Duo Security
Duo Security
Blog Post
  • Pawn Storm (aka Fancy Bear) has been attempting to phish webmail accounts for many years now, targeting U.S. senators and political organizations across the world, according to a recent Trend Micro report (PDF). Those include international and military organizations, Ministry of Defenses, Ministry of Foreign Affairs, intelligence units and defense contractors that provide IT services and engineer...

Duo Security
Duo Security
Blog Post
  • In a previous blog post, we highlighted why customers are replacing RSA with Duo Security. We discussed how companies are leveraging Duo’s modern security solution to help them solve fundamental security challenges around access management. Additionally, we discussed other major drivers that propelled these companies to migrate from RSA, which included improved end user experience, easy and intuit...

Duo Security
Duo Security
Blog Post
  • Every year during the holiday season, SANS publishes their annual Holiday Hack Challenge. These challenges are a great way to learn new and useful exploitation techniques to solve fun puzzles. The Duo Labs team always enjoys participating in the Holiday Hack Challenges, and have written about our solutions in the past. The challenges have been very polished, and this year is no exception. As alw...

Duo Security
Duo Security
Blog Post
  • The Bluetooth specification is huge and quite complex. As a researcher, it helps when looking at the various Internet of Things (IoT) devices to understand what a vendor of an IoT device actually implemented. This is important when one has to deal with environments where older and less secure Bluetooth implementations on older IoT devices have to interact with the new IoT devices which are capable...

Duo Security
Duo Security
Blog Post
  • Consumers need to work on their basic security hygiene, according to a Tenable consumer survey of 2,196 U.S. adults and their personal security practices. Generally, they found that the majority are lacking in their security habits - most don't use two-factor authentication (2FA) and some are not updating their devices in a timely manner. However, nearly all (94%) have heard news stories about sec...

Duo Security
Duo Security
Blog Post
  • The problem with authentication is that one factor doesn’t fit all — in fact, it hardly fits anything anymore. With a password being guessable and reusable, it’s a weak security control that can be attacked at scale. Adding a second factor to the mix bolsters that control, but it also starts adding friction to the login experience. CISOs now have to balance managing risk with multiple authenticati...

Duo Security
Duo Security
YouTube Video
  • This video explains how to synchronize users and groups with Duo Security from Active Directory (AD) using the Directory Sync feature and the Duo Authentication Proxy. Active Directory attributes that may already be populated include name, email address, phone numbers, and group memberships. To learn more about synchronizing users from Active Directory, read the documentation provided at https://d...

Duo Security
Duo Security
Blog Post
  • The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards established to secure credit card data. At this time, PCI DSS is in its third revision with the latest version 3.2 published in 2016. All organizations that are required to be PCI compliant will need to meet all updated requirements in v3.2. The specific multi-factor authentication (MFA) requirements in PCI v...

Duo Security
Duo Security
Blog Post
  • Challenges of Securing Healthcare Challenges today come in all shapes and sizes. The threat landscape in 2017 is vastly different than it was just 10 years ago. Technology capabilities, the workforce and speed to market are also vastly different than they were 10 years ago. So why do so many healthcare organizations approach protecting their critical assets the same way they did in 2007? Sure, h...

Duo Security
Duo Security
Blog Post
  • Recently, NIST published their second draft of the proposed update to the Framework for Improving Critical Infrastructure Cybersecurity, version 1.1. NIST also published a draft version 1.1 of their Roadmap for Improving Critical Infrastructure Cybersecurity, which includes updates on the following new topics: Cyber-Attack Lifecycle; Measuring Cybersecurity; Referencing Techniques; Small Business...

Duo Security
Duo Security
Blog Post
  • While developing Duo’s new reporting features, we wanted to make it easier for our customers to visualize authentications over time. This visualization allows customers to see trends over time and spot troublesome or suspicious authentications. The visualization we use is a basic histogram showing the number of authentications in a given time period. When displaying the last 24 hours of authent...

Duo Security
Duo Security
Blog Post
  • According to Oracle, the number one strategic priority for CIOs is to “Lead your company’s digital transformation, don’t just facilitate it.” We live in the information age today, and as capabilities evolve with advances in technology, communication channels and collaboration, innovation and speed are critical. Organizations are driven by consumerization and the need to put relevant data and info...

Duo Security
Duo Security
Blog Post
  • During this time of the year, holiday shopping can mean it’s harder for people to keep track of their online transactions and accounts - a disordered state of being that criminals are taking advantage of through phishing campaigns that target popular payment and ecommerce websites. PayPal Phishing Campaign A new phishing campaign has been recently found to target consumers via PayPal. The PayPal...

Duo Security
Duo Security
Blog Post
  • Since mid 2016, a group of security professionals and researchers from across the industry have been working on a new way to handle authentication and proving one’s identity on the internet without the help of passwords. WebAuthn and UAF The new standard known as Web Authentication, or WebAuthn for short, is a credential management API that will be built directly into popular web browsers. It al...

Duo Security
Duo Security
Blog Post
  • The misconfiguration of Amazon Web Services' (AWS) S3 (Amazon Simple Storage Service) buckets is a very common yet major error that can lead to the public exposure of large volumes of often highly-sensitive (and sometimes classified) data stored in a virtual environment. This isn’t a hack - it’s an internal IT infrastructure error that can leave data unprotected and available to anyone online. Mo...

Duo Security
Duo Security
Blog Post
  • In a technical paper released today, Duo Labs details research into two personal protection devices based on ARM Cortex M microcontrollers. Tools and techniques are shared, and a novel bypass affecting readback protection in one microcontroller is shown. The explosion of the Internet of Things in recent years has resulted in the proliferation of microcontrollers into devices that impact many aspe...

Duo Security
Duo Security
Blog Post
  • Shortly after Apple announced the iPhone X and Face ID back in September, the Duo team has been excited to test the security properties of this new technology, and consider how we would add support for facial recognition to Duo. There has been a lot of criticism about Face ID: its lack of ability to secure more than one face, questions about recognition speed, as well as privacy implications of 3...

Duo Security
Duo Security
Blog Post
  • Duo Security hosted a security summit on October 26th, inviting experienced security leaders with wide-ranging backgrounds for a Q&A panel discussion. The core question for the discussion: can security measures go further than simply not slowing down your organization’s productivity, and help to accelerate it instead? Keynote on Network De-Perimeterization and Evolving Security Jon Oberheide, Du...

Out-Market Your Competitors?

Get complete competitive insights on over 2.2 million companies to drive your marketing strategy.

Create Free Account Log in

By signing up, you agree to the Terms of Service and Privacy Policy.

Out-Market Your Competitors

Get complete competitive insights on over 2.2 million companies to drive your marketing strategy.

Create Free Account

Already a user?  Log in

By signing up, you agree to the Terms of Service and Privacy Policy.