Duo's Security Blog

APRIL 8, 2024

That’s where multi-factor authentication (MFA) comes in. But what if an attacker can just send that authentication request to their own personal phone? This is when a bad actor gains access to a user’s account through compromised credentials and push bombing or phishing a one-time passcode to get past the MFA requirement.

Authentication 143

Authentication Accountability Risk Phishing 143

Duo's Security Blog

JULY 6, 2023

Today we will discuss the survey makeup, review key results and explain why Duo’s Passwordless technology is well positioned to meet enterprise authentication needs highlighted in the study. Workforce authentication failures are common and MFA is still not mandatory Duo has always focused on meeting customers where they are.

Authentication 100

Authentication Passwords Risk Technology 100

Duo's Security Blog

MAY 10, 2023

With advanced language-based AI tools like ChatGPT growing increasingly accessible, the battle to prevent phishing attacks from impacting users is no longer answerable with just one security solution. Why is layered security essential against phishing? PCI DSS, HIPAA, etc.)

Phishing 59

Phishing DNS Authentication Risk 59

Security Boulevard

OCTOBER 2, 2023

Phishing Threats Are Increasing in Scale and Sophistication Phishing remains one of the most dangerous and widespread cybersecurity threats. Phishing is now the most common initial attack vector, overtaking stolen or compromised credentials. Phishing attacks are becoming more difficult to detect. billion USD globally.

DNS 64

DNS Phishing Social Engineering Engineering 64

Security Boulevard

FEBRUARY 1, 2024

Passkeys and The Beginning of Stronger Authentication madhav Fri, 02/02/2024 - 05:23 How passkeys are rewriting the current threat landscape Lillian, an experienced CISO, surveyed the threat landscape. Lillian knew that a shift in authentication couldn't wait. FIDO is an overarching framework for secure and passwordless authentication.

Authentication 64

Authentication Passwords CISO Password Management 64

Duo's Security Blog

FEBRUARY 13, 2023

And for more information on protecting against ransomware, be sure to check out our ebook: Protecting Against Ransomware: Zero Trust Security for a Modern Workforce. Mitigating ransomware attacks using MFA Multi-factor authentication (MFA) is very effective at protecting credentials and limiting attackers’ access to company resources.

Ransomware 116

Ransomware Insurance Passwords Authentication 116

Duo's Security Blog

MARCH 4, 2024

Recently, attackers have targeted multi-factor authentication (MFA). Even if an attacker has access to a username and password, they still need access to the second authentication factor to break into the organization. This becomes a constant cycle of organizations introducing new protections and attackers finding ways to exploit them.

Authentication 86

Authentication Social Engineering Passwords Risk 86

Duo's Security Blog

JUNE 27, 2023

Compromised credentials and phishing attacks, our previous two points of focus in the series, are two of the most common entry paths to ransomware deployment. When users get phished, bad guys start attempting to use the stolen credentials within 10 minutes. In the final instalment of this series, we cover the rise of ransomware 3.0

Ransomware 111

Ransomware Healthcare Phishing Authentication 111

Duo's Security Blog

AUGUST 16, 2021

“There are primarily three ways you can authenticate someone: with their username and password, with two-factor authentication, and with a company-supplied device that you can trace. For most stuff, you should have two of those things. For critical things, you should have all three.”.

Authentication 98

Authentication Data breaches Encryption Phishing 98

Security Affairs

MAY 6, 2023

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Data breaches 98

Data breaches Malware Mobile Spyware 98

Cisco Security

JANUARY 10, 2023

For more on where to start check out our eBook which explores the five phases to achieving zero trust, and if you have already embarked on the journey, read our recently published Guide to Zero Trust Maturity to help you find quick wins along the way. From Security Awareness to Culture Change. Don’t sleep on the impact of MFA Fatigue.

CISO 142

CISO Insurance Cyber Insurance Phishing 142

Duo's Security Blog

SEPTEMBER 19, 2024

In many enterprises, this includes administrators for tools like on-premises and cloud directories, single sign-on (SSO) solutions and multi-factor authentication (MFA) providers. Enforce strong multi-factor authentication (MFA) Require strong forms of MFA for admin access.

Accountability 119

Accountability Risk Authentication Social Engineering 119

Duo's Security Blog

OCTOBER 8, 2024

As organizations continue to rely on digital identities for access control and authentication, the risk of identity compromise grows. Educate and Train Employees: Conduct security awareness training for employees to recognize phishing attempts and other common attack vectors.

Passwords 111

Passwords Accountability Education Social Engineering 111

CyberSecurity Insiders

APRIL 4, 2023

Chinese fraudsters primarily target the United States for two reasons: the large population makes phishing attacks more effective, and credit card limits in the country are higher compared to other nations. The latter method involves using the server and templates included in the phishing kit to impersonate various companies and brands.

Phishing 67

Phishing Social Engineering Authentication eCommerce 67

Security Boulevard

MAY 12, 2022

And employees themselves are a liability, prone to human error, phishing, malicious activity and poor judgement. SPIFFE solves the problem of workload authentication in diverse environments. Access control, secrets management, and identity are all dependent on each other,” states the SPIFFE eBook. That is where SPIFFE comes in.

Architecture 52

Architecture Authentication Data breaches Software 52

Security Boulevard

JUNE 21, 2021

Ransomware code propagated through phishing and malware attacks that target weak workforce, supplier, and partner access credentials is perhaps the most common type of attack. Lesson 3: Strengthen Authentication. This has, in turn, extended the attack plane and created new opportunities for malicious actors. And the list goes on. .

Manufacturing 45

Manufacturing IoT CISO Authentication 45

Duo's Security Blog

DECEMBER 16, 2024

Preventing Help Desk Attacks There are two key components to prevention: Reduce the number of tickets associated with authentication and MFA addressed by the help desk. Reducing help desk tickets Lets begin with the first component: reducing the number of help desk tickets associated with authentication. Where did you log in from?"

Authentication 52

Authentication Accountability Passwords Technology 52