Search for blog posts, documentation, or pages

The Duo Bulletin

Dude, You Got Dell’d: Publishing Your Privates

Recently, Duo Labs security researchers found a few sketchy certificates on a Dell Inspiron 14 laptop we purchased last week to conduct a larger research project. Read on for more about Superfish 2: eDellRoot Boogaloo.

The Security Implications of iOS 9 Adoption

At Duo Labs, we recently studied the state of outdated iOS devices in past article. With the recent release of iOS 9, we revisited this discussion, given the unique device-based insight our service can provide.

Back to Security Basics: Stolen Privileged Windows Credentials Lead to Breaches

Going back to security basics, here’s a simple concept to consider: Stolen user credentials directly result in many a data breach. Especially if those credentials are privileged, meaning the user has greater operating system permissions than a standard account, according to a recent report from Cyberark.

Nominate an Exceptional Lady for the 2016 Women in Security Awards

Duo Security is accepting nominations for the 2016 Women in Security Awards! We’d like to recognize the contributions women are making and encourage the growth of a new generation in the security industry.

PoS Malware Poised to Ring in the 2015 Holiday Season

A few new and revamped versions of point-of-sale (PoS) malware have made the news recently for their ability to evade detection and target the exact location of customer credit and debit card data - just in time for the holiday season!

Exploit Kits Leverage Critical Flash and Browser Vulnerabilities

Yet more new research reveals the risks presented by Adobe Flash Player and outdated web browsers, as Adobe releases a new version of Flash to fix critical security vulnerabilities.

Criminals Leverage Remote Access to Patient Data Applications

One way that malicious hackers get access to healthcare data is through remote, online access - they often find a way to compromise Internet-facing servers housing databases of patient information.

WoW64 and So Can You

Today, the Duo Labs team is publishing a research paper on the limitations of Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) when applied to processes running under WoW64.

Duo Does the Work For You: Device Insight & Analysis

With Platform Edition, you don’t have to know what is vulnerable or when new software versions are released, because we do the homework for you.

Securing Cloud Access With IAM & Two-Factor Authentication

According to the Cloud Security Report 2015 from Alert Logic, cloud environments are mostly affected by significantly increased numbers of app attacks, suspicious activity and brute force.

UK Data Breach Highlights Need For Stronger Financial Data Security

A UK-based phone and broadband provider announced that the contact and payment information of 4 million individuals had been exposed in a recent data breach, including credit card and bank account numbers.

Duo Services Update

The latest update on the status of Duo Security’s services, and how we’re implementing architectural changes to ensure service availability.

Security for Higher Ed: Duo Exhibits at EDUCAUSE

Duo Security will be exhibiting advance two-factor authentication and endpoint security solutions at the EDUCAUSE Annual Conference this year, hosted at the Indiana Convention Center in Indianapolis from Oct. 28-29.

Update: Flash and Java Emergency Zero-Day Patches

Adobe recently issued an emergency patch outside of their normal patch release schedule for a Flash zero-day, CVE-2015-7645, reported by Trend Micro security researchers. The vulnerability affects Flash versions and

Dow Jones Data Breach: Insider Trading?

Late on a Friday afternoon, Dow Jones announced that they detected unauthorized access to their systems, compromising the contact and payment information of about 3,500 customers.


Free Guide

Security for an Age of Zero Trust

Think your organization is ready for the cloud and decentralized security? Download this white paper to learn why you may not be.


phishing (20)  two-factor-authentication (18)  security news (17)  healthcare security (16)  passwords (15)  weekly ink (13)  cloud security (12)  mobile security (11)  federal cybersecurity (10)  malware (10)  infosec-evolution (9)  rsac2015 (8)  banking security (8)  duo mobile (8)  retail data breaches (8)  stolen credentials (7)  financial data breach (7)  stolen-passwords (7)  data breaches (7)  financial institutions (6)  remote access security (6)  remote access attacks (6)  encryption (6)  pci dss (6)  ooba (6)  ios security (6)  2fa (6)  platform edition (5)  uk security (5)  webinar (5)  media security (5)  pos malware (5)  transaction-level 2fa (5)  atms (5)  higher education (5)  rig exploit kit (4)  security research (4)  third-party security (4)  hipaa (4)  data breach notification (4)  retail (4)  bank security (4)  ios (4)  healthcare cybersecurity (4)  2-factor-authentication (4)  vulnerability (4)  blackhat 2015 (4)  google (4)  healthit (4)  medical identity theft (4)  endpoint security (4)  defcon-23 (4)  retail data security (4)  security threats (4)  financial data security (4)  flash security (3)  retail data risks (3)  ssl (3)  critical infrastructure security (3)  social engineering (3)  manufacturing security (3)  law firm security (3)  otp bypass (3)  anthem (3)  out of band authentication (3)  cisco vpn (3)  duo-security-summit (3)  flash vulnerabilities (3)  ios vulnerabilities (3)  payment card breach (3)  target (3)  car security (3)  retail ebook (3)  health it (3)  windows security (3)  e-prescriptions (3)  byod (3)  home depot (3)  healthcare data breach (3)  strong-authentication (3)  stock market (3)  twitter (3)  defcon (3)  defense in depth (3)  outlook-web-app (3)  hipaa security rule (3)  two-factor (3)  iot security (3)  dyre trojan (3)  end-user authentication (3)  aws security (3)  ffiec (3) 

Duo is hiring!

View our open positions

Subscribe to our Newsletter

Get product updates, interesting content, and invitations to online and live events.