Duo's Security Blog

OCTOBER 24, 2023

Be sure to tune into our webinar - Authenticate Further, Defend Faster with Higher Security from Duo – to learn more about ways to protect against MFA bypass attacks, credential theft and compromised third-party security. An MFA fatigue attack cannot work when attackers also need to input a multi-digit number that only users know.

Social Engineering 88

Social Engineering Education Authentication Engineering 88

SecureWorld News

OCTOBER 19, 2021

The malicious campaigns Charming Kitten are unleashing on unsuspecting victims makes use of superior social engineering, such as creating dummy accounts on Gmail that look realistic enough to trick users into clicking through. Users were instructed to activate an invitation to a (fake) webinar by logging in.

Phishing 98

Phishing Authentication Social Engineering Government 98

Identity IQ

MAY 17, 2023

The 2022 Trends in Identity Report indicates identity thieves are getting better at using social engineering techniques to convince people to share personal, financial, and important business information. Of the 7% of federal accounts that were misused – 78% were due to IRS accounts.

Identity Theft 66

Identity Theft Scams Education Data breaches 66

Webroot

FEBRUARY 11, 2021

As we mentioned in a previous blog , hackers come in many forms, but their methods can generally be classified into three distinct types of cybercriminals: The Impersonator – Hackers that pretend to be others, often using social engineering and human psychology to trick users. Let’s look at a few primary examples.

Scams 119

Scams Phishing Firewall Social Engineering 119

Duo's Security Blog

DECEMBER 19, 2024

While we tend to associate phishing emails more with our personal accounts, attacks targeting our work identities whether through socially engineered phishing, brute force, or another form, are very common. Combined, these sectors accounted for more than 30 percent of account compromises.

Phishing 64

Phishing Authentication Social Engineering Passwords 64

Security Boulevard

OCTOBER 4, 2024

Protect all accounts that offer multifactor authentication (MFA) with this security method. RansomHub ranked as the most active ransomware group, accounting for 16% of all attacks observed in August. Learn how to spot phishing attempts made via email, text or voice calls. Keep all your software updated.

Cybersecurity 69

Cybersecurity CISO Ransomware Technology 69

eSecurity Planet

APRIL 22, 2022

Other cyber incidents are common, including phishing attacks , business email compromise, exploitation of cloud and software vulnerabilities , social engineering , third-party exposures, and more. The top eight insurers account for about 60% of the market and more than $1.5 billion in direct premiums.

Cyber Insurance 119

Cyber Insurance Insurance Marketing Small Business 119

Webroot

FEBRUARY 5, 2025

Check out our recent webinar where we discuss passkeys How do passkeys work? Passkeys are unique for every website, preventing credential reuse across multiple accounts. Syncs automatically across devices when backed up in Apple iCloud Keychain, Google Password Manager, or Microsoft Account.

Authentication 61

Authentication Password Management Passwords Backups 61

Responsible Cyber

JULY 13, 2024

Recognize and avoid social engineering scams by educating yourself on common tactics. Social Engineering Scams : Manipulative tactics are employed to deceive investors into divulging confidential information or making unwise investments. Enable MFA on all exchange accounts and wallets to add an extra layer of security.

Cryptocurrency 52

Cryptocurrency Cyber Attacks Social Engineering Scams 52

SecureList

MAY 27, 2022

The attackers are mainly interested in collecting data on user accounts, IP addresses and session information; and they steal configuration files from programs that work directly with cryptocurrency and may contain account credentials. You can find the recording of the webinar here and a summary/Q&A here. zip”).

Phishing 133

Phishing Spyware Firmware Malware 133

NopSec

FEBRUARY 15, 2017

How Phishing Works: Social Engineering The term “phishing” is broadly defined as sending an email that falsely claims to be from a legitimate organization. All of them rely on social engineering, a term that describes methods of deception used to coerce a victim into giving up valuable information.

Phishing 40

Phishing Social Engineering Engineering Healthcare 40

Chicago CyberSecurity Training

JULY 1, 2023

Use Strong Passwords and Multi-Factor Authentication (MFA): One of the most important steps to securing your business is to use strong pass phrases for your accounts. Phrases are easier to remember, hard to crack, and offer stronger protection for your online accounts. Avoid using pass words (ex.

Cybersecurity 40

Cybersecurity Backups Social Engineering Passwords 40

Centraleyes

FEBRUARY 26, 2025

It serves as a warning to regularly backup company data and train every employee on how to identify phishing and social engineering attacks. Using what some call deep voice, criminals impersonated the voice of a top executive to convince a bank manager to transfer US$35 million to their account.

Cybersecurity 52

Cybersecurity Banking Education Antivirus 52

NopSec

JULY 25, 2017

Password Guessing Requires a User List – You can’t crack a password without an account to attack. Assume one account is protected by ‘Password1’ or ‘Spring2017’, and see if it sticks (asmith, bsmith, csmith, dsmith, etc.) The on-demand webinar features a live demo of password self auditing. So how do you get a user list?

Passwords 40

Passwords Penetration Testing Phishing Accountability 40

LRQA Nettitude Labs

JULY 5, 2023

In addition to the topics below that you can expect to see reviewed and discussed in the forms of blog posts or webinars, LRQA Nettitude would also like to extend an open invitation for feedback and collaboration. In the initial stages of implementation, regulators might provide guidance on how to demonstrate accountability.

Artificial Intelligence 52

Artificial Intelligence Data privacy Social Engineering Risk 52

eSecurity Planet

MAY 28, 2024

Conduct user awareness training: Incorporate a focused training program into onboarding and workflow process so employees can learn about social engineering strategies, phishing risks, and cloud security best practices. Offer regular workshops: Provide monthly training, webinars, and seminars on cloud security.

Risk 70

Risk Cloud Migration DDOS Encryption 70

Digital Shadows

AUGUST 17, 2021

The social engineering aspect around phishing works because humans want to be helpful, informed, paid well, get stuff for free sometimes, and generally not end up on the wrong side of management. Unfortunately, aspects of really good social engineering prey on one or more of these human traits (or faults).

Phishing 52

Phishing Accountability Social Engineering Mobile 52

NetSpi Executives

APRIL 27, 2024

Ransomware, a definition Ransomware is a set of malware technologies, hacking techniques, and social engineering tactics that cybercriminals use to cause harm, breach data, and render data unusable. Ransomware attackers get into a network in many ways: Social engineering. Unpatched exploits.

Ransomware 52

Ransomware Cyber Insurance Backups Insurance 52

NetSpi Executives

APRIL 27, 2024

Penetration testing is required to demonstrate cybersecurity and achieve compliance with regulations and industry standards, such as the payment card industry (PCI) security standard and the Health Insurance Portability and Accountability Act (HIPAA). Or a security gap exists, but the test results lack key information to enable remediation.

Penetration Testing 52

Penetration Testing Social Engineering Software Wireless 52

Webroot

OCTOBER 31, 2024

Steam the Webinar on demand HERE As we look back on the cybersecurity landscape of 2024, it’s clear that the world of digital threats continues to evolve at an alarming pace in parallel with AI. Enable Multi-Factor Authentication (MFA): Activate MFA on all accounts that offer it, preferably using authenticator apps or hardware keys.

Malware 116

Malware Ransomware Passwords Healthcare 116

Duo's Security Blog

MAY 23, 2023

Compromised or stolen credentials is the second most common type of cybersecurity incident accounting for 27% of reported breaches, according to the Office of the Australian Information Commissioner (OAIC). What some people miss, however, is that corporate-mandated authenticators can and should also be enabled for personal accounts.

Authentication 144

Authentication Passwords Data breaches Phishing 144

CyberSecurity Insiders

MAY 19, 2023

While multi-factor authentication (MFA) generally protects against common methods of gaining unauthorized account access, not all multi-factor authentication methods can defend against sophisticated attacks. Account takeover Achieving Account Takeover (ATO) means successfully compromising a target account with the intent of committing fraud.

Phishing 109

Phishing Authentication Passwords Social Engineering 109

SecureWorld News

DECEMBER 2, 2021

Ryan Witt, Proofpoint's Managing Director for Healthcare, who joined the SecureWorld webinar Protecting Healthcare from Email Fraud Attacks, also shared the sentiment that BEC attacks have a larger impact than ransomware. And, unfortunately, the company went out of business and that family lost their American dream," he says.

Cybercrime 98

Cybercrime Healthcare Social Engineering Banking 98

Hacker's King

DECEMBER 22, 2024

How to Use Social Media for Insights: Follow Relevant Accounts : Keep up with industry-specific influencers, companies, and news outlets. Participate in Webinars and Live Sessions : Many professionals host live sessions on Instagram, LinkedIn, or Clubhouse to discuss trends and provide insights.

Media 52

Media Marketing Accountability Social Engineering 52