Security news that informs and inspires

All Articles

863 articles:

Are You Your Phone Number? Identity in Mobile Apps

We tend to think of phone numbers as part of our identity, and that impression is reinforced when we use our phone numbers to register for mobile apps. For many mobile apps, however, phone number is a handy username. We are still looking for a proper identifier in the mobile world.

Mobile, Authentication, Identity Proofing

Guide to Securing Your Online Accounts

There is no point in worrying whether attackers can abuse account recovery to take control of your account, if the attacker can just bypass basic controls and access your account. Here is a list of recommended security settings for the 12 popular services we looked at.

Labs Research, Account Security

How Popular Web Services Handle Account Recovery

An examination of 12 popular web services show distinct differences in how different providers implement account recovery. They all have different options, but Facebook and GitHub offers some of the best security options on the list.

Labs Research, Account Security

Decipher: Security Without Fear

Decipher is designed to bring security news and information out of the dark and into the light.

Decipher

Two-Step Verification or Two Factor: 90% Don’t Use it to Protect Gmail

Less than 10 percent of active Google accounts use two-step verification (2SV) to secure access to their services, like Gmail. While experts commonly favor using two-factor authentication or password managers, these tools are virtually absent from the security posture of regular users.

2fa, Google

Phishing Campaign Targets U.S. Senators & Political Organizations

Pawn Storm (aka Fancy Bear) has been attempting to phish webmail accounts for many years now, targeting U.S. senators and political organizations across the world, according to a recent Trend Micro report.

Phishing, 2fa, Biometrics, Mfa

Understanding Bluetooth Security

When it comes to Internet of Things (IoT) security research, you may run into roadblocks examining Bluetooth pairing and encryption between older devices and new ones - this blog post explains what you need to know to overcome them.

Labs Research, Bluetooth Security, Iot Security

Examining Personal Protection Devices: Hardware and Firmware Research Methodology in Action

In a technical paper released today, Duo Labs details research into two personal protection devices based on ARM Cortex M microcontrollers. These devices allow wearers to notify people of their well-being.

Iot Security, Personal Protection Devices

What You Need to Know About Complying With GDPR

Have questions about the E.U.'s General Data Protection Regulation (GDPR)? Get non-scary advice on the basics of complying, and what you need to do to protect your organization.

Gdpr, General Data Protection Regulation, Uk Security

Malicious Chrome Extensions Steal Passwords & CPU Power

A number of recent malicious Google Chrome extensions that steal user data and CPU have slipped into the Chrome Web Store, disguised as ad blockers, security tools and URL shorteners. Users beware of shady extensions in the Chrome Web Store...

Chrome Security, Stolen Passwords

Protecting Against Bad Rabbit Ransomware Infection

A new severe variation of the Not-Petya ransomware has infected mainly Russian users - here’s how it spreads and how to protect against it.

Ransomware, Smb Security, Drive by Malware

SSH Key Exposure: Lapses in Server Access Security

The exposure of SSH keys to public websites or code repositories can result in unauthorized admin access to your servers and systems.

Ssh Security, Ssh Keys, Server Security, Aws Security

Bluetooth Hacking Tools Comparison

The Duo Labs security research team compares the features and capabilities of several Bluetooth scanners and software to best assist you in your security and IoT research.

Labs Research, Bluetooth Security, Bluetooth Hacking

Explaining KRACK: A Critical Attack Affecting A Wi-Fi Security Protocol

Learn about KRACK (key reinstallation attacks), the serious WPA2 vulnerabilities and how it impacts authentication and certain platforms, plus caveats on how the attack can work in the real world.

Wpa2 Security, Wi Fi Security, Krack

Evasive Brute-Force Attacks Target Office 365 Accounts

There’s a new sneaky brute-force attack targeting unprotected enterprise Office 365 accounts, including those in the manufacturing, financial services, healthcare industries.

Mfa, Sso, Cloud