Lucene search
K
MalwarebytesMost viewed

4706 matches found

Malwarebytes
Malwarebytes
added 2018/07/30 3:57 p.m.70 views

A week in security (July 23 – July 29)

Last week on Labs, we looked at an adware called MobiDash getting stealthy, a new strain of Mac malware called Proton that was found after two years, and the ‘Hidden Bee’ miner that was delivered via an improved drive-by download toolkit. We also delved into the security improvements expected in...

0.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/07/23 3:0 p.m.70 views

Mobile Menace Monday: Adware MobiDash gets stealthy

The Adware known as MobiDash, detected by Malwarebytes for Android as Android/Adware.MobiDash, is far from a new. However, this ad-displaying nuisance now comes with some additional stealth features. First appearing last spring, these new features are not limited to a single variant of MobiDash...

1.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/05/28 8:26 p.m.70 views

A week in security (May 21 – May 27)

Last week we told you about a Mac cryptominer using XMRig, an overview of Dreamcast related scams, part 1 of decoding Emotet, and what to do about bad coding habits that die hard. We also published the results of our second CrackMe contest. Other news How a pioneer of machine learning became one ...

0.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/04/16 4:13 p.m.70 views

Myspace vs. Facebook: the good old days?

Many people have fond memories of ye olde Myspace dotte comme, and those rose-splashed spectacles seem to have grown ever larger in light of the recent Facebook happenings. In recent days, I've seen many declaring their love for all things Tom, and how everything was just one huge barrel of laugh...

7.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2017/07/05 4:5 p.m.70 views

AdGholas malvertising thrives in the shadows of ransomware outbreaks

The latest wave of ransomware following the WannaCry outbreak has kept everyone very busy and been the topic of many conversations. In the meantime, other threat actors have been quite active and perhaps even enjoyed this complimentary diversion. This is certainly true for the most prolific...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/12/21 9:28 p.m.69 views

How Outlook notification sounds can lead to zero-click exploits

An Akamai researcher has found two vulnerabilities in Windows that can be combined to achieve a full, zero-click remote code execution RCE in Outlook. Both vulnerabilities were responsibly disclosed to Microsoft and addressed in the August 2023 and October 2023 patch Tuesdays, so the researcher...

7.5CVSS8.4AI score0.97408EPSS
Exploits18
Malwarebytes
Malwarebytes
added 2023/05/03 2:30 p.m.69 views

Oracle WebLogic Server vulnerability added to CISA list as “known to be exploited”

On May 1, 2023 the Cybersecurity and Infrastructure Security Agency CISA added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This means that Federal Civilian Executive Branch FCEB agencies are obliged to remediate the...

5.1CVSS8AI score0.99999EPSS
Exploits57
Malwarebytes
Malwarebytes
added 2022/09/14 12:0 p.m.69 views

Update now! Microsoft patches two zero-days

The Microsoft September 2022 Patch Tuesday includes fixes for two publicly disclosed zero-day vulnerabilities, one of which is known to be actively exploited. Five of the 60+ security vulnerabilities were rated as "Critical", and 57 as important. Two vulnerabilities qualify as zero-days, with one...

1.9CVSS1.3AI score0.75711EPSS
Exploits7
Malwarebytes
Malwarebytes
added 2022/08/18 7:0 p.m.69 views

Attackers waited until holidays to hit US government

The government industry in the United States dealt with heavy hitting breaches against local, federal, and state government networks, primarily during the first quarter of 2021. Our telemetry revealed a small spike in a generic backdoor detection, known as Backdoor.Agent, during March of 2021,...

4.6CVSS0.1AI score0.58132EPSS
Exploits17
Malwarebytes
Malwarebytes
added 2021/07/28 9:8 p.m.69 views

BlackMatter, a new ransomware group, claims link to DarkSide, REvil

Theres a new ransomware gang in town—and, frankly, were not at all surprised. After DarkSide disappeared—coincidentally, immediately after Colonial Pipeline gave in to the groups ransom demand of roughly $5M USD worth in Bitcoin—a new ransomware group who calls themselves BlackMatter surfaced on...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/07/27 4:34 p.m.69 views

Kaseya Unitrends has unpatched vulnerabilities that could help attackers expand a breach

It must not be easy to work at Kaseya right now. While they are working as hard as they can to help customers, and customers of their customers, recover from the REvil ransomware attack at the beginning of July, a new vulnerability in their software has been disclosed. As a sidenote, Kaseya...

0.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2020/12/01 3:36 p.m.69 views

Deep learning: An explanation and a peek into the future

Deep learning is one of the most advanced forms of machine learning, and is showing new developments in many industries. In this article, well explain the concept and give some examples of the latest and greatest ways its being used. What is deep learning? There have been many attempts at creatin...

7.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2020/04/21 3:0 p.m.69 views

The passwordless present: Will biometrics replace passwords forever?

When it comes to securing your sensitive, personally identifiable information against criminals who can engineer countless ways to snatch it from under your nose, experts have long recommended the use of strong, complex passwords. Using long passphrases with combinations of numbers, letters, and...

7.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2020/03/03 8:17 p.m.69 views

Child identity theft, part 1: On familiar fraud

In 2013, 30-year-old Axton Betz-Hamilton received an angry phone call from her father two weeks after her mother, Pam, died. "What the hell were you thinking?" he screamed. He had just unearthed a credit card statement in her name that had run over its limit from a box of her mother’s paperwork...

0.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/05/13 3:55 p.m.69 views

A week in security (May 6 – 12)

Last week on Labs, we discussed what to do when you discover a data breach, how 5G could impact cybersecurity strategy, the top six takeaways for user privacy, vulnerabilities in financial mobile apps that put consumers and businesses at risk, and in our series about vital infrastructure, we...

8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/05/03 3:0 p.m.69 views

The top six takeaways for corporate data privacy compliance

For nearly two months, Malwarebytes Labs has led readers on a journey through data privacy laws around the world, exploring the nuances between “personal information” and “personal data,” as well as between data breach notification laws in Florida, Utah, California, and Iowa. We explored the risk...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/06/13 4:15 p.m.69 views

VPNFilter malware still making waves

Last month, a piece of malware called VPNFilter caused chaos for owners of MikroTik, Lynksys, TP-Link, and Netgear equipment. Roughly 500,000 devices worldwide fell victim, with the unwanted parasite able to listen to traffic, steal credentials, damage devices, and more. Until patches started to...

7.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/03/20 3:0 p.m.69 views

The digital entropy of death: link rot

Hot on the heels of a grim blog about digital death comes…another blog about digital death. Except in this case, the recently deceased would be the links that tie the web together, otherwise known as link rot. Link rot is a weird thing. Say I blog for Puppy Chow and I write an article about the...

6.6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/03/05 6:0 p.m.69 views

Mobile Menace Monday: Olympics app has more ads than games

An app claiming to live stream the 2018 Winter Olympics but really serving up a blizzard of ads had a short run on Google Play. It was uploaded to the Play store on February 8, 2018. Since then, it's been removed. The last known existence of it on the store was a cached snapshot from February 10...

6.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/01/29 5:54 p.m.69 views

How to remove adware from your PC

“Close. Close. Close. Close,” my mother mumbles as she aggressively clicks her mouse over and over. “What’s wrong, Ma?” I’m home for the holidays, and cozy, cold evenings are often spent in front of the fireplace. This night, however, my mom is stuck at her computer. “This stupid thing won’t stop...

6.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2017/07/26 3:0 p.m.69 views

SteelCon: Mahkra ni Orroz

I recently gave a talk at Sheffield's SteelCon, a huge security event spread over a few days with no end of interesting activities taking place. My presentation, called Makhra ni Orroz, is a good 45 minutes of non stop talking and pictures and things. It's also a bit different in terms of what I...

6.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/08/15 2:0 a.m.68 views

Ford says it’s safe to drive its cars with a WiFi vulnerability

Ford has released information about a buffer overflow vulnerability in its SYNC 3 infotainment system. Ford learned from a supplier that a security researcher had discovered a vulnerability in the Wi-Fi software driver supplied for use in the SYNC 3 infotainment system available on some Ford and...

7.5CVSS8.2AI score0.10081EPSS
Exploits0
Malwarebytes
Malwarebytes
added 2023/06/14 2:0 a.m.68 views

Update Chrome now! Google fixes critical vulnerability in Autofill payments

Google has released a Chrome update which includes five security fixes. One of these security fixes is for a critical vulnerability in Autofill payments. Google labels vulnerabilities as critical if they allow an attacker to run arbitrary code on the underlying platform with the user's privileges...

6.8CVSS7.4AI score0.00942EPSS
Exploits0
Malwarebytes
Malwarebytes
added 2022/11/01 2:0 p.m.68 views

Malware on the Google Play store leads to harmful phishing sites

A family of malicious apps from developer Mobile apps Group are listed on Google Play and infected with Android/Trojan.HiddenAds.BTGTHB. In total, four apps are listed, and together they have amassed at least one million downloads. Older versions of these apps have been detected in the past as...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/08/18 10:0 a.m.68 views

Urgent update for macOS and iOS! Two actively exploited zero-days fixed

Apple has released emergency security updates to fix two zero-day vulnerabilities previously exploited by attackers to hack iPhones, iPads, or Macs. Publicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures CVE database. Its goal is to make it easier to sha...

9.2AI score0.09785EPSS
Exploits0
Malwarebytes
Malwarebytes
added 2021/11/05 2:29 p.m.68 views

Wanted! US offers $10m bounty for ransomware kingpins

The US State Department is offering a massive $10 million reward if you can help bring DarkSide to justice. The U.S. Department of State announces a reward offer of up to $10,000,000 for information leading to the identification or location of any individuals who holds a key leadership position i...

6.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/10/06 2:35 p.m.68 views

What special needs kids need to stay safe online

Online safety is hard enough for most adults. We reuse weak passwords, we click on suspicious links, and we love to share sensitive information that should be kept private and secure. Just go back a few months to watch adults gleefully sharing photos of their vaccine cards. The consequences of...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2020/02/05 7:24 p.m.68 views

Fintech security: the challenges and fails of a new era

"I have no idea how this app from my bank works, and I don't trust what I don't understand." Josh is not an old curmudgeon or luddite. He's 42 with a decent understanding of technology. Nevertheless, the changes in fintech have come too fast for him. It's not that he doesn't trust his bank. He...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/08/23 3:0 p.m.68 views

Can search extensions keep your searches private?

One of the most common things most of us do on the Internet is search, whether we are looking up the price of the latest gadget or we need to find the address of that great restaurant recommended by a friend. The dizzying number of Google search queries per second more than 40,000, on average tel...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/06/12 5:44 p.m.68 views

Internet Safety Month: How to protect your child’s privacy online

June marks the beginning of summer. It is also National Internet Safety Month. This is the perfect time to remind vacationers that while it is essential to check that everything you need is packed and ready for a trip, it is equally vital for the family to take steps in securing their devices and...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/04/25 4:18 p.m.68 views

Far Cry 5 download offers: embrace the power of “no”

The recently released Far Cry 5 is a video game where you reclaim Montana from a cult obsessed with the "power of yes" by hitting members over the head with a shovel. It's also one of the biggest sellers for publisher Ubisoft to date, and it stands to reason that many people would like to grab a...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/04/16 3:5 p.m.68 views

A week in security (April 09 – April 15)

Last week, we took a look at a malware-campaign called FakeUpdates, methods to use secure instant messaging, the inner workings of a decryption tool, and some Facebook spam campaigns. We also published our first quarterly Malwarebytes Labs CTNT report of 2018. Other news A security researcher...

7.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/02/27 6:56 p.m.68 views

Human Factor Podcast: Jenny Radcliffe and Chris Boyd

A little while ago, I was invited to take part in Jenny Radcliffe's Human Factor Podcast. With 44 episodes strong and counting!, Jenny spends an hour or so talking at length with her guests who are professional investigators, security advocates, all-round educators, tireless consultant/conference...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2017/10/05 4:19 p.m.68 views

Using ILSpy to analyze a small adware file

My curiosity was triggered when the telemetry of our heuristic scanner started showing a multitude of reports about a small file called grandfather.exe, so I went out to grab a copy and have a look at it. As you can probably tell from some of the detection names at Virustotal, this is a MSIL...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/03/21 9:22 p.m.67 views

Patch Ivanti Standalone Sentry and Ivanti Neurons for ITSM now

Ivanti has issued patches for two vulnerabilities. One was discovered in the Ivanti Standalone Sentry, which impacts all supported versions 9.17.0, 9.18.0, and 9.19.0. Older versions are also at risk. The other vulnerability impacts all supported versions of Ivanti Neurons for ITSM—2023.3, 2023.2...

8AI score0.12844EPSS
Exploits0
Malwarebytes
Malwarebytes
added 2022/02/15 1:50 p.m.67 views

Update now! Chrome patches actively exploited zero-day vulnerability

Google has released an update for its Chrome browser that includes eleven security fixes, one of which has been reportedly exploited in the wild. The vulnerability that is reported as being exploited in the wild has been assigned CVE-2022-0609. CVE-2022-0609 The vulnerability is described as a...

10AI score0.23546EPSS
Exploits0
Malwarebytes
Malwarebytes
added 2021/09/16 10:30 a.m.67 views

HP OMEN users, update your driver now!

HP has released a patch to fix a flaw in the HP OMEN driver. As far as we know the flaw isnt being actively exploited, but its worth applying the patch as soon as you can. The flaw, the fix The driver vulnerability, which is tracked as CVE-2021-3437, was found by Kasif Dekel, a senior security...

8.7AI score0.15551EPSS
Exploits0
Malwarebytes
Malwarebytes
added 2020/04/17 6:28 p.m.67 views

Discord users tempted by bots offering “free Nitro games”

The last few weeks have seen multiple instances of problematic bots appearing in Discord channels. They bring tidings of gifts, but the reality is quite a bit different. Given so many more young kids and teens are at home during the current global lockdown, they may well see this scam bouncing...

7.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/10/09 3:0 p.m.67 views

How to protect against stalkerware, a murky but dangerous mobile threat

Last week, we pledged that—in honor of National Cybersecurity Awareness and Domestic Violence Awareness months—we would continue the fight against the online scourge known as stalkerware, or applications used to track and spy on victims without their knowing consent. We told readers that, despite...

6.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/03/13 3:0 p.m.67 views

Explained: Payment Service Directive 2 (PSD2)

Payment Service Directive 2 PSD2 is the implementation of a European guideline designed to further harmonize money transfers inside the EU. The ultimate goal of this directive is to simplify payments across borders so that it's as easy as transferring money within the same country. Since the EU w...

0.6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/07/02 5:56 p.m.67 views

A week in security (June 25 – July 1)

Last week on Labs, we looked at comment moderation duties, Viagra spam on a news-making restaurant's website, and how to manage your child's online presence for Internet safety month. We also looked at a set of big breaches and leaks, as well as malware threats with a World Cup vibe. Other news...

1.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/06/25 4:29 p.m.67 views

A week in security (June 18 – June 24)

Last week, we took a deep dive into SamSam ransomware, looked at ways how to identify and delete malicious emails, recognized that there are now risks affecting job recruitment portals, analyzed a malicious Android app banking on the popularity of Fortnite, and identified causes and solutions for...

7.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/03/26 3:0 p.m.67 views

Malicious cryptomining and the blacklist conundrum

When Coinhive first came out in September of 2017, it was fairly easy to identify websites using browser miners by looking for a few lines referencing the Coinhive API within the HTML source code. Because this was a new phenomenon, even bad actors didn't have to hide their intentions, and...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/03/09 5:6 p.m.67 views

How artificial intelligence and machine learning will impact cybersecurity

Artificial intelligence AI and machine learning ML are hot topics in technology. New use cases and applications are discussed daily—from search results recommendations to smart cars. But what are cybersecurity organizations doing with this tech? What does it take to render additional security out...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2017/09/05 3:0 p.m.67 views

Expired domain names and malvertising

In Q1 and Q2 of 2017, we noticed a sharp decline in drive-by downloads coming from compromised websites. The campaigns of the past are either gone Pseudo Darkleech or have changed focus EITest using social engineering techniques. Malvertising - which has remained steady and is currently the main...

6.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2017/07/24 5:17 p.m.67 views

Bye, bye Petya! Decryptor for old versions released.

Following the outbreak of the Petya-based malware in Ukraine, the author of the original version, Janus, decided to release his master key, probably closing the project. You can read the full story here. Based on the released key, we prepared a decryptor that is capable of unlocking all the...

6.6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2017/07/12 3:0 p.m.67 views

A .NET malware abusing legitimate ffmpeg

There is a growing trend among malware authors to incorporate legitimate applications in their malicious package. This time, we analyzed a malware downloading a legitimate ffmpeg. Using this application, this simple spyware written in .NET got a powerful feature. Most of the malware is sufficient...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/06/22 2:0 a.m.66 views

Reducing your attack surface is more effective than playing patch-a-mole

On June 13, 2023 the Cybersecurity and Infrastructure Security Agency CISA issued Binding Operational Directive BOD 23-02. BOD 23-02 is titled Mitigating the Risk from Internet-Exposed Management Interfaces, and requires federal civilian agencies to remove specific networked management interfaces...

7.5CVSS8.5AI score0.98281EPSS
Exploits7
Malwarebytes
Malwarebytes
added 2022/09/13 1:0 p.m.66 views

Update now! Google patches vulnerabilities for Pixel mobile phones

Googles Pixel Update Bulletin for September included two security patches that are Pixel specific. Both underlying vulnerabilities are rated critical and could lead to privilege escalation and device takeover. The vulnerabilities Publicly disclosed computer security flaws are listed in the Common...

8.1AI score0.00106EPSS
Exploits0
Malwarebytes
Malwarebytes
added 2022/09/01 12:0 p.m.66 views

TikTok vulnerability could have allowed hijackers to take over accounts

Microsoft has released a detailed rundown of an issue, now fixed, which was potentially dangerous for users of TikTok. The problem, flagged as a "high-severity vulnerability" by Microsoft, required several steps chained together in order to function. Attackers making use of it could have...

6.8CVSS8.7AI score0.1553EPSS
Exploits0
Total number of security vulnerabilities4706