In Duo Labs' third phase of research into Apple’s T2 security chip, the Labs team looks at the T2 surface exposed to the macOS host after the boot process has completed. They show how the messaging format differs from traditional XPC and how valid packets can be constructed to interact with the T2 chip directly.
Duo Labs is releasing an open-source Android library that serves as a WebAuthn authenticator, supporting hardware-backed keys and biometric user verification.
The current state of trusted access in healthcare is both good and bad – good in that healthcare organizations that use Duo are implementing security and access policies at a rate higher than other industries; bad in that they lag behind in terms of device-level security. Here, we’ll take a look at the state of trusted access in healthcare and how it compares to other industries.
When I first came to Duo, I cringed when I first read one of our beloved taglines: "democratizing security." But the more I learn about the various challenges facing cybersecurity professionals at the state, local and federal level, the more I think the idea of democratizing security is perfect.
Today, Duo is announcing beta availability multi-factor authentication for Cisco AnyConnect running on Cisco’s FirePower Threat Defense (FTD). With this integration, admins can now deploy Duo’s MFA to secure VPN access.
To comply with the New York Department of Financial Services (NYDFS) Cybersecurity Regulation, all financial institutions within scope, including third-party service providers, need to protect access to their internal networks with multi-factor authentication (MFA); adaptive authentication or risk-based authentication; and enforce policies to limit access privileges. Duo’s security platform can help protect users, devices and applications with strong authentication and access controls.
Join Duo Security and more than 45,000 professionals from around the world at this year's HIMSS Conference & Exhibition in Orlando. Learn more how our trusted access solution can help your organization improve productivity and streamline EPCS workflows with quick and easy two-factor authentication.
Duo's newest addition to our reports includes the Policy Impact Report – a clear, concise and holistic view of your administrative policies and how they impact your users.
The Department of Homeland Security (DHS) made a curious announcement during the shutdown that had everyone scratching their collective heads ... at first. DHS gave agencies 10 days to get their account security in order, specifically calling out two-factor authentication (2FA) and other protections due to DNS hijacking vulnerabilities.
The latest evolution in phishing is the Modlishka tool, which provides the attacker a simple tool to use a reverse proxy to place the attacker between the user and the target site. The user’s traffic passes through the tool and can capture SMS-based 2FA tokens. Here, we look at how to counter modern phishing attacks with strong 2FA and a defense in depth strategy.