Hacking Multifactor Authentication: An IT Pro’s Lessons Learned After Testing 150 MFA Products

Mar 2, 2021 8:00:00 AM By Stu Sjouwerman

Multi-Factor Authentication (MFA) can be a highly effective way to safeguard your organization’s data, but that doesn’t mean it’s unhackable. And nobody knows that better than ...

[HEADS UP] New Dutch Data Breach Report Warns of Explosive Increase in Cyber Attacks and Stolen Personal Data

Mar 1, 2021 10:39:15 AM By Stu Sjouwerman

The Dutch Data Protection Authority (AP) recently measured the number of reports of data theft in 2020 and the number of attacks skyrocketed. The report documented that it increased no ...

How Can You Be More at Risk With MFA?

Dec 23, 2020 1:43:26 PM By Roger Grimes

In my recent comment on the Solarwinds’ cyber attack, I made the claim that using multifactor authentication (MFA) can sometimes make you more at risk than using a simple login name and ...

Solarwinds MFA Bypass Attack Pushes Limits

Dec 16, 2020 12:59:35 PM By Roger Grimes

Excellent, long-time, tech reporter Dan Goodin reported in Ars Technica that the recent Solarwinds’ supply chain attack involved hackers bypassing a popular multi-factor authentication ...

5 Tips For Consolidating Remote Work Tech Debt

Dec 14, 2020 8:23:30 AM By Javvad Malik

In 2020, nearly every organisation embraced remote working to some extent or another. For some, the transition was smooth and easy, as they already had a mobile workforce and were largely ...

Think Tanks Targeted by APT Actors

Dec 3, 2020 8:28:48 AM By Stu Sjouwerman

The US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have issued a joint advisory warning that nation-state advanced persistent threat (APT) actors are targeting US ...

Credential-Stealing VPN Exploits

Nov 25, 2020 9:43:09 AM By Stu Sjouwerman

A hacker has published an exploit for a critical vulnerability in Fortinet VPN devices, along with a list of 49,577 vulnerable devices, BleepingComputer reports. Fortinet released a patch ...

One-Third of Employees Say Their Company Has No Cybersecurity Measures in Place While Working from Home

Nov 20, 2020 11:15:49 AM By Stu Sjouwerman

At a time when organizations should be implementing additional security measure to ensure the logical perimeter of their network is protected, new research shows companies aren’t prepared.

The Most Common Password Frustrations

Nov 9, 2020 5:01:48 PM By Roger Grimes

We all know the well-worn adage to make our passwords long and complex. Sometimes trying to do so can be completely frustrating.

6 Lessons I Learned from Hacking 130 MFA Solutions

Nov 5, 2020 2:16:43 PM By Roger Grimes

I was fortunate enough to write Wiley’s Hacking Multifactor Authentication. It’s nearly 600-pages dedicated to showing attacks against various multi-factor authentication (MFA) solutions ...

Unfortunate Learning Lessons from Clicking on a Suspicious Phishing Email

Nov 5, 2020 11:19:02 AM By Stu Sjouwerman

Israeli news source YNet released a story about a woman who clicked on a suspicious phishing link, was fired from her job, and was accused of fraud with a criminal indictment.

Organizational Security Posture Effectiveness Declines by 38% Due to COVID

Nov 4, 2020 7:02:00 AM By Stu Sjouwerman

Remote workforces, insecure devices, a lack of multi-factor authentication, and a lack of user education all add up to a security nightmare for the average organization today.

WARNING: Americans’ Password Habits are Horrible, Putting Organizations at Risk

Nov 4, 2020 7:01:00 AM By Stu Sjouwerman

New data shows the average American uses short, uncomplicated, and often predictable passwords, practices which only increase the insecurity of corporate user accounts.

Researchers Discover Most Microsoft 365 Admins Don't Enable Multi-Factor Authentication

Oct 27, 2020 12:31:02 PM By Stu Sjouwerman

Researchers from CoreView recently discovered that 97% of all total Microsoft 365 users do not utilize multi-factor authentication (MFA). A staggering 78% of Microsoft 365 admins do not ...

[NEW BOOK] Hacking Multi-Factor Authentication

Oct 27, 2020 8:58:07 AM By Roger Grimes

I’m excited to announce the release of my 12th book, Hacking Multifactor Authentication.

Cybersecurity Awareness Month Weekly Tip: Password Security

Oct 13, 2020 7:00:00 AM By Stu Sjouwerman

Each week during Cybersecurity Awareness Month, we’re going to be sharing in-depth weekly cybersecurity tips from our evangelists to help your users make smarter security decisions and ...

Phishing Campaign Goes After AT&T Employees’ MFA Codes

Sep 29, 2020 8:22:37 AM By Stu Sjouwerman

A phishing campaign is targeting AT&T employees and contractors with a well-crafted fake login page, according to Luke Leal at Sucuri. The phishing page is a near-exact replica of AT&T ...

Credential Stuffing to Stuff the Ballot Box

Sep 22, 2020 10:20:17 AM By Stu Sjouwerman

Advanced nation-state actors and petty criminals are both leveraging credential-stuffing attacks to hack into victims’ accounts, according to Byron Acohido, writing for Avast. Rather than ...

Credential Stuffing Used Against Financial Services

Sep 21, 2020 8:27:15 AM By Stu Sjouwerman

A security alert from the FBI warns that hackers are launching credential-stuffing attacks against organizations in the financial sector, ZDNet reports.

CISA’s Advice on Countering Phishing

Sep 14, 2020 10:19:06 AM By Stu Sjouwerman

The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has published an advisory on best practices to thwart email-based phishing attacks. The ...