Cyber Security Informer

New Duo E-Book, Attack Vectors Decoded: Securing Organizations Against Identity-Based Threats

Duo's Security Blog

MARCH 4, 2024

Identity-based cyberattacks are a challenge across all organizations, regardless of size, industry or technology. Recently, attackers have targeted multi-factor authentication (MFA). Recently, attackers have targeted multi-factor authentication (MFA). MFA is a common second line of defense against compromised passwords.

Authentication

Authentication Social Engineering Passwords Risk

Two-Factor Authentication Evaluation Guide

Tech Republic Security

NOVEMBER 9, 2022

In this guide, you will learn how to evaluate a solution based on: Security Impact – Does the solution reduce risks, and can it provide visibility into your environment? Strategic Business Initiatives – Does the solution support cloud, mobile and BYOD initiatives? Can it fulfill compliance?

Authentication

Authentication Mobile Risk Digital transformation

Why TOTP Won’t Cut It (And What to Consider Instead)

NetSpi Technical

JANUARY 18, 2024

In this article we’ll explore security risks of TOTP and an alternative 2FA method to increase security. Time-Based One-Time Password (TOTP) Time-Based One-Time Password (TOTP) is a common two-factor authentication (2FA) mechanism used across the internet. Once a token was issued, it was time-based.

Authentication

Authentication Passwords Accountability Penetration Testing

GUEST ESSAY: How the FIDO Alliance helps drive the move to passwordless authentication

The Last Watchdog

DECEMBER 6, 2021

This traditional authentication method is challenging to get rid of, mostly because it’s so common. And for businesses, transitioning to new authentication solutions can be expensive and time-consuming. It supports standards that make implementing newer, stronger authentication methods possible for businesses.

Authentication

Authentication Passwords Mobile Phishing

Email Security Guide: Protecting Your Organization from Cyber Threats

CyberSecurity Insiders

APRIL 16, 2023

This e-guide offers an in-depth understanding of the email security landscape, actionable guidance on implementing and maintaining robust email security solutions, and an overview of top email security vendors. Understanding the risk of supply chain attacks allows organizations to assess and monitor the security of their entire supply chain.

Cyber threats

Cyber threats Phishing Encryption Small Business

23andMe sparks rethink about safeguarding data: on-premises vs. hybrid cloud strategies

IT Security Guru

MARCH 14, 2024

Mark Grindey, CEO, Zeus Cloud explains that one way that organisations can mitigate similar risks is by implementing on-premises and hybrid cloud solutions. This is because it enables individuals to connect with potential relatives based on shared genetic information. Implementing multi-factor authentication is vital too.

Data breaches

Data breaches Identity Theft Encryption Authentication

LW ROUNDTABLE: Cybersecurity takeaways of 2023 — and what’s ahead in 2024 ( part 3)

The Last Watchdog

DECEMBER 14, 2023

Last Watchdog posed two questions: •What should be my biggest takeaway from 2023, with respect to mitigating cyber risks at my organization? GenAI holds immense potential to supercharge productivity, but if you forget basic security hygiene, you’re opening yourself up to significant risk. Their guidance: Snehal Antani , CEO, Horizon3.ai

Cybersecurity

Cybersecurity Marketing Encryption CISO

Protecting Your Universe from Third-Party Threats with Risk-Based Authentication & Verified Push

Duo's Security Blog

NOVEMBER 14, 2023

However, the recent spate of software supply chain attacks has heightened awareness amongst security teams and IT on the risks of third parties and how quickly those risks can turn into incidents. In today’s blog, we’ll talk about how RBA and more secure methods of authentication can securely enable third-party access.

Authentication

Authentication Risk Mobile Technology

News alert: AppDirect poll reveals company leaders losing sleep over cyber risks, compliance

The Last Watchdog

NOVEMBER 28, 2023

Their top areas of concern include cybersecurity risk (58%), information security risk (53%) and compliance risk (39%). This demonstrates a lack of rigorous employee education and training on cybersecurity measures, making employees part of the problem rather than part of the solution. “IT

Cyber Risk

Cyber Risk Risk B2B Social Engineering

The Problem With One-Time Passcodes

Duo's Security Blog

FEBRUARY 15, 2024

Multi-factor authentication (MFA) is a well-known and well-established protection that many organizations rely on. Several common authentication methods include the use of one-time passcodes (OTP). Passwordless authentication, which uses WebAuthn credentials, is another safe alternative to OTP.

Social Engineering

Social Engineering Authentication Passwords Engineering

How to Protect Your Accounts with Multi-Factor Authentication

Duo's Security Blog

OCTOBER 13, 2023

Multi-factor Authentication (MFA) protects your environment by guarding against password weaknesses with strong authentication methods. In our last blog, we discussed using strong passwords and a password manager to provide better defense at the first layer of the authentication process. What is MFA?

Authentication

Authentication Accountability Passwords Mobile

PCI DSS 4.0: The Compliance Countdown – A Roadmap Through Phases 1 & 2

Thales Cloud Protection & Licensing

APRIL 10, 2024

Its heightened focus on flexibility and risk-based controls empowers organizations to tailor security measures more closely to their individual needs. A comprehensive understanding of your cardholder data environment (CDE) is crucial for later risk analysis and targeted control implementation. PCI DSS 4.0: is its flexibility.

Risk

Risk Encryption Firewall Cybersecurity

Salt Security, API Posture Governance, and the NIST Cybersecurity Framework 2.0

Security Boulevard

MARCH 8, 2024

Salt Security, focusing on API Posture Governance, provides an API risk management platform that seamlessly aligns with the updated NIST CSF guidelines. Govern” is also a critical piece of communication risk back to executives. What's Different in NIST CSF 2.0? Broader Inclusivity : CSF 2.0 Source: NIST Cybersecurity Framework (CSF) 2.0

Government

Government Cybersecurity Digital transformation Risk

12 Data Loss Prevention Best Practices (+ Real Success Stories)

eSecurity Planet

APRIL 12, 2024

Industry-specific rules: Check relevant regulations on a regular basis to verify data security compliance , and use DLP to protect sensitive data and reduce regulatory risks. Data storage: Identify whether your organization’s data storage is on-premises or cloud-based. Analyze the storage’s security protocols and scalability.

Backups

Backups Encryption Data breaches Risk

A Guide to Key Management as a Service

Thales Cloud Protection & Licensing

JUNE 15, 2023

Key Management as a Service (KMaaS) allows companies to manage encryption keys more effectively through a cloud-based solution instead of running the service on physical, on-premises hardware. A third-party service provider manages a KMaaS solution to alleviate the burden of cryptographic key management.

Encryption

Encryption Data breaches Authentication Risk

IaaS Security: Top 8 Issues & Prevention Best Practices

eSecurity Planet

DECEMBER 19, 2023

Understanding the risks, advantages, and best practices connected with IaaS security is becoming increasingly important as enterprises shift their infrastructure to the cloud. This danger emphasizes the significance of having strong authentication mechanisms and upgrading access controls on a regular basis.

Encryption

Encryption Firewall Authentication Software

Announcing Identity Intelligence With Duo

Duo's Security Blog

FEBRUARY 6, 2024

However, over the past 18 months, there has been an unprecedented wave of identity-based cyberattacks with devastating consequences. According to Cisco Talos, three of the top five MITRE ATT@CK techniques used in 2023 were identity-based. It has been a foundational component in many approaches to zero trust.

Accountability

Accountability Authentication Risk Marketing

Passwordless company claims to offer better password security solution

CSO Magazine

JULY 18, 2022

Stytch, a company founded to spread the adoption of passwordless authentication, has announced what it's calling a modern upgrade to passwords. The cloud-based solution addresses four common problems with passwords that create security risks and account friction. Enthusiasm, hesitancy for passwordless authentication.

Passwords

Passwords Authentication Accountability Risk

The 2024 Duo Trusted Access Report: Navigating Complexity

Duo's Security Blog

FEBRUARY 6, 2024

In partnership with the Cyentia Institute, Duo analyzed data from more than 16 billion authentications, spanning nearly 52 million different browsers, on 58 million endpoints and 21 million unique phones across regions including North America, Latin America, Europe, the Middle East, and Asia Pacific. Why should you care about identity sprawl?

Authentication

Authentication Accountability Threat Detection Risk

3 Steps to Prevent a Case of Compromised Credentials

Duo's Security Blog

MAY 23, 2023

Passwords are a weak point in modern-day secure authentication practices, with Verizon highlighting that almost 50% of breaches start with compromised credentials. Until a fully password-free environment is deployed, accepted, and adopted by all users, less secure methods of authentication will still be relied on.

Authentication

Authentication Passwords Data breaches Phishing

Does moving to the cloud mean compromising on security?

Security Boulevard

FEBRUARY 18, 2024

Access Management and Identity Authentication Effective access management is crucial in a cloud environment to prevent unauthorised access to data and resources. These are the same risks that exist for on-premise IT infrastructure, but the controls and solutions are often different.

Encryption

Encryption Authentication Insurance Risk

PCI DSS 4.0: The Compliance Countdown – A Roadmap Through Phases 1 & 2

Security Boulevard

APRIL 10, 2024

Its heightened focus on flexibility and risk-based controls empowers organizations to tailor security measures more closely to their individual needs. A comprehensive understanding of your cardholder data environment (CDE) is crucial for later risk analysis and targeted control implementation. PCI DSS 4.0: is its flexibility.

Risk

Risk Encryption Firewall Cybersecurity

Arachnophobic: How Duo Customers Can Respond to CISA’s Report on Scattered Spider

Duo's Security Blog

NOVEMBER 27, 2023

Here are a couple of tools that can help you reduce your risk for some of Scattered Spider’s techniques: SIM Swaps Remove SMS and telephony authentication methods, limiting users to stronger factors like WebAuthn and Verified Duo Push. You can use these in both our standard MFA flow , as well as in our Passwordless offerings.

Authentication

Authentication Social Engineering Risk Accountability

What Are Passkeys?

Duo's Security Blog

JUNE 12, 2023

Before we can discuss passkeys, we need to lay some groundwork and discuss authentication, Passwordless and WebAuthn. What is authentication? Authentication is the process of verifying your online identity. We added multi-factor authentication (MFA) – something you know and something you have or are. What is passwordless?

Authentication

Authentication Passwords Password Management Phishing

Portnox Cloud: NAC Product Review

eSecurity Planet

APRIL 19, 2023

Portnox Cloud offers network access control (NAC) as a cloud-hosted SaaS solution that enables rapid deployment of basic NAC capabilities. Although the capabilities are more limited than some NAC competitors, the quick deployment and reduced IT labor costs make Portnox Cloud an attractive solution for many. Who Is Portnox?

IoT

IoT Authentication VPN Backups

How Secure Is Cloud Storage? Features, Risks, & Protection

eSecurity Planet

JANUARY 18, 2024

It’s a scalable and cost-effective storage solution for businesses offered through a subscription service. When assessing the overall security of cloud storage and choosing a solution tailored to your business, it helps to determine its features, potential risks, security measures, and other considerations.

Risk

Risk Backups Encryption DDOS

Stronger Protection & Frictionless Access Can Coexist (Really)

Duo's Security Blog

JULY 21, 2023

Many organizations struggle with authentication processes that frustrate and burden users to the point that they see security as nothing but a point of friction. Here, we explore how Cisco Duo’s risk-based authentication can decrease false positives, accelerate frictionless trusted access, and help you assess risk at the point of login.

Authentication

Authentication Risk Engineering Phishing

What Is DNS Security? Everything You Need to Know

eSecurity Planet

NOVEMBER 10, 2023

Domain Name System Security Extension (DNSSEC) protocols authenticate DNS traffic by adding support for cryptographically signed responses. Most commercial DNS security solutions incorporate DNSSEC as a fundamental offering to all customers. What Are DNS Security Extensions (DNSSEC)?

DNS

DNS DDOS Encryption Authentication

Act now! Ivanti vulnerabilities are being actively exploited

Malwarebytes

JANUARY 11, 2024

Ivanti Connect Secure is a widely used VPN solution that allows users to connect to their organization’s network. out of 10): an authentication bypass vulnerability in the web component of Ivanti Connect Secure (9.x, Cybersecurity risks should never spread beyond a headline. CVE-2024-21887 (CVSS score 9.1

VPN

VPN Authentication Software Risk

Passkeys vs. Passwords: The State of Passkeys on Cloud Sites

Duo's Security Blog

SEPTEMBER 1, 2023

And is it realistic to consider passkeys – and the passwordless solutions they support – as a valid alternative for traditional password security? We’ve been answering these questions in this blog series by unpacking the pros and cons of passkey technology from different authentication perspectives.

Passwords

Passwords Authentication Phishing Technology

Administrator’s Guide, Part 3: What Makes Passwordless, Dare We Say It, Phish-Proof?

Duo's Security Blog

JULY 15, 2021

Yes, it’s a password-less authentication method, greatly streamlining the login experience, and while that’s a great incentive to use passwordless for logging in, it’s not an improvement in authentication security in and of itself. Unlocking authenticator devices locally removes the threats of credential reuse and shared secrets.

Phishing

Phishing Authentication Passwords Risk

ForgeRock offers AI-based solution for identity-based cyberattacks

CSO Magazine

MAY 11, 2022

ForgeRock, a global identity and access management company, has introduced ForgeRock Autonomous Access, a new application that uses AI to prevent identity-based cyberattacks and fraud.

Authentication

Authentication Accountability Risk

Unveiling the Threat Landscape: Exploring the Security Risks of Cloud Computing

Centraleyes

FEBRUARY 25, 2024

However, critical security risks and threats inherent in cloud environments come alongside the myriad benefits. This blog aims to dissect the nuances of cloud security risks , shedding light on the challenges commonly faced when securing digital assets in the cloud. Who’s Responsible for Security in the Cloud?

Risk

Risk Encryption Social Engineering Authentication

Ready for Take-off: Rising Above Airport Cybersecurity Challenges

Thales Cloud Protection & Licensing

NOVEMBER 15, 2023

To manage the risk of potential insider and outsider threats while ensuring operational efficiency, airport authorities must accurately credential each employee in line with federal and airport-specific regulations; therefore, identity and access management play a crucial role. Integrate separate siloed systems to limit data sprawl.

Cybersecurity

Cybersecurity Authentication Digital transformation Cyber Insurance

Announcing the General Availability of Duo Verified Push

Duo's Security Blog

NOVEMBER 17, 2022

As attackers have figured out ways to get around traditional multi-factor authentication (MFA), Duo has continued to evolve to prevent fraudulent access and protect the workforce. Making MFA More Secure Verified Duo Push strengthens MFA security by adding friction to the authentication process.

Authentication

Authentication Risk Phishing Engineering

Why Small and Medium Sized Businesses Need More Than Just an AntiVirus Solution

Security Boulevard

FEBRUARY 23, 2023

Basic solutions like antivirus deployments are certainly still important, but they are reactionary measures. Some of the common forms these DNS-based attacks can take include: DNS spoofing: A malicious actor alters DNS records to redirect traffic to a fake website or server.

Antivirus

Antivirus DNS Threat Detection Small Business

Top Single Sign-On (SSO) Solutions for 2022

eSecurity Planet

FEBRUARY 8, 2022

Single sign-on (SSO) is one of several authentication technologies aimed at streamlining and keeping login information and processes secure. It is often implemented along with multi-factor authentication (MFA) , wherein more than one factor of authentication is needed to authenticate the user. Increasingly.

Authentication

Authentication Passwords Risk Digital transformation

Frictionless Zero Trust Security – How minimizing friction can lower risks and boost ROI

CyberSecurity Insiders

SEPTEMBER 9, 2021

However, managing on-premises and cloud-based systems can be challenging and can increase the enterprise’s attack surface. This is where cybersecurity based on protecting workforce identities become the key. Organizations have had no choice but to adapt and build on their existing cybersecurity systems. It isn’t all bad news, however.

Risk

Risk Authentication Marketing Accountability

MFA Fatigue: What It Is and How to Respond

Duo's Security Blog

OCTOBER 21, 2022

One of these threats that has gained attention includes circumventing an organization’s multi-factor authentication (MFA) protection. MFA fatigue, or when an attacker gets an authentic user to accept a request when that user is not trying to login, is one attack method that has made headlines. Are MFA fatigue attacks a good thing?

Authentication

Authentication Risk Passwords Phishing

Modern Identity and Access Security - Keeping the Good Guys In and the Bad Guys Out

Thales Cloud Protection & Licensing

JUNE 6, 2023

Organizations must adapt to the evolving risk and threat environment to protect their valuable and sensitive assets. Access security and authentication play an important role. How do we support expanding user authentication journeys while balancing strong security with a smooth user experience?

Authentication

Authentication Identity Theft Marketing Risk

Identity Management Day Underpins the Importance of Securing Digital Identities

Thales Cloud Protection & Licensing

APRIL 13, 2021

As businesses and organizations are migrating apps, services and data to the cloud, and as all enterprise users work remotely in a post pandemic world, it has become obvious that traditional, perimeter-based “castle and moat” style security strategies/controls are not adequate anymore. Identity & Access Management. Data security. Encryption.

Authentication

Authentication Digital transformation Data breaches Technology

Quantum Computing Threats: A How-to Guide for Preparing Your Company’s Cybersecurity Defenses

CyberSecurity Insiders

APRIL 13, 2023

Some popular quantum-resistant cryptographic techniques include: Lattice-based cryptography: This approach relies on the hardness of mathematical problems related to lattices, which are multidimensional grids of points. Lattice-based cryptography is considered to be resistant to both classical and quantum attacks.

Cybersecurity

Cybersecurity Encryption Technology Authentication

Digital Risk Types Demystified: A Strategic Insight into Online Threats

Centraleyes

APRIL 23, 2024

The digital landscape is advancing, and the risks of shirking cutting-edge technology are substantial. It’s well known that while new technologies open up novel pathways, they also come with risks. According to a recent Deloitte report , more than half (52%) of consumers feel more at risk in the digital environment.

Risk

Risk Technology Artificial Intelligence Data privacy

IDENTITY MANAGEMENT DAY 2023: Advice from Cyber Pros

CyberSecurity Insiders

APRIL 10, 2023

In the current digital landscape, identity security has gained paramount importance due to the growing cyber risks posed by phishing and social engineering attacks utilizing AI. Thus, a robust identity security framework is essential to safeguard against these risks and ensure the protection of personal information.

Identity Theft

Identity Theft Education Authentication Data breaches

New Duo E-Book, Attack Vectors Decoded: Securing Organizations Against Identity-Based Threats

Two-Factor Authentication Evaluation Guide

Trending Sources

Why TOTP Won’t Cut It (And What to Consider Instead)

GUEST ESSAY: How the FIDO Alliance helps drive the move to passwordless authentication

Email Security Guide: Protecting Your Organization from Cyber Threats

23andMe sparks rethink about safeguarding data: on-premises vs. hybrid cloud strategies

LW ROUNDTABLE: Cybersecurity takeaways of 2023 — and what’s ahead in 2024 ( part 3)

Protecting Your Universe from Third-Party Threats with Risk-Based Authentication & Verified Push

News alert: AppDirect poll reveals company leaders losing sleep over cyber risks, compliance

The Problem With One-Time Passcodes

How to Protect Your Accounts with Multi-Factor Authentication

PCI DSS 4.0: The Compliance Countdown – A Roadmap Through Phases 1 & 2

Salt Security, API Posture Governance, and the NIST Cybersecurity Framework 2.0

12 Data Loss Prevention Best Practices (+ Real Success Stories)

A Guide to Key Management as a Service

IaaS Security: Top 8 Issues & Prevention Best Practices

Announcing Identity Intelligence With Duo

Passwordless company claims to offer better password security solution

The 2024 Duo Trusted Access Report: Navigating Complexity

3 Steps to Prevent a Case of Compromised Credentials

Does moving to the cloud mean compromising on security?

PCI DSS 4.0: The Compliance Countdown – A Roadmap Through Phases 1 & 2

Arachnophobic: How Duo Customers Can Respond to CISA’s Report on Scattered Spider

What Are Passkeys?

Portnox Cloud: NAC Product Review

How Secure Is Cloud Storage? Features, Risks, & Protection

Stronger Protection & Frictionless Access Can Coexist (Really)

What Is DNS Security? Everything You Need to Know

Act now! Ivanti vulnerabilities are being actively exploited

Passkeys vs. Passwords: The State of Passkeys on Cloud Sites

Administrator’s Guide, Part 3: What Makes Passwordless, Dare We Say It, Phish-Proof?

ForgeRock offers AI-based solution for identity-based cyberattacks

Unveiling the Threat Landscape: Exploring the Security Risks of Cloud Computing

Ready for Take-off: Rising Above Airport Cybersecurity Challenges

Announcing the General Availability of Duo Verified Push

Why Small and Medium Sized Businesses Need More Than Just an AntiVirus Solution

Top Single Sign-On (SSO) Solutions for 2022

Frictionless Zero Trust Security – How minimizing friction can lower risks and boost ROI

MFA Fatigue: What It Is and How to Respond

Modern Identity and Access Security - Keeping the Good Guys In and the Bad Guys Out

Identity Management Day Underpins the Importance of Securing Digital Identities

Quantum Computing Threats: A How-to Guide for Preparing Your Company’s Cybersecurity Defenses

Digital Risk Types Demystified: A Strategic Insight into Online Threats

IDENTITY MANAGEMENT DAY 2023: Advice from Cyber Pros

Stay Connected