SEARCH
All Articles
Evasive Brute-Force Attacks Target Office 365 Accounts
There’s a new sneaky brute-force attack targeting unprotected enterprise Office 365 accounts, including those in the manufacturing, financial services, healthcare industries.
New York Cybersecurity Regulations in Effect for Financial Services
New York-based banks, insurance companies and other financial services must comply with finalized cybersecurity regulations - here’s a summary of the mandatory provisions and components of a cybersecurity program.
An Analysis of BlueBorne: Bluetooth Security Risks
Cut through the FUD (Fear, Uncertainty & Doubt) with a Duo Labs analysis of the recent series of Bluetooth vulnerabilities known as BlueBorne - and get our mitigation recommendations on how to keep your devices safe.
Securing Access to Data Stored in Amazon S3 Buckets
There have been countless examples of misconfigured access to Amazon S3 buckets containing massive amounts of sensitive data - here’s how you can configure granular access policies and use MFA to protect your data in the cloud.
Cloud Auth - Are You Doing Enough?
What does it take to secure your cloud applications and data? Technology today has made it possible to require stronger authentication controls for access to business-critical applications.
Universities Targeted by Increasing Phishing & Ransomware Attacks
Malicious attacks against U.K. universities have doubled in the past year - find out how to protect against ransomware and phishing attacks that target research data.
The State of the Breach in Healthcare: A Look at 2017 So Far
See how many healthcare data breaches have been reported so far in 2017, how many are due to hacking, what areas are lacking in security protection, how many ransomware attacks have targeted healthcare and more.
New Critical Infrastructure Security Recommendations from NIAC
A White House advisory group, The President’s National Infrastructure Advisory Council (NIAC), has released an 11-step report urging the Administration to take action to protect against “a watershed, 9/11-level cyber attack.”
The State of Real-Time Threat Detection
An overview of tracking ransomware payments, tools to fight ransomware attacks, 3D printing security concerns and more from Black Hat 2017 and DEF CON 25 talks this year.
NIST’s New Security and Privacy Controls For IoT, MFA and SSO
NIST releases a new version of their Security and Privacy Controls, addressing new risks posed by the latest technology - the Internet of Things, plus guidance on combining single sign-on and multi-factor authentication.
Dissecting Security Hardware at Black Hat and DEF CON
Get insights into how to assess security hardware, including experimentations in counterfeiting U2F authentication tokens, different weaknesses in the hardware components of encrypted USB keys and more.
Phishing Vulnerability Exposed with Recently Patched Windows Vulnerability
A recently patched, high-severity Windows vulnerability, CVE-2017-0199, is being used in phishing attacks to deliver malware to users - hitting 1.5 million users in Q2 of this year.
Security Anthropology: How Do Organizations Differ?
Different types of organizations have different threat profiles - instead of classic benchmarking, which can be problematic, researching and creating organizational personas can help us better understand how they approach security issues.
Examining Security Science at Black Hat 2017
Learn about the complexities of conducting security science and phishing tests - the psychological dynamics, validity of security usability studies, ethical issues, hallway testing and more.
Hunting Malicious npm Packages
Duo Labs analyzes npm packages and how attackers can use malicious packages to gain access to and control over systems.