The Duo Bulletin

Medical Identity Theft Threatens Patient Data and Customer Loyalty

While the healthcare industry is slowly moving forward in technological advances due to federal and state legislature, security and privacy concerns are still backed by the numbers. In 2014, medical identity theft grew nearly 22 percent...
Read more...

Password-Stealing Tool Targets Windows; Evades Antivirus

Mandiant’s M-Threat 2015 report details how a publicly-available “pentesting” tool, Mimikatz, can be used to steal password hashes and dump plaintext passwords extracted from memory, helping attackers move laterally within your network.
Read more...

Inside a Retail Hack: Lateral Movement & Credential-Harvesting

In 2014, 1,000 retail businesses were hit by remote attacks. Ultimately, most retail attacks started with stolen credentials, which enabled attackers to move laterally, harvesting credentials along the way until they reached their final destination.
Read more...

Smarter Security: Logs & Context-Aware Access Controls

Encryption and firewalls? Could be useless if an attacker steals administrator credentials and goes undetected in your systems for months.
Read more...

Higher Education: Protecting Against Anthem Phishing Scams with Two-Factor Authentication

Post-breach, Anthem customers have been warned of subsequent phishing scams. And a large number of those customers include faculty, staff and students from major universities across the country, as Anthem provides health plans and other services for many higher education customers.
Read more...

The Weekly Ink #27

The Weekly Ink is the weekly newsletter brought to you by Duo Labs, with curated links of interest in the security world to help educate and entertain on security happenings and culture.
Read more...


Lenovo & Superfish: A Case Study in How Not To Handle Security Issues

The internet erupted with outrage at Lenovo for their inclusion of Superfish adware on certain consumer laptops. The company's response to customer concerns shows exactly what not to do.
Read more...

A Closer Look at Duo's Seal, Hack Day & Continued Growth

During our latest Hack Day, one project involved painting Duo’s seal in our new downtown Ann Arbor office - which got us to thinking about what that seal stands for and why it’s important to us.
Read more...

New InfoSec Guidelines Released by FFIEC

Last week, the Federal Financial Institutions Examination Council (FFIEC) released a new addendum, Strengthening the Resilience of Outsourced Technology Services, to address potential threats to financial data and security controls to ensure business continuity in the event of a breach.
Read more...

The State of Brokerage Security: Protecting Stocks and Financial Data

Since brokerage firms deal with investors that trade public stocks and other financial securities, in addition to offering loans and stock prices and tips, they’re often targeted by hackers seeking to exploit brokerage firm employees that have access to a large clientele of stockbrokers - and large sums of money.
Read more...

Duo Gets COOL: A Note from Our New COO

A word from Duo's new Chief Operating Officer (COO), bicoastal Zack Urlocker - our new leader of sales, marketing and customer success.
Read more...

Stronger Data Security Laws Proposed by New York Attorney General

In step with President Obama’s proposed information security legislation, New York State Attorney General Eric T. Schneiderman has proposed an update to state legislation on consumer data and data breach notification laws, as eSecurityPlanet.com reports.
Read more...

Duo Tech Talk: OSXCollector - Automated Forensic Evidence Collection & Analysis for OS X

February's Duo Tech Talk featured Yelp's security team manager, Ivan Leichtling as he explained a security tool they developed in-house for dealing with security alerts. OSXCollector automates the digital forensic evidence collection and analysis that their team had been previously doing manually.
Read more...

Analysis Pushes Anthem Timeline Back, Links Breach to Chinese APT Group

The breach at Anthem may have begun in April, 2014 and may be the work of a Chinese hacking crew. The question for healthcare companies: how to respond.
Read more...

Four Years Later, Anthem Breached Again: Hackers Stole Credentials

The second largest healthcare insurance provider, Indianapolis-based Anthem Inc., recently reported a data breach affecting 80 million customers and employees, the Wall Street Journal stated.
Read more...

Categories

Free Guide

Security for an Age of Zero Trust

Think your organization is ready for the cloud and decentralized security? Download this white paper to learn why you may not be.

Tags

phishing (16)  two-factor-authentication (15)  passwords (13)  healthcare security (11)  malware (7)  ooba (6)  2fa (5)  encryption (5)  stolen-passwords (5)  cloud security (5)  atms (5)  transaction-level 2fa (5)  financial data breach (5)  webinar (5)  financial institutions (4)  healthit (4)  data breach notification (4)  hipaa (4)  security news (4)  data breaches (4)  retail (4)  pci dss (4)  third-party security (3)  strong-authentication (3)  anthem (3)  bank security (3)  two-factor (3)  twitter (3)  e-prescriptions (3)  healthcare cybersecurity (3)  federal cybersecurity (3)  target (3)  health it (3)  iot security (3)  home depot (3)  medical devices (3)  hipaa security rule (3)  vulnerability (3)  rig exploit kit (3)  defense in depth (3)  retail ebook (3)  stolen credentials (3)  retail data breaches (3) 

Duo is hiring!

View our open positions

Follow Us

Subscribe to our Newsletter

Get product updates, interesting content, and invitations to online and live events.