"Cisco Duo's Multifactor Authentication Service Breached"

A social engineering attack has compromised a third-party provider responsible for handling telephony for Cisco's Duo Multi-Factor Authentication (MFA) service. Cisco Duo customers have been warned to be on the lookout for follow-on phishing attacks. Customers were notified that the company handling SMS and VOIP MFA messaging traffic for Cisco Duo had been breached on April 1. The threat actor allegedly used compromised employee credentials, and once inside the service provider's systems, they downloaded SMS logs for specific users. This article continues to discuss the third-party telephony service provider for Cisco Duo falling victim to social engineering and the company's warning regarding subsequent phishing attacks.

Dark Reading reports "Cisco Duo's Multifactor Authentication Service Breached"

Submitted by grigby1

Submitted by grigby1 CPVI on