4709 matches found
300 shades of gray: a look into free mobile VPN apps
The times, they are a changin'. When users once felt free to browse the Internet anonymously, post about their innermost lives on social media, and download apps with frivolity, folks are playing things a little closer to the vest these days. Nowadays, users are paying more attention to privacy a...
8 ways to improve security on smart home devices
Every so often, a news story breaks that hackers have made their way into a smart home device and stolen personal data. Or that vulnerabilities in smart tech have been discovered that allow their producers or other cybercriminals to spy on customers. We've seen it play out over and over with smar...
How brain-machine interface (BMI) technology could create an Internet of Thoughts
She plugged the extension for car transportation in the brain-machine interface connectors at the right side of her head, and off she went. The traffic was relatively slow, so there was no need to stop working. She answered a few more emails, then unplugged her work extension. Weekend mode could...
Making the case: How to get the board to invest in government cybersecurity
Security leaders are no longer simply expected to design and implement a security strategy for their organization. As a key member of the business—and one that often sits in the C-suite—CISOs and security managers must demonstrate business acumen. In fact, Gartner estimates by 2020, 100 percent o...
Who is managing the security of medical management apps?
One truth that is consistent across every sector—be it technology or education—is that software is vulnerable, which means that any device running software applications is also at risk. While virtually any application-running device could be compromised by an attacker, vulnerabilities in medical...
When Endpoint Detection and Response (EDR) is not enough
As cybercriminals continue to validate the reality that no prevention-based security control is going to stop every threat every time, companies are expanding beyond prevention-only approaches and closing the gap with endpoint detection and response solutions. But as we consider this strategy, on...
Parenting in the Digital World: a review
Before I became a new mum not so long ago, I did the best I could to prepare myself to take care of my little one by reading a lot books. From learning how to discern possible meanings behind baby's various cries to finding out what you can and can't feed your baby once they begin eating solids. ...
Maybe you shouldn’t use LinkedIn
UPDATE: 4/6/2018 LinkedIn reached out for comment on the article, and we'd like to clarify our position based on their concerns. They wrote: Members control their connections, who can see them including keeping them private if they wish and only first degree connections can get access to your...
Panerabread.com breach could have impacted millions
Customers who signed up for a Panerabread.com account in order to order fast-casual baked goods may want to guard their dough. Security researcher Brian Krebs reported yesterday that the website for the bakery chain leaked millions of customer records, including names, emails, physical addresses,...
What Facebook’s Cambridge Analytica problem means for your data
As you may already know, there's been a security meltdown at Facebook, thanks to a company called Cambridge Analytica and Donald Trump. Facebook CEO Mark Zuckerberg insists it wasn't a breach, which is technically true. But that doesn't change the fact that the data of 50 million users was obtain...
The state of Mac malware
Mac users are often told that they don't need antivirus software, because there are no Mac viruses. However, this is not true at all, as Macs actually are affected by malware, and have been for most of their existence. Even the first well-known virus—Elk Cloner—affected Apple computers rather tha...
Presenting: Malwarebytes Labs 2017 State of Malware Report
2017 was a tumultuous year in politics, media, gender, race—and cybersecurity didn’t beat the rap. Last year was full of twists and turns in the cybercrime world, with major outbreaks, new infection methods, and the evolution of the cryptocurrency crime industry. In aiming to make sense of the...
Solution Corner: Malwarebytes for Android
People have become increasingly reliant on their mobile devices in recent years. Smartphones and tablets have revolutionized daily life. Unfortunately, such rapid growth has also attracted criminals, bringing Android up to par with Windows in terms of infection rates. Android threat landscape A...
Update now! SysAid vulnerability is actively being exploited by ransomware affiliate
Users of SysAid on-premises should take action to deal with a vulnerability. SysAid is a widely used IT service management solution that allows IT teams to manage tasks. Microsoft discovered an ongoing exploitation of a zero-day vulnerability in the SysAid IT support software in limited attacks b...
Ransomware review: February 2023
This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who builds a monthly picture of ransomware activity by monitoring the information published by ransomware gangs on their Dark Web leak sites. This information represents victims who were successfully attacke...
CircleCI: Malware stole GitHub OAuth keys, bypassing 2FA
Software development service company CircleCI has published its incident report on a breach that happened in December. CircleCI revealed an engineer's laptop was successfully infected with a yet-to-be-named information-stealing Trojan, which was used to steal an engineer's session cookie. The...
Malware targets 30 unpatched WordPress plugins
If you make use of plugins on your WordPress site and you probably do, its time to take a good look at whats running under the hood. Ars Technica reports that unpatched vulnerabilities being exploited across no fewer than 30 plugins. A long list of plugin problems If you own or operate a website...
Introducing Quarantine for Cloud Storage Scanning in Nebula
Were excited to announce Quarantine for Malwarebytes Cloud Storage Scanning CSS, a new feature which allows you to automatically quarantine threats found in your cloud storage repositories. Malwarebytes Cloud Storage Scanning is an add-on service in Nebula that scans for malware on cloud storage...
WhatsApp warns users: Fake versions of WhatsApp are trying to steal your personal info
WhatsApp boss Will Cathcart is warning users of the popular messaging app to be on their guard after the WhatsApp Security Team discovered bogus apps packing a hidden punch in the form of malware. Outside the safety of the walled garden App stores do whatever they can to try and prevent bogus...
Beware card skimmers this Black Friday
The UKs top cybercops are urging owners of small online shops to "protect their customers and profits" by guarding against card skimmers in the frenetic shopping period that starts with Black Friday, which lands on November 26 this year. The warning comes from the National Cyber Security Centre...
Password usage analysis of brute force attacks on honeypot servers
As Microsoft’s Head of Deception, Ross Bevington is responsible for setting up and maintaining honeypots that look like legitimate systems and servers. Honeypot systems are designed to pose as an attractive target for attackers. Sometimes they are left vulnerable to create a controllable and safe...
A week in security (Nov 1 – Nov 7)
Last week on Malwarebytes Labs Celebrity jewelry house Graff falls victim to ransomware Lessons from a real-life ransomware attack Is Apples Safari browser the last, best hope for web privacy? What is Twitch? Google patches zero-day vulnerability, and others, in Android Zuckerbergs Metaverse, and...
Microsoft Exchange Autodiscover flaw reveals users’ passwords
Researchers have been able to get hold of 372,072 Windows domain credentials, including 96,671 unique credentials, in slightly over 4 months by setting up a Microsoft Exchange server and using Autodiscover domains. The credentials that are being leaked are valid Windows domain credentials used to...
A week in security (August 16 – August 22)
Last week on Malwarebytes Labs: Podcast: Katie Moussouris hacked Clubhouse. Her emails went unanswered for weeks. How to troubleshoot hardware problems that look like malware problems. Analysts “strongly believe” the Russian state colludes with ransomware gangs. macOS 11’s hidden security...
A week in security (July 19 – July 25)
Last week on Malwarebytes Labs: Stopransomwaredotgov, a one-stop hub for ransomware resources Beware, crypto-scammer seeks foreigner with BLOCK CHAIN ACCOUNT Remcos RAT delivered via Visual Basic US, EU, UK, NATO blame China for “reckless” exchange attacks HiveNightmare zero-day lets anyone be...
Judge drops hammer, dishes 7 years slammer for BEC and romance scammer
A Texas resident has finally paid the price for a heady mix of malicious mail antics. A combination of business email compromise BEC scams and romance fakeouts bagged them $2.2 million across roughly 6 years. This is quite a divergent portfolio of scamming activity. You may typically assume BEC...
A week in security (June 7 – June 13)
Last week on Malwarebytes Labs: Amazon SIdewalk starts sharing your WiFi data tomorrow, thanks White hat, black hat, grey hat hackers: what’s the difference? Can two VPN “wrongs” make a right? Lock and Code S02E10 DOJ recovers pipeline ransom, signals more aggressive approach to cybercrime 800...
Russia accused of hacking Dutch police during MH17 investigation
Journalists at the Dutch newspaper "De Volkskrant" have reported that the countrys intelligence service, AIVD, discovered in 2017 that Russian hackers had broken into Dutch police systems. The De Volkskrant report is based on knowledge from anonymous sources. The reason behind this act of espiona...
Can two VPN “wrongs” make a right? Lock and Code S02E10
This week on Lock and Code, were presenting you something a little different. Were telling you a story—with no guest interview included—that involves the use of VPNs. In 2016, a mid-20s man began an intense, prolonged harassment campaign against his new roommate. He emailed her from spoofed email...
Colonial Pipeline attack expected to trigger imminent hardening of cybersecurity rules for federal agencies
UPDATE 04:23 pm Pacific Time, May 12: On Wednesday, President Joe Biden signed an Executive Order that broadly directs the Commerce Department to create cybersecurity standards for companies that sell software to the federal government. The Order comes in the immediate aftermath of a ransomware...
FIN7 sysadmin behind “billions in damage” gets 10 years
In 2018 three high-ranking members of a sophisticated international cybercrime group operating out of Eastern Europe were arrested and taken into custody by US authorities. Ukrainian nationals Dmytro Fedorov, Fedir Hladyr, and Andrii Kolpakov, were members of a prolific hacking group widely known...
How ransomware gangs are connected, sharing resources and tactics
Many of us who read the news daily encounter a regular drum beat of ransomware stories that are both worrying and heartbreaking. And what many of us don’t realize is that they are often interconnected. Some of the gangs behind the ransomware campaigns that we read about have established a...
Fake Trezor app steals more than $1 million worth of crypto coins
Several users of Trezor, a small hardware device that acts as a cryptocurrency wallet, have been duped by a fake app with the same name. The app was available on Google Play and Apple’s App Store and also claimed to be from SatoshiLabs, the creators of Trezor. According to the Washington Post, th...
Report goes “behind enemy lines” to reveal SilverFish cyber-espionage group
The PRODAFT Threat Intelligence Team has published a report pdf that gives an unusually clear look at the size and structure of organized cybercrime. It uncovered a global cybercrime campaign that uses modern management methods, sophisticated tools—including its own malware testing sandbox—and ha...
Report reveals the staggering scale of Business Email Compromise losses
Internet crime is ever present, and with the ongoing pandemic, levels of scams and fraud were exceptionally high in 2020. Opportunistic fraudsters didnt give a second thought to riding the COVID-19 wave and preying upon those who are truly in need of help, or those who truly want to help. The...
150,000 Verkada security cameras hacked—to make a point
Hackers were able to gain access to camera feeds from Verkada, a tech company that specializes in video security and physical access control, to demonstrate how prevalent surveillance is, reports say. Unfortunately, it also exposed the inner workings of hospitals, clinics, and mental health...
Are TikTok’s new settings enough to keep kids safe?
TikTok, the now widely popular social media platform that allows users to create, share, and discover, amateur short clips—usually something akin to music videos—has been enjoying explosive growth since it appeared in 2017. Since then, it hasn’t stopped growing—more so during the current pandemic...
What’s up with WhatsApp’s privacy policy?
WhatsApp has been in the news recently after changes to its privacy policy caused a surge of interest in rival messaging app Signal. Initial reports may have worried a lot of folks, leading to inevitable clarifications and corrections. But what, you may ask, actually happened? Is there a problem?...
MSPs, have you picked the right PSA for you yet?
Not long ago, we helped MSPs pick the right remote monitoring and management RMM platform for them, and make it an essential part of their service toolkit. As you may recall, an RMM is a tool that helps MSPs do the work. And what better way to track the work—and other elements associated with...
Fake COVID-19 survey hides ransomware in Canadian university attack
This post was authored by Jérôme Segura with contributions from Hossein Jazi, Hasherezade and Marcelo Rivero. In recent weeks, weve observed a number of phishing attacks against universities worldwide which we attributed to the Silent Librarian APT group. On October 19, we identified a new phishi...
Lock and Code S1Ep18: Finding consumer value in Cybersecurity Awareness Month with Jamie Court
This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Jamie Court, president of the non-profit advocacy group Consumer Watchdog, about the consumer value in Cybersecurity Awareness Month. Launched initially ...
Malspam campaign caught using GuLoader after service relaunch
They say any publicity is good publicity. But perhaps this isnt true for CloudEye, an Italian firm that claims to provide "the next generation of Windows executables protection". First described by Proofpoint security researchers in March 2020, GuLoader is a downloader used by threat actors to...
A week in security (June 22 – 28)
Last week on Malwarebytes Labs, we provided a zero-day guide for 2020 featuring recent attacks and advanced preventive techniques, and we learned how to cough in the face of scammers, offering security tips for the 2020 tax season. We also looked at a web skimmer hiding within EXIF metadata that...
Data privacy law updates eyed by Singapore
In early 2019, Singapore’s data privacy regulators proposed that the country’s data privacy law could use two new updates—a data breach notification requirement and a right of data portability for the country’s residents. The proposed additions are commonplace in several data privacy laws around...
Are our police forces equipped to deal with modern cybercrimes?
“You should have asked for the presence of a digital detective,” Karen said when I told her what happened at the police station. I had accompanied a neighbor, who is a small business owner, that had been hit with ransomware and wanted to file a report. After listening to his story, the police...
Explained: What is containerization?
Containerization. Another one of those tech buzzwords folks love to say but often have no idea what it means. A better way to organize children's toys? The act of bringing tupperware out to dinner to safely transport home leftovers? Another name for Russian dolls? Containerization is, of course,...
Ransomware continues assault against cities and businesses
Ransomware continues to make waves in the US, forcing multiple cities and organizations into tough choices. Pressed for cash and time, local government organizations are left with few options: Either pay the ransom as soon as possible and encourage criminals to continue bringing essential service...
Helping survivors of domestic abuse: What to do when you find stalkerware
We’re going to talk about something different today. We’re going to talk about domestic abuse. Earlier this year, cybersecurity company Kaspersky Lab announced that the latest upgrade to its Android app would inform users about whether their devices were running stealthy, behind-the-scenes...
Mobile Menace Monday: SMS phishing attacks target the job market
Recently, a co-worker received an enticing SMS message from ASPXPPZUPS Human Resources. It read: Tired of your old job? Join our team today, work from home and earn $6,200 per month: hire-me-zvcbrvpffy.hidden.com. Could it be that our dream job awaits via random text message? On the contrary, thi...
What’s the real value—and danger—of smart assistants?
You've heard them called virtual assistants, digital personal assistants, voice assistants, or smart assistants. Operated by artificial intelligence, technologies such as Siri, Alexa, Google Assistant, and Cortana have become ubiquitous in our culture. But what exactly do they do? And how serious...