Duo's Security Blog

APRIL 9, 2024

Negative Outcomes of Using Security Functionality From IT Tools Instead of Dedicated Security Controls Vendor consolidation is gaining momentum in the IT space. When it comes to securing identities, the stakes are high; Cisco Talos reported in February that three of the top five MITRE ATT@CK techniques used in 2023 were identity-based.

Software 57

Software Authentication Engineering Artificial Intelligence 57

Malwarebytes

AUGUST 18, 2021

A deep dive into macOS 11’s internals reveals some security surprises that deserve to be more widely known. Introduction Disclaimers macOS 11’s better known security improvements Secret messages revealed? CPU security mitigation APIs The NO_SMT mitigation The TECS mitigation Who benefits from NO_SMT and TECS ?

Firmware 143

Firmware Architecture Risk Engineering 143

Troy Hunt

DECEMBER 20, 2017

What I'm talking about here is ensuring that when someone wants to report something of a security nature - and that could be anything from a minor vulnerability through to a major data breach - that channels exist to easily communicate the issue with the organisation involved. Today, I want to focus on the ease of disclosure.

Data breaches 218

Data breaches Risk Accountability Data collection 218

Security Affairs

JUNE 14, 2019

The Cybaze-Yoroi ZLab analyzed a new sample of Nanocore Remote Administrator Tools (RAT) using a Delphi wrapper to protect its code. Introduction. Historically, cyber-criminals adopted one or more layers of encryption and obfuscation to lower their footprint and avoid detection. In this specific case, a Delphi wrapper was used to protect the RAT.

Malware 81

Malware Encryption Backups Advertising 81

Anton on Security

FEBRUARY 12, 2024

This blog series was written jointly with Amine Besson, Principal Cyber Engineer, Behemoth CyberDefence and one more anonymous collaborator. In this blog (#7 in the series), we will cover more details on the TI to detectin flow, and stop (for Part 8) at testing.

Engineering 100

Engineering Threat Detection Accountability Ransomware 100

McAfee

AUGUST 24, 2021

This research was done with support from Culinda – a trusted leader in the medical cyber-security space. This research was done with support from Culinda – a trusted leader in the medical cyber-security space. For a brief overview please see our summary blog here. What Security Research has Already Been Performed?

Computers and Electronics 145

Computers and Electronics Authentication Software Risk 145

Troy Hunt

MARCH 2, 2020

This is going to be a lengthy blog post so let me use this opening paragraph as a summary of where Project Svalbard is at : Have I Been Pwned is no longer being sold and I will continue running it independently. I was in yet another bland, nondescript hotel room, drinking bad coffee in an attempt to stave off the jet lag.

Data breaches 341

Data breaches Marketing Cyber Insurance InfoSec 341