Duo Security will be exhibiting at VMworld 2015, hosted at the Moscone Center in San Francisco, California from August 30-September 3!
There’s a new iOS vulnerability that may affect enterprises that use mobile device management (MDM) applications and clients, potentially exposing sensitive configuration settings, credentials, server information and more.
Two weeks ago, we tasked Kyle from our Research and Development team with covering some common themes discussed at Black Hat and DEF CON. We want to bring these issues to both the security community that was in Vegas at the cons and those who kept an eye on the action from the outside.
Remote Access Trojans (RATs) have traditionally been known as tools that perform tasks such as installing additional malware or stealing files from an infected computer. They are often bundled with enticing software like free games or system utilities. RATs are nothing new, but their usage and related attack methods have changed recently in interesting ways.
> An electronic health record (EHR) system provider has been breached, affecting 11 healthcare provider clients and 44 total radiology centers of the Indiana-based company, Medical Informatics Engineering (MIE).
> Nine people were charged for hacking, securities and wire fraud, as well as insider trading on Tuesday. Over a period of five years, hackers breached press release syndication websites, including Business Wire, PR Newswire and Marketwired and stole more than 150,000 press releases that revealed information on publicly traded companies.
Understanding Your Exposure to Stagefright Vulnerabilities Duo Labs / Featured Article
By now you have no doubt heard about the vulnerabilities made public in a component of the Android Operating System that may give an attacker complete control over affected devices via something as simple as a multimedia message (MMS). But, just in case you have been hiding in a cave the last couple of weeks let's quickly review what we know about this issue today.
> As has often been the case with old technology that stays in use in the modern era, several concrete hacks have been demonstrated against satellite communication technology.
Kyle Lady of Duo Labs covers talks about the human factor — from social engineering to human vulnerability scanning — at DEF CON and Black Hat 2015.
“Deep learning” was a phrase that came up many times during Black Hat. It seems to have quickly risen to relative prominence, and it certainly merits discussion: the broad field of machine learning often can be and is applied, and developments in the field have definite potential to help the security field make better sense of the data.
In case you haven’t already heard the news, Google and Adobe just killed a popular information leak technique in the most recent version of Flash (v188.8.131.52). Mozilla went so far as to block Flash entirely.
According to a report from McAfee, Dissecting the Top Five Network Attack Methods: A Thief’s Perspective (PDF), the top network attack methods include network abuse (42 percent) and browser attacks (36 percent).
Financial credentials and data are often stolen due to major mobile app flaws, including authentication bypass, privilege escalation and weak password security.
Last week we [announced](//company/press-releases/duo-security-expands-research-division-adding-four-top-industry-experts) the addition of more big brains to the Duo Labs research team. This, of course, is not to say that the existing team members were not doing a valiant and impressive job, but more to announce our expanded and renewed focus on applied security research. The new members of our team are myself, as the director of security research, as well as Mikhail Davidov, Mark Loveless and Darren Kemp who have joined our existing team.
According to a new report, the Infoblox DNS Threat Index (PDF), phishing is growing in a big way, increasing 74 percent in the second quarter of 2015.
Reactions to the remote Jeep hacking incident include less-than-secure patching methods and a new automobile infosec bill proposal.
Vulnerability Disclosures, Discussions and Days Gone By... Duo Labs / Featured Article
Check out a timeline of the vulnerability disclosure debate brought to you by Duo Labs!