Lucene search
K
MalwarebytesMost viewed

4709 matches found

Malwarebytes
Malwarebytes
added 2022/03/21 12:7 p.m.46 views

Facebook phish claims “Someone tried to log into your account”

Watch out for bogus Facebook phishing messages winging their way to your mailbox. The ruse is quite simple: The mail senders are relying on the recipient’s sense of panic to respond without thinking about it. The mail looks professional enough, and seeks to imitate what would be a fairly typical...

7.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/09/03 12:51 p.m.46 views

Watch what you send on anonymous SMS websites

Its a good idea to try and keep certain things private. For example, people have been using anonymous email services for years. These either hide your real email address, or replace it entirely for specific tasks. Folks will go one step further, setting aliases for each service they sign up to. I...

7.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/07/07 5:17 p.m.46 views

3 things the Kaseya attack can teach us about ransomware recovery

Only rarely do companies allow us a look inside their organization while they are recovering from a ransomware attack. Many find it more convenient to keep a low profile or to be secretive. A positive exception to this is found in the Dutch managed service provider MSP VelzArt, one of the many...

6.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/05/20 6:44 p.m.46 views

Apple confirms Macs get malware

Anyone following the court case between Epic and Apple is undoubtedly already aware of the "bombshell" dropped by Apples Craig Federighi yesterday. For those not in the know, Federighi, as part of his testimony relating to the security of Apples mobile device operating system, iOS, stated that "w...

Exploits0
Malwarebytes
Malwarebytes
added 2021/05/18 4:3 p.m.46 views

Bizarro: a banking Trojan full of nasty tricks

Researchers have discovered a new banking Trojan that has been found targeting customers of European and South American banks. They have dubbed the new Trojan Bizarro. How does Bizarro spread? The Bizarro malware spreads via Microsoft Installer MSI packages. Identified sources so far have been sp...

0.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/05/17 9:47 a.m.46 views

A week in security (May 10 – 16)

Last week on Malwarebytes Labs, we watched and reported on the Colonial Pipeline ransomware attack as developments of its story unfolded. This attack triggered the White House to refine a planned Executive Order on cybersecurity. We also profiled DarkSide, the ransomware responsible for the...

7.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/05/10 10:49 a.m.46 views

A week in security (May 3 – 9)

Last week on Malwarebytes Labs, we discussed how Spectre attacks have come back from the dead; why Facebook banned Instragram ads by Signal; we highlighted the differences between the most popular VPN protocols; pointed out that Google is about to start automatically enrolling users in two-step...

0.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/03/30 2:48 p.m.46 views

Malicious commits found in PHP code repository: What you need to know

You’ve probably heard that PHP’s Git repository was recently compromised, allowing backdoors to be added to the code located there. You may also be wondering what that means, what a supply chain attack is, and how you could be affected. Read on and well lead you though a straightforward descripti...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/03/29 7:10 a.m.46 views

Why you need to trust your VPN: Lock and Code S02E05

This week on Lock and Code, we discuss the top security headlines generated right here on Labs. In addition, we speak to Malwarebytes senior security researcher JP Taggart about the importance of trusting your VPN. Youve likely heard the benefits of using a VPN: You can watch TV shows restricted ...

0.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/03/26 1:50 p.m.46 views

Don’t post it! Six social media safety sins to say goodbye to

If you or anyone you know is committing the below social media sins, it’s time to change that habit of an online lifetime. Even the most innocuous of things can cause trouble down the line, because everyone’s threat model is different. Unfortunately, people tend to realise what their threat model...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/03/22 10:0 a.m.46 views

A week in security (March 15 – 21)

Last week on Malwarebytes Labs, our podcast featured Adam Kujawa, who talked us through our 2021 State of Malware report. We cover our own research on: Royal mail parcel scam How your iPhone can tell you if you’re being stalked Careers in cybersecurity ProxyLogon PoC whack-a-mole Teen behind 2020...

7.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/03/16 6:15 p.m.46 views

ProxyLogon PoCs trigger a game of whack-a-mole

As we reported recently, the use of the Microsoft Exchange Server ProxyLogon vulnerabilities has gone from “limited and targeted attacks” to a full-size panic in no time. Criminal activities, ranging in severity from planting crypto-miners to deploying ransomware, and conducted by numerous groups...

7.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/03/11 2:28 p.m.46 views

5 common VPN myths busted

Virtual Private Networks VPNs are popular but often misunderstood. There are many misconceptions about them—misconceptions that may be stopping people from adding a useful layer to their security and privacy defenses. So, let’s do some myth busting. 1. VPNs are for illegal activity Some people...

7.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/01/06 3:14 p.m.46 views

Retrohunting APT37: North Korean APT used VBA self decode technique to inject RokRat

This post was authored by Hossein Jazi On December 7 2020 we identified a malicious document uploaded to Virus Total which was purporting to be a meeting request likely used to target the government of South Korea. The meeting date mentioned in the document was 23 Jan 2020, which aligns with the...

7.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2020/11/25 1:24 p.m.46 views

Spotify resets some user logins after hacker database found floating online

A team of researchers working for vpnMentor has found a treasure trove in the form of an unsecured Elasticsearch database containing over 380 million records. The trove contained login credentials and other data belonging to Spotify users. So whats Spotify doing leaving its user data hanging arou...

1.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2020/11/23 3:0 p.m.46 views

Lock and Code S1Ep20: Tracking the charities that track you online with Chris Boyd

This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Chris Boyd, lead malware intelligence analyst for Malwarebytes, about charity organizations and online ad tracking. Though many might assume that these t...

0.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2020/10/14 1:29 p.m.46 views

Silent Librarian APT right on schedule for 20/21 academic year

A threat actor known as Silent Librarian/TA407/COBALT DICKENS has been actively targeting universities via spear phishing campaigns since schools and universities went back. In mid-September, we were tipped off by one of our customers about a new active campaign from this APT group. Based off a...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2020/08/12 3:0 p.m.46 views

Dutch ISP Ziggo demonstrates how not to inform your customers about a security flaw

“Can you have a look at this email I got, please?" my brother asked. “It looks convincing enough, but I don’t trust it,” he added and forwarded me the email he received from Ziggo, his Internet Service Provider ISP. Shortly after, he informed me that despite its suspicious aura, he found...

7.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2020/02/27 4:0 p.m.46 views

Stalkerware and online stalking are accepted by Americans. Why?

Despite warnings from domestic abuse networks, privacy rights advocates, and a committed faction of cybersecurity vendors, Americans may be accepting and minimizing online stalking behaviors, including the use of invasive apps that can pry into a user’s text messages, emails, photos, videos, and...

7.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2020/02/04 4:35 p.m.46 views

Washington Privacy Act welcomed by corporate and nonprofit actors

The steady parade of US data privacy legislation continued last month in Washington with the introduction of an improved bill that would grant state residents the rights to access, control, delete, and port their data, as well as opting out of data sales. The bill, called the Washington Privacy...

0.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/12/19 6:3 p.m.46 views

A decade in cybersecurity fails: the top breaches, threats, and ‘whoopsies’ of the 2010s

This post was co-authored by Wendy Zamora and Chris Boyd. All opinions expressed belong to your mom. Back in the days before climate change stretched frigid winter months directly into the insta-sweat of summer, there was a saying about March: in like a lamb, out like a lion. The same might be sa...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/05/02 3:0 p.m.46 views

Cryptojacking in the post-Coinhive era

September 2017 is widely recognized as the month in which the phenomenon that became cryptojacking began. The idea that website owners could monetize their traffic by having visitors mine for cryptocurrencies in their browser was not new, but this time around it became mainstream, thanks to an...

7.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/04/24 4:30 p.m.46 views

New Crossrider variant installs configuration profiles on Macs

A new variant of the Crossrider adware has been spotted that is infecting Macs in a unique way. For the most part, this variant is still quite ordinary, doing some of the same old things that we've been seeing for years in Mac adware. However, the use of a configuration profile introduces a uniqu...

0.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/03/30 4:0 p.m.46 views

You down with P2P? 10 tips to secure your mobile payment app

If you look at the figures, you cannot deny that the eCommerce industry is steadily growing. More and more people are doing their shopping online, not only for products and services geared toward the use of technologies and the Internet, but also for items previously only found in brick and morta...

7.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/01/29 7:0 p.m.46 views

A week in security (January 22 – January 28)

Last week on Labs, we analyzed a rogue app outbreak on Twitter, took a look at how Singapore's government is faring with network defense, and rolled out our 2017 State of Malware report. We also became visionaries in Gartner's Magic Quadrant report and explored a VR data mishap. Other news Man...

7.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/01/16 6:12 p.m.46 views

Be wary of Mega Millions winner “giveaway” on social media

I don't do lotteries, but if I did, I'd probably never, ever win in a million years. That's not a problem faced by 20-year-old Shane Missler, winner of the fourth-largest haul in Mega Millions' 21 years of handing out large bundles of cash. He's on record as saying he wants to "do some good" for...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2017/11/20 5:45 p.m.46 views

A week in security (November 13 – November 19)

Last week, we gave you some tips for the inevitable online chaos that is Cyber Monday, explained how "trusted" root certificates can sometimes be anything but, and explored the strange world of catphishing. We also pulled apart some malware found on Google Play and laid out the specifics of the...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/09/25 11:47 a.m.45 views

LinkedIn will use your data to train its AI unless you opt out now

LinkedIn plans to share user data with Microsoft and its affiliates for AI training. Framed as "legitimate interest", it won't ask for your permission—instead you'll have to opt out before the deadline. Microsoft has made major investments in ChatGPT’s creator OpenAI, and as we know, the more dat...

6.6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/10/07 1:37 p.m.45 views

iPhone flaw could read your saved passwords out loud. Update now!

Apple has issued security updates for iOS 18.0.1 and iPadOS 18.0.1 which includes a fix for a bug that could allow a user's saved passwords to be read aloud by its VoiceOver feature. VoiceOver allows users to use their iPhone or iPad even if they can't see the screen. It gives audible description...

4.3CVSS6.8AI score0.09043EPSS
Exploits0
Malwarebytes
Malwarebytes
added 2024/04/11 8:23 a.m.45 views

Microsoft’s April 2024 Patch Tuesday includes two actively exploited zero-day vulnerabilities

The April 2024 Patch Tuesday update includes patches for 149 Microsoft vulnerabilities and republishes 6 non-Microsoft CVEs. Three of those 149 vulnerabilities are listed as critical, and one is listed as actively exploited by Microsoft. Another vulnerability is claimed to be a zero-day by...

6.8CVSS8.2AI score0.45151EPSS
Exploits1
Malwarebytes
Malwarebytes
added 2024/03/22 7:23 p.m.45 views

New Go loader pushes Rhadamanthys stealer

Malware loaders also known as droppers or downloaders are a popular commodity in the criminal underground. Their primary function is to successfully compromise a machine and deploy one or multiple additional payloads. A good loader avoids detection and identifies victims as legitimate i.e. not...

7.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/02/23 1:37 p.m.45 views

Update now! ConnectWise ScreenConnect vulnerability needs your attention

ConnectWise is warning self-hosted and on-premise customers that they need to take immediate action to remediate a critical vulnerability in its ScreenConnect remote desktop software. This software is typically used in data-centers and for remote assistance. Together ConnectWise’s partners manage...

7.5CVSS8.8AI score0.99959EPSS
Exploits8
Malwarebytes
Malwarebytes
added 2023/07/13 8:15 a.m.45 views

Ransomware review: July 2023

This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, "known attacks" are those where the victim did not pay a ransom. This provides the best overall picture of...

7.5CVSS7.2AI score0.99934EPSS
Exploits15
Malwarebytes
Malwarebytes
added 2023/03/30 6:0 a.m.45 views

Update now! Apple fixes actively exploited vulnerability and introduces new features

Apple has released security updates for several products. Most notably one of the updates fixes an actively exploited vulnerability in the WebKit component of iOS 15.7.4 and iPadOS 15.7.4 that was fixed earlier in macOS Ventura 13.2.1, iOS 16.3.1, iPadOS 16.3.1, and Safari 16.3. You can find the...

9.1AI score0.09426EPSS
Exploits0
Malwarebytes
Malwarebytes
added 2023/01/15 6:15 p.m.45 views

Multiple schools hit by Vice Society ransomware attack

The real world impact of cybercrime rears its head once more, with word that 14 schools in the UK have been caught out by ransomware. The schools, attacked by the group known as Vice Society, have had multiple documents leaked online in the wake of the attack. One of the primary schools...

0.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/09/26 1:0 p.m.45 views

Windows 11 pulls ahead of Windows 10 in anti-phishing stakes

Some new security additions and changes have been announced for users of Windows, but youll have to be using Windows 11 to get the most out of them. Windows 10 users may find that this is going to be a case of falling behind the herd ever so slightly. Anti-phishing tools Enhanced phishing...

0.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/08/12 12:0 p.m.45 views

Researchers found one-click exploits in Discord and Teams

A group of security researchers have discovered a series of vulnerabilities in Electron, the software underlying popular apps like Discord, Microsoft Teams, and many others, used by tens of millions of people all over the world. Electron is a framework that allows developers to create desktop...

0.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/05/25 11:0 a.m.45 views

Update now! Multiple vulnerabilities patched in Google Chrome

Google has announced an update for the Chrome browser that includes 32 security fixes. The severity rating for one of the patched vulnerabilities is Critical. The stable channel was promoted to 102.0.5005.61/62/63 for Windows, and 102.0.5005.61 for Mac and Linux. Critical Google rates...

10AI score0.0088EPSS
Exploits0
Malwarebytes
Malwarebytes
added 2022/05/10 8:49 p.m.45 views

APT34 targets Jordan Government using new Saitama backdoor

On April 26th, we identified a suspicious email that targeted a government official from Jordans foreign ministry. The email contained a malicious Excel document that drops a new backdoor named Saitama. Following our investigation, we were able to attribute this attack to the known Iranian Actor...

7.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/02/14 1:55 p.m.45 views

Adobe patches actively exploited Magento/Adobe Commerce zero-day

Adobe has released an emergency advisory for users of its Commerce and Magento platforms. It explains that a critical zero-day vulnerability is actively being exploited in attacks against sites that use these two content management system CMSs. Users should apply the patch as soon as possible. Th...

10CVSS10AI score0.99199EPSS
Exploits5
Malwarebytes
Malwarebytes
added 2022/01/27 9:44 p.m.45 views

Let’s Encrypt to revoke “mis-issued” certificates

If you use a Let’s Encrypt SSL/TLS certificate, you may wish to check your account over the coming days. Revocation is coming, and you’ve only got until tomorrow to figure things out. What’s the deal with free certificates? If you’re running a website, you want to make sure that it’s HTTPs. It...

7.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/01/19 2:44 p.m.45 views

Mac users, update now! “Powerdir” flaw could allow attackers to spy on you

If you have been forgoing updating your Mac, this article might make you think twice. The Microsoft 365 Defender Research Team has discovered a vulnerability in macOS, which allows malicious apps to successfully bypass a users privacy preferences. This means attackers could access personal data...

4.3CVSS6.7AI score0.13453EPSS
Exploits0
Malwarebytes
Malwarebytes
added 2021/11/25 4:27 p.m.45 views

Google’s Threat Horizons report: Will the straightforward approach get results?

Google’s Cybersecurity Action Team has released a Threat Horizons report focusing on cloud security. It’s taken some criticism for being surprisingly straightforward and less complex than you may expect. On the other hand, many businesses simply don’t understand many of the threats at large...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/11/15 10:14 a.m.45 views

A week in security (Nov 8 – Nov 14)

Last week on Malwarebytes Labs Multiple video games break after domain name snafu How to remove adware on an Android phone Smart TV adverts put a wrinkle in your programming Are cybercriminals turning away from the US and targeting Europe instead? Patch now! Microsoft plugs actively exploited...

10CVSS9.2AI score0.9116EPSS
Exploits2
Malwarebytes
Malwarebytes
added 2021/08/26 4:5 p.m.45 views

US government and private sector agree to invest time, money in cybersecurity

In the wake of several high-profile ransomware attacks against critical infrastructure and major organizations in the last few months, President Biden met with private sector and education leaders to discuss a whole-of-nation effort needed to address cybersecurity threats and bolster the nation’s...

0.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/08/05 3:52 p.m.45 views

What is Tor?

Tor, The Onion Router Tor The Onion Router is free software used to keep your online communications safe and secure from outside observers. It’s designed to block tracking and eavesdropping, resist fingerprinting where services tie your browser and device information to an identity, and to hide t...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/06/30 2:6 p.m.45 views

Second colossal LinkedIn “breach” in 3 months, almost all users affected

LinkedIn has reportedly been breached—again—following reports of a massive sale of information scraped from 500M LinkedIn user profiles in the underground in May. According to Privacy Shark, the VPN company who first reported on this incident, a seller called TomLiner showed them he was in...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/06/16 7:36 p.m.45 views

Clop stopped? Ransomware gang loses Tesla and other treasures in police raid

Ukrainian law enforcement officials announced Wednesday that they had arrested several individuals involved in criminal activity committed by the Clop ransomware gang, a cybercriminal gang that helped popularize the “double extortion” model of not only threatening to encrypt a victim’s files, but...

6.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/05/20 12:20 p.m.45 views

A doctor reveals the human cost of the HSE ransomware attack

"It’s cracking, the whole thing." The words were delivered quickly, but in a thoughtful and measured way. As if the person saying them was used to delivering difficult news. Little surprise, given they belonged to a doctor. But this doctor wasnt describing a medical condition—this was their...

6.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/04/21 6:40 p.m.45 views

FBI face recognition trawl finds Capitol rioter via his girlfriend’s Instagram

Facial recognition tech is in the news again after the FBI discovered the identify of one of the Capitol rioters by using facial recognition software on his girlfriends Instagram posts. It may sound scary and invasive, but in truth, what’s happening isn’t particularly new. In this case, we have...

7AI score
Exploits0
Total number of security vulnerabilities4709