Duo's Security Blog

MAY 12, 2023

All those things make it harder for me. And passwordless takes [away] that massive attack or being able to do it remotely at a grand scale away because it’s individual, it’s linked to devices, it’s linked to your personal being and those things make it much more secure. I’m going to do something else.

Passwords 52

Passwords Authentication Mobile Technology 52

Anton on Security

NOVEMBER 17, 2022

But SREs have it easy, here in our beloved realm of cyber, we don’t just have “systems that are inherently dynamic and unstable” but also attackers that affect them in a set of dynamic, beautiful (sometimes ugly) and unpredictable ways. Also, SREs say that “reliable processes tend to actually increase developer agility.”

Engineering 100

Engineering Software Data collection Architecture 100

The Last Watchdog

NOVEMBER 9, 2020

The Internet of Things (IoT) has come a long, long way since precocious students at Carnegie Melon University installed micro-switches inside of a Coca-Cola vending machine so they could remotely check on the temperature and availability of their favorite beverages. Related: Companies sustain damage from IoT attacks That was back in 1982.

IoT 279

IoT Healthcare Internet Internet 279

Anton on Security

NOVEMBER 3, 2020

proved to be one of the most popular in recent history of my new blog. In some cases, this may be a hangover from having opaque vendor detections where a team couldn’t actually determine the logic of a signature beyond a cryptic string message. None, except during a pentest and you do want to detect that. Uncertainty?

Threat Detection 130

Threat Detection Information Security Cybersecurity 130

Krebs on Security

SEPTEMBER 30, 2023

. “Snatch threat actors have been observed purchasing previously stolen data from other ransomware variants in an attempt to further exploit victims into paying a ransom to avoid having their data released on Snatch’s extortion blog,” the FBI/CISA alert reads. “Sometimes I make bad beats,” he said.

Ransomware 218

Ransomware Accountability Cybercrime Backups 218

Duo's Security Blog

JULY 13, 2022

While our culture of belonging helps us prioritize these values in our work, broader Cisco reaffirms and amplifies them through its design thinking program. Rather than making assumptions about how people might engage with a product or service, design thinking draws insights from how people actually engage with them.

Accountability 105

Accountability Information Security Technology Engineering 105

Security Boulevard

FEBRUARY 27, 2023

In a recent internal ForgeRock blog, one of our embRACE Employee Resource Group Leads, Niah Johnson , wrote about her experience as a young Black woman. When I read Niah's blog I was reminded of times in my life where I have paused to understand the gravity of things that happened to people on my team.

Authentication 52

Authentication Accountability 52

Duo's Security Blog

DECEMBER 14, 2022

Blake Ellingham is a site reliability engineering (SRE) manager who has worked on Duo for the past five years. Ellingham: What SRE means for us is we run all of our services in the cloud and SRE helps us scale our hardware to accommodate any load from our customers, and we do that by writing software.

Engineering 52

Engineering Software Risk Education 52

The Last Watchdog

JULY 27, 2020

Conversely, consumer advocates and diversity experts can see how AI could be utilized to redistribute political power more equitably, and in doing so, recalibrate society – including blunting systemic racism. Over the next decade and a half, AI could drastically change the working relationship of man vs. machine.

Surveillance 304

Surveillance Government Accountability Artificial Intelligence 304

SiteLock

AUGUST 27, 2021

Stop by our blog for more from WPCampus and interviews with other influencers in the WordPress community ! All the things that a teacher uses, but we built the whole interface using WordPress so that teachers could choose and distribute content in their classrooms. Actually that talk is what drove us into the premium plug in business.

Big data 98

Big data Hacking Education Media 98

eSecurity Planet

FEBRUARY 2, 2024

Within the last couple of months, smart device vulnerabilities have been piling up, prompting businesses to protect their Internet of Things (IoT) environments. Rapid7 published blogs detailing the successful and failed breaches of the 2024 event. Only people whose IDs have been added to the system can make it inside.

Hacking 121

Hacking IoT Firmware Cybersecurity 121

Notice Bored

APRIL 22, 2021

. – different goals/objectives, constraints and opportunities, even within a given organization/management team (and sometimes even within someone’s head!); As with computer applications and many other things, simplicity obviously has a number of benefits, whereas complexity has a number of costs.

Risk 85

Risk Government Accountability Cyber Risk 85

Duo's Security Blog

AUGUST 5, 2022

This article is part of a series of posts produced by the Duo interns , highlighting their experiences and the projects they worked on this summer. Yes, there were a lot of meetings, but no one missed a detail or was left wondering what other teams at Duo had finished working on. Sure, work conversations are a constant.

52

52

Security Boulevard

JULY 30, 2021

How do we get the mainstream companies to improve their detection quality ? How do we get to more and better detections ? More curiously, how do we get to better detections that are also developed rapidly (to avoid the “good/fast/cheap? The fact that we do not have reliable data on attackers and attacker behavior.

Threat Detection 64

Threat Detection Authentication Engineering Cybersecurity 64

Cisco Security

FEBRUARY 12, 2021

The “one weird trick” sometimes leads to clicks; I once got the head of one of the biggest tech companies on the planet to click on my analyst report using that title. And everyone can say that IT and security “work together,” but which areas of cooperation are the most important?

Software 114

Software Cybersecurity 114

ForAllSecure

FEBRUARY 22, 2023

They actually televised it. In a moment I’ll introduce you to the person who has done this, and given his experience with live broadcasts of CTFs, is working now to make live CTFs a regular e-sport. We can do something good here and so we formed a 35 to make binary ninja over eight years ago now. I think we can.

Engineering 40

Engineering Hacking Wireless Marketing 40

Cisco Security

JUNE 15, 2022

For a security leader, the toughest questions are often around security buy-in: How do you achieve active support across the organization for building resilience? AC went on to give an example of a methodology that worked in his organization – “Happy Path Thinking.” Why isn’t there a special name for the tops of your feet?

CISO 96

CISO Digital transformation Risk Data privacy 96

Cisco Security

MAY 25, 2022

Sometimes in order to move forward effectively, it’s good to take stock of where we’ve been. In this blog, we’ll review a concept that has been foundational to networking and cybersecurity from the beginning: the session. To get things started, let’s start with a definition. Why focus on the session? TC/IP Stack.

Authentication 105

Authentication Internet Internet Architecture 105

Security Boulevard

NOVEMBER 17, 2022

But SREs have it easy, here in our beloved realm of cyber, we don’t just have “systems that are inherently dynamic and unstable” but also attackers that affect them in a set of dynamic, beautiful (sometimes ugly) and unpredictable ways. Also, SREs say that “reliable processes tend to actually increase developer agility.”

Engineering 64

Engineering Software Data collection Architecture 64

SC Magazine

MAY 27, 2021

Moreover, a user at the Oldsmar plant had actually visited the site on the very day of the attack. So we were looking at things like anomalous RDP traffic… we were looking for interesting traffic around TeamViewer… and eventually we went through our first run of hypotheses were like, “Well what else is here?”. And we always do that.

Media 65

Media Internet Internet Government 65

Webroot

MAY 6, 2021

But how do you find these people? How do you keep them engaged once you do find them? And what does it look like to build an advocacy program that actually works for you and that your customers genuinely want to be a part of? According to Emma, step one is recognizing that doing anything right takes time.

Marketing 67

Marketing Media Advertising Engineering 67

Malwarebytes

DECEMBER 19, 2022

This blog post was authored by Jérôme Segura. It turned out to be a clever way to hide a bogus blog loaded with many more ads, most of them hidden behind a fullscreen pornographic iframe. The fraudster is actually deceiving Google by loading legitimate content (i.e. dollars for 2022. 10-home-heating-tips.

Advertising 90

Advertising Phishing 90

SC Magazine

APRIL 20, 2021

“In cybersecurity, we’re operating in a high-pressure, high-stakes environment as we work to solve one of the largest technical challenges of our generation. He’ll work especially close with the executive team and their direct reports to help teach them to be mental skill coaches as well. Why do they stand apart?

Cybersecurity 120

Cybersecurity Media InfoSec Passwords 120

ForAllSecure

MARCH 8, 2023

She’s an amazing person who has done an amazing number of things in a short amount of time -- CMU professor, Forrester analyst, CSO at a successful startup -- and she’s not done changing the industry. My first day at ZDNet there was a virus blowing up and my editor asked if I could do a story on that. That's what we do.

InfoSec 40

InfoSec Engineering CSO Technology 40

ForAllSecure

FEBRUARY 23, 2021

Then I sat down and talked to an astronomer, and found out that much of his time was spent writing proposals, getting shot down, then writing new proposals, then, once the proposal was approved by the department, negotiating time on the massive university telescope -- all of which means maybe you get a few hours of actual sky time each year.

Penetration Testing 52

Penetration Testing InfoSec Cyber Attacks Education 52

ForAllSecure

FEBRUARY 23, 2021

Then I sat down and talked to an astronomer, and found out that much of his time was spent writing proposals, getting shot down, then writing new proposals, then, once the proposal was approved by the department, negotiating time on the massive university telescope -- all of which means maybe you get a few hours of actual sky time each year.

Penetration Testing 52

Penetration Testing InfoSec Cyber Attacks Education 52

Duo's Security Blog

FEBRUARY 8, 2021

Don’t do it. Look, I know it’s personally gratifying, but just don’t do it. It’s easy to look at what appears to be a badly secured situation and say, “Why didn’t they just do X?” Can we do anything else to protect the citizen from having their access to this resource stolen through account takeover attacks?

CISO 80

CISO Passwords Authentication Accountability 80

Notice Bored

MAY 25, 2022

The iterative approach with incremental improvements, works well. A big issue in quality assurance is the recognition that there are usually several competing and sometimes contradictory requirements/expectations, not least the definition of 'quality'. What can/should we do to be more certain that things are going the right way?

InfoSec 74

InfoSec Risk Antivirus Government 74

McAfee

JANUARY 5, 2022

Given how easy it is to exploit, the mere fact of the vendor fixing the bug via their public GitHub seems to have been enough to bring attention to it and get public working POCs for this vulnerability in less than 3 days following the fix. Do you know for sure the codebase of your organization is free of these problems?

Software 81

Software Network Security Authentication Internet 81

Krebs on Security

MARCH 23, 2020

The mailer references the domain name web-listings.net , one of several similarly-named domains registered sometime in 2007 or later to a “ James Madison ,” who lists his address variously as a university in New Britain, Connecticut or a UPS Store mailbox in Niagara Falls, New York. What do all of these domains have in common?

Scams 259

Scams Marketing Internet Internet 259

ForAllSecure

JUNE 2, 2021

And, having reached that peak, he’s now wondering what he should do next. LiveOverflow: Given the context of social media nowadays, and the importance of influencers nowadays, in media in general, I guess it's fair to say that what I'm doing now is someone being an influencer. So how do you get hands-on experience?

Media 52

Media Hacking InfoSec Marketing 52

ForAllSecure

JUNE 2, 2021

And, having reached that peak, he’s now wondering what he should do next. LiveOverflow: Given the context of social media nowadays, and the importance of influencers nowadays, in media in general, I guess it's fair to say that what I'm doing now is someone being an influencer. So how do you get hands-on experience?

Media 52

Media Hacking InfoSec Marketing 52

SC Magazine

JUNE 21, 2021

In a recent blog she tackles the growing evolution of security information and event management systems over the past decade and calls out a number of outdated or dishonest criticisms that are regularly lobbed at the technology today. Do you see some of these criticisms as more than just conventional wisdom gone wrong?

Marketing 70

Marketing Technology Media Big data 70

ForAllSecure

SEPTEMBER 29, 2022

Or you could legitimately report what you find and get paid to do so. And my editor turned to me and said, What do you know about computer viruses? Bug bounties are way to learn vulnerability hunting and get paid while you do. In episode nine I talked with stoke who now works full time for TruSeq. I want to do that.

Hacking 40

Hacking Cryptocurrency Software InfoSec 40

SC Magazine

JUNE 11, 2021

On the other hand, “the competing or counterbalance pressure is you want to be accurate in those communications – because you lose credibility and sometimes you overstate or understate the incident if you’re working on limited information.”. Scapegoating. Nonchalance/downplaying the incident. To borrow from the U.S.

Data breaches 101

Data breaches Media Identity Theft CSO 101

Duo's Security Blog

JUNE 9, 2021

Follow the lives of three Duo designers as they work together to turn a user insight into a product update by sharing discoveries, embracing creativity, and making connections. Inside the Duo office Andrea gathers her laptop and slides into a nearby table, finding a spot in the sun and preparing for the morning’s work. Oh, really?

Engineering 100

Engineering Cybersecurity 100

Malwarebytes

SEPTEMBER 20, 2021

In a recent blog Microsoft announced that as of September 15, 2021 you can completely remove the password from your Microsoft account and use the Microsoft Authenticator app, Windows Hello, a security key, or a verification code sent to your phone or email to sign in to Microsoft apps and services. A long time coming.

Passwords 90

Passwords Accountability Authentication Phishing 90