Security news that informs and inspires

All Articles

2288 articles:

Key Updates to NIST’s Digital Identity Guidelines: SP 800-63-3

NIST has updated their Digital Identity Guidelines, SP 800-63-3 with final security recommendations - see the new standards that many industries, including government agencies and contractors, need to follow.

Nist, Identity, MFA

Security Hygiene Tips to Prevent Malware Infection & Stop Lateral Movement

From stopping the initial point of infection to narrowing its path of destruction, here are some tips from the US-CERT (United States Computer Emergency Readiness Team) to help organizations of all sizes stay safe.

Security Hygiene, Security Basics, Malware, Lateral Movement

PerhapsNotPetya Ransomware: What You Should Know

Two months after the global WannaCry ransomware outbreak, a new wormlike malware variant has more recently plagued 64 countries, disrupting operations worldwide. But is it actually ransomware? Here’s what you need to know.

Petya Ransomware, Wannacry, Windows Security

Opinion: 4 Reasons Why Organizations Can’t “Just Patch”

The WannaCry debacle and most recent MaybeNotPetya attack has revealed that there are countless unpatched systems - no big surprise. Here’s what’s keeping organizations vulnerable, and what we can do about it.

Ransomware, Wannacry, Petya, Patching

Bug Hunting: Drilling Into the Internet of Things (IoT)

In his latest bit of odd research, Duo Labs' Mark Loveless takes a closer look at IoT as he pulls apart a wireless drill, bit by bit.

Driving Headless Chrome with Python

Back in April, Google announced that it will be shipping Headless Chrome in Chrome 59. Since the respective flags are already available on Chrome Canary, the Duo Labs team thought it would be fun to test things out and also provide a brief introduction to driving Chrome using Selenium and Python.

Chrome Security

HHS Urges HIPAA Guidance for Dealing With Ransomware

In the wake of the widespread ransomware attack launched last Friday that has quickly spread worldwide, the Dept. of Health and Human Services (HHS) sent an email reminder to healthcare organizations, urging them to adhere to the Office for Civil Rights’ (OCR) ransomware guide published last year.

Ransomware, Wannacryptor, HIPAA Security Rule, Healthcare Security

Widespread Ransomware Attack Plagues Europe, Asia & U.K. Hospitals

A widespread, worm-like ransomware attack has shut down computers across Europe and Asia, hitting the Spanish telecom provider, Telefonica and operations in major U.K.-based health systems especially hard.

Ransomware, Wannacryptor, UK Cyber Security, Health Data Security, Hospital Security, Windows Security

Stop the Pwnage: 81% of Hacking Incidents Used Stolen or Weak Passwords

According to the 10th edition of the Verizon Data Breach Investigations Report, 81 percent of hacking-related breaches leveraged stolen and/or weak passwords. Other trends include a jump in phishing, web application and ransomware attacks.

Verizon DBIR 2017, Phishing, Ransomware, Web App Security, Web App Attacks, Rig Exploit Kit, Flash Vulnerabilities, Security Hygiene

The Dallas County Siren Hack

The emergency sirens were activated in Dallas County last Friday night at 11:42pm. First reported as a malfunction, it was later discovered to be a hack - here’s the technical details and why someone may have done it.

Iot Security

Microsoft Patch: Update to Fix Actively Exploited Vulnerabilities

Recently, Microsoft patched a vulnerability that could be used in phishing attacks to direct users to malicious websites. The security update is available in March’s Patch Tuesday, which included two months of updates and 18 security bulletins - 9 of which were rated as critical.

Microsoft, Microsoft Security, Phishing, Duo Beyond, Device Insight, Endpoint Remediation

Attackers Actively Targeting Healthcare’s FTP Servers

The FBI has issued a private industry notification to the healthcare industry, warning organizations that attackers are actively targeting FTP (File Transfer Protocol) servers to access protected health information.

Healthcare Data Privacy, Healthcare Cybersecurity, Healthcare Data Breach, Healthcare Security, HIPAA Breach

Privacy & Security Challenges in Investigative Journalism

This blog covers a talk given by Knight-Wallace journalists Bastian Obermayer and Laurent Richard discussing privacy and security challenges in investigative journalism.

Privacy, Journalist Security, Whistleblower Security, Securedrop, Tor

Website Security: Protecting Against Spammers

There’s been a 32 percent increase in hacked sites from 2015 to 2016, with no expectations of the trend slowing down, according to Google. Here are some of the top ways that websites get hacked, and what you can do to protect your site against spammers.

Website Security, Spammers, Phishing, Brute Force, Duo Beyond

Securing Access After the Cloudflare Bug & Data Leaks

The Cloudflare data leak impacted several sites using the popular CDN. Resetting session tokens and enabling 2FA can help affected sites protect their users' credentials.

Data Breaches, 2fa, Access Security, Cloud