dcsimg

IoT cybersecurity bill passed by Senate

Days before taking a week-long Thanksgiving recess, the US Senate passed an almost mundane cybersecurity bill that, if approved by the President, will improve security guidelines and protocols for Internet of Things (IoT) devices purchased and owned by the Federal government. The bill, called the Internet of Things Cybersecurity Improvement Act of 2020, was actually introduced into the US House … [Read more...]

The best test for an EDR solution is one that works for you

Since its inception, the endpoint detection and response (EDR) market has evolved rapidly with new innovations to better address the cyber landscape and meet customers’ needs for an effective and simple solution that just works. But finding something that just works means something quite different for every business, depending on their size, security expertise, and … [Read more...]

Going dark: encryption and law enforcement

UPDATE, 05/22/2020: In the advent of the EARN IT Act, the debate on government subversion of encryption has reignited.  Given that the material conditions of the technology have not changed, and the arguments given in favor of the bill are not novel, we’ve decided to republish the following blog outlining our stance on the subject. Originally published July 25, 2017 We’re hearing it a lot … [Read more...]

Switching from a “Just in Time” delivery system should include planning ahead

As it becomes clear that some things will never again be the same after the global coronavirus pandemic, it is time to prepare for the future. The cybersecurity implications of upcoming changes will be most noticeable in organizations that rely on security models like the software defined perimeter. The software defined perimeter is a model closely related to the zero trust framework, in which … [Read more...]

Coronavirus impacts security conferences and events: check your schedule

With coronavirus starting to take hold globally, international travel restrictions are kicking in and more workplaces are advising to work from home whenever possible. When self-isolation is a potential solution, public gatherings are increasingly looking like a terrible idea. Events are becoming a bit of a hotspot for cases, leading to inevitably bizarre scenarios where coronavirus conferences … [Read more...]

Would ‘Medicare for All’ help secure health data?

DISCLAIMER: This post is not partisan, but rather focuses on risk assessment based on history and what threats we are facing in the future. We do not endorse any healthcare plan style in any way, outside of examining its data security risk. For many folks, the term ‘Healthcare for All’ brings up an array of emotions ranging from concern to happiness, and with the changes that come with this … [Read more...]

Cybersecurity pros think the enemy is winning

There is a saying in security that the bad guys are always one step ahead of defense. Two new sets of research reveal that the constant cat-and-a-mouse game is wearing on security professionals, and many feel they are losing in the war against cybercriminals. The first figures are from the Information Systems Security Association (ISSA) and industry analyst firm Enterprise Strategy Group (ESG). … [Read more...]

A week in security (May 20 – 26)

Last week on Malwarebytes Labs, we took a look at a skimmer pretending to be a payment service provider, gave an overview of what riskware is, took a deep dive into concerns about PACS leaks, and dug around in the land of “These Governments said fix it…hurry up”. Other cybersecurity news Changes inbound for Microsoft network admins: If you’re managing Windows 10 updates, you’ll need to make some … [Read more...]

A week in security (May 13 – 19)

Last week, Malwarebytes Labs reviewed active and unique exploit kits targeting consumers and businesses alike, reported about a flaw in WhatsApp used to target a human rights lawyer, and wrote about an important Microsoft patch that aimed to prevent a “WannaCry level” attack. We also profiled the Dharma ransomware—aka CrySIS—and imparted four lessons from the DDoS attack against the US … [Read more...]

A week in security (May 6 – 12)

Last week on Labs, we discussed what to do when you discover a data breach, how 5G could impact cybersecurity strategy, the top six takeaways for user privacy, vulnerabilities in financial mobile apps that put consumers and businesses at risk, and in our series about vital infrastructure, we highlighted threats that target financial institutions, fintech, and cryptocurrencies. Other … [Read more...]