dcsimg
November 2, 2018

Meet your risk assessment requirements with vsRisk Cloud

Risk assessments play an essential role in information security, as they are the primary way organisations identify vulnerabilities and the ways data breaches can occur. The results of the risk assessment dictate defence strategies and are used by senior staff to allocate information security and business continuity budgets. This shouldn’t be a surprise for organisations that follow the … [Read more...]

Filed Under: Business Continuity, Cloud, information security, ISO 27001, iso27001, risk assessment, Risk Management, security, software, vsRisk, vulnerabilities
October 8, 2018

A week in security (October 1 – 7)

Last week, Malwarebytes welcomed National Cybersecurity Awareness Month by renewing our pledge to do what we do best: offer the best protection for our customers and promote security awareness for all. On Labs, we raised the question of whether it is a good idea to bring your own security or not, talked a little bit more about fileless malware, homed in on a malware campaign targeting Fortnite … [Read more...]

Filed Under: adobe, Android, anti-swatting, blockchain, bring your own security, byos, Chrome Extension, Fake Fortnite, fortnite, hack the marine corps, IoT, IoT botnet, Lojack, national cybersecurity awareness month, NCSAM, not botnet, password manager, phishing, phishing campaign, rdp, recap, rip attacks, SC Magazine, Security world, swatting, Torii, voice phishing, vulnerabilities, Week in security, weekly blog roundup, ZDNet
September 28, 2018

Millions of accounts affected in latest Facebook hack

Facebook announced earlier today that its social network had been hacked, resulting in 40 million accounts that were directly impacted, while another 50 million were also considered to be potentially affected. Attackers exploited a feature in Facebook called “View As,” which essentially shows how your profile looks to others. The flaw enabled them to get ahold of so-called Access Tokens, which … [Read more...]

Filed Under: access tokens, big breaches, breach, cybercrime, data breach, facebook, Facebook breach, facebook hack, password reset, social media, social networks, View As, vulnerabilities, vulnerability
September 26, 2018

Buggy implementation of CVE-2018-8373 vulnerability used to deliver Quasar RAT

A variant of a remote code execution vulnerability with Internet Explorer’s scripting engine known as CVE-2018-8373 patched last August has been found in the wild. Looking at the IOCs posted by our colleagues at TrendMicro, we recognized the infrastructure serving this exploit. The same static domain has been active since at least early July, and is being redirected to from an adult website … [Read more...]

Filed Under: anti exploit, CVE-2018-8174, CVE-2018-8373, exploit, Exploits, Indicators of compromise, IOC, IOCs, pastebin, patch, Quasar, rat, remote administration tool, Threat analysis, virustotal, vulnerabilities, vulnerability
September 21, 2018

Simple Authentication and Security Layer (SASL) vulnerabilities

Simple Authentication and Security Layer (SASL) is an authentication layer used in Internet protocols. SASL is not a protocol, but rather a framework that provides developers of applications and shared libraries with mechanisms for authentication, data integrity–checking, and encryption. Within the framework and a few of its plugins, there are a couple of known vulnerabilities that we want to make … [Read more...]

Filed Under: authentication, brute force, cybercrime, denial of service, Exploits, mailserver, sasl, Simple Authentication and Security Layer, vulnerabilities
August 27, 2018

A week in security (August 20 – 26)

Last week on Labs, we took a look at insider threats, doubled back on the privacy of search browser extensions, profiled green card scams, revisited Defcon badgelife, and talked about what happens to a user’s accounts when they die. Other cybersecurity news There was an archiving error in Twitch HQ. Unfortunately, that left some private user messages (even those with sensitive info in them) … [Read more...]

Filed Under: a week in security, badgelife, cobalt dickens, cybersecurity, cybersecurity awareness, digital entropy of death, elections, facebook, Google, green card scam, privacy, project insecurity, ransomware, recap, ryuk, search browser extensions, Security world, superdrug, the lazarus group, twitch, vulnerabilities, Week in security, weekly blog roundup
August 9, 2018

8 everyday technologies that can make you vulnerable to cyberattacks

The technological advances of the modern world make for an exciting and convenient lifestyle. With each new development, from artificial intelligence to the Internet of Things, we make the mundane and tedious more manageable. The security vulnerabilities of the latest tech have been well documented. But what about everyday technologies that have been around for a while or are widely adopted? Those … [Read more...]

Filed Under: 101, cyberattack, cyberattacks, everyday technologies, FYI, smart phones, smart speakers, vulnerabilities, vulnerable
July 17, 2018

5 ways to find and fix open source vulnerabilities

Guest post by Limor Wainstein A recent discovery of surreptitious execution of cryptomining code by a sandboxed app, riding piggyback on the open source software (OSS) ecosystem, raises pertinent questions about the security of open source code and its dependencies. Programmers often use OSS as a jump-off for creating their software—and that includes malware authors. The rogue app, which was found … [Read more...]

Filed Under: Business, open source, open source code, Security world, vulnerabilities
May 23, 2018

Why bad coding habits die hard—and 7 ways to kill them

Developers are usually the focus of blame when software vulnerabilities cause organizational breaches. (Sometimes, quality assurance engineers are included in the flame.) Interestingly, though, hardly anyone looks at why bad coding habits form in the first place. We’re talking about the culture, the processes, the unrealistic deadlines, and—perhaps the worst of this bunch—the lack of … [Read more...]

Filed Under: 101, bad code, bad coding habits, Developers, FYI, programming, secure code, vulnerabilities
January 11, 2018

Meltdown and Spectre fallout: patching problems persist

Last week, the disclosure by multiple teams from Graz and Pennsylvania University, Rambus, Data61, Cyberus Technology, and Google Project Zero of vulnerabilities under the aliases Meltdown and Spectre rocked the security world, sending vendors scurrying to create patches, if at all possible, and laying bare a design flaw in nearly all modern processors. The fallout from these revelations continues … [Read more...]

Filed Under: Exploits, Google Project Zero, Intel, Meltdown, processor, Security world, Spectre, vulnerabilities