Lucene search
K
MalwarebytesMost viewed

4706 matches found

Malwarebytes
Malwarebytes
added 2022/06/30 2:1 p.m.61 views

Update now! Mozilla fixes security vulnerabilities and introduces a new privacy feature for Firefox

Mozilla released version 102.0 of the Firefox browser to Release channel users on June 28, 2022. The new version fixes 20 security vulnerabilities, five of which are classified as “High”. The new version also comes with a new privacy feature that strips parameters from URLs that track you around...

10AI score0.01064EPSS
Exploits2
Malwarebytes
Malwarebytes
added 2022/03/07 8:6 p.m.61 views

The struggle to reduce bug-fixing time is real

There are many reasons why we want a bug fixed as soon as we can, but there are also plenty of reasons why doing it “right now” is not an option. This phenomenon starts at the side of the developers. The average time to fix a bug seems to vary depending on the platform the bug was found in. What ...

9.3AI score0.11638EPSS
Exploits0
Malwarebytes
Malwarebytes
added 2021/04/26 10:31 a.m.61 views

A week in security (April 19 – 25)

Last week on Malwarebytes Labs, we interviewed Youssef Sammouda, a 21-year-old bug bounty hunter who is focused on finding vulnerabilities on Facebook. We looked into the CodeCov supply-chain attack, the vulnerabilities in Pulse Secure VPN that are being actively exploited by attackers, and the...

0.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/10/22 3:0 p.m.61 views

The forgotten domain: Exploring a link between Magecart Group 5 and the Carbanak APT

This blog post was authored by Jérôme Segura, William Tsing, and Adam Thomas. In a previous post, we described the possible overlap between certain domains registered by Magecart Group 4 and the Cobalt gang. While attribution is always a difficult endeavor, sharing TTPs can help others to connect...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/09/03 3:26 p.m.61 views

TrickBot adds new trick to its arsenal: tampering with trusted texts

Researchers from Dell Secureworks saw a new feature in TrickBot that allows it to tamper with the web sessions of users who have certain mobile carriers. According to a blog post that they published early last week, TrickBot can do this by "intercepting network traffic before it is rendered by a...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/11/13 6:55 p.m.61 views

Secret Sister scam returns in time for Christmas

The festive season may be imminent, but it’s a Facebook Secret Sister not Santa you have to steer clear of. Secret Sister has been a mainstay of Yuletide scams since at least 2015, and has come back around once more. But what is it? Your office probably has a Secret Santa scheme in place. You dra...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/10/29 3:0 p.m.61 views

Mobile Menace Monday: top five scariest mobile threats

In the spirit of this upcoming Halloween season, we thought we'd provide you with a list of the top five scariest mobile threats in our book. The list is organized from least to most haunting, based on my own humble opinion gathered from several years as a mobile threat researcher. Of course, my...

7.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/07/31 3:0 p.m.61 views

What’s in the spam mailbox this week?

We've seen a fair few spam emails in circulation this week, ranging from phishing to money muling to sexploitation. Shall we take a look? The FBI wants to give you back your money First out of the gate, we have a missive claiming to be from the FBI. Turns out you lost a huge sum of money that you...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/07/12 4:42 p.m.61 views

When three isn’t a crowd: Man-in-the-Middle (MitM) attacks explained

Gone are the days when eavesdropping is just the stuff of spies and the town gossip. In fact, it has evolved to become everyone’s favorite pastime. Thanks to the internet, it is exponentially easier now more than ever to idle by and catch juicy information than to press your ear against your...

7.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/07/02 6:36 p.m.61 views

Mac malware targets cryptomining users

Last week, a security researcher named Remco Verhoef announced the discovery of a new piece of Mac malware being distributed on cryptomining chat groups. This malware was later further analyzed by Patrick Wardle, who gave it the rather appropriate moniker OSX.Dummy. The malware was being...

7.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/03/26 5:0 p.m.61 views

A week in security (March 19 – March 25)

Last week, we looked at the growing problem of smartphone addiction, how link rot is continually slicing down portions of the web, and the theft of our intellectual property. We also explored the landscape of DDoS problems, and tackled a Stephen Hawking 419 scam. Other news What can only really b...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/01/09 5:11 p.m.61 views

RIG exploit kit campaign gets deep into crypto craze

There isn't a day that goes by without a headline about yet another massive spike in Bitcoin valuation, or a story about someone mortgaging their house to purchase the hardware required to become a serious cryptocurrency miner. If many folks are thinking about joining the 'crypto craze' movement,...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2017/11/15 12:7 a.m.61 views

New Android Trojan malware discovered in Google Play

A new piece of mobile malware has been discovered in Google Play masquerading as multiple apps: an alarm clock app, a QR scanner app, a compass app, a photo editor app, an Internet speed test app, and a file explorer app. According to Google Play data, all were last updated between October and...

7.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2017/10/20 8:41 p.m.61 views

More trouble in Google Play land

This is not a good week for Google, it seems. After our mobile security experts repeatedly discovered adware on several apps on the Google Play store, our friends at Symantec have unearthed at least eight malicious apps that are found capable of adding affected mobile devices to a botnet. Accordi...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/02/09 6:13 p.m.60 views

Ivanti urges customers to patch yet another critical vulnerability

In a new blog post, Ivanti says that it has found another vulnerability and urges customers to “immediately take action to ensure you are fully protected”. This vulnerability only affects a limited number of supported versions–Ivanti Connect Secure version 9.1R14.4, 9.1R17.2, 9.1R18.3, 22.4R2.2 a...

7.5CVSS7.6AI score0.99999EPSS
Exploits26
Malwarebytes
Malwarebytes
added 2024/01/10 6:7 p.m.60 views

Patch now! First patch Tuesday of 2024 is here

Microsoft has issued patches for 48 security vulnerabilities in the first Patch Tuesday of 2024. With a relatively low number of patches—and only two of them critical—this makes it a relatively quiet month, which is certainly not the norm in January. The Common Vulnerabilities and Exposures CVE...

6.8CVSS8.6AI score0.17168EPSS
Exploits1
Malwarebytes
Malwarebytes
added 2023/07/31 3:0 a.m.60 views

Compromised Barracuda appliances equipped with persistent backdoors by attackers

The Cybersecurity and Infrastructure Security Agency CISA has published three malware analysis reports based on malware variants associated with the exploitation of a known vulnerability in Barracuda ESG appliances. The Common Vulnerabilities and Exposures CVE database lists publicly disclosed...

7.5CVSS8.5AI score0.86956EPSS
Exploits3
Malwarebytes
Malwarebytes
added 2023/02/16 7:0 a.m.60 views

Fake Hogwarts Legacy cracks lead to adware, scams

Hogwarts Legacy, the much-anticipated Harry Potter video game, has finally landed on major gaming platforms. But, as with all games like this, it comes with a steep price tag, so it's no surprise to suddenly see websites peddling "cracked" versions of the game for free. These sites are easily...

0.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/12/06 10:22 a.m.60 views

A week in security (Nov 29 – Dec 5)

Last week on Malwarebytes Labs: CronRAT targets Linux servers with e-commerce attacks Hackers all over the world are targeting Tasmania’s emergency services Massive faceprint scraping company Clearview AI hauled over the coals Most people aren’t upgrading to Windows 11: Not the end of the world...

2.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/10/22 12:16 p.m.60 views

A bug is about to confuse a lot of computers by turning back time 20 years

For those of you that remember the fuss about the Y2K bug, this story may sound familiar. The Cybersecurity & Infrastructure Security Agency CISA has issued a warning to Critical Infrastructure CI owners and operators, and other users who get the time from GPS, about a GPS Daemon GPSD bug in GPSD...

7.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/09/10 12:40 p.m.60 views

Gamers beware: The risks of Real Money Trading (RMT) explained

Any game with an online component can be at risk from a practice known as Real Money Trading RMT, where in-game items, artefacts, characters and the like are sold for real money. It’s a big problem for developers, especially in competitive and / or massively multiplayer online role-playing game...

7.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/07/28 4:52 p.m.60 views

The Olympics: a timeline of scams, hacks, and malware

The 2020 Olympics are, after a bit of a delayed start, officially in full swing. So too is the possibility for scammers to crawl out of the woodwork. And while actual, measurable cyberrattacks and hacks surrounding The Olympics did not truly get rolling until 2008 in Beijing, The Olympic games ha...

Exploits0
Malwarebytes
Malwarebytes
added 2021/07/19 9:43 a.m.60 views

A week in security (July 12 – July 18)

Last week on Malwarebytes Labs: DNS-over-HTTPS takes another small step towards global domination Nope, that isn’t Elon Musk, and he isn’t offering a free Topmist Dust watch either Four in-the-wild exploits, 13 critical patches headline bumper Patch Tuesday Is crypto’s criminal rollercoaster...

7.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/06/11 3:26 p.m.60 views

Cloud vs on premises: 3 reasons the Cloud is winning

Thanks to the vast rollout of COVID-19 vaccines to millions of people in the US and Europe, some of us are finally seeing some semblance of a return to normalcy. And organizations, who have experienced first-hand the struggle to stay afloat during months of struggle, are expecting to transition...

7.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2020/04/28 3:15 p.m.60 views

Switching from a “Just in Time” delivery system should include planning ahead

As it becomes clear that some things will never again be the same after the global coronavirus pandemic, it is time to prepare for the future. The cybersecurity implications of upcoming changes will be most noticeable in organizations that rely on security models like the software defined...

7.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/12/23 5:41 p.m.60 views

Online privacy in 2019: a legislative review

For decades, the United States treated data privacy like an aging home, patching individual leaks and drafts only when a new storm hit. The country passed a law protecting healthcare-related information, and not much else. It then passed a law protecting video rental information, and not much els...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/10/15 3:51 p.m.60 views

Instagram clamps down on fake messages with anti-phishing tool

Instagram accounts will always be a popular target for scammers. You might not think it’s a big deal if someone has their account swiped, but it’s often the vanguard of many online businesses. A takeover, or a deletion, can be absolutely devastating. Smart hacking crews are always in the...

7.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/07/19 3:0 p.m.60 views

New Facebook ad reporting tool launches in UK

Last year, well-known consumer advice expert Martin Lewis decided to take Facebook to court for defamation. The cause? Multiple bogus adverts placed on the social network featuring his likeness, appearing via the ad network Outbrain. As a trusted face in consumer causes, scammers bolting Lewis'...

Exploits0
Malwarebytes
Malwarebytes
added 2018/09/20 4:0 p.m.60 views

6 sure signs someone is phishing you—besides email

There are several common and, unfortunately, frequently successful avenues of attack that cybercriminals can use to part you from your personal contact and financial information. These phishing attack methods include email, phone calls, corrupted software or apps, social media, advertisements, an...

6.6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/07/25 3:40 p.m.60 views

Trojans: What’s the real deal?

The fictional Greeks hiding in their legendary Trojan horse would probably be excited to learn that the default Wiki page for Trojan is, in fact, their big wooden horse thingy vs. computer infections or dubious businesses. Sorry, fictional ancient Greek warriors. It’s not that we don't think you'...

0.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/05/22 3:0 p.m.60 views

New Mac cryptominer uses XMRig

A new Mac cryptominer was discovered this week, after affected users saw their fans whirring out of control and a process named "mshelper" gobbling up CPU time like Cookie Monster. Fortunately, this malware is not very sophisticated and is easy to remove. The malware became public knowledge in a...

1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/03/01 4:0 p.m.60 views

Blast from the past: stowaway Virut delivered with Chinese DDoS bot

Recently, we described an unusual Chinese drive-by attack that was delivering a variant of the Avzhan DDoS bot. The attack also contained multiple components that were not-so-new. Among the exploits, the newest was from 2016. Avzhan is also not a recent malware—the compilation timestamp of the...

7.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2017/11/17 5:33 p.m.60 views

10 tips for safe online shopping on Cyber Monday

Shoppers familiar with the Cyber Monday circus know they’re stepping into the lion’s den. The Internet has always been a lawless place, but it becomes particularly rough during the holiday shopping season. In preparation for the frenzy, cyber villains have crafted a virtual onslaught of social...

6.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2017/11/13 8:47 p.m.60 views

A week in security (November 6 – November 12)

After coming out victorious in a case against PUPs, Malwarebytes CEO Marcin Kleczynski has this to say: We fought for our users and we won. -- Marcin Kleczynski @mkleczynski November 9, 2017 And my, do we feel like champions! You can read more about this here. Last week, we looked into the...

6.6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2017/09/07 3:0 p.m.60 views

Explained: False positives

What are false positives? False positive, which is sometimes written as f/p, is an expression commonly used in cybersecurity to denote that a file or setting has been flagged as malicious when it’s not. In statistics, false positives are called Type I errors, because they check for a particular...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2017/07/10 6:15 p.m.60 views

Roundup: your malware infection stories

You hear the cautionary tales all the time. So-and-so didn’t have an antivirus in place and was infected with malware. Such-and-such business had limited cybersecurity infrastructure and was hit with a ransomware attack. You think: Sure, but it probably won’t happen to me. I’m a safe surfer. I’ve...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/08/16 4:15 p.m.59 views

Discord.io confirms theft of 760,000 members' data

Discord.io was/is a third party service that enables owners of Discord servers to create customized, personal Discord invites. After a preview of Discord.io's users database was posted on BreachForums, the owners have decided to shut down all Discord.io services "for the foreseeable future."...

7.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/09/26 10:0 a.m.59 views

A week in security (September 19 – 25)

Last week on Malwarebytes Labs: Hookup site targeted by typo-squatters American Airlines suffers data breach after phishing incident Grand Theft Auto 6 suffers grand theft EDR vs MDR vs XDR - Whats the Difference? Scammers send fake 'Energy Bills Support Scheme' texts Tax refund phish logs...

1.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/10/22 2:11 p.m.59 views

Ransomware: Why do backups fail when you need them most?

Its widely known, and endlessly repeated, that the last, best line of defence against the potentially devastating effects of a ransomware attack is your backups. So why do we keep hearing things like this: Were also feeling relatively confident, we have a very good backup system … and then we fin...

6.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/07/15 10:55 a.m.59 views

Ransomware’s Russia problem

This blog post was written in collaboration with members of the Threat Intelligence Team. Last week, US news outlet NBC News caused a stir with an article proclaiming that the REvil ransomware used in the recent, colossal Kaseya supply-chain attack was "written to avoid computers that use Russian...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/04/28 5:6 p.m.59 views

Watch out! Android Flubot spyware is spreading fast

Using a proven method of text messages about missed deliveries, an old player on the Android malware stage has returned for an encore. This time it seems to be very active, especially in the UK where Android users are being targeted by text messages containing a link to a particularly nasty piece...

0.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/03/15 8:2 p.m.59 views

Royal Mail scam says your parcel is waiting for delivery

Expecting a delivery? Watch out for phishing attempts warning of held packages and bogus shipping fees. This Royal Mail delivery scam begins with a text message out of the blue, claiming: Your Royal Mail parcel is waiting for delivery. Please confirm the settlement amount of 2.99 GBP via:...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/03/10 8:1 a.m.59 views

REvil ransomware’s calling, and it’s not good news

The REvil ransomware AKA Sodinokibi, which operates as a Ransomware as a Service is adopting some outreach techniques after initial compromise, designed to shame victims into paying up. Shaming victims into action Malware authors and social engineers have relied on shame and the threat of exposur...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/02/19 7:17 p.m.59 views

North Korean hackers charged with $1.3 billion of cyberheists

The US Department of Justice recently unsealed indictments detailing North Koreas involvement in several global cyberattack campaigns against institutions in the financial and entertainment sectors, and money laundering schemes in certain US states. The first unsealed indictment is for hacking...

0.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/02/19 10:39 a.m.59 views

Cybersecurity in Cyberpunk 2077: the good, the bad, and the cringeworthy

What game caused some players to experience seizures, allows you to have unauthorized sex with Keanu Reeves, features a lead character who can’t keep the contents of his pants contained, was pulled from the PlayStation Store weeks after release, and still managed to shatter sales and streaming...

7.6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/02/01 10:15 a.m.59 views

A week in security (January 25 – January 31)

January 28 was Data Privacy Day, but for Malwarebytes Labs, it was Data Privacy Week. As such, were packed with more privacy coverage than you can shake a stick at, starting with some practical steps on how to make your online life private and secure, and why privacy is core to a safer internet. ...

7.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2020/02/25 5:54 p.m.59 views

Biotech health care innovations meet security challenges

The level and speed of innovations taking place in the biotech industry are baffling. On the one hand, it makes us hopeful we can quickly reduce the number of illnesses and their consequences through technological advancement—saving thousands of lives. On the other, concerns about the application...

Exploits0
Malwarebytes
Malwarebytes
added 2019/09/23 3:55 p.m.59 views

A week in security (September 16 -22)

Last week on Labs, we sounded the alarm about the relaunch of Emotet, one of the year's most dangerous forms of malware, with a new spam campaign. We also reported on how international students in UK are targeted by visa scammers, what CEOs think about a potential US data privacy law, and...

1.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/07/15 2:27 p.m.59 views

A week in security (July 8 – 14)

Last week on Malwarebytes Labs, we looked at ways to send your sensitive information in a secure fashion, examined some tactics in incident response land, and explored federal data privacy law. We also looked at how security tools can turn against you, and took a deep dive into the rather fiendis...

Exploits0
Malwarebytes
Malwarebytes
added 2019/04/29 3:54 p.m.59 views

Wall Street Market reported to have exit scammed

Around April 20, many users reported that Wall Street Market, a broadly known dark net market, had executed an exit scam, and that any pending orders were unlikely to be completed. Scamming with enterprises involving Bitcoin is not unheard of, and dark net markets with centralized escrow are...

0.7AI score
Exploits0
Total number of security vulnerabilities4706