The Duo Bulletin

Inside a Retail Hack: Lateral Movement & Credential-Harvesting

In 2014, 1,000 retail businesses were hit by remote attacks. Ultimately, most retail attacks started with stolen credentials, which enabled attackers to move laterally, harvesting credentials along the way until they reached their final destination.

Smarter Security: Logs & Context-Aware Access Controls

Encryption and firewalls? Could be useless if an attacker steals administrator credentials and goes undetected in your systems for months.

Higher Education: Protecting Against Anthem Phishing Scams with Two-Factor Authentication

Post-breach, Anthem customers have been warned of subsequent phishing scams. And a large number of those customers include faculty, staff and students from major universities across the country, as Anthem provides health plans and other services for many higher education customers.

Lenovo & Superfish: A Case Study in How Not To Handle Security Issues

The internet erupted with outrage at Lenovo for their inclusion of Superfish adware on certain consumer laptops. The company's response to customer concerns shows exactly what not to do.

The Weekly Ink #27

The Weekly Ink is the weekly newsletter brought to you by Duo Labs, with curated links of interest in the security world to help educate and entertain on security happenings and culture.

A Closer Look at Duo's Seal, Hack Day & Continued Growth

During our latest Hack Day, one project involved painting Duo’s seal in our new downtown Ann Arbor office - which got us to thinking about what that seal stands for and why it’s important to us.

New InfoSec Guidelines Released by FFIEC

Last week, the Federal Financial Institutions Examination Council (FFIEC) released a new addendum, Strengthening the Resilience of Outsourced Technology Services, to address potential threats to financial data and security controls to ensure business continuity in the event of a breach.

The State of Brokerage Security: Protecting Stocks and Financial Data

Since brokerage firms deal with investors that trade public stocks and other financial securities, in addition to offering loans and stock prices and tips, they’re often targeted by hackers seeking to exploit brokerage firm employees that have access to a large clientele of stockbrokers - and large sums of money.

Duo Gets COOL: A Note from Our New COO

A word from Duo's new Chief Operating Officer (COO), bicoastal Zack Urlocker - our new leader of sales, marketing and customer success.

Stronger Data Security Laws Proposed by New York Attorney General

In step with President Obama’s proposed information security legislation, New York State Attorney General Eric T. Schneiderman has proposed an update to state legislation on consumer data and data breach notification laws, as reports.

Duo Tech Talk: OSXCollector - Automated Forensic Evidence Collection & Analysis for OS X

February's Duo Tech Talk featured Yelp's security team manager, Ivan Leichtling as he explained a security tool they developed in-house for dealing with security alerts. OSXCollector automates the digital forensic evidence collection and analysis that their team had been previously doing manually.

Analysis Pushes Anthem Timeline Back, Links Breach to Chinese APT Group

The breach at Anthem may have begun in April, 2014 and may be the work of a Chinese hacking crew. The question for healthcare companies: how to respond.

Four Years Later, Anthem Breached Again: Hackers Stole Credentials

The second largest healthcare insurance provider, Indianapolis-based Anthem Inc., recently reported a data breach affecting 80 million customers and employees, the Wall Street Journal stated.

Federal InfoSec Budget Calls for $14 Billion, Jumps 12 Percent

The Fiscal Year 2015 Budget of the U.S. Government (PDF) was recently released by the White House, calling for $14 billion for government cyber efforts, as Reuters reported.

Duo Security Provides Two-Factor Authentication for UK-Based Software Company

Find out how Duo Security lowers the total cost of ownership (TCO), provides flexible authentication methods, and secures a UK-based software development and consulting company, Softwire.


Free Guide

Two-Factor Authentication Evaluation Guide

This guide walks through some of the key areas of differentiation between two-factor authentication solutions and provides some concrete criteria for evaluating technologies and vendors.


phishing (16)  two-factor-authentication (15)  passwords (13)  healthcare security (10)  malware (7)  ooba (6)  encryption (5)  cloud security (5)  atms (5)  2fa (5)  transaction-level 2fa (5)  webinar (5)  financial data breach (5)  security news (4)  stolen-passwords (4)  pci dss (4)  data breaches (4)  data breach notification (4)  financial institutions (4)  retail (4)  healthit (4)  strong-authentication (3)  health it (3)  bank security (3)  third-party security (3)  federal cybersecurity (3)  two-factor (3)  anthem (3)  stolen credentials (3)  target (3)  vulnerability (3)  iot security (3)  medical devices (3)  hipaa security rule (3)  retail data breaches (3)  twitter (3)  defense in depth (3)  retail ebook (3)  home depot (3)  rig exploit kit (3)  hipaa (3) 

Duo is hiring!

View our open positions

Follow Us

Subscribe to our Newsletter

Get product updates, interesting content, and invitations to online and live events.