Authentication, eBook and Social Engineering

Authentication

eBook

Social Engineering

Retail and Hospitality Trending Holiday Cyber Threats

Duo's Security Blog

DECEMBER 12, 2022

And in our ebook, Retail Cybersecurity: The Journey to Zero Trust , we share ways that Duo can help retailers improve their security posture. Add a passwordless authentication factor like a biometric and block attempts at access. Get started by downloading our ebook, Retail Cybersecurity: The Journey to Zero Trust , today.

Retail

Retail Cyber threats Social Engineering Data breaches

Abusing Entra ID Misconfigurations to Bypass MFA

NetSpi Technical

NOVEMBER 2, 2023

To understand the vulnerability, there are a few things to understand about the Entra ID authentication flow. Within any Entra ID environment, there are numerous cloud applications that are leveraged when a user authenticates. This odd load-time behavior is what alerted me to the potential for an MFA bypass.

Authentication

Authentication Accountability Social Engineering Penetration Testing

Join 28,000+

Insiders

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Trending Sources

New Duo E-Book, Attack Vectors Decoded: Securing Organizations Against Identity-Based Threats

Duo's Security Blog

MARCH 4, 2024

Recently, attackers have targeted multi-factor authentication (MFA). Even if an attacker has access to a username and password, they still need access to the second authentication factor to break into the organization. This becomes a constant cycle of organizations introducing new protections and attackers finding ways to exploit them.

Authentication

Authentication Social Engineering Passwords Risk

Why Cybersecurity Strategy Must Start With Identity

Duo's Security Blog

NOVEMBER 15, 2024

Traditionally, organizations have relied on strong authentication requirements, such as multi-factor authentication (MFA), to address compromised access. Moving beyond authentication In conclusion, the rise of identity security necessitates a shift beyond relying solely on authentication to address compromised identities.

Threat Detection

Threat Detection Cybersecurity Digital transformation Authentication

Watching the Watchmen: Securing Identity Administrators

Duo's Security Blog

SEPTEMBER 19, 2024

In many enterprises, this includes administrators for tools like on-premises and cloud directories, single sign-on (SSO) solutions and multi-factor authentication (MFA) providers. They famously use a variety of social engineering techniques (e.g., Their techniques have been outlined in this helpful briefing from CISA.

Accountability

Accountability Risk Authentication Social Engineering

Intro to Phishing: How Dangerous Is Phishing in 2023?

Duo's Security Blog

APRIL 20, 2023

Accounting for nearly a quarter of reported incidents in Australia, phishing is a broad category of social engineering with several variations. These social engineering techniques tricked employees into revealing their login credentials, which allowed attackers to access additional systems and data. What is phishing?

Phishing

Phishing Social Engineering Authentication Engineering

Identity-Based Breaches: Navigating the Aftermath

Duo's Security Blog

OCTOBER 8, 2024

As organizations continue to rely on digital identities for access control and authentication, the risk of identity compromise grows. Educated employees are less likely to fall victim to social engineering attacks, reducing the risk of future breaches.

Passwords

Passwords Accountability Education Social Engineering

How to Stop Phishing Attacks with Protective DNS

Security Boulevard

OCTOBER 2, 2023

Phishing attackers are increasingly using social engineering techniques to personalize their attacks and target specific individuals or organizations. For example, attackers may research their victims on social media or other online sources to gather personal information that can be used to make their phishing emails more believable.

DNS

DNS Phishing Social Engineering Engineering

To Achieve Zero Trust Security, Trust The Human Element

Thales Cloud Protection & Licensing

MAY 6, 2021

As such, this year’s World Password Day is in fact a timely reminder for businesses to drop passwords forever, and instead rollout access management solutions such as passwordless authentication. Jenny Radcliffe, People Hacker & Social Engineer. Access needs to be on a need-to-know basis.

Social Engineering

Social Engineering Authentication Passwords Technology

Zero Trust Is a Journey and Businesses Have Many Rivers to Cross

Thales Cloud Protection & Licensing

MARCH 31, 2021

Jenny Radcliffe, People Hacker & Social Engineer. There are two major considerations for us: enhanced authentication security, and user workflow efficiency. “In In the case of user efficiency, now with a full remote workflow for user authentication, all devices are authenticating over an enterprise VPN client.

Digital transformation

Digital transformation VPN Technology Architecture

News Alert: Survey shows vast majority of IT pros consider ‘passwordless’ access a top priority

The Last Watchdog

JUNE 21, 2023

. – June 21, 2023 – Axiad , a leading provider of organization-wide passwordless orchestration, today announced the results of its Passwordless Authentication survey fielded by Enterprise Research Group (ERG), a full-service market research company. and Canada were surveyed.

Authentication

Authentication Social Engineering Passwords Phishing

Chinese fraudsters: evading detection and monetizing stolen credit card information

CyberSecurity Insiders

APRIL 4, 2023

Additionally, NFTs and eBooks are also suitable for money laundering. They may use methods such as pretending to be the rightful owner (social engineering) and calling the card company's call center to confirm the limit, disabling the one-time password authentication required for card use, or using other social engineering tactics.

Phishing

Phishing Social Engineering Authentication eCommerce

Cyber Security Informer

Retail and Hospitality Trending Holiday Cyber Threats

Abusing Entra ID Misconfigurations to Bypass MFA

Trending Sources

New Duo E-Book, Attack Vectors Decoded: Securing Organizations Against Identity-Based Threats

Why Cybersecurity Strategy Must Start With Identity

Watching the Watchmen: Securing Identity Administrators

Intro to Phishing: How Dangerous Is Phishing in 2023?

Identity-Based Breaches: Navigating the Aftermath

How to Stop Phishing Attacks with Protective DNS

To Achieve Zero Trust Security, Trust The Human Element

Zero Trust Is a Journey and Businesses Have Many Rivers to Cross

News Alert: Survey shows vast majority of IT pros consider ‘passwordless’ access a top priority

Chinese fraudsters: evading detection and monetizing stolen credit card information

Stay Connected