Cyber Security Informer

Cybersecurity Insights with Contrast CISO David Lindner | 1/26/24

Security Boulevard

JANUARY 26, 2024

The attackers reportedly got in through an old testing environment, which seemingly had no multi-factor authentication (MFA) stopping them. Lesson learned: Just because it’s not a production system doesn't mean it can't be used as an avenue to get into your production systems. Threat models? It all matters.

CISO

CISO Cybersecurity Authentication Passwords

How to Protect Your Accounts with Multi-Factor Authentication

Duo's Security Blog

OCTOBER 13, 2023

Multi-factor Authentication (MFA) protects your environment by guarding against password weaknesses with strong authentication methods. In our last blog, we discussed using strong passwords and a password manager to provide better defense at the first layer of the authentication process. What is MFA?

Authentication

Authentication Accountability Passwords Mobile

Duo vs. Fraudulent Device Registration

Duo's Security Blog

APRIL 8, 2024

That’s where multi-factor authentication (MFA) comes in. But what if an attacker can just send that authentication request to their own personal phone? Now MFA can no longer stop the cybercriminal from gaining unlimited access.

Authentication

Authentication Accountability Risk Phishing

GUEST ESSAY: Everything you should know about the cybersecurity vulnerabilities of AI chatbots

The Last Watchdog

FEBRUARY 20, 2024

In e-commerce, it facilitates smooth product inquiries and order tracking. In customer support, it seamlessly integrates with Microsoft’s ecosystem for enhanced productivity. Authentication and authorization vulnerabilities: Weak authentication methods and compromised access tokens can provide unauthorized access.

Cybersecurity

Cybersecurity Penetration Testing Authentication Social Engineering

Outlook app to get built-in Microsoft 365 MFA on Android, iOS

Bleeping Computer

MARCH 13, 2023

Microsoft will soon fast-track multi-factor authentication (MFA) adoption for its Microsoft 365 cloud productivity platform by adding MFA capabilities to the Outlook email client. [.]

Authentication

Akira Ransomware gang targets Cisco ASA without Multi-Factor Authentication

Security Affairs

AUGUST 31, 2023

Cisco is aware of attacks conducted by Akira ransomware threat actors targeting Cisco ASA VPNs that are not configured for multi-factor authentication. “This highlights the importance of enabling multi-factor authentication (MFA) in VPN implementations. . 200 and 162.35.92[.]242

Authentication

Authentication Ransomware VPN Hacking

Think Your MFA and PAM Solutions Protect You? Think Again

The Hacker News

SEPTEMBER 18, 2023

When you roll out a security product, you assume it will fulfill its purpose. A new report, produced by Osterman Research and commissioned by Silverfort, reveals that MFA (Multi-Factor Authentication) and PAM (Privileged Access Management) solutions are almost never deployed comprehensively enough to provide resilience to identity

Authentication

Duo’s Proud to Announce 2023 Top-Rated Award by TrustRadius

Duo's Security Blog

NOVEMBER 10, 2023

10 and over 250 reviews, Duo is honored to share that we won the 2023 TrustRadius Top Rated Award for Authentication. Duo’s Multi-Factor Authentication solution combines multiple authentication factors to provide simple ways to protect users. With a score of 9.3/10 That makes this recognition significant.

Authentication

Authentication Education Accountability Technology

IT administrators' passwords are awful too

Malwarebytes

OCTOBER 19, 2023

Default passwords, even if they are more complex, have the huge disadvantage that they can be found by simply looking up the product documentation in a search engine. As I wrote before, and will probably repeat in the future, multi-factor authentication is so much more secure , and with that a lot more forgiving, than passwords alone.

Passwords

Passwords Authentication Password Management Engineering

MY TAKE: Businesses gravitate to ‘passwordless’ authentication — widespread consumer use up next

The Last Watchdog

MAY 24, 2022

Perhaps not coincidently, it comes at a time when enterprises have begun adopting passwordless authentication systems in mission-critical parts of their internal operations. Fortifications, such as multi-factor authentication (MFA) and password managers, proved to be mere speed bumps. One bank in the U.S.

Authentication

Authentication Passwords Banking Digital transformation

Google Cybersecurity Action Team Threat Horizons Report #4 Is Out!

Anton on Security

OCTOBER 12, 2022

My favorite quotes from the report follow below: “in Q2 threat actors frequently targeted weak and default-password issues for initial compromise, factoring in over half of identified Incidents.” [A.C.?—?that Especially the ‘no credentials’ part, which to me smells like the 1980s, not even the 1990s] Cloud Compromise Factors from TH #4?—?Google

Cybersecurity

Cybersecurity Malware Accountability Authentication

Sophisticated BEC scammers bypass Microsoft 365 multi-factor authentication

CSO Magazine

AUGUST 24, 2022

and hackers have developed ways to bypass multi-factor authentication (MFA) on cloud productivity services like Microsoft 365 (formerly Office 365). According to the researchers, the campaign they analyzed is widespread and targets large transactions of up to several million dollars each.

Authentication

Authentication Accountability Phishing

How to Implement Single Sign-On in Your Organization

SecureWorld News

SEPTEMBER 29, 2023

When choosing an SSO vendor, it is important to consider the following factors: Features: What features are important to you? Do you need support for multi-factor authentication (MFA)? Yes, you can bundle a solution for MFA with the introduction of SSO. Most SSO vendors offer MFA integration.

Authentication

Authentication Accountability Mobile Passwords

Recent ‘MFA Bombing’ Attacks Targeting Apple Users

Krebs on Security

MARCH 26, 2024

RATE LIMITS What sanely designed authentication system would send dozens of requests for a password change in the span of a few moments, when the first requests haven’t even been acted on by the user? Throughout 2022, a criminal hacking group known as LAPSUS$ used MFA bombing to great effect in intrusions at Cisco , Microsoft and Uber.

Passwords

Passwords Accountability Engineering Phishing

EvilProxy used in massive cloud account takeover scheme

Security Affairs

AUGUST 9, 2023

. “Threat actors utilized EvilProxy – a phishing tool based on a reverse proxy architecture, which allows attackers to steal MFA-protected credentials and session cookies.” EvilProxy actors use Reverse Proxy and Cookie Injection methods to bypass 2FA authentication – proxyfying victim’s session.

Accountability

Accountability Phishing Authentication Architecture

Threat actors breached Okta support system and stole customers’ data

Security Affairs

OCTOBER 21, 2023

Okta says that threat actors broke into its support case management system and stole authentication data, including cookies and session tokens, that can be abused in future attacks to impersonate valide users. HAR files can also contain sensitive data, including authentication information.

Social Engineering

Social Engineering Data breaches Authentication VPN

What's the Buzz on Passwordless?

Duo's Security Blog

SEPTEMBER 16, 2021

At Duo, we're building a passwordless authentication solution that’s as easy to set up as it is to use – with our world-class security baked in. But not every passwordless product or system meets the security high bar administrators need. Your Journey Begins with Multi-Factor Authentication See the video at the blog post.

Authentication

Authentication Passwords Phishing CISO

Don’t Bet on Passwords: Using MFA to Make Insuring Your Security Less of a Gamble

Duo's Security Blog

OCTOBER 18, 2022

A password manager can go a long way in helping to simplify that process, but multi-factor authentication (MFA) security can help even more. Our experts will discuss the risks posed by passwords, what cyber insurers require to protect organizations, and how MFA can meet both of those needs.

Insurance

Insurance Passwords Cyber Insurance Authentication

P@ssW0rdsR@N0T_FUN!

Duo's Security Blog

OCTOBER 4, 2023

Enabling multi-factor authentication 3. Password Managers And while users may resist more complex passwords because they’re less convenient, there are a variety of password management vendors with products that can help. Held in October, each week there will be a different focus on a key behavior: 1. Try Duo for free!

Password Management

Password Management Passwords Authentication Social Engineering

Ransomware – Stop’em Before They Wreak Havoc

Thales Cloud Protection & Licensing

MAY 17, 2023

Add Multi-factor Authentication Customers can add Multi-factor Authentication (MFA) for CipherTrust Encryption (CTE), to get an additional layer of protection at the folder/file level. MFA for CTE is available for the Windows platform.

Ransomware

Ransomware Encryption Authentication System Administration

What Are Passkeys?

Duo's Security Blog

JUNE 12, 2023

Before we can discuss passkeys, we need to lay some groundwork and discuss authentication, Passwordless and WebAuthn. What is authentication? Authentication is the process of verifying your online identity. We added multi-factor authentication (MFA) – something you know and something you have or are.

Authentication

Authentication Passwords Password Management Phishing

Okta discloses a new data breach after a third-party vendor was hacked

Security Affairs

NOVEMBER 2, 2023

Okta is offering them access to 24 months of complementary credit monitoring, identity restoration, and fraud detection services, through the Experian Identity Works product. The attacks targeted IT service desk staff to trick them into resetting all multi-factor authentication (MFA) factors enrolled by highly privileged users.

Data breaches

Data breaches Hacking Healthcare Social Engineering

Following the 2020 Hack, Twitter Security Keys Should Be Used By the Company’s Employees

Heimadal Security

OCTOBER 28, 2021

As a response to the Twitter hack that happened last year, the American social networking service put in place the compulsoriness of the MFA (multi-factor authentication) use and also ensured the security keys roll out for all its employees.

Hacking

Hacking Authentication Scams Cybersecurity

Announcing Duo’s Vision to Streamline Authentication & Enhance User Experience

Duo's Security Blog

JUNE 8, 2023

Some of it is positive, but the general consensus is that people don’t love multi-factor authentication (MFA); they see it as a necessary evil at best. During the workday, on the other hand, I spend a lot of time talking to systems administrators, security operations analysts, and IT professionals who do love MFA.

Authentication

Authentication VPN System Administration Engineering

VMware Flaw a Vector in SolarWinds Breach?

Krebs on Security

DECEMBER 18, 2020

government cybersecurity agencies warned this week that the attackers behind the widespread hacking spree stemming from the compromise at network software firm SolarWinds used weaknesses in other, non-SolarWinds products to attack high-value targets. National Security Agency (NSA) warned on Dec. ” Indeed, the NSA’s Dec.

Software

Software Authentication Hacking Government

Fine-grained Authorization: Protecting and controlling user access in a digital-first world

Thales Cloud Protection & Licensing

JUNE 8, 2023

Fine-grained Authorization: Protecting and controlling user access in a digital-first world madhav Fri, 06/09/2023 - 05:22 Strong and flexible customer authentication is a key driver for adopting a customer identity & access management (CIAM) solution, with customer experience and security being the apparent benefits.

Banking

Banking Healthcare Authentication Accountability

Stronger Protection & Frictionless Access Can Coexist (Really)

Duo's Security Blog

JULY 21, 2023

If endless false positives and reactive security models have been threatening your productivity and that of your users, you’re not alone. Many organizations struggle with authentication processes that frustrate and burden users to the point that they see security as nothing but a point of friction.

Authentication

Authentication Risk Engineering Phishing

How to Prevent and Protect Against Supply Chain Attacks

Thales Cloud Protection & Licensing

MARCH 30, 2022

The underlying rule should be to expand modern and multi-factor authentication to all users and applications in your organization, whether those apps reside on-prem or in the cloud. There is a tendency to enforce MFA for so called privileged users only. Not all Authentication Methods are Created Equal.

Authentication

Authentication CISO VPN Threat Reports

Cisco confirms that data leaked by the Yanluowang ransomware gang were stolen from its systems

Security Affairs

SEPTEMBER 12, 2022

Once obtained the credentials, the attackers launched voice phishing attacks in an attempt to trick the victim into accepting the MFA push notification started by the attacker. Upon achieving an MFA push acceptance, the attacker had access to the VPN in the context of the targeted user.

Ransomware

Ransomware VPN Authentication Phishing

Duo’s MacLogon Release Enhances MacOS Security With Offline and M1 Support

Duo's Security Blog

SEPTEMBER 21, 2022

Like any personal computing device, it requires local authentication to login. Apple provides username and password login for primary authentication and Cisco Duo provides secondary factors to strengthen the macOS security authentication process. The first login it offers the user is the option to enroll in offline login.

Authentication

Authentication Mobile Passwords Marketing

GoTo revealed that threat actors stole customers’ backups and encryption key for some of them

Security Affairs

JANUARY 24, 2023

. “Our investigation to date has determined that a threat actor exfiltrated encrypted backups from a third-party cloud storage service related to the following products: Central, Pro, join.me, Hamachi, and RemotelyAnywhere. We also have evidence that a threat actor exfiltrated an encryption key for a portion of the encrypted backups.”

Backups

Backups Encryption Data breaches Passwords

Why We Comply: Breaking Down the Learning Curve in K-12 Cybersecurity Compliance

Duo's Security Blog

AUGUST 24, 2022

However, adding two-factor or multi-factor authentication (MFA) cybersecurity may be a good place to start. All students, faculty, staff and parents should use secure authentication tools like MFA to verify their identity before accessing sensitive school data. Does FERPA require MFA?

Cybersecurity

Cybersecurity Education Insurance Authentication

Labor Day Cyber Scams: What to Watch Out For

SecureWorld News

AUGUST 25, 2023

Common Labor Day scams to watch out for Fake Retail Promotions: Cybercriminals create counterfeit websites or email campaigns that mimic legitimate retailers offering massive discounts on popular products. Email Filters and Authentication: Implement robust email filters that can identify and quarantine phishing emails.

Scams

Scams Retail Phishing Authentication

Three Ways to Stop ATO Attacks in Their Tracks

CyberSecurity Insiders

OCTOBER 19, 2022

Some of those customer accounts have since gone dormant, while many others remain inadequately protected due to weak passwords or the absence of safeguards like multi-factor authentication (MFA). Beauty brands have long been masters at inspiring loyalty and enthusiasm for their products.

Retail

Retail Accountability Authentication Cryptocurrency

BrandPost: Zero Trust is Not a SKU – It’s a Journey Well Worth Undertaking

CSO Magazine

OCTOBER 5, 2022

Zero trust is the security buzzword of the moment, and while it is a very powerful approach, nearly every enterprise security product on the market – and some that aren’t even security products — are saying they enable zero trust. To read this article in full, please click here

Marketing

Marketing Architecture Authentication Internet

Weekly Vulnerability Recap – August 28, 2023 – Windows, Ivanti, Adobe Hit By Flaws

eSecurity Planet

AUGUST 28, 2023

OpenFire vulnerability persists Open-source chat server OpenFire has been affected by an authentication bypass vulnerability (CVE-2023-32315) since May. August 24, 2023 Akira ransomware targeting Cisco, but MFA helps Akira ransomware groups have been exploiting Cisco’s virtual private network ( VPN ) tools.

VPN

VPN Authentication Mobile Firewall

New Tools for Stopping Fraud in the Era of AI

Security Boulevard

JULY 6, 2023

ForgeRock Autonomous Access uses AI to monitor login requests in real time, blocking malicious attempts and adding authentication steps when it detects anomalous behavior. A successful MFA means the user can continue to login and be productive. This leads to frustration and lost productivity.

Artificial Intelligence

Artificial Intelligence Passwords Authentication Accountability

Cisco VPNs without MFA are under attack by ransomware operator

Malwarebytes

AUGUST 28, 2023

The Cisco Product Security Incident Response Team (PSIRT) has posted a blog about Akira ransomware targeting VPNs without Multi-Factor Authentication (MFA). The Cisco team states that it is aware of reports of the Akira ransomware group going specifically after Cisco VPNs that are not configured for MFA.

Ransomware

Ransomware VPN Passwords Backups

BlueCharlie changes attack infrastructure in response to reports on its activity

Security Affairs

AUGUST 6, 2023

Given the group’s historical use of phishing, were commend network defenders employ robust anti-phishing training and highly encourage the use of a FIDO2-compliant multi-factor authentication token, such as aYubikey.,” ” concludes the report. The report includes Indicators of Compromise (IoCs) for this threat.

Phishing

Phishing Social Engineering Authentication Cryptocurrency

Okta Source Code Breach: How to Evaluate the Impact & Protect your Organization

Security Boulevard

DECEMBER 21, 2022

Okta, a leading provider of authentication services and Identity and Access Management (IAM) solutions, confirmed that its private GitHub repositories were hacked this month. The leaked Okta source code pertains to the Workforce Identity Cloud repository and does not pertain to any Auth0 (Customer Identity Cloud) products.

Accountability

Accountability Architecture Authentication Internet

Gen Z fears physical violence from being online more than anyone else, Malwarebytes finds

Malwarebytes

OCTOBER 4, 2023

The broad failure to use the most effective cybersecurity protections available, including antivirus, multi-factor authentication (MFA), and a password manager. The worrying percentage of people who monitor their romantic partner online without consent. The eye-popping number of people who reuse passwords.

Antivirus

Antivirus Identity Theft Internet Internet

Checklist for Getting Cyber Insurance Coverage

Thales Cloud Protection & Licensing

MAY 10, 2022

You can ensure insurance coverage and even reduce premiums if you are implementing good cyber security practices - starting off with multi-factor authentication – in order to avoid a breach. Use multi-factor authentication (MFA). No MFA, no cyber insurance”. Flexibility and scalability.

Cyber Insurance

Cyber Insurance Insurance Cyber Risk Authentication

La-Z-Boy Protects a Complex Environment With Duo Security

Duo's Security Blog

AUGUST 8, 2022

When the time came for furniture manufacturer and distributor La-Z-Boy to implement a multi-factor authentication (MFA) solution, they turned to Duo Security. La-Z-Boy wanted to secure their environment with a product that would scale as they scale, that was simple to install and that offered the maximum security.

Retail

Retail Manufacturing Authentication Hacking

Thales and Palo Alto Networks collaborate to offer mid-markets the enterprise protection

Thales Cloud Protection & Licensing

AUGUST 1, 2022

A key component of secure cloud transformation is the ability of organizations to implement secure and adaptive Multi-Factor Authentication (MFA), and access management across their entire IT environment, as they migrate services and workloads to the cloud. Introducing Adaptive MFA.

Marketing

Marketing Digital transformation Cloud Migration Authentication

Cybersecurity Insights with Contrast CISO David Lindner | 1/26/24

How to Protect Your Accounts with Multi-Factor Authentication

Trending Sources

Duo vs. Fraudulent Device Registration

GUEST ESSAY: Everything you should know about the cybersecurity vulnerabilities of AI chatbots

Outlook app to get built-in Microsoft 365 MFA on Android, iOS

Akira Ransomware gang targets Cisco ASA without Multi-Factor Authentication

Think Your MFA and PAM Solutions Protect You? Think Again

Duo’s Proud to Announce 2023 Top-Rated Award by TrustRadius

IT administrators' passwords are awful too

MY TAKE: Businesses gravitate to ‘passwordless’ authentication — widespread consumer use up next

Google Cybersecurity Action Team Threat Horizons Report #4 Is Out!

Sophisticated BEC scammers bypass Microsoft 365 multi-factor authentication

How to Implement Single Sign-On in Your Organization

Recent ‘MFA Bombing’ Attacks Targeting Apple Users

EvilProxy used in massive cloud account takeover scheme

Threat actors breached Okta support system and stole customers’ data

What's the Buzz on Passwordless?

Don’t Bet on Passwords: Using MFA to Make Insuring Your Security Less of a Gamble

P@ssW0rdsR@N0T_FUN!

Ransomware – Stop’em Before They Wreak Havoc

What Are Passkeys?

Okta discloses a new data breach after a third-party vendor was hacked

Following the 2020 Hack, Twitter Security Keys Should Be Used By the Company’s Employees

Announcing Duo’s Vision to Streamline Authentication & Enhance User Experience

VMware Flaw a Vector in SolarWinds Breach?

Fine-grained Authorization: Protecting and controlling user access in a digital-first world

Stronger Protection & Frictionless Access Can Coexist (Really)

How to Prevent and Protect Against Supply Chain Attacks

Cisco confirms that data leaked by the Yanluowang ransomware gang were stolen from its systems

Duo’s MacLogon Release Enhances MacOS Security With Offline and M1 Support

GoTo revealed that threat actors stole customers’ backups and encryption key for some of them

Why We Comply: Breaking Down the Learning Curve in K-12 Cybersecurity Compliance

Labor Day Cyber Scams: What to Watch Out For

Three Ways to Stop ATO Attacks in Their Tracks

BrandPost: Zero Trust is Not a SKU – It’s a Journey Well Worth Undertaking

Weekly Vulnerability Recap – August 28, 2023 – Windows, Ivanti, Adobe Hit By Flaws

New Tools for Stopping Fraud in the Era of AI

Cisco VPNs without MFA are under attack by ransomware operator

BlueCharlie changes attack infrastructure in response to reports on its activity

Okta Source Code Breach: How to Evaluate the Impact & Protect your Organization

Gen Z fears physical violence from being online more than anyone else, Malwarebytes finds

Checklist for Getting Cyber Insurance Coverage

La-Z-Boy Protects a Complex Environment With Duo Security

Thales and Palo Alto Networks collaborate to offer mid-markets the enterprise protection

Stay Connected