This week on Lock and Code, we offer something special for listeners—a backstage pass to a cybersecurity training that we held for employees during Cybersecurity Awareness Month, which ended in October. The topic? The future of cybersecurity for the Internet of Things. Our guests, Chief Information Security Officer John Donovan and Security Evangelist

byPaul DucklinIn this episode: a zero-day bug in Chrome for Android, the imminent death of Adobe Flash, the evolution of “malware-as-a-service“, and the malware risks from image search. Also (oh! no!), why you should take care before you pair.Presenters: Kimberly Truong, Doug Aamoth and Paul Ducklin.Intro and outro music: Edith Mudge.LISTEN NOWCl

We had a very busy week at Malwarebytes Labs. We offered advice on Google’s patch for an actively exploited zero-day bug that affects Chrome users, our podcast talked about finding consumer value in Cybersecurity Awareness Month with Jamie Court, we provided guidance about keeping ransomware cash away from your business, pointed out how scammers ar

byPaul DucklinThis week: the DOJ’s attempt to reignite the Battle to Break Encryption; the story of the Russian hackers behind the Sandworm Team; a zero-day bug just patched in Chrome; and (oh no!) why your vocabulary needs the word “restore” even more than it needs “backup”.Presenters: Kimberly Truong, Doug Aamoth and Paul Duck

Cybersecurity has changed markedly over the last few years. The first malware dates back to the 1970s and led to the creation of the first antivirus -Reaper-, designed to detect computers infected with the malware Creeper and remove it. Since then, cybersecurity has become increasingly important and is now an essential consideration for any organization. Thi

Zero-day vulnerabilities enable threat actors to take advantage of security blindspots. Typically, a zero-day attack involves the identification of zero-day vulnerabilities, creating relevant exploits, identifying vulnerable systems, and planning the attack. The next steps are infiltration and launch.  This article examines three recent zero-day atta

As the global leader in mobile security, Zimperium is proud of the companies and governments that trust us to protect their mobile endpoints and applications. Our customers are not only well-known for their brands, they are known for being some of the most sophisticated and knowledgeable security organizations in the world. We recently spoke with several of

byJohn E DunnCybercriminals are exploiting two unpatched zero-day flaws affecting all supported versions of Windows, Microsoft has warned.The Remote Code Execution (RCE) vulnerabilities affect Adobe Type Manager (ATM) Library, the part of Windows that manages PostScript Type 1 fonts.For now, there are no CVE identifiers and the only confirmed details are in

On Monday, networking hardware maker Zyxel released security updates to plug a critical security hole in its network attached storage (NAS) devices that is being actively exploited by crooks who specialize in deploying ransomware. Today, Zyxel acknowledged the same flaw is present in many of its firewall products. This week’s story on the Zyxel patch

Patch comes amid active exploitation by ransomware gangs Networking hardware vendor Zyxel today released an update to fix a critical flaw in many of its network attached storage (NAS) devices that can be used to remotely commandeer them. The patch comes 12 days after KrebsOnSecurity alerted the company that precise instructions for exploiting the vulnerabili

Ian Pratt and Simon Crosby sold XenSource to Citrix in 2007. After working at Citrix, they decided to once again spin off and focus on cybersecurity. They are available to meet during VMWorld if you’d like to talk virtualization and security. We think of them as The Godfathers of Virtualization. They work they did with XenSource lead to what is today’s clo

Introduction In 1975, a book was published that changed the way we approach complex problems. Inspired on how nature works “Adaptation in Natural and Artificial Systems” set the bases of genetic algorithms. The release date of this blogpost is strongly linked to that book, it is a symbolic tribute to its author, John Henry Holland, who passed out

We hear about cybersecurity fails all the time. We’re happy to tell you it doesn’t have to be that way. Application isolation and containment based on virtualization is delivering results. The NSA has called out this strategy as the way forward for stopping advanced threats. To many technology folks, Application Isolation may be a new term when

Hacker groups have become highly trained organizations with access to very sophisticated and easily accessible tools and techniques. Cyberattacks have become professionalized and their economic profitability has been demonstrated countless times, turning it into a billion-dollar industry in recent years. Economic profit and jeopardizing the confidential data

News stories involving zero-day Windows kernel exploits seemingly never end. Fresh examples abound with alarming regularity and devastating effects, often involving defects with a dwell time of many months before they are formally addressed by patch updates. Despite a sustained focus by Microsoft on improving cybersecurity top to bottom, dubious new records