Security news that informs and inspires

All Articles

511 articles:

Widespread Ransomware Attack Plagues Europe, Asia & U.K. Hospitals

A widespread, worm-like ransomware attack has shut down computers across Europe and Asia, hitting the Spanish telecom provider, Telefonica and operations in major U.K.-based health systems especially hard.

Ransomware, Wannacryptor, UK Cyber Security, Health Data Security, Hospital Security, Windows Security

Stop the Pwnage: 81% of Hacking Incidents Used Stolen or Weak Passwords

According to the 10th edition of the Verizon Data Breach Investigations Report, 81 percent of hacking-related breaches leveraged stolen and/or weak passwords. Other trends include a jump in phishing, web application and ransomware attacks.

Verizon DBIR 2017, Phishing, Ransomware, Web App Security, Web App Attacks, Rig Exploit Kit, Flash Vulnerabilities, Security Hygiene

The Dallas County Siren Hack

The emergency sirens were activated in Dallas County last Friday night at 11:42pm. First reported as a malfunction, it was later discovered to be a hack - here’s the technical details and why someone may have done it.

IoT Security

Microsoft Patch: Update to Fix Actively Exploited Vulnerabilities

Recently, Microsoft patched a vulnerability that could be used in phishing attacks to direct users to malicious websites. The security update is available in March’s Patch Tuesday, which included two months of updates and 18 security bulletins - 9 of which were rated as critical.

Microsoft, Microsoft Security, Phishing, Duo Beyond, Device Insight, Endpoint Remediation

Attackers Actively Targeting Healthcare’s FTP Servers

The FBI has issued a private industry notification to the healthcare industry, warning organizations that attackers are actively targeting FTP (File Transfer Protocol) servers to access protected health information.

Healthcare Data Privacy, Healthcare Cybersecurity, Healthcare Data Breach, Healthcare Security, HIPAA Breach

Privacy & Security Challenges in Investigative Journalism

This blog covers a talk given by Knight-Wallace journalists Bastian Obermayer and Laurent Richard discussing privacy and security challenges in investigative journalism.

Privacy, Journalist Security, Whistleblower Security, SecureDrop, Tor

Website Security: Protecting Against Spammers

There’s been a 32 percent increase in hacked sites from 2015 to 2016, with no expectations of the trend slowing down, according to Google. Here are some of the top ways that websites get hacked, and what you can do to protect your site against spammers.

Website Security, Spammers, Phishing, Brute Force, Duo Beyond

Securing Access After the Cloudflare Bug & Data Leaks

The Cloudflare data leak impacted several sites using the popular CDN. Resetting session tokens and enabling 2FA can help affected sites protect their users' credentials.

Data Breaches, 2FA, Access Security, Cloud

Flipping Bits and Opening Doors: Reverse Engineering the Linear Wireless Security DX Protocol

A security researcher on the Duo Labs team details how he found several vulnerabilities in a wireless physical security system.

Reverse Engineering, Dx Protocol, Wireless Security, Labs Research

You Got the Touch: First Impressions of the 2017 MacBook Pro

Here are some first impressions of a resident Apple nerd’s experience with the 2017 MacBook Pro with Touch Bar, including a review of the Secure Enclave Processor and Touch ID from a security perspective.

Apple Touch Id, Macos

Google, Facebook Amp Up Authentication With Security Keys

Now Facebook and Google Suite users can use a security key to authenticate and verify their identities during login.

2FA, Google, Facebook, Security Keys, MFA

Banking Malware Dridex Targets U.K. Financial Institutions

A number of U.K.-based financial institutions were hit by a wave of financial banking malware, delivered via phishing email campaigns. Dridex is back this year with new techniques to bypass security and steal user data.

Financial Data Security, Banking Malware, Banking Trojans, Dridex

The Latest Phishing Attacks Target Gmail, Microsoft Word & Android Apps

Recently, phishing attacks against Gmail users, a major U.S. financial services provider, and Android app users have revealed unique ways to deliver malware and steal login credentials.

Phishing, Google, Microsoft, Android

The Weird World of Attribution

Duo Labs researcher Mark Loveless explores the importance of attribution and how it can be helpful if your company is attacked.

Security Research

Why the MongoDB Ransomware Shouldn’t Surprise Anyone

Recent reports have discovered MongoDB instances being targeted with ransomware, with over 28,000 unique cases of ransomware from multiple actors targeting MongoDB hosts. Learn about exposed instances and get some helpful tips and resources on securing a MongoDB deployment.

MongoDB, Ransomware, Database Security