Duo's Security Blog

NOVEMBER 20, 2023

“It took nearly 11 months (328 days) to identity and contain data breaches resulting from stolen or compromised credentials.” – IBM’s Cost of Data Breach Report 2023 I recently came across a 2012 article from CSO Online , and realized that it has been more than 11 years since the phrase “Identity is the new perimeter” was coined!

Threat Detection 134

Threat Detection Authentication Accountability Data breaches 134

CSO Magazine

JANUARY 11, 2023

On November 30, 2022, password manager LastPass informed customers of a cybersecurity incident following unusual activity within a third-party cloud storage service. While LastPass claims that users’ passwords remain safely encrypted, it admitted that certain elements of customers’ information have been exposed.

Data breaches 110

Data breaches Password Management Passwords Encryption 110

CSO Magazine

NOVEMBER 22, 2021

They just need one victim to succumb to a phishing lure to enter your network. Phishing ( in all its forms ) is just one of many attacks that can leverage a poorly protected email infrastructure. Email remains the soft underbelly of enterprise security because it is the most tempting target for hackers.

Phishing 127

Phishing Mobile Passwords Malware 127

CSO Magazine

JUNE 8, 2022

don’t have MFA, making them vulnerable to password spray, phishing and password reuse. Microsoft will soon change the mandate to multi-factor authentication (MFA) with changes to Microsoft 365 defaults. As Microsoft points out, “When we look at hacked accounts, more than 99.9%

Authentication 112

Authentication Passwords Phishing Accountability 112

CSO Magazine

OCTOBER 4, 2022

Employees are often warned about the data exposure risks associated with the likes of phishing emails, credential theft, and using weak passwords. However, they can risk leaking or exposing sensitive information about themselves, the work they do, or their organization without even realizing.

Risk 143

Risk Phishing Passwords Cybersecurity 143

CSO Magazine

SEPTEMBER 13, 2021

Hackers used a compromised password to access the company network via a virtual private network in the May 2021 Colonial Pipeline attack. And a bitcoin scam on Twitter started with spear phishing attacks on Twitter employees. Some of the biggest breaches have come down to small mistakes.

Scams 138

Scams Phishing Passwords 138

The Last Watchdog

DECEMBER 14, 2023

Instead of arguing about MFA strength, VPN vendor, or nation-state treat actors, let’s finish our conversation about using dedicated administrator accounts and unique passwords. Richard Bird , CSO, Traceable AI Bird The bad guys are showing no restraint in exploiting API security weakness to their advantage.

Cybersecurity 235

Cybersecurity Risk Cyber threats CSO 235

CyberSecurity Insiders

MAY 16, 2022

By Amanda Fennell, CSO and CIO, Relativity. While exploring phishing examples and best tools to manage passwords, offer to dive into how tools actually work. Think about password management. Security professionals can step in and offer the ability, or capability, piece—the tool, a password manager—and show how to use it.

CSO 131

CSO Passwords Password Management Accountability 131

CSO Magazine

JUNE 23, 2021

The password had been found on the dark web rather than obtained via phishing , implying that it had been leaked or reused by a Colonial employee. Every time I read about another attack, I am always interested in how the attackers gained initial access into the network.

VPN 117

VPN Accountability Phishing Authentication 117

CSO Magazine

JUNE 18, 2021

Phishing attacks are the most common source of cybersecurity breaches in business today, and employee credentials are a top target for these malicious actors. A correct user name and password combination is often all that stands between a cybercriminal and a company’s valuable intellectual property.

Phishing 88

Phishing Passwords Cybersecurity 88

CSO Magazine

MAY 19, 2022

According to researchers with the Synopsys Cybersecurity Research Center (CyRC), the flaws allow a user with low privileges to access sensitive data that can be used to perform a password reset for a higher privileged account, such as the administrator. To read this article in full, please click here

Accountability 65

Accountability Phishing Passwords Cybersecurity 65

Malwarebytes

MARCH 23, 2022

In an article on Okta’s website , CSO David Bradbury provided a timeline of the incidents which took place in January. Brute-force attacks against RDP are common , as is phishing, but LAPSU$ is also known to bribe insiders for access. Change the privileged Okta passwords. Okta’s statement. Wait for more information.

CSO 85

CSO Engineering Passwords VPN 85

Security Through Education

OCTOBER 27, 2021

Don’t make passwords easy to guess. Social-Engineer, LLC saw an almost 350% increase in recognition of phishing emails when using a similar training platform in 2020. Typically, corporate networks are equipped with firewalls, a Chief Security Officer (CSO), and a whole cybersecurity department to keep them safe.

Cybersecurity 137

Cybersecurity Social Engineering Firewall Engineering 137

CyberSecurity Insiders

JUNE 3, 2021

This breach, like every major ransomware attack, was likely because of spear phishing, where someone either received the malware via an emailed attachment or clicked on a link that took them to a website that hosted it. They had super weak, easily guessable passwords, which was visible to anyone who looked.

Cybersecurity 136

Cybersecurity Energy and Utilities Social Engineering Phishing 136

eSecurity Planet

DECEMBER 3, 2021

Normally account take overs are due to insecure passwords or recovery options, this is definitely something different. Behold the tale of kid who reuses their passwords & ends up pwn'd, then learns how to stay safe. We're on a mission to encourage unique passwords stored in a password manager with MFA on.

Accountability 139

Accountability Cybersecurity Penetration Testing InfoSec 139

SC Magazine

MARCH 10, 2021

For example: passwords being typed or posted, specific motions or commands used to activate control systems to open or unlock doors, etc.”. At the very least, there should have been some form of multi-factor authentication or password vault to protect the [server] account. Look at the Mac operating system.

Surveillance 129

Surveillance IoT Accountability Passwords 129

SecureWorld News

MAY 19, 2020

We had a recent roll out of a password manager, for example. One of the biggest issues is phishing, like it is with most people, and it's not going to stop, so we thought strategy wise, that was the first place to start.". This led Sherry's team to launch the virtual phish bowl where they raised awareness and communicated the risks. "At

Cybersecurity 53

Cybersecurity CISO Risk Education 53

Spinone

DECEMBER 26, 2018

Social engineering attacks , including phishing, spam, and viruses introduced via clickable links within e-mail affected 80% of the banking institutions in 2016. VoIP phishing and impersonation also victimized millions of corporate employees across the world , contributing to an even greater cyber threat.

Security Awareness 40

Security Awareness Risk Cyber threats Cyber Risk 40