Duo's Security Blog

DECEMBER 6, 2022

When someone is told that passwords are going away in favor of a new, “password-less” authentication method, a healthy dose of skepticism is not unwarranted. Passwordless authentication refers to a system that does not require the use of passwords at all. What is WebAuthn?

Architecture 121

Architecture Authentication Passwords Technology 121

Security Boulevard

APRIL 18, 2023

Phishing attacks continue to be one of the most significant threats facing organizations today. As businesses increasingly rely on digital communication channels, cybercriminals exploit vulnerabilities in email, SMS, and voice communications to launch sophisticated phishing attacks.

Phishing 122

Phishing Social Engineering Education Retail 122

eSecurity Planet

NOVEMBER 6, 2024

Rhysida went so far as to publish sample files to verify the authenticity of the data, revealing access to a trove of information, including city databases, employee credentials, cloud management files, and even the city’s traffic camera feeds. Here are some essential steps every business can consider to safeguard against cyberthreats: 1.

Ransomware 113

Ransomware Authentication Identity Theft Penetration Testing 113

IT Security Guru

JANUARY 9, 2025

Cybercriminals weaponise AI to speed up and scale traditional attack tactics, such as phishing and password cracking, while also creating entirely new forms of cyber threats. Organisations should prioritise solutions built on zero-trust and zero-knowledge architectures for maximum security, privacy and control.

Cybersecurity 113

Cybersecurity Cyber threats Architecture Digital transformation 113

SecureWorld News

FEBRUARY 20, 2025

Experts warn that organizations must act decisively to protect against this growing threat by implementing Zero Trust architectures, patching vulnerabilities, and strengthening identity security. Strengthening identity security Enforce phishing-resistant MFA for all privileged accounts. Use Privileged Access Management (PAM) solutions.

Ransomware 113

Ransomware IoT Encryption Social Engineering 113

Duo's Security Blog

APRIL 20, 2023

Through the first two months of 2023 alone, the Australian Competition and Consumer Commission’s Scamwatch reported more than 19,000 phishing reports with estimated financial losses of more than $5.2 What is phishing? This is part of what makes phishing attacks so dangerous.

Phishing 106

Phishing Social Engineering Authentication Engineering 106

Security Affairs

APRIL 30, 2020

Group-IB uncovered a new sophisticated phishing campaign, tracked as PerSwaysion, against high-level executives of more than 150 companies worldwide. . PerSwaysion is a highly-targeted phishing campaign. New round of phishing attempts leveraging current victim’s account usually takes less than 24 hours.

Phishing 136

Phishing Accountability Financial Services Cloud Migration 136

The Last Watchdog

JANUARY 30, 2025

The extension then silently authenticates the victim into a Chrome profile managed by the attackers Google Workspace. Once this authentication occurs, the attacker has full control over the newly managed profile in the victims browser, allowing them to push automated policies such as disabling safe browsing and other security features.

Social Engineering 130

Social Engineering Engineering Authentication Media 130

Duo's Security Blog

MAY 23, 2024

When reading the title of this blog, you might be wondering to yourself why RADIUS is being highlighted as a subject — especially amidst all of the advancements of modern authentication we see taking place recently. Instead, it supports a variety of authentication protocols , including EAP, PAP, CHAP, and others. What is RADIUS?

Authentication 111

Authentication Wireless Passwords Encryption 111

Security Boulevard

APRIL 20, 2022

Download your free copy of the 2022 ThreatLabz Phishing Report, and check out our infographic. For decades, phishing has been a complex and time-consuming challenge for every security team. Avoiding the latest breed of phishing attacks requires heightened awareness from users, additional context, and a zero trust approach.

Phishing 115

Phishing Retail Risk Architecture 115

Security Affairs

MAY 29, 2023

Experts warn of phishing attacks that are combining the use of compromised Microsoft 365 accounts and.rpmsg encrypted emails. Trustwave researchers have observed threat actors using encrypted RPMSG attachments sent via compromised Microsoft 365 accounts in a phishing campaign aimed at stealing Microsoft credentials.

Encryption 98

Encryption Phishing Accountability Authentication 98

The Last Watchdog

NOVEMBER 8, 2021

Access controls are the nexus of security and the expanding perimeter, and zero trust is the architecture that encompasses it. Zero trust is an all-inclusive security and privacy architecture. The network security perimeter is dynamically created and policy-based, and must be guarded by secure and highly managed access controls.

Healthcare 268

Healthcare Technology Architecture IoT 268

Thales Cloud Protection & Licensing

MARCH 18, 2025

Stricter requirements for identity verification and authentication across all patient touchpoints. Robust Authentication Offers phishing-resistant MFA options (e.g., Supports passwordless authentication for enhanced security without compromising user convenience. Mandatory encryption of all ePHI.

Healthcare 62

Healthcare Encryption Authentication Penetration Testing 62

The Last Watchdog

DECEMBER 12, 2023

Implementing a Zero Trust architecture involves verifying every attempt to access the system. Supply-chain attacks, new zero-day attacks, insider risk and improved phishing leads to an onslaught of breaches. Phishing attacks driven by ChatGPT will be harder than ever to detect.

Cybersecurity 258

Cybersecurity Social Engineering Cyber threats Software 258

SecureWorld News

MAY 28, 2024

In the advisory , Check Point says the attackers are targeting security gateways with old local accounts using insecure password-only authentication, which should be used with certificate authentication to prevent breaches. "We Switching from weak authentication to stronger authentication has multiple benefits.

VPN 109

VPN Passwords Authentication Architecture 109

The Last Watchdog

AUGUST 19, 2021

Chris Clements, VP of Solutions Architecture, Cerberus Sentinel. The attacker claims to have compromised an end-of-lifed GPRS system that was exposed to the internet and was able to pivot from it to the internal network, where they were able to launch a brute force authentication attack against internal systems. Could be a bad actor.

Mobile 235

Mobile Data breaches Authentication Accountability 235

SecureWorld News

FEBRUARY 24, 2025

Additionally, quantum computing could revolutionize identity and authentication systems by eliminating weaknesses in traditional authentication methods and implementing quantum-secure biometric authentication and digital signatures, thereby significantly reducing the risk of identity theft, phishing attacks, and deepfake-driven fraud.

Cybersecurity 61

Cybersecurity Encryption Cyber threats Threat Detection 61

eSecurity Planet

FEBRUARY 6, 2025

Single sign-on” (SSO) is an authentication method that allows users to enter one set of authentication credentials to access multiple websites, applications, and services. The goal of SSO is to streamline the authentication process by eliminating the need to enter different usernames and passwords for each resource.

Authentication 57

Authentication Passwords Mobile Encryption 57

SecureWorld News

FEBRUARY 4, 2025

Technical components: Website architecture must be reconfigured to ensure that search engines see multiple language versions of your website properlyas different subsets, not as duplicates. Flexible authentication methods Depending on the culture, different authentication methods can be more or less preferable or trusted.

Marketing 103

Marketing Cybersecurity eCommerce Data breaches 103

Cisco Security

AUGUST 17, 2021

Now mix in architectural changes that support cloud productivity suites like Microsoft 365 and Google’s G-Suite to accelerate your business to cloud-based email security services. When it comes to safeguarding email against today’s advanced threats like phishing and malware information is power. User Awareness Training: Training.

Phishing 145

Phishing Technology Malware Authentication 145

Cisco Security

OCTOBER 20, 2022

According to Verizon’s Data Breach Investigations Report , 82% of breaches involve the human element — whether it’s stolen credentials, phishing, misuse or error. For example, with Cisco Secure Access by Duo, organizations can provide those connecting to their network with several quick, easy authentication options.

Authentication 144

Authentication Technology Architecture VPN 144

Security Affairs

AUGUST 9, 2023

Cloud account takeover scheme utilizing EvilProxy hit over 100 top-level executives of global organizations EvilProxy was observed sending 120,000 phishing emails to over a hundred organizations to steal Microsoft 365 accounts. The attack chain employed in the campaign starts with phishing emails sent from spoofed email addresses.

Accountability 98

Accountability Phishing Authentication Architecture 98

SecureList

OCTOBER 15, 2024

SideWinder’s most recent campaign schema Infection vectors The SideWinder attack chain typically starts with a spear-phishing email with an attachment, usually a Microsoft OOXML document (DOCX or XLSX) or a ZIP archive, which in turn contains a malicious LNK file. Some infection routines do not check the architecture.

Malware 143

Malware Encryption Architecture Phishing 143

SecureWorld News

SEPTEMBER 30, 2024

The cybercriminals behind Storm-050 employ advanced social engineering techniques, including phishing emails to trick victims into granting access to internal systems. Tiquet continued: "One of the most important steps is adopting a zero trust architecture. Use multi-factor authentication to prevent unauthorized access.

Ransomware 116

Ransomware Social Engineering Healthcare Phishing 116

Security Boulevard

FEBRUARY 10, 2025

As phishing attacks continue to evolve, so should our defenses. Phishing predictions for 2025In our ThreatLabz 2024 Phishing Report, we shared the following key predictions for the year to come: Prediction 1: AI vs. AI will be an enduring challengeEnhanced AI capabilities increase the speed, scale, and automation of cyberattacks.

Phishing 64

Phishing Mobile Encryption Social Engineering 64

Duo's Security Blog

MAY 10, 2023

With advanced language-based AI tools like ChatGPT growing increasingly accessible, the battle to prevent phishing attacks from impacting users is no longer answerable with just one security solution. Why is layered security essential against phishing? PCI DSS, HIPAA, etc.)

Phishing 59

Phishing DNS Authentication Risk 59

SecureList

MARCH 12, 2024

More than a third (39%) used the microservice architecture. Broken Authentication 5. Broken Authentication 5. Mitigation: implement authentication and authorization controls according to the role-based access model. Most of the web applications were owned by companies based in Russia, China and the Middle East.

Passwords 139

Passwords Authentication Architecture Risk 139

Centraleyes

DECEMBER 16, 2024

Zero Trust Architecture (ZTA) Expands The Zero Trust model, which focuses on verifying every person and device attempting to access a system, is gaining ground as a best practice in cybersecurity. We are seeing increased use of AI to automate attacks, including malware generation and phishing campaigns.

Cybersecurity 98

Cybersecurity Insurance Cyber Insurance Risk 98

Security Boulevard

MAY 2, 2025

Specifically, CISA and USCG assessors had the most success gaining initial access, attaining network permanence, evading defenses and moving laterally by using valid accounts, phishing schemes and default credentials all simple attack methods. Enforce multi-factor authentication across all software development environments.

Cybersecurity 52

Cybersecurity Software Cyber Risk Risk 52

Thales Cloud Protection & Licensing

APRIL 22, 2025

As organizations embrace cloud-based services and microservices architectures, its vital to understand that the very features that make APIs essential can also leave them susceptible to risk of fraud and data breaches. Thales Multi-Factor Authentication Solutions Use AI-driven solutions to adapt to evolving automated threats.

Digital transformation 62

Digital transformation Accountability Risk Internet 62

SecureWorld News

SEPTEMBER 18, 2024

customers were targeted by a phishing campaign after a suspected data breach. In my view, implementing a segmented zero-trust architecture can help isolate external data from internal corporate data, mitigating the risk of cross-contamination," Schultz continued. Subway U.K. 2020): The sandwich chain's U.K.

Cybersecurity 117

Cybersecurity Data breaches Accountability Passwords 117

CyberSecurity Insiders

DECEMBER 20, 2021

Implement Zero-Trust Architecture. Studies show that regular education leads to a ninefold reduction in phishing vulnerability. This education should cover how to spot and respond to phishing attempts, the importance of two-factor authentication and good password management.

Data breaches 143

Data breaches Social Engineering Education Password Management 143

Thales Cloud Protection & Licensing

OCTOBER 14, 2024

A lack of multifactor authentication (MFA) to protect privileged accounts was another culprit, at 10%, also 7 percentage points lower than average. Among FinServ organizations, 73% have adopted multifactor authentication (MFA) to secure cloud data access, nearly matching the overall average of 74%.

Financial Services 62

Financial Services Threat Reports Authentication Banking 62

Security Affairs

MARCH 1, 2022

The advisory also provides recommended guidance and considerations for organizations to address as part of network architecture, security baseline, continuous monitoring, and incident response practices. Enable strong spam filters to prevent phishing emails from reaching end users. Require multifactor authentication.

Antivirus 108

Antivirus Architecture Malware Cybersecurity 108

SecureList

APRIL 21, 2025

Primary infection vectors include phishing emails with malicious attachments or links, as well as trojanized legitimate applications. These techniques can be used in combination with others, such as phishing or trojanized software bundles, to maximize the spread of Lumma Stealer to multiple targets.

Malware 87

Malware Cryptocurrency Software Phishing 87

SecureWorld News

JULY 8, 2024

Additionally, implementing multi-factor authentication (MFA) can add an extra layer of security, making it harder for attackers to gain unauthorized access. Today, identity applications require both authentication and end-to-end encryption to provide robust cybersecurity protection.

Passwords 127

Passwords Password Management Education Accountability 127

Jane Frankland

NOVEMBER 20, 2023

Cyberattacks and data breaches will continue to arise because of credential theft, social engineering (phishing, smishing, vishing etc), vulnerabilities in third party software and supply chain processes, forged or stolen machine identities, and misconfigured cloud computing. Here are my predictions for 2023. Types of attacks. Sustainability.

Cybersecurity 130

Cybersecurity Digital transformation Artificial Intelligence Architecture 130