Security News

If your hair isn't already gray, 2022's security threats will get it there, warn infosec duo
2021-10-28 07:25

FireEye and McAfee, whose business models center around charging enterprises money to protect their networks from cyber-threats, issued a joint report this week predicting next year you'll see an increase in cyber-threats, particularly those against enterprise networks and the staff who run them. Nation states will "Increase their offensive operations by leveraging cybercriminals." as senior principal McAfee engineer Christiaan Beek theorized, citing the example of US indictments against four Chinese nationals who were allegedly running front companies on behalf of Beijing.

Cisco introduces infrastructure agnostic, passwordless authentication by Duo
2021-04-01 01:45

Cisco Secure unveiled the future of simple and effective security with infrastructure agnostic, passwordless authentication by Duo. Integrated seamlessly into the existing Duo authentication experience used by more than 25,000 organizations globally, Duo passwordless authentication will enable enterprise users to skip the password and securely log into cloud applications via security keys or biometrics built into modern laptops and smartphones.

Mom & Daughter Duo Hack Homecoming Crown
2021-03-16 20:27

A 17-year-old high school senior along with her mother, Laura Rose Carroll, were arrested this week, charged with accessing student records in a fraudulent attempt to rig her school's Homecoming Queen election. The same district where her daughter attended Tate High School, the Washington Post reported.

How the SolarWinds Hackers Bypassed Duo’s Multi-Factor Authentication
2020-12-15 20:13

Toward the end of the second incident that Volexity worked involving Dark Halo, the actor was observed accessing the e-mail account of a user via OWA. This was unexpected for a few reasons, not least of which was the targeted mailbox was protected by MFA. Logs from the Exchange server showed that the attacker provided username and password authentication like normal but were not challenged for a second factor through Duo. The logs from the Duo authentication server further showed that no attempts had been made to log into the account in question.

Ever wonder how a pentest turns into felony charges? Coalfire duo explain Iowa courthouse arrest debacle
2020-08-05 23:08

The pair were performing a routine penetration test at the Dallas County courthouse at night when they tripped an alarm, were collared by deputies, and, ultimately, charged with felony trespassing - a crime that can lead to up to seven years behind bars. Part of the problem, the two professional attackers told the Black Hat online conference today, was the imprecise terms of the penetration tests Coalfire was hired to perform at the request of the US state of Iowa.

Ever wondered how a pentest turned into felony charges? Coalfire duo explains Iowa courthouse arrest debacle
2020-08-05 23:08

The pair were performing a routine penetration test at the Dallas County courthouse at night when they tripped an alarm, were collared by deputies, and, ultimately, charged with felony trespassing - a crime that can lead to up to seven years behind bars. Part of the problem, the two professional attackers told the Black Hat online conference today, was the imprecise terms of the penetration tests Coalfire was hired to perform at the request of the US state of Iowa.

Bad: US govt says Chinese duo hacked, stole blueprints from just about everyone. Also bad: They extorted cash
2020-07-21 19:02

On Tuesday, the US Department of Justice charged two Chinese nationals with allegedly hacking hundreds of organizations and individuals in America and elsewhere to steal confidential corporate secrets on behalf of Beijing for more than a decade. The US claims that the two accused worked both for themselves and with the backing of the Chinese government's Ministry of State Security.

Bitglass’ integration with Duo Security guards company data through verification options
2020-06-18 00:30

Together, Bitglass and Duo balance enterprise-grade access control and data protection with the flexibility and seamless user experience needed to support a global, remote, and multi-device workforce. It is crucial organizations adjust their security strategies as employees can download, upload, and share data from personal devices or public networks, meaning data is traveling beyond the corporate firewall.

Mind the gap: Google patches holes in Chrome – exploit already out there for one of them after duo spot code fix
2020-02-25 21:22

Google has updated Chrome for Linux, Mac, and Windows to address three security vulnerabilities - and exploit code for one of them is already public, so get patching. Interestingly enough, at the time, this public source-code tweak was spotted and studied by Exodus Intelligence researchers István Kurucsai and Vignesh Rao, who hoped to see whether it's still practical to identify security bug fixes among code changes in the Chromium source tree and develop an exploit before the patch sees an official release, a practice known as patch-gapping.

Mind the gap: Google patches holes in Chrome – exploit already out there for one of them after duo spot code fix
2020-02-25 21:22

Google has updated Chrome for Linux, Mac, and Windows to address three security vulnerabilities - and exploit code for one of them is already public, so get patching. Interestingly enough, at the time, this public source-code tweak was spotted and studied by Exodus Intelligence researchers István Kurucsai and Vignesh Rao, who hoped to see whether it's still practical to identify security bug fixes among code changes in the Chromium source tree and develop an exploit before the patch sees an official release, a practice known as patch-gapping.