Duo's Security Blog

JULY 15, 2021

Yes, it’s a password-less authentication method, greatly streamlining the login experience, and while that’s a great incentive to use passwordless for logging in, it’s not an improvement in authentication security in and of itself. That isn’t to say that every password-less solution needs to be phish-proof.

Phishing 99

Phishing Authentication Passwords Risk 99

Malwarebytes

APRIL 2, 2023

Apple fixes actively exploited vulnerability and introduces new features Steer clear of this EE phish that wants your card details 3 tips to raise your backup game 3 tips for creating backups your organization can rely on when ransomware strikes Stay safe!

Backups 78

Backups DDOS Cyber threats Ransomware 78

Duo's Security Blog

NOVEMBER 6, 2023

Passwords that are easily detectable or reused often are vulnerable to phishing attacks. This lowers the number of passwords users must remember (or re-use, as is often the case). It’s also the foundation for a passwordless future, powering-up phishing resistance and user experience to defend against attackers.

Passwords 74

Passwords Authentication Risk Technology 74

Digital Shadows

AUGUST 17, 2021

What is Phish(ing)? But, never mind the dozens of other reports and white papers about phishing that come out every year from security industry leaders, let’s take a look at the 2021 Verizon DBIR. Why should I care about Phish? The reason why phishing is still reigning supreme?

Phishing 52

Phishing Accountability Social Engineering Mobile 52

Duo's Security Blog

NOVEMBER 20, 2023

Security professionals agree that passwords are low hanging fruit for cybercriminals and can even be the keys to the kingdom when the compromised passwords belong to privileged accounts. According to a 2023 Cisco Duo sponsored survey , only 62% of organizations make MFA mandatory for their entire workforce.

Threat Detection 134

Threat Detection Authentication Accountability Data breaches 134

Duo's Security Blog

SEPTEMBER 16, 2021

With MFA in place, you can reduce your reliance on passwords and modify password policies to require less frequent resets, alleviating help desk burden and reducing user frustration. Passwords Are Safer Than Biometrics, PINs Are Just Passwords, and Other Tall Tales See the video at the blog post.

Authentication 99

Authentication Passwords Phishing CISO 99

Duo's Security Blog

MAY 23, 2023

Your passwords are on the internet. Talks of passkeys, passphrases, and even password less all point in one direction: eroding faith in the previously trusty password tucked under your keyboard. These habits highlight the need for more modern password technology and stronger authentication methods.

Authentication 117

Authentication Passwords Data breaches Phishing 117

Security Boulevard

JULY 6, 2023

It's no secret that the bad guys are training their artificial intelligence (AI) engines to crack passwords, perform account takeovers (ATO), and automate their ransomware demands. In fact, they are using AI to not only predict your users' current passwords. Mind blown! We typically know the location of the legitimate user.

Artificial Intelligence 105

Artificial Intelligence Passwords Authentication Accountability 105

NopSec

JULY 25, 2017

Make sure your business email password is “Password123.” As it happens, the easiest way to actively exploit a system is to have the password or key. So how does an ethical hacker (and really, malicious ones, too) get a password or key? So how does an ethical hacker (and really, malicious ones, too) get a password or key?

Passwords 40

Passwords Penetration Testing Phishing Accountability 40

Duo's Security Blog

OCTOBER 6, 2023

In other words, it’s not just about implementing MFA to verify user trust, it’s about using phishing-resistant MFA with risk-based authentication , device posture checks and other security controls. TL,DR: Check out our on-demand webinar Your Zero Trust Roadmap , where we outline the five key steps to secure user access to apps.

Authentication 117

Authentication Risk Social Engineering InfoSec 117

Security Boulevard

FEBRUARY 14, 2022

Customers end up calling help desks for multiple reasons, including to reset their passwords and manage their profile, privacy, and data sharing settings. For example, allowing customers to manage and reset their usernames and passwords alone can save enterprises millions of dollars annually. Learn More In Our Webinar.

Passwords 97

Passwords Retail Digital transformation Risk 97

Duo's Security Blog

MAY 6, 2024

The security industry has diligently battled compromised credentials, evolving from passwords to multifactor authentication (MFA) to passwordless — our most secure and phishing-resistant method to date — and one that is fully supported in Duo. Despite these advancements, we still see many identity-based breaches year over year.

Authentication 93

Authentication Accountability VPN Phishing 93

Duo's Security Blog

OCTOBER 11, 2023

To learn more about how Duo’s access management trifecta empowers you to authenticate further and defend faster, be sure to tune into our webinar Authenticate Further, Defend Faster with Higher Security from Duo. Forget coming up with a password that will eventually, inevitably find its way onto the dark web. Talk about a team up!

Authentication 101

Authentication Risk Technology Phishing 101

Thales Cloud Protection & Licensing

AUGUST 15, 2022

It’s no secret that passwords have become one of the weakest links in enterprise security. While password guessing and brute force attempts are still a risk, cybercriminals no longer need to go through the trouble. Passwordless authentication was developed to combat phishing attacks, a crucial risk that cannot be ignored.

Authentication 71

Authentication Phishing Passwords Risk 71

SecureWorld News

JULY 21, 2020

"It steals usernames and passwords for outgoing email servers. Combined, these tools create a virtually super-powered botnet that further reveal the importance of addressing phishing attacks. The path toward eradicating phishing schemes is far from clear, but SecureWorld has resources to make it clearer.

Phishing 59

Phishing Banking Authentication Passwords 59

SecureWorld News

SEPTEMBER 29, 2022

For Amazon, cybersecurity is a top priority, said Jenny Brinkley, Director, Amazon Security, who was one of the webinar panelists. Another theme touched on in the webinar was to m ake awareness education easy, like you're talking to a teenager: "I like to think about how I explain this to my own family," Shou said. Updating software.

Cybersecurity 64

Cybersecurity Education Security Awareness Password Management 64

Duo's Security Blog

JULY 6, 2023

The writing is certainly on the wall that username and password credentials are a menace to secure environments, and moving to strong authentication is the solution. There’s no time like the present for starting your passwordless journey Weak authentication with passwords and phishable MFA is putting enterprises at risk.

Authentication 64

Authentication Passwords Risk Technology 64

Security Boulevard

JULY 21, 2023

This is why it's critical to secure your user identities and passwords and the IAM services that manage them. For example, after entering a username and password or SSO credentials, a user may be required to accept a push notification from an authenticator app or enter a PIN sent to a personal device.

Threat Detection 98

Threat Detection Authentication Passwords Accountability 98

Security Affairs

MAY 8, 2020

Group-IB, a Singapore-based cybersecurity company, observed the growth of the lifespan of phishing attacks in the second half of 2019. Figure 1 The distribution of web-phishing among target categories . CERT-GIB’s findings indicate that phishing attack perpetrators have revised their so-called target pool. Target reshuffle.

Phishing 56

Phishing Spyware Banking Malware 56

SecureWorld News

SEPTEMBER 29, 2020

Office supply phishing cyberattack campaign. A federal judge just sentenced a Nigerian national to three years in prison for being part of a phishing ring that effectively stole office supplies so it could resell them. It turns out, cybercriminals would like that person's login credentials because they have value. government agencies.

Phishing 68

Phishing Government Cyber Risk Cybercrime 68

NopSec

FEBRUARY 15, 2017

Do you feel confident that everyone in your organization could identify a phishing email that contained ransomware? In today’s post, we share information with the goal that it will help everyone in your organization protect themselves from phishing attacks.

Phishing 40

Phishing Social Engineering Engineering Healthcare 40

CyberSecurity Insiders

APRIL 10, 2023

In the current digital landscape, identity security has gained paramount importance due to the growing cyber risks posed by phishing and social engineering attacks utilizing AI. Why is identity management and security important in 2023? “In Batch training for the Identity Management key players.

Identity Theft 105

Identity Theft Education Authentication Data breaches 105

Security Boulevard

MAY 5, 2021

Florida Water Attack Details - Tactics Included Phishing, Credential Stealing, DLL Injection. Using phishing and key logging attacks, the attackers phished the login credentials of a supervisor. They extracted the passwords to access the SCADA HMI and SCADA web interface to take control of the most critical systems.

Energy and Utilities 89

Energy and Utilities Manufacturing Data breaches Phishing 89

Duo's Security Blog

MARCH 9, 2022

Firewall status, drive encryption status, password status and whether an antivirus or anti-malware agent is running can all contribute to improved security resilience. Resources Webinar: Essential Eight - How Does Your Organization Rate? Solution Brief: Duo for Essential Eight Customer Story: Deakin University.

Cybersecurity 71

Cybersecurity Authentication Passwords VPN 71

Jane Frankland

OCTOBER 17, 2023

Secure web browsing matters for ITDMs for several reasons: Protection against cyber threats: Secure web browsing acts as a vital defence mechanism against various cyber threats, such as malware infections, phishing attacks, and data breaches. Alternatively, reusing passwords, sharing passwords; and simply ignoring browser software updates.

Security Awareness 124

Security Awareness Education Cybersecurity Data breaches 124

Security Boulevard

APRIL 12, 2022

No more typing out usernames and thinking up passwords. Examples of self-service include managing login preferences and passwords, updating contact information, requesting specific support, and so on. Even with the convenience of social registration and self-service, managing usernames and passwords is a source of consumer frustration.

Healthcare 52

Healthcare Authentication Passwords CISO 52

Security Affairs

FEBRUARY 7, 2020

. “ Certfa Lab has identified a new series of phishing attacks from the Charming Kitten 1 , the Iranian hacking group who has a close relationship with Iran’s state and Intelligence services. site domain where login credential details of his/her email such as the password and two factor authentication (2FA) code are requested.

Phishing 74

Phishing Advertising Malware Media 74

Duo's Security Blog

FEBRUARY 6, 2024

Traditionally, credentials (such as usernames, passwords or security tokens) have been the gatekeepers of access. This way, IT Administrators can quickly address any security gaps by migrating from weak authentication to strong, phishing-resistant, multi-factor passwordless deployments across a customer’s entire enterprise stack.

Accountability 77

Accountability Authentication Risk Marketing 77

Security Affairs

OCTOBER 5, 2023

Researcher discovered that global B2B CRM provider Really Simple Systems exposed online a non-password-protected database with million records. Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to vpnMentor about a non-password protected database that contained over 3 million records.

Data breaches 104

Data breaches B2B Education Identity Theft 104

Security Boulevard

APRIL 28, 2021

Networks can also be easily breached by social engineering, password theft, or tainted USBs, as in the Stuxnet attack. . . In later rounds, the Trojan spread through spear-phishing emails with malicious Excel or Word files. How the infection first started is uncertain, but the usual suspect of phishing is suspected.

Energy and Utilities 72

Energy and Utilities Malware DDOS Internet 72

BH Consulting

AUGUST 9, 2022

Researchers from Microsoft identified a phishing campaign that bypasses MFA. The ongoing campaign has targeted more than 10,000 Office 365 organisations since September 2021, using ‘adversary in the middle’ (AiTM) sites to steal passwords and hijack login sessions. A short guide from SANS showing how phishing attacks are evolving.

Cybercrime 52

Cybercrime Accountability Phishing Authentication 52

Duo's Security Blog

JANUARY 28, 2022

Imagine a shift away from logging into a “network” to having security seamlessly built into the network, and multi-factor authentication and authorization continuously performed at the application level on the fly — without users typing passwords. What’s in the Strategy?

Authentication 52

Authentication Government DNS Encryption 52

Duo's Security Blog

JULY 29, 2021

Hopefully, you’ve already got this one — but if not, there are countless products that can help you mitigate the threats of password-based single-factor authentication. So long as passwords remain an option, adversaries can apply the same attacks they use today to password-based auth methods.

Authentication 54

Authentication Passwords Accountability Manufacturing 54

NopSec

MARCH 25, 2019

In this blog post, we summarize the first part of that webinar, without going into the three specific applications and the challenges. For more details, that entire webinar is now available on demand here. For every login attempt, has someone’s password been compromised? For every email received, is it a phishing attempt?

Cybersecurity 52

Cybersecurity Artificial Intelligence Phishing Malware 52

Security Boulevard

AUGUST 26, 2021

Global organizations are being overrun by a flood of malware, phishing, and ransomware attacks and compromised credentials. Register for our webinar: A New Era: Maximize Zero Trust with AI-driven Role Management . . A major factor: increasing coordination among hacker groups and state actors. The post IAM 101 Series: What Is RBAC?

Data breaches 59

Data breaches Artificial Intelligence Retail Architecture 59

BH Consulting

NOVEMBER 3, 2020

In 2020, many cybercriminals exploited the Coronavirus pandemic to launch phishing campaigns and other online financial frauds. The post also highlighted the importance of using strong passwords and not repeating them across multiple websites or online services. Overall, the aim is to highlight good cyber hygiene and security practice.

Cybersecurity 52

Cybersecurity Risk Ransomware Passwords 52

NetSpi Executives

APRIL 27, 2024

terminal services, virtual private networks (VPNs), and remote desktops—often use weak passwords and do not require MFA. Attackers guess the passwords easily, find them in open source code repositories, or collect them via phishing. Administrators who access IT management interfaces—e.g., What is ransomware attack simulation?

Ransomware 52

Ransomware Cyber Insurance Backups Insurance 52