Accountability, eBook and Social Engineering

Accountability

eBook

Social Engineering

Retail and Hospitality Trending Holiday Cyber Threats

Duo's Security Blog

DECEMBER 12, 2022

And in our ebook, Retail Cybersecurity: The Journey to Zero Trust , we share ways that Duo can help retailers improve their security posture. Get started by downloading our ebook, Retail Cybersecurity: The Journey to Zero Trust , today. In this post, we break down some of the threats facing retail security teams.

Retail

Retail Cyber threats Social Engineering Data breaches

News Alert: Survey shows vast majority of IT pros consider ‘passwordless’ access a top priority

The Last Watchdog

JUNE 21, 2023

The top-five data points from the survey include: •92% of respondents are concerned about compromised credentials because of phishing or social engineering attacks, which points to the recent rise and success of both these attack vectors. •59%

Authentication

Authentication Social Engineering Passwords Cyber Attacks

Join 28,000+

Insiders

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Trending Sources

Intro to Phishing: How Dangerous Is Phishing in 2023?

Duo's Security Blog

APRIL 20, 2023

Accounting for nearly a quarter of reported incidents in Australia, phishing is a broad category of social engineering with several variations. These social engineering techniques tricked employees into revealing their login credentials, which allowed attackers to access additional systems and data.

Phishing

Phishing Social Engineering Authentication Engineering

Watching the Watchmen: Securing Identity Administrators

Duo's Security Blog

SEPTEMBER 19, 2024

To be clear, all administrator accounts — regardless of use case — represent accounts with elevated levels of power and access and should be a focus of heightened security controls. Identity administrator accounts have elevated permissions to deploy, configure, and modify relevant identity systems.

Accountability

Accountability Risk Authentication Social Engineering

Why Cybersecurity Strategy Must Start With Identity

Duo's Security Blog

NOVEMBER 15, 2024

Managing these diverse sets of users with multiple accounts can be challenging, especially if multiple identity stores and identity providers are involved. This is a larger ask than may seem apparent — identity infrastructure has many components and the relationships between accounts and access is often hard to parse.

Threat Detection

Threat Detection Cybersecurity Digital transformation Authentication

Identity-Based Breaches: Navigating the Aftermath

Duo's Security Blog

OCTOBER 8, 2024

Here are some best practices to put in place after an identity breach occurs: Short-term best practices Identify and Remediate Affected Accounts: Conduct a thorough investigation to identify all compromised accounts. Reset and Secure Accounts: Force a password reset for all affected accounts and consider strengthening MFA requirements.

Passwords

Passwords Accountability Education Social Engineering

Abusing Entra ID Misconfigurations to Bypass MFA

NetSpi Technical

NOVEMBER 2, 2023

The application with the misconfiguration is “My Profile” which utilizes “My Account”, “My Apps”, and “My Signins” for additional functionality within the “My Profile” portal. Find more stories like these in our Azure Pentesting eBook.

Authentication

Authentication Accountability Social Engineering Penetration Testing

Hacker Personas Explained: Know Your Enemy and Protect Your Business

Webroot

FEBRUARY 11, 2021

As we mentioned in a previous blog , hackers come in many forms, but their methods can generally be classified into three distinct types of cybercriminals: The Impersonator – Hackers that pretend to be others, often using social engineering and human psychology to trick users. Let’s look at a few primary examples.

Scams

Scams Phishing Firewall Social Engineering

How to Stop Phishing Attacks with Protective DNS

Security Boulevard

OCTOBER 2, 2023

Phishing attackers are increasingly using social engineering techniques to personalize their attacks and target specific individuals or organizations. For example, attackers may research their victims on social media or other online sources to gather personal information that can be used to make their phishing emails more believable.

DNS

DNS Phishing Social Engineering Engineering

To Achieve Zero Trust Security, Trust The Human Element

Thales Cloud Protection & Licensing

MAY 6, 2021

Jenny Radcliffe, People Hacker & Social Engineer. From a social engineering perspective, Zero Trust is a good mindset to have, mostly because it avoids the “guard the perimeter”, the "castle and moat" idea of security. A malicious social engineer might gain access to a system through compromising an insider.

Social Engineering

Social Engineering Authentication Passwords Technology

Machine Identities, Human Identities, and the Risks They Pose

Security Boulevard

MAY 10, 2022

Of those employees who opened a phishing message, more than half (53%) were likely to click on an embedded link, while 23% were prone to enter their account credentials on a fake login site. They can do that by leveraging security awareness training to augment their familiarity with phishing attacks and other social engineering techniques.

Risk

Risk Phishing Digital transformation Security Awareness

Lifting Each Other Up: A Celebration of Women in Cybersecurity and Their Advocates – Part 1

Cisco Security

MARCH 4, 2021

Without knowing much about me, she was very responsive and shared trust, insights, and tips in the right direction with me that contributed to my success and towards winning the social engineering capture-the-flag contest at DEF CON. Read Cisco’s eBook, Lifting Each Other Up: A Celebration of Women in Cybersecurity and Their Advocates.

Cybersecurity

Cybersecurity Engineering Technology Education

Zero Trust Is a Journey and Businesses Have Many Rivers to Cross

Thales Cloud Protection & Licensing

MARCH 31, 2021

Jenny Radcliffe, People Hacker & Social Engineer. Although this VPN infrastructure is efficient and current on its platform and software revision, it’s still a traditional security model and does not account for proper efficiency for cloud apps. One of the challenges of a Zero Trust program is people resistance to change.

Digital transformation

Digital transformation VPN Technology Architecture

Cyber Security Informer

Retail and Hospitality Trending Holiday Cyber Threats

News Alert: Survey shows vast majority of IT pros consider ‘passwordless’ access a top priority

Trending Sources

Intro to Phishing: How Dangerous Is Phishing in 2023?

Watching the Watchmen: Securing Identity Administrators

Why Cybersecurity Strategy Must Start With Identity

Identity-Based Breaches: Navigating the Aftermath

Abusing Entra ID Misconfigurations to Bypass MFA

Hacker Personas Explained: Know Your Enemy and Protect Your Business

How to Stop Phishing Attacks with Protective DNS

To Achieve Zero Trust Security, Trust The Human Element

Machine Identities, Human Identities, and the Risks They Pose

Lifting Each Other Up: A Celebration of Women in Cybersecurity and Their Advocates – Part 1

Zero Trust Is a Journey and Businesses Have Many Rivers to Cross

Stay Connected