Skip to content
Threat Feed

Tag

Cisco-Duo

9 briefs RSS
high threat

Cisco Duo Bulk Policy Deletion Detected

Detection of a Cisco Duo administrator performing a bulk deletion of more than three policies, potentially indicating malicious activity such as weakening security controls.

Duo Insider Threat +1 cisco-duo policy-deletion insider-threat
2r 1t
high advisory

Unusual Country for Cisco Duo Admin Login

Detection of Cisco Duo admin logins originating from outside the United States indicates potential account compromise or unauthorized access.

Duo cisco-duo account-compromise unauthorized-access
2r 1t 1i
high advisory

Cisco Duo User 2FA Bypass

Detection of Cisco Duo user status being changed to 'Bypass' after being 'Active', indicating potential malicious activity to weaken account security.

Duo cisco-duo 2fa-bypass credential-access
2r 1t
high advisory

Cisco Duo Policy Modification to Bypass 2FA for Specific Countries

A Duo policy is created or updated to allow access without two-factor authentication (2FA) for users in countries other than the default, potentially weakening the organization's security posture and increasing the risk of unauthorized access.

Duo cisco-duo 2fa-bypass policy-modification
2r 1t
critical advisory

Cisco Duo Policy Bypass via 2FA Disablement

An attacker modifies Cisco Duo policies to allow access without two-factor authentication (2FA), potentially gaining unauthorized access to systems and data.

Duo cisco-duo 2fa-bypass policy-modification
2r 1t
high advisory

Cisco Duo Policy Allowing Outdated Java Usage

A threat actor modifies Cisco Duo policies to permit outdated Java versions, potentially exposing the organization to known vulnerabilities and exploits.

Duo cisco-duo policy-modification outdated-software
2r 1t
high advisory

Cisco Duo Admin Login from Unusual Operating System

Detection of Cisco Duo admin login attempts originating from operating systems not typically used in the environment, potentially indicating account compromise or unauthorized access.

Cisco Duo cisco-duo account-compromise unauthorized-access ttp
2r 1t 2i
medium advisory

Cisco Duo Admin Login from Unusual Browser

Detects Cisco Duo admin logins from browsers other than Chrome, potentially indicating compromised credentials, session hijacking, or unauthorized device usage.

Cisco Duo cisco-duo credential-access anomaly-detection
2r 1t
medium advisory

Cisco Duo Policy Change to Allow Devices Without Screen Lock

A Splunk detection analytic identifies when a Duo policy is created or updated to allow devices without a screen lock, potentially weakening device security controls and increasing the risk of unauthorized access and data breaches.

Duo cisco-duo screen-lock policy-change
2r 1t