dcsimg

A week in security (September 12 – September 18)

Last week on Malwarebytes Labs, we looked at journalism’s role in cybersecurity on our Lock and Code podcast, gave tips for safer shopping on Amazon Prime day, and discussed an APT attack springing into life as Academia returned to the real and virtual campus environment. We also dug into potential FIFA 21 scams, the return of QR code scams, Covid fatigue, and the absence of Deepfakes from … [Read more...]

Emojis Revisited: Are Emojis really Cross-Platform?

In 2018 I examined how emojis are handled cross-platform. But the world of emojis is constantly changing with new Emojis being added and I am seeing their use increase. So, it seems to me that this is a good time to revisit the question “Are emojis really cross-platform?” When you use an emoji in a text message, a tweet, a Facebook post, or in an email, what will the reader of your emoji … [Read more...]

Deepfakes and the 2020 United States election: missing in action?

If you believe reports in the news, impending deepfake disaster is headed our way in time for the 2020 United States election. Political intrigue, dubious clips, mischief and mayhem were all promised. We’ll need to be careful around clips of the President issuing statements about being at war, or politicians making defamatory statements. Everything is up for grabs, and in play, or at stake. Then, … [Read more...]

Writing Security Advisories: 5 Best Practices For Vendors

To maximize the impact of your security advisories, here are some key steps vendors can take to support automated workflows and timely remediation efforts. Over the years we’ve seen every variation of security advisory imaginable: plain text, good HTML, bad HTML, machine readable, machine readable with giant blobs of embedded text (which potentially negates the value of the machine readable … [Read more...]

CVE-2020-5135: Critical SonicWall VPN Portal Stack-based Buffer Overflow Vulnerability

Researchers disclose a critical pre-authentication vulnerability in the SonicWall VPN Portal that is easily exploitable. Background On October 12, SonicWall published a security advisory (SNWLID-2020-0010) to address a critical vulnerability in SonicOS that could lead to remote code execution (RCE). The vulnerability was discovered by security researchers at Tripwire’s Vulnerability and Exposure … [Read more...]

How Covid fatigue puts your physical and digital health in jeopardy

After six months of social distancing, sheltering in place, working from home, distance learning, mask-wearing, hand-washing, and plenty of hand-wringing, people are pretty damn tired of COVID-19. And with no magic bullet (yet) and no end in sight, annoyance has turned into exasperation and even desperation. Doctors and mental health professionals call this Covid fatigue. Covid fatigue, not … [Read more...]

What All Admins Must Know About Microsoft Active Directory

Azure AD is the directory for your Microsoft 365 tenant, as well as the Identity as a Service (IDaaS) platform for your Azure PaaS and SaaS deployments. Read the post here: What All Admins Must Know About Microsoft Active Directory … [Read more...]

6 Cybersecurity Tips for Business Email

According to … [Read more...]

QR code scams are making a comeback

Just when we thought the QR code was on its way out, the pandemic has led to a return of the scannable shortcut. COVID-19 has meant finding a digital equivalent to things normally handed out physically, like menus, tour guides, and other paperwork, and many organizations have adopted the QR code to help with this. And so, it would seem, have criminals. Scammers have dusted off their book of tricks … [Read more...]

Protect Yourself at Work and Home to Avoid Becoming a Victim of Cyber Crime

Cybersecurity is no longer simply a technology challenge. It’s a challenge for everyone who interacts with technology. The protection of work and personal life are no longer separated. They’ve become intertwined thanks to social networks, the Internet of Things, and unlimited connectivity. This means cybersecurity is no longer solely the responsibility of a company IT department, but the … [Read more...]