The Duo Bulletin

Consumer Data Leaked; Finance Startup Lacks Database Security

Kreditech, a Germany-based consumer finance startup that lends money to consumers with little or no credit rating, was the target of the latest financial breach, as Brian Krebs reported.

Password Plight: Despite a Compromise, Two Factor Protects Data

A recent breach forced a video streaming and gaming community to reset all of their users’ passwords, forcing users to choose a new password after their next login, according to

New POS Malware Steals Passwords for Remote Access; Breaching Retailers

Retail data breaches are up 10 percent, as Mandiant's M-Threat report found. Attackers are continuing to cash in by using malware designed especially for breaching retailer systems, stealing customer payment data, and retailer login credentials.

Premera's IT Security Audit Report Revealed Lack of Multi-Factor Authentication

Back at the end of November 2014, the Office of Personnel Management (OPM) released an IT security audit report on the state of Premera’s security profile, noting a gap in access controls. A few months later, Premera discovered a breach of their systems that may have compromised the medical and financial data of 11 million individuals.

The Weekly Ink #28

The Weekly Ink is the weekly newsletter brought to you by Duo Labs, with curated links of interest in the security world to help educate the company - and anyone else who will listen - on security happenings and culture.

Healthcare Data in the Crosshairs

Predictions that 2015 would be a year of ‘healthcare breaches’ are proving prescient, as another massive security incident comes to light.

FISMA Report Reveals Federal Agencies Struggle with Strong Authentication

The annual Federal Information Security Management Act (FISMA) report (PDF) for Congress published Feb. 27 reveals a 15 percent increase in information security incidents impacting federal agencies last year, totalling nearly 70,000 events, recognizing that “strong authentication remains a key challenge.”

Authentication-Based Attacks Target Energy & Critical Manufacturing Industries

The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) finds that the energy sector reported the highest number of security incidents in 2014 at 32 percent, while the critical manufacturing industry came in second at 27 percent, in their most recent Monitor newsletter.

Protecting Against Remote Access Attacks With Strong Authentication

In most breach cases, a devious lone hacker, or an army of state-sponsored foreign attackers are among the defendants named in the media. But former employees may also pose a serious risk, as an FBI press release about a security breach case involving a New York company and former employee revealed a few weeks ago.

Criminals Leverage Apple Pay for Fraud; Banks Boost Authentication Security

As The Wall Street Journal reported, criminals are loading stolen credit card data on iPhones in order to make fraudulent purchases, taking advantage of lax bank security requirements for authentication.

Cloud Security Concerns Call for New Security Controls

A new study from CloudPassage, the LinkedIn Cloud Security Spotlight Report, has found that in order to secure the cloud, information security professionals are moving away from perimeter-based security models.

Apps Implement Multifactor Authentication After Mobile Breaches

Mobile apps that take on the work of online banks need also take on the responsibility of security. This could be seen in the recent Slate article detailing the hack of a web developer’s account with Venmo...

Point-of-Sale Malware Continues to Plague Retailers in 2015

If you have credit card data, they will come. While retail data breaches appeared to be in vogue last year, they haven’t exactly gone out of style quite yet - Zoup, a soup eatery chain, and Natural Grocers, a health food chain may be victims of credit card theft, according to Brian Krebs.

UK Banks in Need of Stronger Authentication Security

Security company Bronzeye has reported the possibility of a bypass of two-factor authentication (referred to as ‘two-step authentication’) used by a large UK bank, as the Financial Times reported.

The VA Spends on InfoSec; Updates Planned for Cloud, Mobile & EHR

The Department of Veteran Affairs is seeking to increase its information security budget from $156 million in 2015 to $180.3 million in 2016, a 16 percent increase, according to Federal Computer Week.


Free Guide

Two-Factor Authentication Evaluation Guide

This guide walks through some of the key areas of differentiation between two-factor authentication solutions and provides some concrete criteria for evaluating technologies and vendors.


phishing (16)  two-factor-authentication (15)  passwords (13)  healthcare security (12)  cloud security (8)  malware (7)  financial data breach (6)  ooba (6)  federal cybersecurity (5)  financial institutions (5)  transaction-level 2fa (5)  stolen-passwords (5)  atms (5)  2fa (5)  retail data breaches (5)  security news (5)  encryption (5)  webinar (5)  pci dss (4)  healthcare cybersecurity (4)  data breaches (4)  data breach notification (4)  banking security (4)  hipaa (4)  retail (4)  stolen credentials (4)  bank security (4)  healthit (4)  otp bypass (3)  twitter (3)  e-prescriptions (3)  pos malware (3)  defense in depth (3)  anthem (3)  home depot (3)  hipaa security rule (3)  manufacturing security (3)  critical infrastructure security (3)  two-factor (3)  strong-authentication (3)  remote access security (3)  medical devices (3)  iot security (3)  health it (3)  third-party security (3)  target (3)  retail ebook (3)  vulnerability (3)  mobile security (3)  rig exploit kit (3) 

Duo is hiring!

View our open positions

Follow Us

Subscribe to our Newsletter

Get product updates, interesting content, and invitations to online and live events.