Skip to content
Threat Feed

Product

Duo

8 briefs RSS
high threat

Cisco Duo Bulk Policy Deletion Detected

Detection of a Cisco Duo administrator performing a bulk deletion of more than three policies, potentially indicating malicious activity such as weakening security controls.

Duo Insider Threat +1 cisco-duo policy-deletion insider-threat
2r 1t
high advisory

Unusual Country for Cisco Duo Admin Login

Detection of Cisco Duo admin logins originating from outside the United States indicates potential account compromise or unauthorized access.

Duo cisco-duo account-compromise unauthorized-access
2r 1t 1i
high advisory

Cisco Duo User 2FA Bypass

Detection of Cisco Duo user status being changed to 'Bypass' after being 'Active', indicating potential malicious activity to weaken account security.

Duo cisco-duo 2fa-bypass credential-access
2r 1t
high advisory

Cisco Duo Policy Modification to Bypass 2FA for Specific Countries

A Duo policy is created or updated to allow access without two-factor authentication (2FA) for users in countries other than the default, potentially weakening the organization's security posture and increasing the risk of unauthorized access.

Duo cisco-duo 2fa-bypass policy-modification
2r 1t
critical advisory

Cisco Duo Policy Bypass via 2FA Disablement

An attacker modifies Cisco Duo policies to allow access without two-factor authentication (2FA), potentially gaining unauthorized access to systems and data.

Duo cisco-duo 2fa-bypass policy-modification
2r 1t
high advisory

Cisco Duo Policy Allowing Tampered Devices

A threat actor modifies or creates a Cisco Duo policy to allow tampered or rooted devices to access protected resources, potentially bypassing security controls and enabling unauthorized access.

Duo cisco_duo policy_change tampered_devices rooted_devices identity
2r 1t
high advisory

Cisco Duo Policy Allowing Outdated Java Usage

A threat actor modifies Cisco Duo policies to permit outdated Java versions, potentially exposing the organization to known vulnerabilities and exploits.

Duo cisco-duo policy-modification outdated-software
2r 1t
medium advisory

Cisco Duo Policy Change to Allow Devices Without Screen Lock

A Splunk detection analytic identifies when a Duo policy is created or updated to allow devices without a screen lock, potentially weakening device security controls and increasing the risk of unauthorized access and data breaches.

Duo cisco-duo screen-lock policy-change
2r 1t