Search for blog posts, documentation, or pages

The Duo Bulletin

International Spyware Company Hacked: Flash Exploits Sold to Intel Agencies

The irony is quite strong in this one: Italy-based Hacking Team, an international spyware company that provides surveillance technology to government agencies, was hacked. Five hundred gigabytes of internal data was published as a Torrent file on Sunday evening, in addition to a full list of the company’s clients on Pastebin.
Read more...

Media Streaming Service Hacked; No Support for Two-Factor Authentication

Plex, a media streaming service, announced that their forum and blog servers were hacked - meaning your email address, IP address, forum messages and encrypted (hashed and salted) password may have been stolen. As of now, their forums are offline while they investigate.
Read more...

Credential-Harvesting Malware Focuses on Financial Services

Financial losses associated with security incidents have increased 24 percent in 2014 in the finance sector, with overall detected security incidents increasing 8 percent, according to PricewaterhouseCoopers’ Global State of Information Security Survey: Financial Services.
Read more...

New OPM Security Strategy Expands Monitoring and Widens Two-Factor Deployment

While there’s plenty of dismal news unraveling in the wake of the epic OPM breach, there’s a lot of positive learning to be had as well. The agency released an OPM Cybersecurity Action Report outlining specific steps they planned to take to remediate and strengthen their internal security posture.
Read more...

Zero-Day Phishing Campaign Targets High Tech Intellectual Property

A large-scale phishing campaign leveraging a critical Adobe Flash zero-day has been targeting many different industries for weeks, including aerospace and defense, construction and engineering, high tech, telecommunications and transportation organizations.
Read more...

The Weekly Ink #41

The Weekly Ink is the weekly newsletter brought to you by Duo Labs, with curated links of interest in the security world to help educate and entertain on security happenings and culture.
Read more...

Teach People to Lock Their Workstations Right Meow

It’s a question almost as old the password itself: “What should I do if someone leaves their computer unlocked? Should I ‘get them’?” Well sure, you could change their wallpaper or download some joke software, you could even install crypto-ransomware that deposits their ransom into your top secret bitcoin wallet. But why stop there? You could check to see if they’re still signed into their bank account and transfer all of their money to your unnamed overseas bank account. That’ll teach ‘em a lesson, right? Wait, what was that lesson again?
Read more...

Cybersecurity Sprint: Federal CIO Orders 'Dramatic Increase' in Use of Two-Factor Authentication

In response to the OPM hack that leaked four million records of personal data (and potentially more information, including classified employee security clearance data), the U.S. Chief Information Officer (CIO) launched a 30-day Cybersecurity Sprint, another name for the baseline security requirements that every federal agency must take steps toward implementing in the next thirty days.
Read more...

The Weekly Ink #40

The Weekly Ink is the weekly newsletter brought to you by Duo Labs, with curated links of interest in the security world to help educate and entertain on security happenings and culture.
Read more...

Multi-Layer or Multi-Factor? Assessing IRS Fraud Fixes

With its online filing system badly abused by online scammers, the IRS is beefing up online checks to protect the integrity of online tax filing. Will multi-factor authentication be part of the mix?
Read more...

Point-of-Sale Attacks Leverage Weak Remote Security and Passwords

Weak remote security and passwords contribute to 94 percent of point-of-sale (PoS) breaches, according to a new Trustwave Global Security Report (PDF). These security issues led to compromises in the retail, hospitality and food and beverage industries.
Read more...

LastPass Breach

Lastpass announced that they detected and blocked what appears to be malicious activity on their network. According to their announcement account email addresses, password reminders, server per user salts and authentication hashes were compromised.
Read more...

The Weekly Ink #39

The Weekly Ink is the weekly newsletter brought to you by Duo Labs, with curated links of interest in the security world to help educate and entertain on security happenings and culture.
Read more...

New Security Guidelines Released for PCI DSS and PA-DSS

The Payment Card Industry Security Standards Council (PCI SSC) recently released updates and new guidelines for strengthening retailer data security and protecting customer payment data.
Read more...

OPM Security Audit: No Two-Factor Authentication

As the NYTimes.com reported, the Office of Personnel Management (OPM) completed a security audit in November of last year - but not before they were breached by attackers, putting four million personal data records at risk.
Read more...

Categories

Free Guide

Ebook: A Modern Guide to Retail Data Risks

Avoiding Catastrophic Data Breaches in the Retail Industry

Tags

phishing (18)  security news (17)  two-factor-authentication (15)  healthcare security (14)  passwords (14)  weekly ink (13)  malware (9)  cloud security (9)  infosec-evolution (9)  federal cybersecurity (9)  rsac2015 (8)  retail data breaches (7)  banking security (7)  duo mobile (7)  financial data breach (6)  2fa (6)  financial institutions (6)  stolen-passwords (6)  pci dss (6)  ooba (6)  encryption (5)  stolen credentials (5)  data breaches (5)  transaction-level 2fa (5)  atms (5)  webinar (5)  medical identity theft (4)  remote access security (4)  healthit (4)  hipaa (4)  data breach notification (4)  retail (4)  retail data security (4)  third-party security (4)  vulnerability (4)  bank security (4)  healthcare cybersecurity (4)  mobile security (4)  pos malware (4)  uk security (3)  health it (3)  anthem (3)  iot security (3)  rig exploit kit (3)  strong-authentication (3)  platform edition (3)  defense in depth (3)  otp bypass (3)  payment card breach (3)  media security (3)  law firm security (3)  ffiec (3)  twitter (3)  remote access attacks (3)  retail data risks (3)  ssl (3)  critical infrastructure security (3)  manufacturing security (3)  two-factor (3)  security threats (3)  dyre trojan (3)  target (3)  home depot (3)  higher education (3)  retail ebook (3)  e-prescriptions (3)  hipaa security rule (3)  google (3) 

Duo is hiring!

View our open positions

Subscribe to our Newsletter

Get product updates, interesting content, and invitations to online and live events.