Security news that informs and inspires

All Articles

1651 articles:

The State of Real-Time Threat Detection

An overview of tracking ransomware payments, tools to fight ransomware attacks, 3D printing security concerns and more from Black Hat 2017 and DEF CON 25 talks this year.

Black Hat, Defcon, Ransomware, 3d Printing Security

NIST’s New Security and Privacy Controls For IoT, MFA and SSO

NIST releases a new version of their Security and Privacy Controls, addressing new risks posed by the latest technology - the Internet of Things, plus guidance on combining single sign-on and multi-factor authentication.

Nist, Iot Security, Privacy, Mfa, Sso

Dissecting Security Hardware at Black Hat and DEF CON

Get insights into how to assess security hardware, including experimentations in counterfeiting U2F authentication tokens, different weaknesses in the hardware components of encrypted USB keys and more.

Usb Security, Token, Yubikey, Black Hat, Defcon

Phishing Vulnerability Exposed with Recently Patched Windows Vulnerability

A recently patched, high-severity Windows vulnerability, CVE-2017-0199, is being used in phishing attacks to deliver malware to users - hitting 1.5 million users in Q2 of this year.

Phishing, Microsoft Office Security

Security Anthropology: How Do Organizations Differ?

Different types of organizations have different threat profiles - instead of classic benchmarking, which can be problematic, researching and creating organizational personas can help us better understand how they approach security issues.

Information Security, Security Anthropology

Examining Security Science at Black Hat 2017

Learn about the complexities of conducting security science and phishing tests - the psychological dynamics, validity of security usability studies, ethical issues, hallway testing and more.

Phishing, Black Hat

Hunting Malicious npm Packages

Duo Labs analyzes npm packages and how attackers can use malicious packages to gain access to and control over systems.

Npm Packages

Security Conference OPSEC

Get security conference OPSEC (operational security) tips from a senior security researcher who has seen it all - from trading trust for convenience to unattended personal items, learn how to lock it down when you’re on the road.

Opsec, Operational Security, Security Conference Tips, Defcon, Black Hat

Key Updates to NIST’s Digital Identity Guidelines: SP 800-63-3

NIST has updated their Digital Identity Guidelines, SP 800-63-3 with final security recommendations - see the new standards that many industries, including government agencies and contractors, need to follow.

Nist, Identity, Mfa

Security Hygiene Tips to Prevent Malware Infection & Stop Lateral Movement

From stopping the initial point of infection to narrowing its path of destruction, here are some tips from the US-CERT (United States Computer Emergency Readiness Team) to help organizations of all sizes stay safe.

Security Hygiene, Security Basics, Malware, Lateral Movement

PerhapsNotPetya Ransomware: What You Should Know

Two months after the global WannaCry ransomware outbreak, a new wormlike malware variant has more recently plagued 64 countries, disrupting operations worldwide. But is it actually ransomware? Here’s what you need to know.

Petya Ransomware, Wannacry, Windows Security

Opinion: 4 Reasons Why Organizations Can’t “Just Patch”

The WannaCry debacle and most recent MaybeNotPetya attack has revealed that there are countless unpatched systems - no big surprise. Here’s what’s keeping organizations vulnerable, and what we can do about it.

Ransomware, Wannacry, Petya, Patching

Bug Hunting: Drilling Into the Internet of Things (IoT)

In his latest bit of odd research, Duo Labs' Mark Loveless takes a closer look at IoT as he pulls apart a wireless drill, bit by bit.

Driving Headless Chrome with Python

Back in April, Google announced that it will be shipping Headless Chrome in Chrome 59. Since the respective flags are already available on Chrome Canary, the Duo Labs team thought it would be fun to test things out and also provide a brief introduction to driving Chrome using Selenium and Python.

Chrome Security

HHS Urges HIPAA Guidance for Dealing With Ransomware

In the wake of the widespread ransomware attack launched last Friday that has quickly spread worldwide, the Dept. of Health and Human Services (HHS) sent an email reminder to healthcare organizations, urging them to adhere to the Office for Civil Rights’ (OCR) ransomware guide published last year.

Ransomware, Wannacryptor, Hipaa Security Rule, Healthcare Security