Main phishing and scamming trends and techniques

There are two main types of online fraud aimed at stealing user data and money: phishing and scams. Phishers primarily seek to extract confidential information from victims, such as credentials or bank card details, while scammers deploy social engineering to persuade targets to transfer money on...

A week in security (January 10 – 16)

Last week on Malwarebytes Labs: Ransomware cyberattack forces New Mexico jail to lock down Some Android users can disable 2G now and why that is a good thing Phishers on the prowl with fake parking meter QR codes Update now: Microsoft patches 97 bugs including 6 zero-days and a wormable one...

A week in security (Nov 15 – Nov 21)

Last week on Malwarebytes Labs Instagram’s memorialize feature abused to memorialize…Instagram’s boss Evasive manoeuvres: HTML smuggling explained FBI server hijacked to send up to 100,000 bogus attack mails New Mac malware raises more questions about Apple’s security patching SharkBot Android...

A week in security (November 9 – November 15)

Last week on Malwarebytes Labs, we reported on multiple patch releases: from Mozillas Firefox and Thunderbird to Googles Chrome. We also had a chat with our resident experts, Adam Kujawa and John Donovan, about the future of IoT cybersecurity in our latest Lock and Code podcast episode. Lastly, w...

Phishers Are Upping Their Game. So Should You.

Not long ago, phishing attacks were fairly easy for the average Internet user to spot: Full of grammatical and spelling errors, and linking to phony bank or email logins at unencrypted http:// vs. https:// Web pages. Increasingly, however, phishers are upping their game, polishing their copy and...

OauthApplinksServlet Open Redirect

The OauthApplinksServlet servlet has an open redirect vulnerability in the doGet that will allow phishers to lure users away from legitimate JIRA hosted sites. An open redirect vulnerability is caused by an attacker having control over a request parameter that hasn’t been validated before redirec...

OauthApplinksServlet Open Redirect

The OauthApplinksServlet servlet has an open redirect vulnerability in the doGet that will allow phishers to lure users away from legitimate JIRA hosted sites. An open redirect vulnerability is caused by an attacker having control over a request parameter that hasn’t been validated before redirec...

ConsumerConfigurationServlet Open Redirect

The ConsumerConfigurationServlet servlet has an open redirect vulnerability in the doGet method that will allow phishers to lure users away from legitimate JIRA hosted sites. An open redirect vulnerability is caused by an attacker having control over a request parameter that hasn’t been validated...

AddConsumerReciprocalServlet Open Redirect

The AddConsumerReciprocalServlet servlet has an open redirect vulnerability in the doGet method that will allow phishers to lure users away from legitimate JIRA hosted sites. An open redirect vulnerability is caused by an attacker having control over a request parameter that hasn’t been validated...

AddConsumerReciprocalServlet Open Redirect

The AddConsumerReciprocalServlet servlet has an open redirect vulnerability in the doGet method that will allow phishers to lure users away from legitimate JIRA hosted sites. An open redirect vulnerability is caused by an attacker having control over a request parameter that hasn’t been validated...

Microsoft Sues Alleged IM Spammers, Phishers

From CNet News Josh Lowensohn Microsoft is bringing out the big guns to combat instant message spam and phishing attacks done to users of its Live Messenger network. The Redmond, Wash.-based software giant filed a civil lawsuit Thursday in King County Superior Court in Seattle against Funmobile,...

Opera's HTTP authentication cuts off long server names at the end

Opera's HTTP authentication dialog is displayed when the user enters a Web pagethat requires a login name and a password. To inform the user which server itwas that asked for login credentials, the dialog displays the server name.The user has to see the entire server name. A truncated name can be...