Lucene search
K
MalwarebytesMost viewed

4706 matches found

Malwarebytes
Malwarebytes
added 2023/10/04 12:0 p.m.63 views

Update your Android devices now! Google patches two actively exploited vulnerabilities

Google has patched 53 vulnerabilities in its Android October security updates, two of which are known to be actively exploited. Google's security bulletin notes that there are indications that these two vulnerabilities may be under limited, targeted exploitation. If your Android phone is at patch...

7.2CVSS7.5AI score0.99735EPSS
Exploits10
Malwarebytes
Malwarebytes
added 2023/05/08 1:45 p.m.63 views

Ransomware review: May 2023

This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, "known attacks" are those where the victim didn't pay a ransom. This provides the best overall picture of...

9.8AI score0.99999EPSS
Exploits26
Malwarebytes
Malwarebytes
added 2022/09/15 12:0 p.m.63 views

Explained: Fuzzing for security

Fuzzing, or fuzz testing, is defined as an automated software testing method that uses a wide range of invalid and unexpected data as input to find flaws in the software undergoing the test. The flaws do not necessarily have to be security vulnerabilities. Fuzzing can also bring other undesirable...

7.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/05/18 12:55 p.m.63 views

Sysrv botnet is out to mine Monero on your Windows and Linux servers

In a Twitter thread, the Microsoft Security Intelligence team have revealed new information about the latest versions of the Sysrv botnet. The variant they focused on uses a range of known exploits for vulnerabilities in web apps and databases to install cryptocurrency miners on both Windows and...

6.8CVSS10AI score0.98253EPSS
Exploits54
Malwarebytes
Malwarebytes
added 2021/11/16 10:56 a.m.63 views

New Mac malware raises more questions about Apple’s security patching

Apples reputation on security has been taking a beating lately. As mentioned in some of our previous coverage, security researcher Joshua Long recently shone a light on problems with Apples security patching strategy. His findings showed a shocking number of cases where Apple patched a...

9.3CVSS9.8AI score0.14542EPSS
Exploits0
Malwarebytes
Malwarebytes
added 2020/02/13 4:36 p.m.63 views

Cyber tips for safe online dating: How to avoid privacy gaffs, exploits, and scams

Research and reporting on this article were conducted by Labs writers Chris Boyd and David Ruiz. Dating apps have been mainstream for a long time now, with nearly every possible dating scene covered—casual, long-term, gay, poly, of the Jewish faith, interested only in farmers—whatever you're...

Exploits0
Malwarebytes
Malwarebytes
added 2020/01/06 8:4 p.m.63 views

Billion-dollar search engine industry attracts vultures, shady advertisers, and cybercriminals

Search engines make money by showing users sponsored advertisements—a lot of money. This attracts attention, competition, and plenty who want a piece of the action without doing the actual work or considering the impact to those on the other end of the search bar. Because in the search business,...

6.6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/04/18 3:0 p.m.63 views

Explained: like-farming

Like-farming, aka like-harvesting, is a method used by commercial parties and scammers alike to raise the popularity of a site or domain. The ultimate dream of every like-farmer is for his post to go viral by accumulating as many likes and shares as possible from all over the world. Like-farmers...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/04/16 3:30 p.m.63 views

Hackers snab emails and more in Microsoft Outlook, Hotmail, and MSN compromise

Long-time users of certain Microsoft products, such as Hotmail, MSN, and Outlook found they may be wrapped up in a hack grabbing snippets of email information, and in some cases, a little bit more. Microsoft email services have been around forever in Internet time. Yet, many users still have a fe...

0.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/04/01 3:0 p.m.63 views

Compromising vital infrastructure: water management

It’s probably unnecessary to explain why water management is considered part of our vital infrastructure, but it's a wider field than you might expect—and almost every one of its components can be integral to our survival. We all need clean water to drink. As much as I like my coffee, I can't mak...

7.6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/12/19 4:0 p.m.63 views

Flaw in Twitter form may have been abused by nation states

Twitter announced in a blog post on Monday that they discovered and addressed a security flaw on one of their support forms. The discovery was made on November 15 — more than a month ago — and was promptly fixed the next day. From the Twitter blog on this issue: We have become aware of an issue...

7.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/10/15 3:56 p.m.63 views

A week in security (October 8 – 14)

Last week, we warned you away from some dubious Doctor Who streams, explained how Endpoint Detection and Response may not be enough, and explored what happens during a confusing supply chain story. We also showed you how to keep up with security, explained the risks of fake browser updates, and...

Exploits0
Malwarebytes
Malwarebytes
added 2018/09/21 10:55 p.m.63 views

Emotet on the rise with heavy spam campaign

The threat landscape is changing once again, now that the ocean of cryptocurrency miners has shrunk to a small lake. Over the last couple months, we've seen cybercriminals lean back on tried and true methods of financial theft and extortion, with the rise of a familiar Banking Trojan: Emotet...

6.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/09/19 3:0 p.m.63 views

A month of giveaway spam on Twitter

We've observed a low level spam campaign working its way through Twitter, with just under 2,000 posts visible on public search since September 1. Click to enlarge The posts promote what appears to be CBD oil. For those who don't know And I was one of them—still not sure if this oil is supposed to...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/08/28 3:0 p.m.63 views

Official Cardi B website plagued by spammers

We come bearing tidings of proper website maintenance and general housekeeping for singer Cardi B or rather, for her web development team. At first glance, it appeared as though her website had been hacked a few days ago. But a look under the hood told a different story. We were surprised to see...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/06/07 3:0 p.m.63 views

Malware analysis: decoding Emotet, part 2

In part two of our series on decoding Emotet, you can catch up on part 1 here, we'll cover analysis of the PowerShell code. Before we do that, however, it is a good idea to list some of the functions and calls that are used in the code for the execution. System.Runtime.InteropServices.Marshal: us...

0.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/06/04 4:51 p.m.63 views

A week in security (May 28 – June 3)

Last week on Labs, we talked about the significance of SEO poisoning in the world of search marketing, blackmail attempts against financial institutions in Canada, voice command flaws in smart assistants, survey and potential phishing scams on Instagram, and the latest changes in Office 365. We...

0.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/04/24 3:0 p.m.63 views

Securing financial data of the future: behavioral biometrics explained

Some of us would be pretty excited about a brave, new passwordless world. Gone would be the days of having to write down 27 passwords and post them beside monitor screens. Or having to yell them out loud to a colleague on the other side of the room. For banks and other financial institutions, a...

Exploits0
Malwarebytes
Malwarebytes
added 2018/03/19 5:30 p.m.63 views

Investors concerned about smartphone addiction; Apple responds with new webpage

Hot on the heels of an open letter from investors urging Apple to do more to protect children from smartphone addiction, the tech giant has recently dedicated a page on their website to families. The "Families" page, which can be accessed at apple.com/families, contains tools parents can use to s...

6.6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2017/06/29 4:39 p.m.63 views

EternalPetya and the lost Salsa20 key

We have recently been facing a huge outbreak of a new Petya-like malware armed with an infector similar to WannaCry. The research is still in progress, and the full report will be published soon. In this post, we will focus on some new important aspects of the current malware. The low-level attac...

6.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/01/26 5:0 a.m.62 views

WhatsApp hijackers take over your account while you sleep

Late last week, Twitter user Zuk @ihackbanme tweeted an issue about WhatsApp that has the potential to turn heads. The recent WhatsApp accounts takeover is simple and genius. This is how it works: You're sleeping. A "hacker" tries to login to your account via WhatsApp. You get a text message with...

0.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/07/12 1:20 p.m.62 views

Insecure password leads to Mangatoon data breach

The hugely popular Manga comics platform Mangatoon has fallen victim to a data breach. No fewer than 23 million user accounts could be at risk, thanks to a poorly secured database. Worse still, Mangatoon doesnt seem to be responding to messages from the breacher, or people notifying it that the...

7.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/04/13 10:54 a.m.62 views

NGINX zero-day vulnerability: Check if you’re affected

On April 9, hacking group BlueHornet tweeted about an experimental exploit for NGINX 1.18 and promised to warn companies affected by it. On April 10, BlueHornet claimed to have breached the China branch of UBS Securities using the NGINX vulnerability. All we learned on Twitter was that a new...

0.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/02/10 1:48 p.m.62 views

A new Magecart campaign is making waves

Malwarebytes’ researchers are closely monitoring web skimmers and have noticed that one of the infamous Magecart groups is causing a rise in the number of attacks while gobbling up over a quarter of the total number of attacks in one campaign. Magecart attacks have increased in the past 30 days i...

7.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/01/28 4:32 p.m.62 views

[updated]QNAP update stops Deadbolt ransomware, annoys some users, starts debate

Earlier this week 25 January, 2022 news broke that a ransomware group was targeting QNAP Network Attached Storage NAS devices. The threat actors claimed the attack was based on a zero-day vulnerability specific to the devices. Today QNAP® Systems, Inc. QNAP pushed out an automatic, forced, update...

6.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/09/07 12:55 p.m.62 views

Patch now! Netgear fixes serious smart switch vulnerabilities

In a security advisory, NetGear has announced it has fixed three vulnerabilities in firmware updates for several network devices. Most of the affected products are smart switches, some of them with cloud management capabilities that allow for configuring and monitoring them over the web. One of t...

0.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/09/07 12:38 p.m.62 views

ProtonMail hands user’s IP address and device info to police, showing the limits of private email

They say there’s two sides to every story. Depending on your point of view, you may have heard a recent story thats either about overreaching law enforcement and protestors exposed by organisations happy to hand over revealing data despite saying they wont. Or: BREAKING: legitimate business...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/07/12 12:28 p.m.62 views

DNS-over-HTTPS takes another small step towards global domination

Firefox recently announced that it will be rolling out DNS-over-HTTPS or DoH soon to one percent of its Canadian users as part of its partnership with CIRA the Canadian Internet Registration Authority, the Ontario-based organization responsible for managing the .ca top-level domain for Canada and...

0.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/02/23 12:15 p.m.62 views

The mystery of the Silver Sparrow Mac malware

Cyber security company Red Canary published findings last week about a new piece of Mac malware called Silver Sparrow. This malware is notable in being one of the first to include native code for Apples new M1 chips, but what is unknown about this malware is actually more interesting than what is...

0.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/02/12 5:1 p.m.62 views

Malvertising campaign on PornHub and other top adult brands exposes users to tech support scams

Threat actors involved in tech support scams have been running a browser locker campaign from November 2020 until February 2021 on the worlds largest adult platforms including PornHub. The same group behind this campaign has been active for much longer and we believe is tied to previous schemes...

7.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/01/28 9:1 a.m.62 views

3 tips to top up your privacy

Its Data Privacy Day—the perennial event that many internet users may have never heard of, but have strong feelings and opinions about the very things that birthed it in the first place. Originally created to help businesses learn about why online privacy matters, its reach has since extended to...

6.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/08/26 3:38 p.m.62 views

A week in security (August 19 – 25)

Last week on Malwarebytes Labs, we reported on the presence of Magecart on a type of poker software; outlined how the Key Negotiation of Bluetooth KNOB attack works; followed the money on a Bitcoin sextortion campaign; looked back at DEF CON 27; and reported on continuing ransomware attacks on...

Exploits0
Malwarebytes
Malwarebytes
added 2019/08/12 3:0 p.m.62 views

Facial recognition technology: force for good or privacy threat?

All across the world, governments and corporations are looking to invest in or develop facial recognition technology. From law enforcement to marketing campaigns, facial recognition is poised to make a splashy entrance into the mainstream. Biometrics are big business, and third party contracts...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/07/23 3:54 p.m.62 views

Malaysia Airlines Flight 17 investigation shows Russian disinformation campaigns have global reach

A little background: on July 17, 2014, Malaysia Airlines Flight 17 was shot from the sky on its way from Amsterdam to Kuala Lumpur above the Ukraine. The plane was hit by a surface-to-air missile, and as a result, all 298 people on board were killed. At that time, there was a revolt of pro-Russia...

6.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/01/28 6:0 p.m.62 views

A week in security (January 21 – 27)

Last week on the Malwarebytes Labs blog, we took a look at Modlishka, the latest hurdle in two-factor authentication 2FA, the potential for abuse of push notifications, a malware-phishing combo by the name of CryTekk ransomware, and why we detect PUPs, but enforce the power of users' choice. We...

7.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/12/13 4:0 p.m.62 views

Compromising vital infrastructure: the power grid

Where were you when the lights went out? That line became famous after the 1977 blackout in New York City. This power outage was caused by lightning and lasted for up to two days, depending on which part of New York you lived in. While in this case the power grid failure was a freak incident due ...

6.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/09/12 3:0 p.m.62 views

The many faces of omnichannel fraud

The rise of new technologies, social networks, and other means of online communication have brought about compelling changes in industries across the board. For example, in retail, organizations use digital tools such as websites, email, and apps to reach out to their current and potential client...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/09/07 5:8 p.m.62 views

Mac App Store apps are stealing user data

There is a concerning trend lately in the Mac App Store. Several security researchers have independently found different apps that are collecting sensitive user data and uploading it to servers controlled by the developer. This is referred to as exfiltrating the data. Some of this data is actuall...

Exploits0
Malwarebytes
Malwarebytes
added 2018/06/28 3:32 p.m.62 views

Internet Safety Month: How to manage your child’s online presence

When you hear the term "reputation risk management," you might think of a buzzword used in the business sector. Reputation risk management is a term used to describe how companies identify potential risks that may harm their reputation and mitigate them before they blow off. As companies grow, so...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/05/07 5:18 p.m.62 views

A week in security (April 30 – May 6)

Last week on Labs, we examined the Spartacus ransomware, reported about a new tactic used by the Necurs malspam campaign, informed you about the recommended Twitter password change, and discussed engaging students to start considering careers in cybersecurity. Other news NTML credentials can be...

1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/04/17 3:0 p.m.62 views

5 cybersecurity questions retailers must ask to protect their businesses

The Target breach in 2013 may not be the biggest retail breach in history, but for many retailers, it was their watershed moment. Point-of-sale PoS terminals were compromised for more than two weeks. 40 million card details and 70 million records of personal information swiped—part of which was...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/03/07 5:0 p.m.62 views

Building an incident response program: creating the framework

In part one of our series, our overview of Building an incident response plan, we discussed what regulations organizations will need to meet in order to address incident/breach response protocols laid out in the EU’s General Data Protection Regulation GDPR. This week, we’ll talk to you about step...

6.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2017/09/19 3:0 p.m.62 views

How to tell if your Mac is infected

There are a lot of reasons Mac users don’t sweat getting infected. One: They’ve got a built-in anti-malware system called XProtect that does a decent job of catching known malware. Two: Macs are not plagued by a high number of attacks. Most cybercriminals are focused on infecting PCs. And three:...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2017/09/14 3:0 p.m.62 views

Equifax aftermath: How to protect against identity theft

Who here is scrambling around in the aftermath of the recent breach at Equifax to figure out if you've been compromised? Who here is wondering what to do about it if you are? If you're one of the 143 million Americans whose data was accessed by cybercriminals, then you probably raised your hand...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2017/08/22 3:18 p.m.62 views

Explained: user agent

If you are the kind of person that uses different browsers or different devices to access websites, you may have noticed that many sites can look quite different depending on which browser you are using. When your browser sends a request to a website, it identifies itself with the user agent stri...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/06/03 1:40 p.m.61 views

WhatsApp cryptocurrency scam goes for the cash prize

This weekend a scammer tried his luck by reaching out to me on WhatsApp. It’s not that I don’t appreciate it, but trust me, it’s bad for your business. I received one message from a number hailing from the Togolese Republic. WhatsApp message from an unknow sender “Jay, your financial account has...

7.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/11/14 1:55 p.m.61 views

Credit card skimming on the rise for the holiday shopping season

As we head into shopping season, customers arent the only ones getting excited. More online shopping means more opportunities for cybercriminals to grab their share using scams and data theft. One particular threat were following closely and expect to increase over the next several weeks is credi...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/08/18 11:45 a.m.61 views

Exchange Server security updates updated

Microsoft has re-released the August 2023 Security Updates SUs for Exchange Server. The original release of the SUs, from August 8 2023, had a localization issue with Exchange Server running on a non-English Operating Systems OSes that caused Setup to stop unexpectedly, leaving Exchange services ...

7.5CVSS6.8AI score0.01858EPSS
Exploits0
Malwarebytes
Malwarebytes
added 2023/05/18 2:0 a.m.61 views

KeePass vulnerability allows attackers to access the master password

KeePass is a free open source password manager, which helps you to manage your passwords and stores them in encrypted form. In fact, KeePass encrypts the whole database, i.e. not only your passwords, but also your user names, URLs, notes, etc. That encrypted database can only be opened with the...

5CVSS6.8AI score0.04397EPSS
Exploits5
Malwarebytes
Malwarebytes
added 2022/10/18 10:0 a.m.61 views

Fake tractor fraudsters plague online transactions

The agriculture sector has been under fire from digital attacks for some time now. The primary problem so far has been ransomware, and law enforcement recently warned that malware authors may be gearing up to time their attacks in this sector for maximum damage. The FBI highlighted that attacks...

6.9AI score
Exploits0
Total number of security vulnerabilities4706