Web security has moved from the Captain America approach — using one shield for self-defense: a password — to the Batman approach, where a utility belt of tools contains options for a variety of situations. One of the most important resources in that utility belt is two-factor authentication (2FA).
In our new ebook, Relieving the Pain Points of Federal IT Modernization, we discuss four key pain points federal agencies encounter part of their IT modernization initiatives and how they can find relief from them.
The cloud and mobility are pushing federal agencies to upgrade outdated systems in favor of more modern approaches. Hence the origin of the term “IT modernization.” There are several reasons federal agencies should consider modernizing their systems.
Last week Google discovered a zero-day vulnerability in Chrome that the Google Threat Analysis Group determined was being actively exploited in the wild. The vulnerability, tracked as CVE-2019-5786, resides in the web browsing software and impacts all major operating systems, including Windows, Apple macOS and Linux. Here's how Duo helps minimize your exposure to these types of exploits and vulnerabilities.
Here we shed some light on how Duo's Application Security team works and some of the lessons we've learned along the way towards creating a more mature Application Security team.
At RSA Conference, we'll announce the general availability of Touch ID as a WebAuthn MFA method in Google Chrome.
Recently at Duo Tech Talks we hosted Ofir Weisse for a phenomenal presentation on Foreshadow and Foreshadow-NG, the speculative execution side-channel attacks that stole the privileged enclave signing keys from Intel’s SGX platform and can read arbitrary host memory from a compromised VM.
Network providers are now readily available to support multi-agency communication during peak times and in rural areas, but first responders still face evolving challenges to protect victim and patient data.
To provide users and IT teams with actionable intelligence about Chrome extensions, Duo Labs is excited to announce the public beta of CRXcavator (rhymes with “excavator”), a free service that analyzes Chrome extensions and produces comprehensive security reports.
In Duo Labs' third phase of research into Apple’s T2 security chip, the Labs team looks at the T2 surface exposed to the macOS host after the boot process has completed. They show how the messaging format differs from traditional XPC and how valid packets can be constructed to interact with the T2 chip directly.