Duo's Security Blog

AUGUST 30, 2022

When Engineering Manager Ian Beals joined Duo Security, he was eager to participate in the activities that make Duo culture unique. One such tradition is Duo Hack Day (DHD), a semiannual event in which employees from all over the organization collaborate on projects that contribute to Duo and honor one of Duo’s core values: learning together.

Hacking 65

Hacking Engineering Cybersecurity 65

Krebs on Security

JUNE 22, 2022

RUSdot is the successor forum to Spamdot , a far more secretive and restricted forum where most of the world’s top spammers, virus writers and cybercriminals collaborated for years before the community’s implosion in 2010. “Thanks to you, we are now developing in the field of information security and anonymity!,”

Advertising 275

Advertising Cybercrime System Administration Hacking 275

Security Affairs

MAY 21, 2020

Santander Consumer Bank, the Belgian branch of the bank, had a misconfiguration in its blog domain that was allowing its files to be indexed. Our new research recently discovered a security issue with Santander , the 5th largest bank in Europe and the 16th largest in the world. or critical information from the blog?

Banking 112

Banking Advertising Marketing Phishing 112

BH Consulting

APRIL 18, 2024

Emerging security threats and trends Who doesn’t enjoy some future-gazing? Second on the list, up from tenth last year, is the skill shortage in security workforces. Real security for artificial intelligence We’re now well into Q2 2024 and there’s no point putting it off any longer: it’s time to talk about AI.

Artificial Intelligence 69

Artificial Intelligence CISO Cybersecurity Data breaches 69

eSecurity Planet

DECEMBER 13, 2021

Cybersecurity Infrastructure and Security Agency (CISA) is continuing to put its weight behind efforts to protect enterprise systems. Researchers at Talus, Cisco’s threat intelligence business, wrote in a blog post that they detected a lead time between mass scans from bad actors and the callbacks from vulnerable systems.

Cybersecurity 143

Cybersecurity Software Government Threat Detection 143

Hackology

SEPTEMBER 4, 2023

In addition to increasing engagement, video technology can also improve your search engine rankings. Search engines like Google prioritize websites with video content, making it easier for potential customers to find your business online. Live streaming is ideal for events, webinars, and product launches.

Technology 40

Technology Marketing Engineering Media 40

Security Affairs

AUGUST 16, 2019

Security experts have discovered that hackers have stolen 700,000 records from Choice Hotels franchise and are demanding payment for their return. . million records on July 2, 2019, after the archive was indexed by the BinaryEdge search engine. . ” reads a blog post published by Comparitech.

Advertising 85

Advertising Backups Engineering Internet 85

Identity IQ

AUGUST 4, 2023

In this blog, we explore the ins and outs of utility payment reporting, including how it improves your credit and how to sign up for it. This utility payment reporting service not only improves your credit but also provides accurate and secure reporting of your utility bill payments.

Identity Theft 52

Identity Theft Accountability Passwords Education 52

SC Magazine

JUNE 22, 2021

Officially announced today via press release and blog post, Workbench is a creation of Mitre Engenuity’s Center for Threat-Informed Defense, with contributions from Center members AttackIQ, HCA Healthcare, JPMorgan Chase, Microsoft and Verizon. “It’s super useful, but in some sense it’s generic,” he explained.

Media 87

Media Healthcare Accountability Cyber threats 87

SC Magazine

APRIL 9, 2021

Today’s columnists, Pascal Geenens and Daniel Smith of Radware, say that while the SolarWinds case brought supply-chain attacks into the limelight, they are not new and security teams must finally manage them more effectively. Security pros may recall the 2017 NotPetya attack on tax accounting software by M.E.

Software 86

Software Data collection Malware Risk 86

Pen Test

NOVEMBER 7, 2023

TLDR; Upgrade Confluence to a patched version and employ the open-source security scanner n0s1 to proactively address potential secret leaks. It is a widely recognized best practice for Product Security Engineers to conduct scans of the software codebase in search of potential inadvertent secret leaks. Vault, 1Password, etc.),

Passwords 115

Passwords Software Engineering Government 115

McAfee

NOVEMBER 18, 2021

McAfee Enterprise provides regular publications on the strategies to defend against ransomware, such as this blog. Many governments are moving quickly to adopt cloud technologies to bring services for their citizens, for collaboration and cost savings. Secure Access Service Edge (SASE) to secure access to all cloud services.

Ransomware 77

Ransomware Government Threat Reports Architecture 77

McAfee

DECEMBER 15, 2020

eXtended Detection & Response (XDR) has become an industry buzzword promising to take detection and response to new heights and improving security operations effectiveness. Empower security operations to respond and protect more quickly. Benefit: Deliver faster and better security outcomes. OCA Projects Enabling XDR.

Cyber threats 52

Cyber threats Architecture Technology Data collection 52

Security Boulevard

APRIL 26, 2022

In 2021, the main attack vector used by this threat actor was credential phishing attacks through emails, posing as Naver, the popular South Korean search engine and web portal. Some details about this campaign were published in this Korean blog, however they did not perform the threat attribution. Attribution to Lazarus APT.

Phishing 52

Phishing DNS Cryptocurrency Accountability 52

Duo's Security Blog

SEPTEMBER 28, 2022

That’s one of the reasons she takes her job as a recruiter at Cisco Secure focused on Duo Security positions so seriously. Security has never been more important. Felicia Miller: I hate job searching. I’m listening and thinking about whether this is a person with whom I could collaborate and learn from.

Education 87

Education Marketing Engineering Cybersecurity 87

Cisco Security

JULY 27, 2022

Over her 25-year-plus career, Saleema Syed has seen the information security industry from a variety of vantage points, all while championing women in technology. Syed worked as director of business systems and data management for Duo Security before rising to vice president of information technology. Cisco Secure Social Channels.

Technology 110

Technology Marketing Education Cybersecurity 110

Krebs on Security

MAY 23, 2024

A report from the security firm Team Cymru found the DDoS attack infrastructure used in NoName campaigns is assigned to two interlinked hosting providers: MIRhosting and Stark Industries. The NoName DDoS group advertising on Telegram. Image: SentinelOne.com. MIRhosting is a hosting provider founded in The Netherlands in 2004.

DDOS 273

DDOS Internet Internet Government 273

Digital Shadows

JANUARY 31, 2023

Welcome to our new blog series, in which ReliaQuest staff members recommend interesting stories that you might find useful in your day to day jobs. You are hopefully familiar with GitHub, but if you aren’t, “GitHub is a code hosting platform for version control and collaboration. Here is what we are reading.

Accountability 40

Accountability Risk Hacking Banking 40

Centraleyes

JANUARY 11, 2024

Consult with IT and Legal Teams Engage other organizational departments like IT and legal to identify technical requirements, data security concerns, system integrations, and compliance with vendor conditions. Integration: Integration is essential, as your IRM software should collaborate with other systems in your organization.

Software 52

Software Risk Insurance Technology 52

Jane Frankland

FEBRUARY 1, 2023

As I thought about it and last week’s blog , I thought I’d put together an Action Pack, similar to what I did when the Covid-19 pandemic struck, and I witnessed many of my entrepreneurial friends struggle to find clients and keep afloat. It’s a sad affair. ” She’s absolutely right.

Cybersecurity 130

Cybersecurity Accountability Media Marketing 130

Security Boulevard

AUGUST 4, 2021

What are Secure Scorecards for open source projects? And how they help you produce secure software. While open-source code can make product development faster, it also comes with security risks. The organization provides security researchers a way to collaborate and address open source security supply chain issues.

Software 82

Software Risk Government Technology 82

Kali Linux

MARCH 12, 2023

Stay tuned for a blog post coming out for more information! Over the years, we have perfected what we have specialized in, offensive security. We are now starting to branch into a new area, defensive security! We made offensive security accessible to everyone. Edit: Its out ! The changelog summary since the 2022.4

Firmware 52

Firmware Architecture Engineering Technology 52

Jane Frankland

FEBRUARY 1, 2023

As I thought about it and last week’s blog , I thought I’d put together an Action Pack, similar to what I did when the Covid-19 pandemic struck, and I witnessed many of my entrepreneurial friends struggle to find clients and keep afloat. Searching for jobs on LinkedIn is straightforward. It’s a sad affair.

Cybersecurity 130

Cybersecurity Accountability Media Government 130

The Last Watchdog

OCTOBER 19, 2021

The project grew out of discussions between Julian Zawistowski, Andrzej Regulski, and Joanna Rutkowska, and combines their interests and expertise in decentralized computing, computer security engineering, and the economics of networks and governance structures. LW: Is this primarily aimed at enterprises, SMBs or individuals?

Internet 223

Internet Internet Cryptocurrency Software 223

Kali Linux

FEBRUARY 13, 2022

It’s a large one, so it’s going to have its own blog post once ready to help demonstrate its importance to us. Utilizing the refreshed documentation sites ( Kali-Docs and Kali-Tools ) , the search function will help you find almost anything you could need using Kali Linux! This one is for you bare-metal installers!

DNS 52

DNS Architecture Media Encryption 52

Anton on Security

OCTOBER 18, 2023

This blog series was written jointly with Amine Besson, Principal Cyber Engineer, Behemoth CyberDefence and one more anonymous collaborator. This is our topic in this part of the blog series. So, in many cases there is an “intelligence — detection gap”, of sorts. Next in the series? An operations model!

Engineering 130

Engineering Threat Detection Threat Reports Passwords 130

Anton on Security

NOVEMBER 1, 2023

This blog series was written jointly with Amine Besson, Principal Cyber Engineer, Behemoth CyberDefence and one more anonymous collaborator. In this blog (#5 in the series), we will build a quick “framework-lite” for making CTI to DE flows better. Or, if you don’t have a TI/CTI function at all, keys to build one!

Engineering 147

Engineering Architecture Cyber threats Threat Detection 147

NetSpi Executives

JANUARY 16, 2024

This conversation will often center around matching Red Team objectives with the maturity of the security program and your Blue Team to get the most benefit from a Red Team exercise, because this definitely should not be a one-size-fits-all exercise. Our advice: less is more if you want to know how truly prepared your security program is.

CISO 119

CISO Penetration Testing Social Engineering Engineering 119

eSecurity Planet

SEPTEMBER 17, 2021

About 10 malicious servers have been searching the internet for vulnerable systems, and while the search began slowing, it has now ramped up to more than 100 sites by morning, Recorded Future noted , citing information from threat intelligence vendor GreyNoise. Further reading: Open Source Security: A Big Problem.

Risk 127

Risk Internet Internet Software 127

Jane Frankland

JULY 17, 2023

This includes everything from productivity and cybersecurity to superior computing experiences for employees, who are increasingly collaborating remotely, multitasking, and placing strain on applications competing for computing resources. I wrote about this recently in regard to getting smarter with cybersecurity and sustainability.

Computers and Electronics 130

Computers and Electronics Technology Cybersecurity Risk 130

Centraleyes

APRIL 1, 2024

SIEM solutions enable enterprises to monitor and analyze security-related data from a variety of sources, such as firewalls, intrusion detection systems (IDS), and endpoint security devices. SIEMs were originally two separate systems: Security event management (SEM) and security information management (SIM).

Firewall 52

Firewall Antivirus Risk Artificial Intelligence 52

Krebs on Security

MARCH 23, 2022

In a blog post published Mar. Microsoft does not rely on the secrecy of code as a security measure and viewing source code does not lead to elevation of risk.” SIM-SWAPPING PAST SECURITY. On Tuesday, LAPSUS$ announced via its Telegram channel it was releasing source code stolen from Microsoft.

Social Engineering 294

Social Engineering Accountability Mobile Passwords 294

Security Affairs

AUGUST 31, 2018

Since blogging is not my business, I do write on my personal blog to share knowledge on Cyber Security, I will describe some of the main steps that took me to own the attacker infrastructure. Indeed if none of searched AV were found on the target system Stage1 was acting as a simple downloader. Windows NT; MS Search 4.0

Hacking 56

Hacking Computers and Electronics Penetration Testing Engineering 56

Security Boulevard

NOVEMBER 3, 2023

This blog series was written jointly with Amine Besson, Principal Cyber Engineer, Behemoth CyberDefence and one more anonymous collaborator. In this blog (#5 in the series), we will build a quick “framework-lite” for making CTI to DE flows better.

Backups 62

Backups Engineering Architecture Cyber threats 62

Security Boulevard

NOVEMBER 1, 2023

This blog series was written jointly with Amine Besson, Principal Cyber Engineer, Behemoth CyberDefence and one more anonymous collaborator. In this blog (#5 in the series), we will build a quick “framework-lite” for making CTI to DE flows better. Or, if you don’t have a TI/CTI function at all, keys to build one!

Engineering 78

Engineering Architecture Cyber threats Threat Detection 78

Duo's Security Blog

MARCH 6, 2024

Like any remote access tool, however, it is susceptible to security threats, including brute force attacks. Research by Sophos estimates that 95% of all attacks in the first half of 2023 involved RDP access and emphasizes taking steps to further secure RDP applications. All attempts shown here are failures.

Authentication 136

Authentication Accountability VPN Passwords 136

Cisco Security

DECEMBER 22, 2022

We also provide integrated security, visibility and automation, a SOC inside the NOC. In part two, we are going deep with security: Integrating Security. Integrating Meraki Scanning Data with Umbrella Security Events, by Christian Clasen. Integrating Security. Cisco Umbrella : DNS visibility and security.

DNS 71

DNS Malware Accountability Wireless 71