Search for blog posts, documentation, or pages

The Duo Bulletin

Interview: Silicon Valley's Matt Cohler on Investing in the Security Market

Recently, the Duo Creative team interviewed one of our favorite investors, Matt Cohler of Benchmark, a venture capital firm known for early stage funding of several high-growth Silicon Valley startups, including Uber, Instagram, Dropbox - and, of course, Duo Security.
Read more...

Replacing RSA SecurID: Why Are Customers Switching to Duo Security?

As technology has evolved over time, old two-factor solutions have not - that’s why so many large enterprise organizations are switching from RSA SecurID (notorious for adding friction, cost and complexity) to Duo Security’s solution (much easier to use and lower total cost of ownership).
Read more...

iOS Malware Leverages Jailbroken Devices to Steal Apple Account Info

A new form of iOS malware leverages jailbroken Apple devices, stealing Apple account information, private keys and certificates.
Read more...

Securing Access to Virtual Machines: Visit Duo at VMworld 2015!

Duo Security will be exhibiting at VMworld 2015, hosted at the Moscone Center in San Francisco, California from August 30-September 3!
Read more...

iOS Vulnerability Exposes Mobile Enterprise Credentials

There’s a new iOS vulnerability that may affect enterprises that use mobile device management (MDM) applications and clients, potentially exposing sensitive configuration settings, credentials, server information and more.
Read more...

I, For One, Welcome Our New Algorithmic Overlords

The final installment of Kyle's Black Hat 2015/DEF CON 23 series takes a look at more machine learning talks and discusses the future of machine learning and infosec.
Read more...

You Built a Better Mousetrap? They Built Better RATs

Any remote access can be dangerous, even if it’s authorized. Kyle covers the status of remote-access-based attacks as discussed at DEF CON 23 and discusses a risk-based outlook on security, rather than trying for perfect solutions.
Read more...

Stolen Credentials and Stolen Press Releases Lead to Insider Trading

Nine people were charged for hacking, securities and wire fraud, as well as insider trading last Tuesday. Over a period of five years, hackers breached press release syndication websites, including Business Wire, PR Newswire and Marketwired and stole more than 150,000 press releases that revealed information on publicly traded companies.
Read more...

Understanding Your Exposure to Stagefright Vulnerabilities

Find out about the Stagefright vulnerabilities affecting Android, and how you can mitigate risks by creating custom authentication policies with Duo Platform Edition.
Read more...

What's Old is... Still Old: The Security from the Obscurity of Legacy Systems is Crumbling


Read more...

I’m Sorry, *You* Are… The Weakest Link

Kyle Lady of Duo Labs covers talks about the human factor — from social engineering to human vulnerability scanning — at DEF CON and Black Hat 2015.
Read more...

Applications of Deep Learning: The Good, The Bad and The Opinion

“Deep learning” was a phrase that came up many times during Black Hat. It seems to have quickly risen to relative prominence, and it certainly merits discussion: the broad field of machine learning often can be and is applied, and developments in the field have definite potential to help the security field make better sense of the data.
Read more...

Do You Want To Build A Snowman?

In case you haven’t already heard the news, Google and Adobe just killed a popular information leak technique in the most recent version of Flash (v18.0.0.209). Mozilla went so far as to block Flash entirely. This was hot on the tails of two previously unknown, unpatched (0day) vulnerabilities in Flash, which were publicly disclosed as part of the enormous reams of information stolen from Hacking Team.
Read more...

Securing Browser Access: The Doorways to Sensitive Data

According to a report from McAfee, Dissecting the Top Five Network Attack Methods: A Thief’s Perspective (PDF), the top network attack methods include network abuse (42 percent) and browser attacks (36 percent).
Read more...

Authentication Bypass & Privilege Escalation Lead to Stolen Financial Data

Financial credentials and data are often stolen due to major mobile app flaws, including authentication bypass, privilege escalation and weak password security.
Read more...

Categories

Free Guide

Security for an Age of Zero Trust

Think your organization is ready for the cloud and decentralized security? Download this white paper to learn why you may not be.

Tags

phishing (20)  security news (17)  two-factor-authentication (16)  healthcare security (16)  passwords (15)  weekly ink (13)  federal cybersecurity (10)  malware (10)  cloud security (10)  infosec-evolution (9)  rsac2015 (8)  retail data breaches (8)  banking security (8)  duo mobile (7)  data breaches (7)  stolen-passwords (7)  financial data breach (7)  2fa (6)  mobile security (6)  stolen credentials (6)  ooba (6)  financial institutions (6)  pci dss (6)  encryption (5)  transaction-level 2fa (5)  remote access security (5)  webinar (5)  atms (5)  healthcare cybersecurity (5)  healthit (5)  security threats (4)  bank security (4)  third-party security (4)  financial data security (4)  2-factor-authentication (4)  pos malware (4)  vulnerability (4)  data breach notification (4)  retail (4)  defcon-23 (4)  rig exploit kit (4)  platform edition (4)  hipaa (4)  retail data security (4)  blackhat 2015 (4)  google (4)  remote access attacks (4)  medical identity theft (4)  healthcare data breach (3)  security research (3)  defense in depth (3)  e-prescriptions (3)  retail data risks (3)  duo-security-summit (3)  home depot (3)  ehr (3)  byod (3)  retail ebook (3)  hipaa security rule (3)  higher education (3)  two-factor (3)  manufacturing security (3)  critical infrastructure security (3)  ffiec (3)  law firm security (3)  otp bypass (3)  media security (3)  payment card breach (3)  strong-authentication (3)  dyre trojan (3)  uk security (3)  car security (3)  end-user authentication (3)  defcon (3)  iot security (3)  ssl (3)  social engineering (3)  target (3)  health it (3)  twitter (3)  anthem (3) 

Duo is hiring!

View our open positions

Subscribe to our Newsletter

Get product updates, interesting content, and invitations to online and live events.