Lucene search
K
MalwarebytesMost viewed

4706 matches found

Malwarebytes
Malwarebytes
added 2017/07/06 5:6 p.m.74 views

The key to old Petya versions has been published by the malware author

As research concluded, the original author of Petya, Janus, was not involved in the latest attacks on Ukraine. His original malware was pirated and extended by an unknown actor read more here. As a result of the recent events, Janus probably decided to shut down the Petya project. Similarly to th...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/09/08 11:0 a.m.73 views

Your HP Support Assistant needs an update!

HP has issued a new version of its HP Support Assistant tool. Users of HP Support Assistant versions earlier than 9.11 and Fusion versions earlier than 1.38.2601.0 are affected by a high severity vulnerability. According to HP it is possible for an attacker to exploit a dynamic-link library DLL...

8.8AI score0.02776EPSS
Exploits0
Malwarebytes
Malwarebytes
added 2022/05/17 8:0 p.m.73 views

Update now! Apple patches zero-day vulnerability affecting Macs, Apple Watch, and Apple TV

Apple has released security updates for a zero-day vulnerability that affects multiple products, including Mac, Apple Watch, and Apple TV. The flaw is an out-of-bounds write issue—tracked as CVE-2022-22675—in AppleAVD, a decoder that handles specific media files. An out-of-bounds write or read fl...

8.8AI score0.12642EPSS
Exploits0
Malwarebytes
Malwarebytes
added 2020/02/07 7:24 p.m.73 views

Google Maps: online interventions with offline ramifications

The places where online life directly intersection with that lived offline will be forever fascinating, illustrated perfectly through a recent performance piece involving Google Maps, a cart, and an awful lot of mobile phones. Simon Weckert, an artist based in Berlin, Germany, showed how a little...

7.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/11/12 8:6 p.m.73 views

Vital infrastructure: securing our food and agriculture

I don’t expect to hear any arguments on whether the production of our food is important or not. So why do we hardly ever hear anything about the cybersecurity in the food and agriculture sector? Depending on the country, agriculture makes up about 5 percent of the gross domestic product. That...

7.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/10/12 4:0 p.m.73 views

Workplace violence: the forgotten insider threat

Organizations are no stranger to insider threats. In fact, for those who have been around long before the Internet, workplace violence, alongside spying is a problem many businesses have seen before and sought to address. However, the adoption and use of the Internet completely changed the way...

7.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/05/18 4:0 p.m.73 views

Why tech companies wanted Senate Bill 315 vetoed

When Georgia Senate Bill 315 SB-315 was introduced, people in the tech world anxiously awaited its fate, regardless of their geographic location. They knew that some laws initially restricted to single states become more widespread after politicians set precedents. And they knew that this law cou...

Exploits0
Malwarebytes
Malwarebytes
added 2018/04/10 3:0 p.m.73 views

‘FakeUpdates’ campaign leverages multiple website platforms

A malware campaign which seems to have started at least since December 2017 has been gaining steam by enrolling a growing number of legitimate but compromised websites. Its modus operandi relies on social engineering users with fake but convincing update notifications. Similar techniques were use...

7.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/02/23 6:0 p.m.73 views

Avzhan DDoS bot dropped by Chinese drive-by attack

The Avzhan DDoS bot has been known since 2010, but recently we saw it in wild again, being dropped by a Chinese drive-by attack. In this post, we'll take a deep dive into its functionality and compare the sample we captured with the one described in the past. Analyzed sample...

7.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/02/14 1:17 p.m.72 views

Update now! Microsoft fixes two zero-days on February Patch Tuesday

Microsoft has issued patches for 73 security vulnerabilities in its February 2024 Patch Tuesday. Among these vulnerabilities are two zero-days that are reportedly being used in the wild. The two zero-day vulnerabilities have already been added to the Cybersecurity & Infrastructure Security Agency...

7.5CVSS8.5AI score0.95443EPSS
Exploits25
Malwarebytes
Malwarebytes
added 2023/11/15 10:18 p.m.72 views

Ransomware review: November 2023

This article is based on research by Marcelo Rivero, Malwarebytes ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, "known attacks" are those where the victim did not pay a ransom. This provides the best overall picture of...

7.5CVSS10AI score0.99156EPSS
Exploits39
Malwarebytes
Malwarebytes
added 2023/05/15 11:0 p.m.72 views

Update now! Ruckus vulnerability added to CISA’s list of actively exploited bugs

Along with six older vulnerabilities, the Cybersecurity and Infrastructure Agency CISA has added a vulnerability in multiple Ruckus wireless products to the Known Exploited Vulnerabilities Catalog. This means that Federal Civilian Executive Branch FCEB agencies need to remediate these...

7.5CVSS8.1AI score0.95326EPSS
Exploits1
Malwarebytes
Malwarebytes
added 2021/07/19 1:30 p.m.72 views

StopRansomware.gov brings together information on stopping and surviving ransomware attacks

The US Department of Homeland Security DHS and the US Department of Justice DOJ—along with other federal partners—have launched a new website as part of the US governments fight against ransomware: StopRansomware.gov. StopRansomware.gov is said to be a one-stop hub for ransomware resources for...

7.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2020/12/28 5:4 p.m.72 views

A week in security (December 21- December 27)

Last week on Malwarebytes Labs we warned our readers about not so festive social media scams, how Emotet returned just in time for Christmas, we tried out some free online games your kids are playing and here’s what happened, and our VideoBytes episode talked about what penetration testing tools...

0.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2020/11/02 5:46 p.m.72 views

A week in security (October 26 – November 1)

We had a very busy week at Malwarebytes Labs. We offered advice on Googles patch for an actively exploited zero-day bug that affects Chrome users, our podcast talked about finding consumer value in Cybersecurity Awareness Month with Jamie Court, we provided guidance about keeping ransomware cash...

10CVSS1.3AI score0.99997EPSS
Exploits41
Malwarebytes
Malwarebytes
added 2020/10/15 12:2 p.m.72 views

QR code scams are making a comeback

Just when we thought the QR code was on its way out, the pandemic has led to a return of the scannable shortcut. COVID-19 has meant finding a digital equivalent to things normally handed out physically, like menus, tour guides, and other paperwork, and many organizations have adopted the QR code ...

7.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/11/18 3:47 p.m.72 views

Stalkerware’s legal enforcement problem

Content warning: This piece contains brief descriptions of domestic violence and assault against women and children. In the past five years, only two stalkerware developers, both of whom designed, marketed, and sold tools favored by domestic abusers to pry into victims’ private lives, have faced...

Exploits0
Malwarebytes
Malwarebytes
added 2019/10/11 6:4 p.m.72 views

Securing the managed service provider (MSP)

Managed service providers MSPs have been a boon to midsize enterprise. They allow for offloading technical debt to an agent with the skills and resources to manage it, thereby giving an organization room to focus on growing a business, rather than the particulars of infrastructure. For a long...

8.5CVSS0.7AI score0.01533EPSS
Exploits0
Malwarebytes
Malwarebytes
added 2019/09/25 10:44 p.m.72 views

Insurance data security laws skirt political turmoil

Across the United States, a unique approach to lawmaking has proved radically successful in making data security stronger for one industry—insurance providers. The singular approach has entirely sidestepped the prolonged, political arguments that have become commonplace when trying to pass federa...

0.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/06/10 5:30 p.m.72 views

A week in security (June 3 – 9)

Last week on Malwarebytes Labs, we rounded up some leaks and breaches, reported about Magecart skimmers found on Amazon CloudFront CDN, proudly announced we were awarded as Best Cybersecurity Vendor Blog at the annual EU Security Blogger Awards, discussed how Maine inches closer to shutting down...

7.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/03/25 3:46 p.m.72 views

A week in security (March 18 – 24)

Last week on Malwarebytes Labs, we touched on the susceptibility of hospitals against phishing attacks, password reuse, the risk of interactive TV shows to side-channel attacks, and Facebook's new and out-of-character plan to promote privacy in the platform. Other cybersecurity news A study...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/10/10 4:0 p.m.72 views

Bloomberg blunder highlights supply chain risks

Ooh boy! Talk about a back-and-forth, he said, she said story! No, we’re not talking about that Supreme Court nomination. Rather, we’re talking about Supermicro. Supermicro manufacturers the type of computer hardware that is used by technology behemoths like Amazon and Apple, as well as governmen...

7.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/01/18 4:0 p.m.72 views

New Chrome and Firefox extensions block their removal to hijack browsers

What you don't see won't hurt you, must have been the reasoning of the threat actors who created the latest batch of extensions that make these browser hijackers even more difficult to remove. The extensions redirect users away from pages where they can disable or delete them in order to drive...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2017/10/30 8:31 p.m.72 views

Know your threats: the nine scariest malware monsters

It's been a particularly ghoulish year in cybersecurity, from Russian hacks to ransomware outbreaks. The bad boogey man in the black hoodie has been pulling one over the collective public. It's dark and creepy, but users refuse to stop peeking behind the door. It's enough to make even the most...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/02/16 1:37 p.m.71 views

Microsoft Exchange vulnerability actively exploited

As it turns out, there was another actively exploited vulnerability included in Microsoft’s patch Tuesday updates for February. When Microsoft said in its update guide for CVE-2024-21410 that the vulnerability was likely to be exploited by attackers, they weren’t kidding. Soon after they changed...

7.5CVSS7.6AI score0.12661EPSS
Exploits0
Malwarebytes
Malwarebytes
added 2023/05/31 11:45 p.m.71 views

Microsoft gives Apple a migraine

On May 18, 2023, Apple published security content for macOS Ventura 13.4, macOS Monterey 12.6.6, and macOS Big Sur 11.7.7 that addressed a logic issue in libxpc. The Common Vulnerabilities and Exposures CVE database lists publicly disclosed computer security flaws. The CVE we are going to discuss...

6.7AI score0.00682EPSS
Exploits0
Malwarebytes
Malwarebytes
added 2023/03/20 8:0 a.m.71 views

Google reveals 18 chip vulnerabilities threatening mobile, wearables, vehicles

Googles Project Zero is warning of multiple significant vulnerabilities found across many models of mobile devices including Samsung Galaxy, Google Pixel, Vivo, and several forms of wearable and vehicles using certain types of components. Between late 2022 and early 2023, Project Zero reported 18...

9.4AI score0.34546EPSS
Exploits0
Malwarebytes
Malwarebytes
added 2023/01/15 6:45 p.m.71 views

Timely patching is good, but sometimes it's not enough

Ransomware gangs have shown that they can play a long game, so it shouldnt come as a surprise to learn of one prepared to wait months to make use of a compromised system. S-RMs Incident Response team shared details of a campaign attributed to the Lorenz ransomware group that exploited a specific...

10CVSS10AI score0.56556EPSS
Exploits0
Malwarebytes
Malwarebytes
added 2022/07/27 12:2 p.m.71 views

PrestaShop warns of vulnerability: Update your stores now!

A vulnerability affecting open source e-commerce platform PrestaShop could spell trouble for servers running PrestaShop websites. The 15-year-old organisations platform is currently used by around 300,000 shops worldwide. The exploit is very dependent on specific versions in use, so one PrestaSho...

9.8AI score
Exploits2
Malwarebytes
Malwarebytes
added 2022/05/24 1:0 p.m.71 views

General Motors suffers credential stuffing attack

American car manufacturer General Motors GM says it experienced a credential stuffing attack last month. During the attack customer information and reward points were stolen. The subject of the attack was an online platform, run by GM, to help owners of Chevrolet, Buick, GMC, and Cadillac vehicle...

1.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/07/27 3:44 p.m.71 views

The Clubhouse database “breach” is likely a non-breach. Here’s why.

Before the work week ended last week Friday, a security researcher found a leak of what is claimed to be full phone numbers of users of Clubhouse, the new social media app everyone is talking about and just recently came out of beta. Clubhouse is an audio-only social media platform where, unlike...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2020/06/11 3:30 p.m.71 views

Search hijackers change Chrome policy to remote administration

The latest type of installer in the saga of search hijacking changes a Chrome policy which tells users it can’t be removed because the browser is managed from the outside. As you can imagine, that has freaked out quite a few Chrome users. We have talked about the search hijacker’s business model ...

1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2020/03/10 3:46 p.m.71 views

Rocket Loader skimmer impersonates CloudFlare library in clever scheme

Update: The digital certificate issued for https.ps has been revoked by GlobalSign. Fraudsters are known for using social engineering tricks to dupe their victims, often times by impersonating authority figures to instill trust. In a recent blog post, we noted how criminals behind Magecart skimme...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2020/01/28 4:0 p.m.71 views

Explained: the strengths and weaknesses of the Zero Trust model

In a US court of law, the accused are deemed to be innocent until proven guilty. In a Zero Trust security model, the opposite is true. Everything and everyone must be considered suspect—questioned, investigated, and cross-checked—until we can be absolutely sure it is safe to be allowed. Zero Trus...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/09/19 3:54 p.m.71 views

CEOs offer their own view of a US data privacy law

Last week, the chief executives of more than 50 mid- and large-sized companies urged Congress to pass a national data privacy law to regulate how companies collect, use, and share Americans’ data. Buried deep within the chief executives’ recommendations for such a law, presented as a policy...

0.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/07/11 5:34 p.m.71 views

Caution: Misuse of security tools can turn against you

We have a saying in Greece: "They assigned the wolf to watch over the sheep." In a security context, this is a word of caution about making sure the tools we use to keep our information private don't actually cause the data leaks themselves. In this article, I will be talking about some cases tha...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/05/08 4:30 p.m.71 views

Vulnerabilities in financial mobile apps put consumers and businesses at risk

Security hubris. It’s the phrase we use to refer to our feeling of confidence grounded on assumptions we all have but may not be aware of or care to admit about cybersecurity—and, at times, privacy. It rears its ugly head when 1 we share the common notion that programmers know how to code securel...

0.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/12/19 3:0 p.m.71 views

Yes, Chromebooks can and do get infected

As a Mac malware specialist, I've seen more than my share of folks saying "Macs don't get viruses" over the years. I've seen and experienced first-hand that this isn't true—even on iOS, where despite having tight, built-in security, iPhones are still capable of getting infected by rare malware. I...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/06/21 3:0 p.m.71 views

What’s causing the cybersecurity skills gap?

The proliferation of next-gen technology into mainstream society has been a boon for consumers, entrepreneurs, and business owners alike. Between the rise of mobile computing, the Internet of Things IoT, and modern social media, our society is more connected than ever before. But all of this...

0.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2017/07/31 7:21 p.m.71 views

A week in security (July 24 – July 30)

Last week, we recognized one of the unsung heroes of our times, explained what the Dark Web is, revealed challenges one of our experienced when putting together his conference presentation for SteelCon, revealed the potential dangers of smart toys to kids, and made a prediction following the...

7.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2017/07/25 4:30 p.m.71 views

FBI: Smart toys could harm children’s privacy and physical safety

The Federal Bureau of Investigation has recently issued a Public Service Announcement PSA, encouraging consumers—parents, in particular—to think twice before purchasing internet-connected toys. Smart toys and entertainment devices for kids are part of the Internet of Things, and as such, they hav...

6.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2017/06/26 2:0 p.m.71 views

Something’s phishy: How to detect phishing attempts

Dear you, It appears you need to update your information. Click here to tell us all your secrets. No really, it's totally safe. We're not going to steal your identity, we swear. If only phishing attempts were that obvious. Instead, these days it's hard to tell a phish apart from a foul, if you...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/05/22 1:0 a.m.70 views

A week in security (May 15-21)

Last week on Malwarebytes Labs: Why we should be more open about ransomware attacks Windows 11 is showing its first signs of Rust Update now! Ruckus vulnerability added to CISAs list of actively exploited bugs 3 reasons to use a VPN PharMerica breach impacts almost 6 million people Leaked Babuk...

7.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/04/30 7:52 p.m.70 views

Task Force delivers strategic plan to address global ransomware problem

The Ransomware Task Force RTF, a think tank composed of more than 60 volunteer experts who represent organizations encompassing industries and governments, has recently pushed out a comprehensive and strategic plan for tackling the increasing threat and evolution of ransomware. The report, entitl...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/01/28 8:1 a.m.70 views

Why Data Privacy Day matters: A Lock and Code special with Mozilla, DuckDuckGo, and EFF

You can read our full-length blog here about the importance of Data Privacy Day and data privacy in general Today is a special day, not just because January 28 marks Data Privacy Day in the United States and in several countries across the world, but because it also marks the return of our hit...

Exploits0
Malwarebytes
Malwarebytes
added 2020/05/27 3:0 p.m.70 views

Coalition Against Stalkerware bulks up global membership

Today, the Coalition Against Stalkerware brought aboard 11 new organizations to address the potentially dangerous capabilities of stalkerware, an invasive, digital threat that can rob individuals of their expectation of, and right to, privacy. These types of apps can provide domestic abusers with...

0.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/03/14 3:0 p.m.70 views

Emotet revisited: pervasive threat still a danger to businesses

One of the most common and pervasive threats for businesses today is Emotet, a banking Trojan turned downloader that has been on our list of top 10 detections for many months in a row. Emotet, which Malwarebytes detects as Trojan.Emotet, has been leveled at consumers and organizations across the...

6.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/11/26 6:21 p.m.70 views

A week in security (November 19 – 25)

Last week on Malwarebytes Labs, we took a look at a devastating business email compromise attack, web skimming antics, and the fresh perils of Deepfakes. We also checked out some Chrome bug issues, and took the deepest of deep dives into DNA testing. Other cybersecurity news Adobe Flash bug—get...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/09/14 4:0 p.m.70 views

HMRC phish swipes email login, payment details

It's not tax season in the UK, but that hasn't deterred scammers from sending out mail looking to swipe both card details and email logins in one fell swoop. The email, which claims UKGOV has issued a tax refund to the tune of 542.94 GBP, arrives under the following title, which is spectacularly...

7.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/08/22 4:3 p.m.70 views

Badgelife: A Defcon 26 retrospective

One more year gone, one more Defcon completed. Defcon is the longest-running security conference in existence and one that I have been attending since Defcon 18. It is an opportunity to see and interact in real life with industry peers that would forever remain a digital persona otherwise. It is...

Exploits0
Total number of security vulnerabilities4706