Search for blog posts, documentation, or pages

The Duo Bulletin

Mitigating Effects of the Hacking Team Fallout

The effects of the Hacking Team hack are still being felt, but some are trying to help organizations do some damage control and look for signs of infection from their spyware.

The Essential Guide to Securing Remote Access

How can you protect your company against remote access attacks? Find out how by downloading The Essential Guide to Securing Remote Access: Preventing Data Breaches With Strong Authentication from Duo Security.

Hacking Team Data Leak: Software Vendors Release Fixes; Others Comb Through Emails

This week, Adobe, Oracle and Microsoft patched for several critical vulnerabilities found in the 400GB dump of Hacking Team’s intellectual property and proprietary exploit code that some researchers are still combing through.

FTC Releases 10 Data Security Guidelines

The Federal Trade Commission (FTC) has released a list of data security guidelines gleaned from the agency’s 50+ data security settlements.

Majority of Healthcare Security Incidents Involve External Actors, Phishing Attacks

A new survey from HIMSS (Healthcare Information and Management Systems Society) found that 87 percent of healthcare officials rate information security as an increasing business priority. Another two-thirds reported that their organization had experienced a significant security incident.

U.K. Bank Customers Targeted With Phishing Campaign and Malware

Dyre - oh, Dyre; the banking Trojan we love to hate - is sticking around, as a recent phishing campaign against U.K. banks revealed.

Duo Labs Great DEF CON Giveaway!

Want to go to DEF CON but don’t want to spend money you could otherwise lose gambling in Vegas? Do you want to avoid standing in an epic lineup of hackers just to get your DEF CON pass? Duo Labs wants to help you out. For the small price of some attention on Twitter, three lucky people will receive free passes from Duo Security to DEF CON 23.

International Spyware Company Hacked: Flash Exploits Sold to Intel Agencies

The irony is quite strong in this one: Italy-based Hacking Team, an international spyware company that provides surveillance technology to government agencies, was hacked. Five hundred gigabytes of internal data was published as a Torrent file on Sunday evening, in addition to a full list of the company’s clients on Pastebin.

Media Streaming Service Hacked; No Support for Two-Factor Authentication

Plex, a media streaming service, announced that their forum and blog servers were hacked - meaning your email address, IP address, forum messages and encrypted (hashed and salted) password may have been stolen. As of now, their forums are offline while they investigate.

Credential-Harvesting Malware Focuses on Financial Services

Financial losses associated with security incidents have increased 24 percent in 2014 in the finance sector, with overall detected security incidents increasing 8 percent, according to PricewaterhouseCoopers’ Global State of Information Security Survey: Financial Services.

New OPM Security Strategy Expands Monitoring and Widens Two-Factor Deployment

While there’s plenty of dismal news unraveling in the wake of the epic OPM breach, there’s a lot of positive learning to be had as well. The agency released an OPM Cybersecurity Action Report outlining specific steps they planned to take to remediate and strengthen their internal security posture.

Zero-Day Phishing Campaign Targets High Tech Intellectual Property

A large-scale phishing campaign leveraging a critical Adobe Flash zero-day has been targeting many different industries for weeks, including aerospace and defense, construction and engineering, high tech, telecommunications and transportation organizations.

The Weekly Ink #41

The Weekly Ink is the weekly newsletter brought to you by Duo Labs, with curated links of interest in the security world to help educate and entertain on security happenings and culture.

Teach People to Lock Their Workstations Right Meow

It’s a question almost as old the password itself: “What should I do if someone leaves their computer unlocked? Should I ‘get them’?” Well sure, you could change their wallpaper or download some joke software, you could even install crypto-ransomware that deposits their ransom into your top secret bitcoin wallet. But why stop there? You could check to see if they’re still signed into their bank account and transfer all of their money to your unnamed overseas bank account. That’ll teach ‘em a lesson, right? Wait, what was that lesson again?

Cybersecurity Sprint: Federal CIO Orders 'Dramatic Increase' in Use of Two-Factor Authentication

In response to the OPM hack that leaked four million records of personal data (and potentially more information, including classified employee security clearance data), the U.S. Chief Information Officer (CIO) launched a 30-day Cybersecurity Sprint, another name for the baseline security requirements that every federal agency must take steps toward implementing in the next thirty days.


Free Guide

Security for an Age of Zero Trust

Think your organization is ready for the cloud and decentralized security? Download this white paper to learn why you may not be.


phishing (18)  security news (17)  healthcare security (15)  two-factor-authentication (15)  passwords (14)  weekly ink (13)  federal cybersecurity (10)  cloud security (9)  infosec-evolution (9)  malware (9)  rsac2015 (8)  banking security (8)  retail data breaches (7)  duo mobile (7)  data breaches (6)  financial data breach (6)  pci dss (6)  financial institutions (6)  2fa (6)  ooba (6)  stolen-passwords (6)  stolen credentials (5)  transaction-level 2fa (5)  atms (5)  encryption (5)  webinar (5)  remote access security (4)  financial data security (4)  hipaa (4)  medical identity theft (4)  healthit (4)  pos malware (4)  mobile security (4)  retail data security (4)  vulnerability (4)  retail (4)  third-party security (4)  data breach notification (4)  bank security (4)  healthcare cybersecurity (4)  uk security (3)  health it (3)  iot security (3)  anthem (3)  rig exploit kit (3)  strong-authentication (3)  platform edition (3)  defense in depth (3)  otp bypass (3)  payment card breach (3)  media security (3)  law firm security (3)  ffiec (3)  twitter (3)  remote access attacks (3)  retail data risks (3)  ssl (3)  critical infrastructure security (3)  manufacturing security (3)  two-factor (3)  security threats (3)  dyre trojan (3)  target (3)  home depot (3)  higher education (3)  retail ebook (3)  e-prescriptions (3)  hipaa security rule (3)  google (3) 

Duo is hiring!

View our open positions

Subscribe to our Newsletter

Get product updates, interesting content, and invitations to online and live events.