AWS Security Consultant Scott Piper has debuted CloudMapper, a new open-source tool from Duo. Made for visualizing Amazon Web Services (AWS) cloud environments, the diagrams generated by the tool allow a better view into which resources may be public...
Duo’s Advisory CISO for the Public Sector, Sean Frazier, authored a blog post discussing how Duo can help influence the public sector and aid in the move to cloud and mobile. The post also covers why he joined Duo and his predictions for upcoming tre...
Duo Labs analyzed the Bluetooth security of several different personal protection devices (“panic buttons”) used for personal safety, and by protesters, human rights workers, and others as a way to discreetly alert friends and family that they’re in ...
Recent reports reveal that typical users are shockingly vulnerable to having their accounts compromised. With less than 10 percent of active Google accounts having two-step verification enabled and only 3.1 percent of users enabling two-factor authen...
A well-known hacking group Pawn Storm, aka Fancy Bear, set up phishing sites last June mimicking the U.S. Senate’s Active Directory Federation Services (AD FS) server. The group has been attempting to phish webmail accounts for many years and typical...
In this new blog, Duo Senior Security Researcher Mark Loveless provides information on how older and less secure Bluetooth implementations interact with new Internet of Things (IoT) devices. Many vendors attempt to support legacy authentication proto...
Is there any ETA for SAML SSO for Duo admin portal?
In Duo’s latest white paper, Principal Security Strategist Doug Copley discusses the challenges of security healthcare and offers solutions. This content covers: Reasons why healthcare security needs to change to meet business demandsWhy a zero-trust...
During a recent review of current guidance from Amazon Web Services (AWS) for enforcing multi-factor authentication, Duo’s Production Engineering team noticed some documentation gaps with AWS’s suggested policies. They found that an attacker could po...
Today, Duo released a free, easy-to-use tool called Duo Insight. Duo Insight is a risk assessment tool that companies can use to identify individuals and devices that might be vulnerable to phishing attacks. You can use this tool right now at insight...
Duo Labs team members recently conducted a survey to learn about 2FA adoption and perception in the U.S. A few highlights: 28% of people use 2FAAbout half of those who did use 2FA adopted it voluntarilyTwo-thirds of people who had used security keys ...
I’m wondering if there has been any consideration for a DUO customer to use Tableau to access and report on their institution’s login data? Rather than downloading the data to a CSV file (very large) at a given interval, it would be awesome for a cu...
Senior R&D Engineer Jordan Wright just published a thorough new analysis by Duo Labs of phishing kits – when attackers reuse their phishing sites across multiple hosts in effort to make phishing campaigns more efficient. The technical research paper ...
In this new blog, Duo Senior Security Researcher Mark Loveless compares different Bluetooth scanners and software for an investigation into Internet of Things (IoT) devices. He finds that the Nordic Semiconductor nRF-51DK is the best one. Mark goes i...
In this new blog, Duo Information Security Journalist Thu Pham details the impact and caveats of the recently-discovered KRACK vulnerabilities. KRACK stands for key reinstallation attacks – specifically, a group of 10 vulnerabilities that affect WPA2...
