New York-based banks, insurance companies and other financial services must comply with finalized cybersecurity regulations - here’s a summary of the mandatory provisions and components of a cybersecurity program.
A new guide has been released by Duo, Healthcare Information Security - a collection of relevant articles on the latest information security themes in the healthcare industry. Download it today!
There have been countless examples of misconfigured access to Amazon S3 buckets containing massive amounts of sensitive data - here’s how you can configure granular access policies and use MFA to protect your data in the cloud.
Malicious attacks against U.K. universities have doubled in the past year - find out how to protect against ransomware and phishing attacks that target research data.
See how many healthcare data breaches have been reported so far in 2017, how many are due to hacking, what areas are lacking in security protection, how many ransomware attacks have targeted healthcare and more.
A White House advisory group, The President’s National Infrastructure Advisory Council (NIAC), has released an 11-step report urging the Administration to take action to protect against “a watershed, 9/11-level cyber attack.”
NIST releases a new version of their Security and Privacy Controls, addressing new risks posed by the latest technology - the Internet of Things, plus guidance on combining single sign-on and multi-factor authentication.
A recently patched, high-severity Windows vulnerability, CVE-2017-0199, is being used in phishing attacks to deliver malware to users - hitting 1.5 million users in Q2 of this year.
New NIST guidelines recommend using long passphrases instead of seemingly complex passwords - check out a summary of the new best practices for password security in NIST’s SP 800-63B.
Access security and identity have evolved quickly over the years - here’s what to look for in a modern two-factor authentication solution.
NIST has updated their Digital Identity Guidelines, SP 800-63-3 with final security recommendations - see the new standards that many industries, including government agencies and contractors, need to follow.
If you’re heading to Las Vegas for a week of back-to-back conferences, well, we are too. And we’ll be there with a new tool demo, book signing, plus several parties & awesome DJs.
In part 2 of our series, Moving Behind the Perimeter: How to Implement the BeyondCorp Security Model, we walk you through how to build a new enterprise security model within your organization, the different stages involved, and questions to ask along the way.
From stopping the initial point of infection to narrowing its path of destruction, here are some tips from the US-CERT (United States Computer Emergency Readiness Team) to help organizations of all sizes stay safe.
In Duo’s latest white paper, Principal Security Strategist Wendy Nather explains the theory behind Google’s BeyondCorp security model, the different components required and the overall security architecture. Download the full paper to learn more.
Two months after the global WannaCry ransomware outbreak, a new wormlike malware variant has more recently plagued 64 countries, disrupting operations worldwide. But is it actually ransomware? Here’s what you need to know.
The healthcare industry is faced with many inherent challenges and barriers to security adoption - here’s the latest security recommendations from the HHS Cybersecurity Task Force.
New phishing attacks are encrypting their web pages to appeal to users’ security sensibilities, while Gmail releases a suite of security tools to crack down on phishing emails.
You can't secure what you can't see. To shed light on who’s at risk, Duo has collected and analyzed our dataset of 4.6 million endpoints, completing over two hundred million authentications a month - all now available in The 2017 Duo Trusted Access Report.
In the wake of the widespread ransomware attack launched last Friday that has quickly spread worldwide, the Dept. of Health and Human Services (HHS) sent an email reminder to healthcare organizations, urging them to adhere to the Office for Civil Rights’ (OCR) ransomware guide published last year.
Organizations are exploring how to gain a competitive advantage by integrating information security and privacy with their business strategy, according to a 2017 cybersecurity report from PricewaterhouseCoopers (PwC).
Widespread Ransomware Attack Plagues Europe, Asia & U.K. Hospitals Industry News / Featured Article
A widespread, worm-like ransomware attack has shut down computers across Europe and Asia, hitting the Spanish telecom provider, Telefonica and operations in major U.K.-based health systems especially hard.
Yet another example of how SMS-based two-factor authentication is not secure can be seen in the recent Signalling System No. 7 (SS7) attacks in January. Malicious hackers redirected money from German customers’ banking accounts to their own accounts in a series of attacks, according to Ars Technica and Süddeutsche Zeitung.
According to the 10th edition of the Verizon Data Breach Investigations Report, 81 percent of hacking-related breaches leveraged stolen and/or weak passwords. Other trends include a jump in phishing, web application and ransomware attacks.
Education and healthcare are among the most frequently targeted industries, at least when it comes to the amount of stolen remote desktop protocol (RDP) logins up for sale on the dark web, according to an analysis of 85,000 servers from Flashpoint.