Duo's Security Blog

NOVEMBER 20, 2023

“It took nearly 11 months (328 days) to identity and contain data breaches resulting from stolen or compromised credentials.” – IBM’s Cost of Data Breach Report 2023 I recently came across a 2012 article from CSO Online , and realized that it has been more than 11 years since the phrase “Identity is the new perimeter” was coined!

Threat Detection 138

Threat Detection Authentication Accountability Data breaches 138

Malwarebytes

DECEMBER 15, 2022

Attack dates against Teqtivity and Uber have yet to be established; however, a threat actor named "UberLeaks" began leaking the stolen data on BreachForums, a site infamous for posting data breaches, around early Saturday morning, according to BleepingComputer. UberLeaks claimed the data came from Uber and Uber Eats.

Data breaches 98

Data breaches CSO Backups Mobile 98

SecureWorld News

APRIL 6, 2023

Uber has suffered yet another data breach after a third-party law firm's servers were attacked. The law firm, Genova Burns, which provides legal counsel to Uber, has notified an unknown number of its drivers that sensitive data has been exposed and stolen due to a cyberattack.

Data breaches 98

Data breaches CSO Phishing Risk 98

The Last Watchdog

MARCH 25, 2019

That’s how they’re going to transfer data in, hopefully, a secure channel to pass information back and forth with each other.”. However, APIs are also more frequently the source of data breaches and other cyber incidents. No one really knows exactly how many APIs are out there. And that’s just one phone. Postal Service.

Digital transformation 154

Digital transformation Software Data breaches Authentication 154

CSO Magazine

NOVEMBER 5, 2021

User identities can be compromised through phishing, brute force, or simple abuse by malicious insiders. Once an identity or set of credentials is compromised, any data they have access to is at risk and the identity can be used as part of a social engineering or spear-phishing attack to access more privileged credentials.

Social Engineering 111

Social Engineering Phishing Data breaches Risk 111

BH Consulting

APRIL 30, 2025

Third-party risk rises as a factor in breaches: Verizon DBIR 2025 Verizons latest annual Data Breach Investigations Report (DBIR) shows some concerning trends with a sharp escalation in global cyber threats. Landed earlier than usual, the 2025 edition found that 30 per cent of breaches involved third-parties, doubling from 2024.

Data breaches 59

Data breaches Scams Engineering Cybercrime 59

SC Magazine

MARCH 10, 2021

Viewing these videos, adversaries can begin to compile metadata about an individual’s behaviors preferences – intel that could be applied toward targeting phishing campaigns, according to Setu Kulkarni, vice president of Strategy at WhiteHat Security. Odds are more than one was breached here,” said Davisson. “I

Surveillance 129

Surveillance IoT Accountability Passwords 129

eSecurity Planet

APRIL 27, 2023

In March, the company disclosed a data breach that exposed about 1.2% Those issues continue to exist in ChatGPT, and both can be tricked into creating ransomware , obfuscating malware , and other exploits, they said. But OpenAI has experienced some problems with its generative AI platform that could also apply to GPT-4.

Engineering 116

Engineering Risk CSO Software 116

BH Consulting

OCTOBER 15, 2023

It found the most common intrusion tactics are phishing emails containing malware, Remote Desktop Protocol (RDP) brute forcing, and exploiting Virtual Private Network (VPN) vulnerabilities. Data protection and privacy developments Local and international news takes the stage here. MORE Have you signed up to our monthly newsletter?

Ransomware 52

Ransomware Data breaches CSO Cyber Attacks 52

The Last Watchdog

JULY 25, 2024

Starting now and for at least the next month, all organizations should be in a heightened state of vigilance for phishing emails purporting to be from, or affiliated with, CrowdStrike. Dimitri Chichlo , CSO, BforeAI Chichlo Our networks remain fragile because of interdependence and the assumption that technology always works.

Technology 317

Technology Ransomware Software Cyber Attacks 317

eSecurity Planet

DECEMBER 3, 2021

Brian Krebs is an independent investigative reporter known for his coverage of technology, malware , data breaches , and cybercrime developments. ICYMI, Equifax forced to pull offline a huge database of consumer data guarded only by credentials "admin/admin" [link] — briankrebs (@briankrebs) September 13, 2017.

Accountability 139

Accountability Cybersecurity Penetration Testing InfoSec 139

Jane Frankland

JANUARY 12, 2025

Sophisticated social engineering tactics, phishing campaigns, or financial incentives make it easier for cybercriminals to use insiders as tools for gaining access and maintaining their foothold in systems rather than hacking in. Cyber threats often exploit human errors, whether through phishing attacks, weak passwords, or lapses in protocol.

Cybersecurity 130

Cybersecurity CISO Insurance IoT 130