Duo's Security Blog

DECEMBER 14, 2023

But as it turns out, John was a victim of a phishing scam, a type of social engineering attack where the cybercriminal impersonated John’s IT department to gain his trust and trick him into revealing his login credentials. What is social engineering? This is available in Duo’s Advantage and Premier tiers.

Social Engineering 130

Social Engineering Engineering Phishing Passwords 130

Security Affairs

FEBRUARY 27, 2021

The telecommunications giant T-Mobile disclosed a data breach after some of its customers were apparently affected by SIM swap attacks. The telecommunications provider T-Mobile has disclosed a data breach after it became aware that some of its customers were allegedly victims of SIM swap attacks.

Mobile 135

Mobile Data breaches Telecommunications Identity Theft 135

eSecurity Planet

FEBRUARY 26, 2025

Cybercriminals are shifting their focus from emails to text messages, using mishing a more deceptive form of phishing to target mobile users and infiltrate corporate networks, according to new security research by Zimperium. Zimperium found that mishing activity peaked in August 2024, with over 1,000 daily attacks recorded. What is mishing?

Phishing 82

Phishing Mobile Social Engineering Data breaches 82

Malwarebytes

AUGUST 19, 2021

At the end of last week, T-Mobile was investigating reports of a “massive” customer data breach. A hacker claimed to stolen 100 million people’s data from T-Mobile’s servers, which included everything from names and driver licences to addresses and social security numbers. What to do?

Mobile 142

Mobile Data breaches Social Engineering Accountability 142

Security Boulevard

JANUARY 7, 2022

“We informed a very small number of customers that the SIM card assigned to a mobile number on their account may have been illegally reassigned or limited account information was viewed,” a T-Mobile spokesperson told BleepingComputer last week in response to questions about a new T-Mobile data breach.

Mobile 122

Mobile Social Engineering Data breaches Accountability 122

Krebs on Security

JANUARY 30, 2024

In each attack, the victims saw their email and financial accounts compromised after suffering an unauthorized SIM-swap, wherein attackers transferred each victim’s mobile phone number to a new device that they controlled. As it happens, Plex announced its own data breach one day before LastPass disclosed its initial August intrusion.

Social Engineering 359

Social Engineering Mobile Cybercrime Passwords 359

Krebs on Security

AUGUST 30, 2022

A recent spate of SMS phishing attacks from one cybercriminal group has spawned a flurry of breach disclosures from affected companies, which are all struggling to combat the same lingering security threat: The ability of scammers to interact directly with employees through their mobile devices. In an Aug.

Mobile 342

Mobile Phishing Authentication Accountability 342

Zero Day

JUNE 22, 2025

Close Home Tech Security 16 billion passwords leaked across Apple, Google, more: What to know and how to protect yourself Wondering if your information is posted online from a data breach? PT Moor Studio/Getty With so much news about data breaches, you have to be careful not to panic each time you hear of a new one.

Passwords 101

Passwords Data breaches Password Management Accountability 101

Appknox

AUGUST 7, 2022

Unfortunately, because of widespread misconceptions, several businesses still don't understand the true potential of pen testing and refrain from using it to ensure mobile app security. However, this article will clear those myths and help you with a reality check on penetration testing for mobile applications.

Penetration Testing 131

Penetration Testing Mobile Engineering Small Business 131

Zero Day

JUNE 20, 2025

Here are the facts and how to protect yourself Wondering if your information is posted online from a data breach? PT Moor Studio/Getty With so much news about data breaches, you have to be careful not to panic each time you hear of a new one. Here's how to check if your accounts are at risk and what to do next.

Passwords 106

Passwords Data breaches Password Management Identity Theft 106

Krebs on Security

APRIL 6, 2022

Many organizations are already struggling to combat cybersecurity threats from ransomware purveyors and state-sponsored hacking groups, both of which tend to take days or weeks to pivot from an opportunistic malware infection to a full blown data breach. ” SMASH & GRAB. .” ” SMASH & GRAB.

Social Engineering 293

Social Engineering Phishing Accountability Engineering 293

Krebs on Security

AUGUST 12, 2020

As KrebsOnSecurity observed back in 2018 , many people — particularly older folks — proudly declare they avoid using the Web to manage various accounts tied to their personal and financial data — including everything from utilities and mobile phones to retirement benefits and online banking services. YOUR CREDIT FILES.

Accountability 357

Accountability Mobile Banking Passwords 357

Krebs on Security

JANUARY 29, 2020

leaked internal customer support data to the Internet, mobile provider Sprint has addressed a mix-up in which posts to a private customer support community were exposed to the Web. Fresh on the heels of a disclosure that Microsoft Corp.

Social Engineering 326

Social Engineering Telecommunications Data privacy Engineering 326

Malwarebytes

AUGUST 9, 2022

Cloud-based communication platform provider Twilio has announced a breach via a social engineering attack on employees. It seems likely they used data from another breach, or breaches, and searched for Twilio employee names with their phone numbers. Text messages. Twilio has notified the affected customers.

Social Engineering 76

Social Engineering Engineering Accountability Mobile 76

Security Boulevard

SEPTEMBER 15, 2023

A data breach late last month of software development platform firm Retool led to the accelerated acquisition of one of its users and put a spotlight on an account synchronization feature that Google introduced earlier this year. The post Attackers Target Crypto Companies in Retool Data Breach appeared first on Security Boulevard.

Data breaches 111

Data breaches Accountability Software Social Engineering 111

Security Boulevard

APRIL 16, 2024

The post SIM Swappers Try Bribing T-Mobile and Verizon Staff $300 appeared first on Security Boulevard. Not OK: SMS 2FA — Widespread spam targets carrier employees, as scrotes try harder to evade two-factor authentication.

Mobile 132

Mobile Authentication Social Engineering Wireless 132

Security Affairs

APRIL 23, 2022

Telecommunication giant T-Mobile confirmed the LAPSUS$ extortion group gained access to its networks in March. Telecom company T-Mobile on Friday revealed that LAPSUS$ extortion gang gained access to its networks. ” LAPSUS$ leader White/Lapsus Jobs looking up the Department of Defense in T-Mobile’s internal Atlas system.

Mobile 102

Mobile VPN Social Engineering Telecommunications 102

The Last Watchdog

JULY 24, 2023

Today, bad actors are ruthlessly skilled at cracking passwords – whether through phishing attacks, social engineering, brute force, or buying them on the dark web. In fact, according to Verizon’s most recent data breach report, approximately 80 percent of all breaches are caused by phishing and stolen credentials.

Authentication 245

Authentication Passwords Phishing Social Engineering 245

Thales Cloud Protection & Licensing

MAY 7, 2025

Todays threat actors use AI to craft compelling phishing campaigns and advanced social engineering tactics to slip past MFA, resulting in credential theft and account takeovers. High-profile breaches illustrate the devastating impact of credential-based attacks.

Phishing 71

Phishing Authentication Passwords Social Engineering 71

Security Affairs

FEBRUARY 8, 2024

Phishing Attacks: Phishing is the top cyber attack, causing 90% of data breaches. Data Breach Costs: The average global cost of a data breach in 2023 was $4.45 Mobile Threats: Mobile devices are increasingly targeted by cyber criminals, with mobile malware attacks rising by 54%.

Social Engineering 142

Social Engineering Cyber Attacks Cyber Insurance IoT 142

Security Boulevard

JUNE 5, 2022

The DuckDuckGo mobile browser allows Microsoft trackers due to an agreement in their syndicated search content contract, a database of contact details for hundreds of Verizon employees was compromised after an employee was social engineered to give the attacker remote access to their corporate computer, and details about new research that shows that (..)

Social Engineering 115

Social Engineering Mobile Engineering Data privacy 115

Krebs on Security

JULY 22, 2020

According to 4iq.com , a service that indexes account details like usernames and passwords exposed in Web site data breaches, the jperry94526 email address was used to register accounts at several other sites over the years, including one at the apparel store Stockx.com under the profile name Josh Perry.

Hacking 348

Hacking Accountability Scams Media 348

Appknox

JUNE 23, 2022

The risks to the privacy of Australian customers are at an all-time high, as the nation has reported the highest percentage of mobile threats globally, standing at 26.9%. The average Australian netizen uses web-based mobile apps to browse, entertain, communicate, and shop online. Australian Mobile Cybersecurity in 2022.

Social Engineering 92

Social Engineering Mobile Scams Engineering 92

CyberSecurity Insiders

JANUARY 16, 2023

School districts are constantly being targeted by cyber attacks, leading to data breaches and information misuse. Following basic cybersecurity hygiene by students and staff while sharing the data is also important, as it avoids being targeted by phishing scams or other type of social engineering attacks.

Social Engineering 136

Social Engineering Education Data breaches Scams 136

Malwarebytes

FEBRUARY 10, 2021

Ageing, data breaches, and fewer devices. Previous data breaches bump up the risk. You have far higher odds of being attacked if your details have been exposed in a data breach. Sticking to your mobile phone gives you the lowest risk of attack, and the highest risk comes with using multiple devices.

Scams 140

Scams Phishing Data breaches Malware 140

The Last Watchdog

APRIL 28, 2022

That explains why over 80 percent of data breaches start with weak, reused, and stolen passwords through password phishing, social engineering, brute force attacks and credential stuffing. O’Toole. Hackers don’t need to hack in, they just log in.

Passwords 237

Passwords Encryption Phishing Social Engineering 237

Security Affairs

SEPTEMBER 3, 2023

ransomware builder used by multiple threat actors Cisco fixes 3 high-severity DoS flaws in NX-OS and FXOS software Cybercrime Unpacking the MOVEit Breach: Statistics and Analysis Cl0p Ups The Ante With Massive MOVEit Transfer Supply-Chain Exploit FBI, Partners Dismantle Qakbot Infrastructure in Multinational Cyber Takedown U.S.

Social Engineering 126

Social Engineering Spyware Data breaches Surveillance 126

The Last Watchdog

JUNE 21, 2023

The announcement comes at a time when rates of BEC and other advanced phishing attacks are climbing exponentially as they expose vulnerabilities in traditional email security solutions with social engineering tactics. According to the 2023 Verizon Data Breach Investigations Report (DBIR), 74% of breaches involved a human element.

Phishing 183

Phishing Artificial Intelligence Social Engineering Data breaches 183

Security Affairs

DECEMBER 17, 2023

CISA and ENISA enhance their Cooperation CISA adds Qlik bugs to exploited vulnerabilities catalog Report: 2.6 CISA and ENISA enhance their Cooperation CISA adds Qlik bugs to exploited vulnerabilities catalog Report: 2.6 CISA and ENISA enhance their Cooperation CISA adds Qlik bugs to exploited vulnerabilities catalog Report: 2.6

Data breaches 125

Data breaches Cybercrime Firewall Ransomware 125

Krebs on Security

DECEMBER 29, 2022

Credit for that intrusion is quickly claimed by LAPSUS$ , a group of 14-18 year-old cyber hooligans mostly from the United Kingdom who specialized in low-tech but highly successful methods of breaking into companies: Targeting employees directly over their mobile phones. It emerges that email marketing giant Mailchimp got hacked.

Cryptocurrency 309

Cryptocurrency Cybercrime Computers and Electronics Scams 309

SecureWorld News

JULY 13, 2023

According to a Ponemon Institute study, the data breach cost for healthcare organizations without encryption was $380 per record, compared to $230 for those with encryption. Endpoint Security: Securing endpoints, such as laptops, desktops, and mobile devices, is crucial in preventing unauthorized access and malware infections.

Cybersecurity 98

Cybersecurity Data breaches Social Engineering Encryption 98

Malwarebytes

AUGUST 29, 2022

Earlier this month, messaging service Twilio got compromised by a sophisticated social engineering attack. After deploying phishing attacks against company employees, hackers were able to access user data, but now it seems that the impact of the hack was more elaborate than originally assumed. Scatter Swine.

Data breaches 72

Data breaches Authentication Phishing Accountability 72

Krebs on Security

FEBRUARY 25, 2021

requires applicants to supply a great deal more information than previously requested by the states, such as images of their driver’s license or other government-issued ID, copies of utility or insurance bills, and details about their mobile phone service. To screen out fraudsters, ID.me ” A BETTER MOUSETRAP?

Scams 336

Scams Insurance DDOS Authentication 336

Webroot

MAY 28, 2025

This is partly due to the increase in data breaches. Studies show that 51% of Americans report theyve been victims of a data breach, and 64% say theyve changed their online behavior for fear of escalating online threats like ransomware and identity theft. The most common type of social engineering is phishing.

Scams 79

Scams Data breaches Identity Theft Passwords 79

Security Boulevard

JANUARY 24, 2023

Last week, T-Mobile disclosed that the personally identifiable information (PII) of 37 million of its past and present customers had been breached in an API attack. They also shared that the attack had been going on since November but was only caught January 5 by T-Mobile’s security team. Was the API known to T-Mobile?

Mobile 59

Mobile Social Engineering Engineering Government 59

Digital Shadows

OCTOBER 23, 2024

The attacker gained initial access to two employee accounts by carrying out social engineering attacks on the organization’s help desk twice. Leveraging its English proficiency, the collective uses social engineering for initial access. Within six hours, the attacker began encrypting the organization’s systems.

Social Engineering 122

Social Engineering Accountability Engineering Backups 122

SecureWorld News

SEPTEMBER 12, 2024

The risks are fairly obvious: Data Breaches: Online casinos hold vast amounts of sensitive user data, including personal and financial information. Personal data is always at risk when doing any activity online, whether gaming or not. Messaging apps and in-app messages on social apps are great for these.

Cybersecurity 116

Cybersecurity Scams Phishing Mobile 116