Lucene search
K
MalwarebytesMost viewed

4706 matches found

Malwarebytes
Malwarebytes
added 2022/06/08 9:33 p.m.53 views

MakeMoney malvertising campaign adds fake update template

Malware authors and distributors are following the ebbs and flow of the threat landscape. One campaign we have tracked for a numbers of years recently introduced a new scheme to possibly completely move away from drive-by downloads via exploit kit. In this quick blog post, we will look at this ne...

0.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/11/29 12:57 p.m.53 views

A week in security (Nov 22 – Nov 28)

Last week on Malwarebytes Labs How to defend your website against card skimmers Security researchers play peek-a-boo with Conti ransomware server Windows 10 chills out, gives sysadmins a break Please dont buy this! 3 gift card scams to watch out for this Black Friday Millions of GoDaddy customer...

0.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/08/04 4:41 p.m.53 views

NSA issues advice for securing wireless devices

By releasing an information sheet that provides guidance on securing wireless devices while in public pdf—for National Security System, Department of Defense, and Defense Industrial Base teleworkers—the NSA has provided useful information on malicious techniques used by cyber actors, and ways to...

7.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/07/12 10:8 a.m.53 views

A week in security (July 5 – July 11)

Last week on Malwarebytes Labs: Racing against a real-life ransomware attack. Podcast with Ski Kacoroski. Kaseya CEO: “The impact of this incredibly sophisticated attack is very minimal” Patch now! Emergency fix for PrintNightmare released by Microsoft. Game over: Apex Legends players locked out ...

7.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/04/28 10:16 a.m.53 views

Ransomware group threatens to leak information about police informants

UPDATE 12:12 PM Pacific Time, April 28: As of at least 9:40 AM Pacific Time, the Babuk ransomware gang removed any reference to the allegedly stolen DC Police Department data from its data leak website. This does not indicate with any certainty that the DC Police Department paid Babuk, but it is...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/04/26 5:21 p.m.53 views

Zoom deepfaker fools politicians…twice

We recently said deepfakes “remain the weapon of choice for malign interference campaigns, troll farms, revenge porn, and occasionally humorous celebrity face-swaps”. Skepticism that these techniques would work on a grand scale such as an election, remains in place. In the realm of malign...

Exploits0
Malwarebytes
Malwarebytes
added 2020/12/14 7:45 p.m.53 views

SolarWinds advanced cyberattack: What happened and what to do now

We learned more about the sophisticated attack first disclosed on December 8 when security firm FireEye reported it had been the victim of a state-sponsored adversary that stole Red Team assessment tools. On December 13 there was a new development when IT company SolarWinds announced it had been...

Exploits0
Malwarebytes
Malwarebytes
added 2020/11/20 4:0 p.m.53 views

Black Friday 2020: How to shop safely online

Black Friday 2020 promises to be somewhat different from years gone by thanks to COVID-19. The annual surge of in-store chaos and trolley dashes isn’t compatible with social distancing, and so retailers will be looking to drive shoppers online. Friday 27th November is when things kick off this...

7.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2020/11/20 3:59 p.m.53 views

Demystifying two common misconceptions with e-commerce security

Online shopping has seen a dramatic increase in the months following the Covid-19 outbreak as more and more people opt-out of visiting physical stores. Such a phenomenon does not go unnoticed or without additional consequences. During the same time period, we have seen an increase in the usual...

7.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2020/11/06 5:28 p.m.53 views

Update your iOS now! Apple patches three zero-day vulnerabilities

Apple has patched three vulnerabilities in iOS and iPadOS that were actively being exploited in targeted attacks. Vulnerabilities that are being exploited in the wild without a patch being available are referred to as zero-days. The vulnerabilities were found and disclosed by Google’s Project Zer...

0.5AI score0.22178EPSS
Exploits2
Malwarebytes
Malwarebytes
added 2020/07/07 5:20 p.m.53 views

Mac ThiefQuest malware may not be ransomware after all

Editor's note: The original name for the malware, EvilQuest, has been changed due to a legitimate game of the same name from 2012. The new name, ThiefQuest, is also more fitting for our updated understanding of the malware. The ThiefQuest malware, which was discovered last week, may not actually ...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2020/05/05 3:15 p.m.53 views

Explained: cloud-delivered security

As a counterpart to security for your assets in the cloud, you may also run into solutions that offer security from the cloud. These solutions are generally referred to as cloud-delivered security. Cloud-delivered security is sometimes called security-as-a-service which we will avoid here as it...

7.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/11/21 4:0 p.m.53 views

Explained: juice jacking

When your battery is dying and you're nowhere near a power outlet, would you connect your phone to any old USB port? Joyce did, and her mobile phone got infected. How? Through a type of cyberattack called "juice jacking." Don’t be like Joyce. Although Joyce and her infected phone are hypothetical...

0.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/10/10 3:0 p.m.53 views

Cyber insurance: here to stay, whether we like it or not

Cyber insurance has been a big talking point in infosec circles for many months now. We’ve mentioned it in passing ourselves a few times, usually in relation to ransomware attacks. This isn’t surprising; ransomware may not be the threat that brought cyber insurance to life, but it absolutely help...

6.6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/08/12 3:38 p.m.53 views

A week in security (August 5 – 11)

Last week on Malwarebytes Labs, we explained how brain-machine interface BMI technology could usher in a world of Internet of Thoughts, why having backdoors is problematic, and how we can improve the security of our smart homes. To cap off Hacker Summer Camp week, the Labs team released a special...

Exploits0
Malwarebytes
Malwarebytes
added 2019/04/03 3:43 p.m.53 views

Was this really an attempt by the Chinese?

Last weekend, during President Trump’s visit to the Mar-a-Lago resort, a 23-year-old Chinese woman attempted to gain access to the Florida resort by lying and bluffing her way in. After some discussion at the gate, she was escorted to the reception of the resort where it was found out that she wa...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/10/15 7:1 a.m.53 views

Malwarebytes Labs Cybercrime Tactics and Techniques Report (CTNT) shows shift to business targets in Q3

Once again, it's that time of year: time for the quarterly Malwarebytes Labs Cybercrime Tactics and Techniques Report. Strap in your seat belts, folks, because the third quarter of 2018 was quite a wild ride. After a sleepy first two quarters, cybercriminals shook out the cobwebs and revved up...

0.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/07/12 5:0 p.m.53 views

Block all or nothing to prevent ICO fraud?

At Malwarebytes, we feel we have reached a point where we need to ask our customers how to proceed on the subject of ICO scams. Asking for your opinion may seem strange to some of you, but Malwarebytes comes from a community of mutual help and trust. If you were unaware of this, reading how our C...

7.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/02/26 5:36 p.m.53 views

A week in security (February 19 – February 25)

Last week on Malwarebytes Labs, we gave readers a primer on encryption, took a stab at that Deepfakes tool Internet users seem to be interested in, and started a new series that talks about GDPR. We also looked at a drive-by download campaign that starts in booby-trapped Chinese websites that dro...

6.6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2017/10/16 7:0 p.m.53 views

A week in security (October 9 – October 15)

Last week on the Labs blog, we talked about GDPR as part of our series in the National Cyber Security Awareness Month NCSAM. We also discussed a new method for phishing Apple ID passwords and the possible ramifications. We analyzed the malvertising chain due to a script that was found on popular...

6.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2017/09/27 1:6 a.m.53 views

Elaborate scripting-fu used in espionage attack against Saudi Arabia Government entity

This post was co-authored by David Sánchez and Jérôme Segura We recently came across a campaign targeting a Saudi Arabia Government entity via a malicious Word document which at first reminded us of an attack we had previously described on this blog. In our previous research, we detailed how an...

6.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2017/08/28 5:0 p.m.53 views

Mobile Menace Monday: Implications of Google Play Protect

Along with the recent release of Google’s new OS, Android 8.0 Oreo, they also released a new security suite known as Google Play Protect. As blogged about in July in Play Protect: Android’s new security system is now available, this new suite has been available since mid-May. To reiterate As note...

7.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2017/07/24 4:41 p.m.53 views

A week in security (July 17 – July 23)

Over the last week, we have covered Play Protect, android’s new security system and how the Dutch police ran Hansa Market after the take down of Alpha Bay, both major players on the Dark Web. We also provided some tips on how to stay cyber safe this summer. We also saw how the Terror exploit kit...

6.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/05/14 1:17 p.m.52 views

Update Chrome now! Google releases emergency security patch

Google has released an emergency security update for its Chrome browser. The update includes a patch released four days earlier for a vulnerability which Google say is already being exploited. The easiest way to update Chrome is to allow it to update automatically, but you can end up lagging behi...

6.8CVSS7.4AI score0.11007EPSS
Exploits2
Malwarebytes
Malwarebytes
added 2023/10/31 1:0 p.m.52 views

Patch now! BIG-IP Configuration utility is vulnerable for an authentication bypass

Tech company F5 has warned customers about a critical authentication bypass vulnerability impacting its BIG-IP product line that could result in unauthenticated remote code execution. F5 provides services focused on security, reliability, and performance. BIG-IP is a collection of hardware...

7.5CVSS9.3AI score0.96515EPSS
Exploits17
Malwarebytes
Malwarebytes
added 2023/08/10 11:45 p.m.52 views

Ransomware review: August 2023

This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, "known attacks" are those where the victim did not pay a ransom. This provides the best overall picture of...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/08/02 3:15 p.m.52 views

Ivanti patches second zero-day vulnerability being used in attacks

Ivanti has issued a patch to address a second critical zero-day vulnerability that is under active attack. The vulnerability is said to be used in combination with the first vulnerability we discussed some days ago. The Cybersecurity and Infrastructure Security Agency CISA has added the new...

7.5CVSS7.6AI score0.99999EPSS
Exploits14
Malwarebytes
Malwarebytes
added 2023/03/14 4:0 a.m.52 views

Clop ransomware is victimizing GoAnywhere MFT customers

According to information gathered by BleepingComputer, the Clop ransomware group has claimed responsibility for the ransomware attacks that are tied to a vulnerability in the Fortra GoAnywhere MFT secure file-sharing solution. As we reported on February 8, Fortra released an emergency patch 7.1.2...

7.9AI score0.99999EPSS
Exploits12
Malwarebytes
Malwarebytes
added 2023/01/25 3:0 a.m.52 views

Consumer privacy and social media

Looking at the privacy related stories of 2022, its not hard to see that much of the focus was on the social media giants. Banning TikTok is slowly becoming a trend among US states. Google and Facebooks owner Meta was fined on several occasions for amounts that would have put other companies out ...

6.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/08/17 11:0 a.m.52 views

Update Chrome now! Google issues patch for zero day spotted in the wild

Google updated the Stable channel for Chrome to 104.0.5112.101 for Mac and Linux and 104.0.5112.102/101 for Windows which will roll out over the coming days/weeks. Extended stable channel has been updated to 104.0.5112.101 for Mac and 104.0.5112.102 for Windows , which will roll out over the comi...

9AI score0.04493EPSS
Exploits1
Malwarebytes
Malwarebytes
added 2022/01/18 11:32 a.m.52 views

Infamous dark net carding site UniCC to close

UniCC, the largest site on the dark web that sells credit card and debit card information, will close up shop for good, taking its affiliate site, LuxSocks, with it, too. According to Elliptic, a company that offers risk solutions for cryptoassets, the unknown UniCC administrators have made an...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/12/07 11:40 p.m.52 views

Is your web browser vulnerable to data theft? XS-Leak explained

In recent news, IT security researchers from Ruhr-Universität Bochum RUB and the Niederrhein University of Applied Sciences have disclosed 14 new cross-site leak also known as XSLeak or XS-Leak attacks that can affects modern browsers, such as Google Chrome, Microsoft Edge, Mozilla Firefox, and...

0.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/08/13 12:3 p.m.52 views

Crypto-scams you should be steering clear of in 2021

A fair few cryptocurrency scams have been doing the rounds across 2021. Most of them are similar if not identical to tactics used in previous years with an occasional twist. Here’s some of the most visible ones you should be steering clear of. Recovery code theft Many Bitcoin wallets make use of...

Exploits0
Malwarebytes
Malwarebytes
added 2021/08/09 11:10 a.m.52 views

A week in security (August 2 – August 8)

Last week on Malwarebytes Labs: RDP brute force attacks explained The 3 biggest threats reaching for your antivirus software’s off switch Zoom and gloom? Video comms org agrees to settle for $85m COVID-19 vaccine appointment system attacked in Italy Chrome casts away the padlock - is it good...

0.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/07/21 3:33 p.m.52 views

ID theft ghouls targeting Surfside victims is appalling, but no surprise

We’ve written at length about account compromise and identity theft, and how criminals will often hijack accounts belonging to dead people. In many ways, it’s the perfect crime for anyone indulging in social engineering. The amount of abandoned accounts due to death can only ever go up, and nobod...

6.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/04/19 5:20 p.m.52 views

A week in security (April 12 – 18)

Last week on Malwarebytes Labs, our podcast featured Troy Hunt, Chloé Messdaghi, and Tanya Janca who discussed security fatigue with us. We announced the release of the Malwarebytes SMB Cybersecurity Trust & Confidence Report 2021, a first-of-its-kind survey of the hardworking IT professionals on...

Exploits0
Malwarebytes
Malwarebytes
added 2021/03/30 3:56 p.m.52 views

PYSA, the ransomware attacking schools

The education sector’s cybersecurity problem has compounded in the last few months. A recent warning from the FBI, in mid-March, put schools in the US and UK on notice of increased attacks from the threat actors behind the PYSA ransomware. If this is the first time you’ve heard of this family, re...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/03/25 8:52 p.m.52 views

Perkiler malware turns to SMB brute force to spread

Researchers at Guardicore have identified a new infection vector being used by the Perkiler malware where internet-facing Windows machines are breached through SMB password brute force. Perkiler is a complex Windows malware with rootkit components that is dropped by the Purple Fox exploit kit EK...

7.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/01/28 6:15 p.m.52 views

$12m Grindr fine shows GDPR’s got teeth

As thoughts turn to Data Privacy this week in a big way, GDPR illustrates it isnt an afterthought. Grindr, the popular social network and dating platform, will likely suffer a $12 million USD fine due to privacy related complaints. What happened here, and what are the implications for future case...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2020/12/29 4:5 p.m.52 views

SearchDimension search hijackers: An overview of developments

Background information on SearchDimension SearchDimension is the name of a family of browser hijackers that makes money from ad clicks and search engine revenues. The family was named after the domain searchdimension.com that popped up in 2017, and they still sometimes use the letter combo SD in...

0.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2020/10/27 5:0 p.m.52 views

Keeping ransomware cash away from your business

A ransomware gang has made headlines for donating a big chunk of stolen funds to two charities. Two separate donations given to Children International and The Water Project rang tills to the tune of $10,000 each. Their reason was that they’re targeting “only large profitable corporations, we thin...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/11/21 5:30 p.m.52 views

Web skimmer phishes credit card data via rogue payment service platform

Heading into the holiday shopping season, we have been tracking increased activity from a threat group registering domains for skimming and phishing campaigns. While most of the campaigns implemented a web skimmer in the typical fashion—grabbing and exfiltrating data from a merchant's checkout pa...

0.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/11/04 4:37 p.m.52 views

A week in security (October 28 – November 3)

Last week on Malwarebytes Labs, we celebrated the birth of the Internet 50 years ago, highlighted reports about the US Federal Trade Commission FTC filing a case against stalkerware developer Retina-X, issued a PSI on disaster donation scams, looked at the top cybersecurity challenged SMBs face,...

7.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/09/30 3:43 p.m.52 views

A week in security (September 23 – 29)

Last week on Labs, we highlighted an Emotet campaign using Snowden’s new book as a lure, discussed how 15,000 webcams are vulnerable to attack, how insurance data security laws skirt political turmoil, and how the new iOS exploit checkm8 allows permanent compromise of iPhones. Other cybersecurity...

Exploits0
Malwarebytes
Malwarebytes
added 2019/07/10 2:19 p.m.52 views

Enterprise incident response: getting ahead of the wave

Enterprise defenders have a tough job. In contrast to small businesses, large enterprise can have thousands of endpoints, legacy hardware from mergers and acquisitions, and legacy apps that are business critical and prevent timely patching. Add to that a deluge of indicators and metadata from the...

7.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/05/29 3:0 p.m.52 views

Everything you need to know about ATM attacks and fraud: Part 1

Flashback to two years ago. At exactly 12:33 a.m., a solitary ATM somewhere in Taichung City, Taiwan, spewed out 90,000 TWD New Taiwan Dollar—about US$2,900 today—in bank notes. No one was cashing out money from the ATM at the time. In fact, this seemingly odd system glitch was actually a test: T...

7.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/08/06 4:7 p.m.52 views

A week in security (July 30 – August 5)

Last week, we posted a roundup of spam that may have landed in your mailbox, talked about what makes us susceptible to social engineering tactics, and took a deep dive into big data. Other news: Facebook claimed to have removed accounts that display behavior consistent with possible Russian actor...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/06/19 3:0 p.m.52 views

Five easy ways to recognize and dispose of malicious emails

I suppose we all get our share of spam. Some more than others. But how do we differentiate between simple commercial spam and the types of emails that want to get us in trouble? The unsolicited commercial spam email is generally easy to recognize, report, and discard, but what about more dangerou...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/06/04 3:0 p.m.52 views

Mobile Menace Monday: A race to hidden ads

Who doesn’t love a good motorcycle racing game, right? How about one easily available on Google Play, a “safe” place for all your Android app desires? How about a bike racing game that sticks with you so much, you can’t easily uninstall it? And it displays hidden ads? Wait, what!? That’s right! I...

0.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/05/22 4:0 p.m.52 views

Malwarebytes CrackMe 2: contest summary

About three weeks ago, we published our second CrackMe. It triggered a lot of interest, and we got many high-quality write-ups. Choosing the winner was really difficult! In this post, I am going to summarize the contest and comment on the received submissions. CrackMe 2 challenge The topic of the...

0.3AI score
Exploits0
Total number of security vulnerabilities4706