dcsimg

When can we get rid of passwords for good?

Or perhaps I should have asked, “Can we ever get rid of passwords for good?” The security world knows passwords are a problem. Products ship with default passwords that are never changed. People reuse old passwords or adopt easy-to-guess passwords that hackers easily defeat via brute force. Or users simply can’t keep up with having to remember 27 different passwords for … [Read more...]

5 simple steps to securing your remote employees

As remote working has become standard practice, employees are working from anywhere and using any device they can to get the job done. That means repeated connections to unsecured public Wi-Fi networks—at a coffee shop or juice bar, for example—and higher risks for data leaks from lost, misplaced, or stolen devices. Think about it. Let’s say your remote employee uses his personal smart … [Read more...]

Data and device security for domestic abuse survivors

For more than a month, Malwarebytes has worked with advocacy groups, law enforcement, and cybersecurity researchers to deliver helpful information in fighting stalkerware—the disturbing cyber threat that enables domestic abusers to spy on their partners’ digital and physical lives. While we’ve ramped up our detections, written a safety guide for those who might have stalkerware on their … [Read more...]

8 ways to improve security on smart home devices

Every so often, a news story breaks that hackers have made their way into a smart home device and stolen personal data. Or that vulnerabilities in smart tech have been discovered that allow their producers (or other cybercriminals) to spy on customers. We’ve seen it play out over and over with smart home assistants and other Internet of Things (IoT) devices, yet sales numbers for these items … [Read more...]

Installing Duo 2FA for Windows Log-on and RDP

Two-factor authentication is currently one of the best security practices for protecting users, data and systems. Duo is one of the leading platforms for using two-factor authentication in the enterprise as it protects many common on-premises and cloud applications by default. … [Read more...]

A week in security (January 21 – 27)

Last week on the Malwarebytes Labs blog, we took a look at Modlishka, the latest hurdle in two-factor authentication (2FA), the potential for abuse of push notifications, a malware-phishing combo by the name of CryTekk ransomware, and why we detect PUPs, but enforce the power of users’ choice. We also pushed out the 2019 State of Malware report, which you can readily download here. Other … [Read more...]

Has two-factor authentication been defeated? A spotlight on 2FA’s latest challenge

Multiple news reports about the defeat of two-factor authentication (2FA) have been making rounds lately. In November 2018, our friends at ESET discovered a purported Android battery utility tool called “Optimization Android” from a third-party app store. This app was designed to steal money from a user’s PayPal account without relying on stolen credentials. It operates by modifying a device’s … [Read more...]

A week in security (January 7 – 13)

Last week on the Malwarebytes Labs blog, we took a look at the Ryuk ransomware attack causing trouble over the holidays, as well as a ransom threat for an Irish transportation company. We explored the realm of SSN scams, and looked at what happens when an early warning system is attacked. Other cybersecurity news Password reuse problems. Multiple Reddit accounts reported being locked out after … [Read more...]