New phishing attacks are encrypting their web pages to appeal to users’ security sensibilities, while Gmail releases a suite of security tools to crack down on phishing emails.
You can't secure what you can't see. To shed light on who’s at risk, Duo has collected and analyzed our dataset of 4.6 million endpoints, completing over two hundred million authentications a month - all now available in The 2017 Duo Trusted Access Report.
In the wake of the widespread ransomware attack launched last Friday that has quickly spread worldwide, the Dept. of Health and Human Services (HHS) sent an email reminder to healthcare organizations, urging them to adhere to the Office for Civil Rights’ (OCR) ransomware guide published last year.
Organizations are exploring how to gain a competitive advantage by integrating information security and privacy with their business strategy, according to a 2017 cybersecurity report from PricewaterhouseCoopers (PwC).
Widespread Ransomware Attack Plagues Europe, Asia & U.K. Hospitals Industry News / Featured Article
A widespread, worm-like ransomware attack has shut down computers across Europe and Asia, hitting the Spanish telecom provider, Telefonica and operations in major U.K.-based health systems especially hard.
Yet another example of how SMS-based two-factor authentication is not secure can be seen in the recent Signalling System No. 7 (SS7) attacks in January. Malicious hackers redirected money from German customers’ banking accounts to their own accounts in a series of attacks, according to Ars Technica and Süddeutsche Zeitung.
According to the 10th edition of the Verizon Data Breach Investigations Report, 81 percent of hacking-related breaches leveraged stolen and/or weak passwords. Other trends include a jump in phishing, web application and ransomware attacks.
Education and healthcare are among the most frequently targeted industries, at least when it comes to the amount of stolen remote desktop protocol (RDP) logins up for sale on the dark web, according to an analysis of 85,000 servers from Flashpoint.
Duo signed a joint letter penned by Rapid7 recommending the addition of a vulnerability disclosure and handling process in the National Institute of Standard and Technology’s (NIST) cybersecurity framework.
One of the largest sustained global cyber espionage campaigns is targeting managed IT service providers (MSPs) in order to gain access to MSP customer networks, known as Operation Cloud Hopper.
Recently, Microsoft patched a vulnerability that could be used in phishing attacks to direct users to malicious websites. The security update is available in March’s Patch Tuesday, which included two months of updates and 18 security bulletins - 9 of which were rated as critical.
The FBI has issued a private industry notification to the healthcare industry, warning organizations that attackers are actively targeting FTP (File Transfer Protocol) servers to access protected health information.
This blog covers a talk given by Knight-Wallace journalists Bastian Obermayer and Laurent Richard discussing privacy and security challenges in investigative journalism.
There’s been a 32 percent increase in hacked sites from 2015 to 2016, with no expectations of the trend slowing down, according to Google. Here are some of the top ways that websites get hacked, and what you can do to protect your site against spammers.
Learn more about the Center for Internet Security’s Security Controls. In this blog, I cover the first control, Inventory of Authorized and Unauthorized Devices in more detail.
Today, Duo signed a joint letter in response to the Department of Commerce’s Green Paper, "Fostering the Advancement of the Internet of Things" to support cybersecurity policy in the Internet of Things (IoT) industry.
In honor of Women’s History Month, here are the wise words of a few making history at Duo...
To help raise awareness about gender disparity in infosec and honor those pushing ahead in the field, Duo’s Women in Security Awards have been awarded to two winners in the industry and academia - here’s their stories.
In October 2016, the Department of Defense (DoD) issued a final rule that requires contractors to implement information security guidelines no later than December 31, 2017.
Some of the biggest challenges in information security for the healthcare industry include EHR complexity, interoperability, dependencies and more.
Find out how to keep your user logins and access to data secure after the Cloudflare bug that leaked customer data online, including passwords, security keys and more.
Ira Winkler describes the phishing kill chain, and how both users and technology can help stop a phishing attack along its journey.
In addition to the theme of securing a new IT model without firewalls, another message I heard repeatedly in several keynotes at the 2017 RSA Conference was urging simplification and consolidation of security solutions and vendors.
Learn more about Google’s BeyondCorp and how they secured their perimeter-less IT model with a new approach to security, and find out how you can apply the same security principles with Duo Beyond.
Google, Facebook Amp Up Authentication With Security Keys Industry News / Featured Article
Now Facebook and Google Suite users can use a security key to authenticate and verify their identities during login.