SEARCH
All Articles
Bug Hunting: Drilling Into the Internet of Things (IoT)
In his latest bit of odd research, Duo Labs' Mark Loveless takes a closer look at IoT as he pulls apart a wireless drill, bit by bit.
Driving Headless Chrome with Python
Back in April, Google announced that it will be shipping Headless Chrome in Chrome 59. Since the respective flags are already available on Chrome Canary, the Duo Labs team thought it would be fun to test things out and also provide a brief introduction to driving Chrome using Selenium and Python.
HHS Urges HIPAA Guidance for Dealing With Ransomware
In the wake of the widespread ransomware attack launched last Friday that has quickly spread worldwide, the Dept. of Health and Human Services (HHS) sent an email reminder to healthcare organizations, urging them to adhere to the Office for Civil Rights’ (OCR) ransomware guide published last year.
Widespread Ransomware Attack Plagues Europe, Asia & U.K. Hospitals
A widespread, worm-like ransomware attack has shut down computers across Europe and Asia, hitting the Spanish telecom provider, Telefonica and operations in major U.K.-based health systems especially hard.
Stop the Pwnage: 81% of Hacking Incidents Used Stolen or Weak Passwords
According to the 10th edition of the Verizon Data Breach Investigations Report, 81 percent of hacking-related breaches leveraged stolen and/or weak passwords. Other trends include a jump in phishing, web application and ransomware attacks.
The Dallas County Siren Hack
The emergency sirens were activated in Dallas County last Friday night at 11:42pm. First reported as a malfunction, it was later discovered to be a hack - here’s the technical details and why someone may have done it.
Microsoft Patch: Update to Fix Actively Exploited Vulnerabilities
Recently, Microsoft patched a vulnerability that could be used in phishing attacks to direct users to malicious websites. The security update is available in March’s Patch Tuesday, which included two months of updates and 18 security bulletins - 9 of which were rated as critical.
Attackers Actively Targeting Healthcare’s FTP Servers
The FBI has issued a private industry notification to the healthcare industry, warning organizations that attackers are actively targeting FTP (File Transfer Protocol) servers to access protected health information.
Privacy & Security Challenges in Investigative Journalism
This blog covers a talk given by Knight-Wallace journalists Bastian Obermayer and Laurent Richard discussing privacy and security challenges in investigative journalism.
Website Security: Protecting Against Spammers
There’s been a 32 percent increase in hacked sites from 2015 to 2016, with no expectations of the trend slowing down, according to Google. Here are some of the top ways that websites get hacked, and what you can do to protect your site against spammers.
Securing Access After the Cloudflare Bug & Data Leaks
The Cloudflare data leak impacted several sites using the popular CDN. Resetting session tokens and enabling 2FA can help affected sites protect their users' credentials.
Flipping Bits and Opening Doors: Reverse Engineering the Linear Wireless Security DX Protocol
A security researcher on the Duo Labs team details how he found several vulnerabilities in a wireless physical security system.
You Got the Touch: First Impressions of the 2017 MacBook Pro
Here are some first impressions of a resident Apple nerd’s experience with the 2017 MacBook Pro with Touch Bar, including a review of the Secure Enclave Processor and Touch ID from a security perspective.
Google, Facebook Amp Up Authentication With Security Keys
Now Facebook and Google Suite users can use a security key to authenticate and verify their identities during login.
Banking Malware Dridex Targets U.K. Financial Institutions
A number of U.K.-based financial institutions were hit by a wave of financial banking malware, delivered via phishing email campaigns. Dridex is back this year with new techniques to bypass security and steal user data.