Duo's Security Blog

JANUARY 28, 2022

So it was good to see that in response to last May’s Executive Order 14028 , the Office of Management and Budget (OMB) released a memo Wednesday outlining a new strategy for moving the federal government toward a zero trust cybersecurity posture. Check out Lindsey O’Donnell-Welch’s coverage of the news in Decipher.) What’s the Vision?

Authentication 52

Authentication Government DNS Encryption 52

Malwarebytes

FEBRUARY 5, 2021

The only noteworthy thing about this update is a patch for a zero-day vulnerability that has been actively exploited in the wild. Which zero-day got patched? Publicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. This zero-day got listed as CVE-2021-21148.

Social Engineering 128

Social Engineering Engineering Software Hacking 128

Webroot

FEBRUARY 26, 2024

” Investment scams Picture this: a golden opportunity to double your money with zero risk. Romance scams Romance scams prey on the trusting hearts of hopeful romantics, weaving elaborate tales of love and devotion before swooping in for the financial kill. If in doubt, just delete the email and seek help from trusted sources.

Scams 100

Scams VPN Passwords Phishing 100

Troy Hunt

OCTOBER 28, 2020

The victim, through no fault of their own, has been the target of numerous angry tweets designed to ridicule their role in internet security and suggest they are incapable of performing their duty. Obviously, the image is resized to the width of paragraphs on this blog, give it a click if you want to check it out at 1:1 size.

Phishing 362

Phishing Password Management Passwords Internet 362

Lenny Zeltser

FEBRUARY 13, 2020

As of this writing, I’ve spent six months in the role of Chief Information Security Officer (CISO) at Axonius , a rapidly growing technology company. Our IT infrastructure is consistent zero-trust architecture principles , so it made sense to treat identity as the focal point of many security decisions.

CISO 79

CISO Information Security Architecture Technology 79

CyberSecurity Insiders

DECEMBER 21, 2021

This blog was written by an independent guest blogger. Defense strategies have evolved as hackers have changed their schemes, and one new approach companies are putting into practice for their security plan is data-centric security. It also encompasses the zero-trust-network-access (ZTNA) concept.

Architecture 139

Architecture Encryption Authentication Data breaches 139

Security Affairs

FEBRUARY 9, 2021

Microsoft February 2021 Patch Tuesday security updates address 56 CVEs in multiple products, including Windows components,NET Framework, Azure IoT, Azure Kubernetes Service, Microsoft Edge for Android, Exchange Server, Office and Office Services and Web Apps, Skype for Business and Lync, and Windows Defender.

DNS 97

DNS IoT Backups Mobile 97

eSecurity Planet

NOVEMBER 16, 2021

HTML smuggling is an evasive technique that uses legitimate HTML5 or JavaScript features to make its way past firewalls and other security technologies. OJ Ngo, co-founder and CTO of network security solutions vendor DH2i, told eSecurity Planet that HTML smuggling is another example of the continuing evolution of attackers and their tactics.

Firewall 121

Firewall Ransomware Banking Malware 121

Security Boulevard

APRIL 26, 2022

In 2022, the same threat actor started spoofing various important entities in South Korea, including KRNIC (Korea Internet Information Center), Korean security vendors such as Ahnlab, cryptocurrency exchanges such as Binance, and others. Figure 3 below shows that the decoy content of the document is related to Menlo Security company.

Phishing 52

Phishing DNS Cryptocurrency Accountability 52

McAfee

SEPTEMBER 7, 2021

Security professionals and technologists old enough to remember renting movies at Blockbuster on Friday nights likely also remember a time when the internet was a new phenomenon full of wonder and promise. This last statement, however, is being challenged by a new technology that is grasping at the title of perfect web security.

Technology 73

Technology Risk Malware Marketing 73

McAfee

SEPTEMBER 29, 2021

The security operations center ( SecOps ) team sits on the front lines of a cybersecurity battlefield. The SecOps team works around the clock with precious and limited resources to monitor enterprise systems, identify and investigate cybersecurity threats, and defend against security breaches.

DNS 67

DNS Manufacturing Data breaches Risk 67

Cisco Security

MAY 24, 2021

Why all the buzz around pursuing group-based policy management to achieve zero trust? Adopting zero-trust initiatives and best practices is all the rage. Simply put, applying “never trust; always verify” to anyone and any device attempting to access an enterprise network is a no-brainer nowadays. And rightly so.

Engineering 92

Engineering Architecture Manufacturing Software 92

NopSec

APRIL 7, 2019

Many security companies are adopting it as well, to solve security problems such as intrusion detection, malware analysis, and vulnerability prioritization. In our l ast week’s blog post , we outlined the first part of that webinar, without going into the three specific applications and the challenges.

Cybersecurity 52

Cybersecurity Data breaches Malware Risk 52

ForAllSecure

MAY 13, 2022

Vamosi: But as someone who wrote a book questioning the security of our mass produced IoT devices, I wonder why no one bothered to test and certify these devices before they were installed? And on the other hand, we're saying security, that's a secondary concern. But we all know how security by obscurity works in the end.

Engineering 52

Engineering Energy and Utilities Computers and Electronics Firmware 52

Cisco Security

MAY 26, 2022

In part one of this issue of our Black Hat Asia NOC blog, you will find: . To accomplish this undertaking in a few weeks’ time, after the conference had a green light with the new COVID protocols, Cisco Meraki and Cisco Secure leadership gave their full support to send the necessary hardware, software licenses and staff to Singapore.

Wireless 79

Wireless Mobile Engineering Firewall 79