A Security Audit of Third-Party AWS S3 Tools
We analyzed the security of several third-party AWS S3 tools to find out why so many S3 buckets with sensitive information have been made public, seemingly unintentionally. Here's what we found.
We analyzed the security of several third-party AWS S3 tools to find out why so many S3 buckets with sensitive information have been made public, seemingly unintentionally. Here's what we found.
The top malware infection vector is our age-old friend, phishing, while stolen credentials are popular for lateral movement - see more insights from Symantec's latest Internet Security Threat Report.
Duo Labs security researchers show how to bypass microcontroller interfaces used for internet of things (IoT) devices - these invasive attacks require physical access to typical microcontrollers.
In February, Duo released CloudMapper, an AWS environment visualization tool, to the developer community. In this blog post, we explore several potential misconfigurations that can lead to security problems.
Duo Labs performed an analysis of Objective-C binaries running on managed macOS endpoints in enterprise environments, using the Interactive Disassembler (IDA Pro) to perform disassembly and decompilation of the binaries.
Today we are pleased to announce a new open-source tool from Duo Security for easily analyzing CloudTrail logs from Amazon Web Services (AWS)!
This blog post describes a new vulnerability class that affects SAML-based single sign-on (SSO) systems. This vulnerability can allow an attacker with authenticated access to trick SAML systems into authenticating as a different user without knowledge of the victim user’s password.
Today we are pleased to announce a new open-source tool from Duo Security for visualizing Amazon Web Services (AWS) cloud environments!
The Duo Labs team analyzes the Bluetooth security of several different personal protection devices to shed light on how secure these devices are, and if they can be tracked remotely or reveal identifying information.
By juggling different factors to rebalance the risk, you’re employing adaptive authentication: adapting to the current estimated level of risk at the time of login. If you think of authentication factors as being like a hand of cards, you can play the cards that you think are appropriate at each point in your game.