-factor authentication (MFA) offers several methods through which users can verify their identity before being granted access to applications. We have created myriad resources that make it easy to get started with Duo.

Authentication

Authentication Mobile CISO Passwords

3 Steps to Prevent a Case of Compromised Credentials

Duo's Security Blog

MAY 23, 2023

Passwords are a weak point in modern-day secure authentication practices, with Verizon highlighting that almost 50% of breaches start with compromised credentials. In our previous two features, we covered the dangers of phishing (one method of credential compromise) and how to mitigate its impact on users.

Authentication

Authentication Passwords Data breaches Phishing

Twitter and two-factor authentication: What's changing?

Malwarebytes

FEBRUARY 20, 2023

From March 19, users of Twitter won’t be able to use SMS-based two-factor authentication (2FA) unless they have a subscription to the paid Twitter Blue service. If you use text-based 2FA, the important thing here is not to worry. You can still use the authentication app and security key methods.

Authentication

Authentication Phishing Mobile Accountability

Telegram-powered bots circumvent 2FA

Malwarebytes

SEPTEMBER 30, 2021

Two-factor authentication is a great way to protect your online accounts, and we always recommend you turn it on. Yesterday, security intelligence firm, Intel 147, revealed it had noticed an uptick of activity in threat actors providing access to services in Telegram that circumvent two-factor authentication (2FA) methods.

Social Engineering

Social Engineering Banking Authentication Passwords

Google Cybersecurity Action Team Threat Horizons Report #4 Is Out!

Security Boulevard

OCTOBER 12, 2022

This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our fourth Threat Horizons Report ( full version ) that we just released ( the official blog for #1 report , my unofficial blog for #2 , my unofficial blog for #3 ). Google Cloud. login once?—?get

Cybersecurity

Cybersecurity Malware Accountability Authentication

The 2021 Two-Factor Evaluation Guide Is Here!

Duo's Security Blog

MAY 4, 2021

When it is time to evaluate 2FA (two-factor authentication) providers there are some key questions to ask your vendors to determine which solution is best for your needs. Two-factor authentication (2FA ) is the simplest, most effective way to make sure users really are who they say they are.

Authentication

Authentication Data breaches Mobile Risk

Why Are More Industries Switching From SMS 2FA to Push?

Duo's Security Blog

DECEMBER 17, 2020

Users and industries are moving away from unsafe SMS-based authentication methods, according to Duo's hot of the press 2020 Duo Trusted Access Report. And Push continues to be the dominant second factor for companies using 2FA (two-factor authentication). See the video at the blog post.

Authentication

Authentication Mobile Cybersecurity

(VIDEO) Getting Started With Duo - Step 4: Setting Up an Application

Duo's Security Blog

MARCH 19, 2021

Welcome to our 5-part video series on getting started with Duo! We have created myriad resources that make it easy to get started with Duo. We covered differentiating user authentication methods , Duo enrollment and self-remediation and Duo Admin Dashboard and Device Insight so far. Enroll your users in Duo.

Authentication

Authentication Backups Mobile Accountability

RESTRICT: LOCKING THE FRONT DOOR (Pt. 3 of “Why Don’t You Go Dox Yourself?”)

Cisco Security

OCTOBER 19, 2022

In the first step of your doxxing research, we collected a list of our online footprint, digging out the most important accounts that you want to protect and obsolete or forgotten accounts you no longer use. Once you’ve reset the password, check for a “log out of active devices” option to make sure the new password is used.

Passwords

Passwords Authentication Accountability Password Management

10 Effective Ways to Prevent Compromised Credentials

Identity IQ

JULY 17, 2023

In this blog, we provide you with ten actionable ways to safeguard your digital identity, focusing specifically on how to prevent compromised credentials. Credential Stuffing : Attackers use leaked usernames and passwords from one website to attempt unauthorized access on other platforms. How Can Your Credentials Become Compromised?

Identity Theft

Identity Theft Password Management Passwords Authentication

10 Effective Ways to Prevent Compromised Credentials

Identity IQ

JULY 17, 2023

In this blog, we provide you with ten actionable ways to safeguard your digital identity, focusing specifically on how to prevent compromised credentials. Credential Stuffing : Attackers use leaked usernames and passwords from one website to attempt unauthorized access on other platforms. How Can Your Credentials Become Compromised?

Identity Theft

Identity Theft Password Management Passwords Authentication

The Administrator's Guide to Passwordless: An Introduction

Duo's Security Blog

JUNE 3, 2021

Do you remember how we used to be afraid of biometrics because a few early implementations stored users’ personal information in a central database? Oh, and enrolling each of our devices individually with our accounts took a little bit of getting used to. We’ve been using passwords for decades. See the video at the blog post.

Authentication

Authentication Passwords Phishing Accountability

(VIDEO) Getting Started With Duo - Step 3: Admin Dashboard & Device Insight

Duo's Security Blog

MARCH 12, 2021

Welcome to our 5-part video series on getting started with Duo! We have created myriad resources that make it easy to get started with Duo. We have created myriad resources that make it easy to get started with Duo. We covered differentiating user authentication methods and Duo enrollment and self-remediation so far.

Mobile

Mobile Authentication CISO Cybersecurity

9 tips to protect your family against identity theft and credit and bank fraud

Webroot

FEBRUARY 15, 2024

Be protective of your personal information If criminals get ahold of your personal information —such as your name, address, date of birth, and social security number—they can use it to commit identity theft. Use strong and unique passwords Passwords are your first line of defense to protecting your online accounts from hackers.

Identity Theft

Identity Theft Banking Scams Passwords

T-Minus 365 and Counting! Deploy Universal Prompt to Strengthen Security While Improving User Experience

Duo's Security Blog

MARCH 30, 2023

It’s time to get started with your migration from Duo Traditional Prompt to Duo Universal Prompt. In our last Universal Prompt blog we focused on a few of the security benefits that using it provides. In this blog we’ll get into more of the user experience benefits. This redesigned version came out last year.

Authentication

Authentication Software Risk VPN

GUEST ESSAY: Here’s how and why ‘trust’ presents an existential threat to cybersecurity

The Last Watchdog

DECEMBER 8, 2022

Over the years, bad actors have started getting more creative with their methods of attack – from pretending to be a family member or co-worker to offering fortunes and free cruises. When it comes to protecting themselves and their devices, few are practicing the basics: •Only 21 percent use email security software.

Cybersecurity

Cybersecurity Passwords Password Management Ransomware

Endangered data in online transactions and how to safeguard company information

CyberSecurity Insiders

JANUARY 6, 2022

This blog was written by an independent guest blogger. That’s why savvy businesses have started using online generators for making stubs. Use a Secure Sockets Layer. It prevents a third party from intercepting the data that is exchanged between the two. Use data encryption.

Encryption

Encryption Identity Theft Authentication Data breaches

AiTM phishing attack targeting enterprise users of Gmail

Security Boulevard

AUGUST 9, 2022

This blog is a follow-up to our recent publication which described the details of a large-scale phishing campaign targeting enterprise users of Microsoft email services. Beginning in mid-July 2022, ThreatLabz started observing instances of adversary-in-the-middle (AiTM) phishing attacks targeted towards enterprise users of Gmail.

Phishing

Phishing Authentication Passwords

Bridging the Security Gaps in Healthcare With Trusted Access

Duo's Security Blog

JUNE 2, 2021

This report Bridging Healthcare Security Gaps: Better Authentication Improves Controls aims to bring clarity and solutions to these security gaps. In this report you will learn: About zero trust and how multi-factor authentication meets the HIPPA requirements for a third factor of authentication.

Healthcare

Healthcare CISO Authentication VPN

Taking on the Next Generation of Phishing Scams

Google Security

MAY 11, 2022

Posted by Daniel Margolis, Software Engineer, Google Account Security Team Every year, security technologies improve: browsers get better , encryption becomes ubiquitous on the Web , authentication becomes stronger. This blog will deep dive into the method of phishing and how it has evolved today.

Phishing

Phishing Scams Authentication Accountability

GUEST ESSAY: Defending ransomware boils down to this: make it very costly for cybercriminals

The Last Watchdog

APRIL 11, 2022

Most of the ransomware attacks that use RaaS are done by affiliates who bounce from service to service, often using two to four different services at the same time. Because of this, ransomware gangs are starting to focus more on SMBs. However, starting with a strong security foundation goes a long way.

Ransomware

Ransomware Social Engineering Passwords Engineering

15 Cybersecurity Measures for the Cloud Era

Security Affairs

APRIL 8, 2022

Authentication. Two-factor authentication is another important security measure for the cloud era. This means that in addition to your password, you will also need a second factor, such as a code from a key fob or a fingerprint, to access your data. Increasingly, passwordless authentication is becoming the norm.

Cybersecurity

Cybersecurity Passwords Penetration Testing Encryption

Phishers migrate to Telegram

Security Affairs

APRIL 6, 2023

Experts warn that Telegram is becoming a privileged platform for phishers that use it to automate their activities and for providing various services. Kaspersky researchers have published an analysis of phishers’ Telegram channels used to promote their services and products. ” reads the post published by Kaspersky.

Phishing

Phishing Scams Social Engineering Banking

MFA Fatigue: What It Is and How to Respond

Duo's Security Blog

OCTOBER 21, 2022

One of these threats that has gained attention includes circumventing an organization’s multi-factor authentication (MFA) protection. MFA fatigue, or when an attacker gets an authentic user to accept a request when that user is not trying to login, is one attack method that has made headlines.

Authentication

Authentication Risk Passwords Phishing

Police forces pipe 225 million pwned passwords into ‘Have I Been Pwned?’

Malwarebytes

DECEMBER 21, 2021

On his blog , Troy Hunt has announced a major milestone in the ‘Have I Been Pwned?’ project, thanks to the contributions of two of the world’s foremost law enforcement agencies, the FBI and the NCA (the UK equivalent of the FBI, the National Crime Agency). And it’s extremely well used. Have you been pwned?

Passwords

Passwords Password Management Authentication Data breaches

10 Reasons Universal Prompt Strengthens Security and Improves User Experience

Duo's Security Blog

OCTOBER 1, 2022

The Universal Prompt is Duo's next-generation authentication experience that delivers an easier, more secure, and more accessible authentication experience for every user. This also helps organizations get started on a journey towards a passwordless future.

Authentication

Authentication Social Engineering Risk Software

Duo's Passwordless Authentication is Coming!

Duo's Security Blog

MARCH 30, 2021

Passwords have been with us since the early days. When the number of computers on the internet could be counted with two hands, there was the password. When we dialed up for the first time, we used a password. The message was the starting characters of login. Workforces are ready for passwordless authentication.

Authentication

Authentication Passwords Internet Internet

A deeper insight into the CloudWizard APT’s activity revealed a long-running activity

Security Affairs

MAY 23, 2023

The attackers were observed using PowerMagic and CommonMagic implants. In the latest campaign uncovered by Kaspersky, the APT group, used a modular framework dubbed CloudWizard that supports spyware capabilities, including taking screenshots, microphone recording, harvesting Gmail inboxes, and keylogging.

Malware

Malware Spyware Encryption Phishing

NFTs – Protecting the investment

CyberSecurity Insiders

JANUARY 20, 2022

This blog was written by an independent guest blogger. As with anything involving money, malicious actors are already starting to take hold; Insider magazine recently highlighted the 265 Ethereum (roughly $1.1 Protecting yourself in this regard comes down to two, fairly basic, steps. All NFT exchanges must satisfy this rule.

Cryptocurrency

Cryptocurrency Marketing Scams Government

Post-Quantum Cryptography: Lessons Learned from SHA-1 Deprecation

Security Boulevard

JULY 21, 2022

It is especially urgent to replace SHA-1 wherever it is used for digital signatures. For businesses still using the broken SHA-1, they were facing serious risks , including: Increased possibility of a collision or man-in-the-middle attack. Challenges toward post-quantum cryptography: confidentiality and authentication.

Encryption

Encryption Authentication Architecture Backups

The Life and Death of Passwords: How Passwordless Is Evolving

Duo's Security Blog

MAY 12, 2023

They had a use for a long time, which is that your brain is portable and you can bring it to different places. So why try to fix something that’s inherently flawed by this ability to attack it at scale when you can move to something that’s much more secure and also easier to use? See the video at the blog post.

Passwords

Passwords Authentication Mobile Technology

Passwordless Authentication, This is the Way

Duo's Security Blog

MARCH 15, 2021

Passwords are a great example of a security control that has outlived its useful life. Sure you can use it to lock your front door but if someone of a nefarious nature managed to find that key there is nothing to say who should or should not be coming through the front door. I often draw the analogy with the house key. This is the way.

Authentication

Authentication Passwords Password Management Firewall

Duo Makes Verifying Device Trust as Easy as 1-2-3

Duo's Security Blog

AUGUST 16, 2021

“There are primarily three ways you can authenticate someone: with their username and password, with two-factor authentication, and with a company-supplied device that you can trace. For most stuff, you should have two of those things. Administrators can get started in just three simple steps: 1.

Authentication

Authentication Data breaches Encryption Retail

Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts

Krebs on Security

FEBRUARY 4, 2021

Just two of the bitcoin wallets Beam used for middlemanning over the past of couple of years recorded in excess of 6,700 transactions totaling more than 243 bitcoins — or roughly $8.5 million by today’s valuation (~$35,000 per coin). “ Amp ,” a major middleman and account seller on OGUusers. .”

Accountability

Accountability Hacking Media Mobile

Why We Comply: Breaking Down the Learning Curve in K-12 Cybersecurity Compliance

Duo's Security Blog

AUGUST 24, 2022

However, adding two-factor or multi-factor authentication (MFA) cybersecurity may be a good place to start. Some key takeaways from this literature are: School administrators should implement access control standards so that each user only has access to the applications they need to use. Want to learn more?

Cybersecurity

Cybersecurity Education Insurance Authentication

Why You Should Start Using Two-Factor Authentication Now

Multi-factor authentication has proven it works, so what are we waiting for?

Webinars

Trending Sources

Google Cybersecurity Action Team Threat Horizons Report #4 Is Out!

Webinars

MFA bombing taken to the next level

Researchers Quietly Cracked Zeppelin Ransomware Keys

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

The Life and Death of Passwords: Driving Passwordless Forward With WebAuthn

What Are Passkeys?

Why TOTP Won’t Cut It (And What to Consider Instead)

(VIDEO) Getting Started With Duo - Step 1: Authentication Methods

3 Steps to Prevent a Case of Compromised Credentials

Twitter and two-factor authentication: What's changing?

Telegram-powered bots circumvent 2FA

Google Cybersecurity Action Team Threat Horizons Report #4 Is Out!

The 2021 Two-Factor Evaluation Guide Is Here!

Why Are More Industries Switching From SMS 2FA to Push?

(VIDEO) Getting Started With Duo - Step 4: Setting Up an Application

RESTRICT: LOCKING THE FRONT DOOR (Pt. 3 of “Why Don’t You Go Dox Yourself?”)

10 Effective Ways to Prevent Compromised Credentials

10 Effective Ways to Prevent Compromised Credentials

The Administrator's Guide to Passwordless: An Introduction

(VIDEO) Getting Started With Duo - Step 3: Admin Dashboard & Device Insight

9 tips to protect your family against identity theft and credit and bank fraud

T-Minus 365 and Counting! Deploy Universal Prompt to Strengthen Security While Improving User Experience

GUEST ESSAY: Here’s how and why ‘trust’ presents an existential threat to cybersecurity

Endangered data in online transactions and how to safeguard company information

AiTM phishing attack targeting enterprise users of Gmail

Bridging the Security Gaps in Healthcare With Trusted Access

Taking on the Next Generation of Phishing Scams

GUEST ESSAY: Defending ransomware boils down to this: make it very costly for cybercriminals

15 Cybersecurity Measures for the Cloud Era

Phishers migrate to Telegram

MFA Fatigue: What It Is and How to Respond

Police forces pipe 225 million pwned passwords into ‘Have I Been Pwned?’

10 Reasons Universal Prompt Strengthens Security and Improves User Experience

Duo's Passwordless Authentication is Coming!

A deeper insight into the CloudWizard APT’s activity revealed a long-running activity

NFTs – Protecting the investment

Post-Quantum Cryptography: Lessons Learned from SHA-1 Deprecation

The Life and Death of Passwords: How Passwordless Is Evolving

Passwordless Authentication, This is the Way

Duo Makes Verifying Device Trust as Easy as 1-2-3

Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts

Why We Comply: Breaking Down the Learning Curve in K-12 Cybersecurity Compliance

Stay Connected