Lucene search
K
MalwarebytesMost viewed

4709 matches found

Malwarebytes
Malwarebytes
added 2021/03/17 11:39 a.m.45 views

FBI warns of increase in PYSA ransomware attacks targeting education

On March 16, the Federal Bureau of Investigation FBI issued a "Flash" alert on PYSA ransomware after an uptick on attacks this month against institutions in the education sector, particularly higher ed, K-12, and seminaries. According to the alert PDF, the United Kingdom and 12 states in the US...

7.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/03/11 4:0 p.m.45 views

Police credit “unlocked” SKY ECC encryption for organized crime bust

At the moment, I’m really torn, and I need your help. Let me tell you what is going on. I read these statements and they can’t both be true, right? “The continuous monitoring of the illegal Sky ECC communication service tool by investigators in three countries has provided invaluable insights int...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/03/05 6:28 p.m.45 views

China’s RedEcho accused of targeting India’s power grids

RedEcho, an advanced persistent threat APT group from China, has attempted to infiltrate the systems behind Indias power grids, according to a threat analysis report from Recorded Future PDF. It appears that what triggered this attempt to gain a foothold in Indias critical power generation and...

1.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/03/01 2:0 p.m.45 views

Defending online anonymity and speech with Eva Galperin: Lock and Code S02E03

This week on Lock and Code, we discuss the top security headlines generated right here on Labs. In addition, we talk to Eva Galperin, director of cybersecurity for Electronic Frontier Foundation, about the importance of protecting online anonymity and speech. In January, the New York Times expose...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/02/18 6:26 p.m.45 views

Romance scams: FTC reveals $304 million of heartache

In 2020, reported losses to the FTC for romance scams went up by 50% from 2019, totalling $304 million. And things werent exactly good before: Romance scams have cost people a fortune for 3 years running, according to the FTC. Their latest report suggests a steady rise in these kind of scams...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/01/22 6:5 p.m.45 views

Chrome wants to make your passwords stronger

A common sentiment, shared by many people down the years, is that storing passwords in browsers is a bad idea. Malware, for example, would specifically target password storage in browsers and plunder everything in sight. Password managers weren’t exactly flying off the shelves back in 2007, your...

0.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2020/10/08 7:57 p.m.45 views

Credit card skimmer targets virtual conference platform

Weve seen many security incidents affecting different websites simultaneously because they were loading the same tampered piece of code. In many instances, this is due to what we call a supply-chain attack, where a threat actor targets one company that acts as an intermediary to others. In todays...

0.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2020/08/18 7:30 p.m.45 views

The impact of COVID-19 on healthcare cybersecurity

As if stress levels in the healthcare industry weren’t high enough due to the COVID-19 pandemic, risks to its already fragile cybersecurity infrastructure are at an all-time high. From increased cyberattacks to exacerbated vulnerabilities to costly human errors, if healthcare cybersecurity wasnt...

Exploits0
Malwarebytes
Malwarebytes
added 2020/07/22 3:0 p.m.45 views

EncroChat system eavesdropped on by law enforcement

Due to the level of sophistication of the attack, and the malware code, we can no longer guarantee the security of your device. This text caused a lot of aggravation, worries, and sleepless nights. No one wants to hear the security of their device has been compromised by a malware attack. The goo...

7.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2020/06/08 3:31 p.m.45 views

Lock and Code S1Ep8: Securely working from home (WFH) with John Donovan and Adam Kujawa

This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to John Donovan, head of security at Malwarebytes, and Adam Kujawa, director of Malwarebtyes Labs, about securely working from home WFH. With shelter-in-pla...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2020/05/11 3:15 p.m.45 views

Lock and Code S1Ep6: Recognizing facial recognition’s flaws with Chris Boyd

This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Chris Boyd, lead malware intelligence analyst at Malwarebytes, about facial recognition technology—its early history, its proven failures at accuracy, an...

7.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2020/04/01 7:19 p.m.45 views

GDPR: An impact around the world

A little more than one month after the European Union enacted the General Data Protection Regulation GDPR to extend new data privacy rights to its people, the governor of California signed a separate, sweeping data protection law that borrowed several ideas from GDPR, sparking a torch in a...

0.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/12/17 5:28 p.m.45 views

New Consumer Online Privacy Rights Act (COPRA) would empower American users

Despite the already dizzying number of comprehensive data privacy proposals before the US Senate—nearly 10 have been introduced since mid-2018—yet another bill has entered the conversation: the Consumer Online Privacy Rights Act. This time, the bill, called COPRA for short, is sponsored by a...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/10/28 4:5 p.m.45 views

A week in security (October 21 – 27)

Last week on Malwarebytes Labs, we explored a link between Magecart Group 5 and the Carbanak APT, we discussed the growing rate of robocalls threatening user privacy, and we tipped you off on how to protect yourself from doxing. We were glad to see the BBC raise awareness about stalkerware, much...

0.6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/10/01 3:0 p.m.45 views

For Cybersecurity and Domestic Violence Awareness months, we pledge to fight stalkerware

Starting today, two hallmark holidays are upon us. No, it’s not Halloween and Thanksgiving. It’s both Cybersecurity Awareness Month and Domestic Violence Awareness Month. It’s no coincidence these two awareness campaigns overlap. What were once seen as separate realities—the physical and the...

0.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/09/23 6:40 p.m.45 views

Emotet malspam campaign uses Snowden’s new book as lure

Exactly one week ago, Emotet, one of the most dangerous threats to organizations in the last year, resumed its malicious spam campaigns after several months of inactivity. Based on our telemetry, we can see that the botnet started becoming chatty with its command and control servers C2, about a...

0.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/05/01 3:51 p.m.45 views

Mysterious database exposed personal information of 80 million US households

Word has broken of yet another massive data trove exposed for anyone to see. A research team from vpnMentor discovered an exposed 24GB database hosted on a Microsoft cloud server containing the addresses, income levels, and marital statuses of users within 80 million US households. As we’ve seen...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/03/13 4:30 p.m.45 views

Google’s Nest fiasco harms user trust and invades their privacy

Technology companies, lawmakers, privacy advocates, and everyday consumers likely disagree about exactly how a company should go about collecting user data. But, following a trust-shattering move by Google last month regarding its Nest Secure product, consensus on one issue has emerged: Companies...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/09/28 7:39 p.m.45 views

Millions of accounts affected in latest Facebook hack

Update 2018-10-18: According to the Wall Street Journal, the hack on Facebook was perpetrated by spammers rather than a nation state. Facebook also revised its numbers down, saying that about 30 million accounts had been compromised. Facebook announced earlier today that its social network had be...

0.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/08/15 2:0 p.m.45 views

Under the hoodie: why money, power, and ego drive hackers to cybercrime

Just one more hour behind the hot grill flipping burgers, and Derek could call it a day. Under his musty hat, his hair was matted down with sweat, and his work uniform was spattered with grease. He knew he’d smell the processed meat and smoke for the next three days, even after he’d showered. But...

7.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/05/15 6:25 p.m.45 views

GDPR causes a flood of new policies

The European Union claims that the General Data Protection Regulation GDPR, which comes to term on May 25, is the most important change in data privacy regulation in 20 years. Many companies have spent months preparing for the changes, working on policy and compliance, and introducing changes to...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/02/19 4:55 p.m.45 views

A week in security (February 12 – February 18)

Last week on Malwarebytes Labs, we looked at a huge Android cryptomining campaign, malicious apps on Google Play, and some Apple scams doing the rounds. We also explored the world of healthcare security, and dived into the land of scammy Valentine's Day tricks and cheats. Other news Thought the...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2017/11/09 1:0 p.m.45 views

Winning the battle against PUPs on your computer and in court

I know very few people, other than lawyers, that get excited about corporate court cases. But, I want to share with you a recent decision that I believe is cause for every computer user to celebrate. This week, a United States District Court judge ruled in Malwarebytes' favor, dismissing a lawsui...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2017/11/08 6:37 p.m.45 views

Of scammers and cute puppies

We’ve followed tech support scammers for quite a while at Malwarebytes. They’ve been of particular interest because of their preference for scamming the poor, the elderly, and the developmentally disabled. But there’s a diverse spectrum of online scams a criminal can profit from, and today we’re...

6.6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2017/10/26 8:44 p.m.45 views

Please don’t buy this: smart locks

We all like buying the latest and greatest tech toy. It’s fun to get new and novel features on a product that used to be boring and predictable; a draw of the original BeBox amongst many was a layer of “das blinkenlights” across the front. But sometimes, the latest feature is not always the...

7.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2017/08/16 5:57 p.m.45 views

Locky ransomware returns to the game with two new flavors

We recently observed a fresh malicious spam campaign pushed through the Necurs botnet distributing so far, two new variants of Locky ransomware. In our last Q2 2017 report on tactics and techniques, we mentioned that Locky ransomware had reappeared with a new extension, but went dark again for...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2017/06/22 3:0 p.m.45 views

Barclays Bank customers targeted by phishers

Today we have a phish targeting customers of Barclays Bank, located at: bankdotbarclaydotcodotukdotolbdotauthdotloginlinkdotactiondotp1242557947640dotchofcgdotcom/bd/ The phish opens up with an initial lunge for personal details: The first page asks for a surname, then offers the potential victim...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/04/02 2:12 p.m.44 views

Trusted Advisor now available for Mac, iOS, and Android

First released for Windows last year, the Malwarebytes Trusted Advisor dashboard is also now available on Mac, iOS and Android. Our Trusted Advisor dashboard provides an easy-to-understand assessment of your device’s security, with a single comprehensive protection score, and clear, expert-driven...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/01/11 8:13 p.m.44 views

Act now! Ivanti vulnerabilities are being actively exploited

Software vendor Ivanti has warned customers about two actively exploited vulnerabilities in all supported versions of Ivanti Connect Secure and Ivanti Policy Secure Gateways. Successful exploitation would give an attacker the ability to run arbitrary code on Ivantis Virtual Private Network VPN...

6.4CVSS8.9AI score0.99999EPSS
Exploits23
Malwarebytes
Malwarebytes
added 2023/06/27 1:0 a.m.44 views

SupremeBot and Mario cross the finish line together

Researchers have reported how popular game installers like Super Mario Games are being used to deliver malware. The malicious components include cryptominers, the SupremeBot mining client, and the open-source Umbral stealer. The game installers route offers some very distinct advantages to the...

6.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/10/06 3:30 p.m.44 views

Hundreds of Microsoft SQL servers found to be backdoored

Researchers at DCSO CyTec recently found a backdoor that specifically targets Microsoft SQL servers. The malware acts as an Extended Stored Procedure, which is a special type of extension used by Microsoft SQL servers. After scanning approximately 600,000 servers worldwide, they found 285 servers...

0.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/05/27 11:6 a.m.44 views

Firefox, Thunderbird, receive patches for critical security issues

Mozilla has published updates for two critical security issues in Firefox and Thunderbird, demonstrated during Pwn2Own Vancouver. The vulnerabilities, discovered in the Firefox JavaScript engine shared by the Firefox-based Tor browser relate to Firefox 100.0.2, Firefox for Android 100.3.0, and...

9.2AI score0.26709EPSS
Exploits0
Malwarebytes
Malwarebytes
added 2021/10/12 12:52 p.m.44 views

Inside Apple: How macOS attacks are evolving

The start of fall 2021 saw the fourth Objective by the Sea OBTS security conference, which is the only security conference to focus exclusively on Apples ecosystem. As such, it draws many of the top minds in the field. This year, those minds, having been starved of a good security conference for ...

4.3CVSS6.4AI score0.68531EPSS
Exploits5
Malwarebytes
Malwarebytes
added 2021/08/25 5:6 p.m.44 views

The best browsers for privacy and security

Unfortunately there is a low correlation factor between what most people find the best browsers and what are the best browsers when it comes to privacy and security. If you look at the market share of the most popular browsers, there is one browser that steals the crown without a lot of...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/08/05 4:54 p.m.44 views

Amazon will pay you $10 for your palm prints. Should you be worried?

Retail giant Amazon recently offered to pay $10 USD for your palm prints. Would you offer them your hand? Many seem to home in and seethe over the price being too little for something as priceless and unique as their palm print, not realizing that when it does come to registering biometric data i...

6.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/04/30 9:29 a.m.44 views

Signal app insists it’s so private it can’t provide subpoenaed call data

Signal—the private, end-to-end encrypted messaging app that surged in popularity in recent months—once again reminded criminal investigators that it could not fully comply with a legal request for user records and communications because of what it asserts as a simple, unchanging fact: The records...

6.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/03/12 7:35 p.m.44 views

Ransomware is targeting vulnerable Microsoft Exchange servers

The Microsoft Exchange attacks using the ProxyLogon vulnerability, and previously associated with the dropping of malicious web shells, are taking on a ransomware twist. Until now, the name of the game has been compromise and data exfiltration, with a bit of cryptomining on the side. To summarise...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/02/25 4:46 p.m.44 views

Scammers, profiteers, and shady sites? It must be tax season

US tax season is upon us, a time of the year when a special kind of vermin comes crawling out of the woodwork: tax scammers! Not that their goals are any different from any other scammers. They want your hard-earned dollars in their pockets. Most of the tax-related attacks follow a few tried and...

0.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/02/16 7:22 p.m.44 views

RDP, the ransomware problem that won’t go away

The year 2020 will certainly be remembered as one of the most difficult and tragic years humankind has faced in modern times. The global pandemic changed the way we live and work in ways unimaginable, perhaps forever. It also altered the cybersecurity landscape dramatically. The FBI reported a 30...

7.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/01/27 7:19 p.m.44 views

Pow! Emotet’s down. Is it out?

In a coordinated action, multiple law enforcement agencies have seized control of the Emotet botnet. Agencies from eight countries worked together to deliver what they hope will be a decisive blow against one of the worlds most dangerous and sophisticated computer security threats. The Emotet...

0.6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2020/07/10 6:10 p.m.44 views

Threat spotlight: WastedLocker, customized ransomware

WastedLocker is a new ransomware operated by a malware exploitation gang commonly known as the Evil Corp gang. The same gang that is associated with Dridex and BitPaymer. The attribution is not based on the malware variants as WastedLocker is very different from BitPaymer. What was kept was the...

6.6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2020/05/21 3:0 p.m.44 views

Shining a light on “Silent Night” Zloader/Zbot

When it comes to banking Trojans, ZeuS is probably the most famous one ever released. Since its source code originally leaked in 2011, several new variants proliferated online. That includes a past fork called Terdot Zbot/Zloader, which we extensively covered in 2017. But recently, we observed...

0.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2020/04/23 12:0 p.m.44 views

Introducing Malwarebytes Privacy

Here at Malwarebytes, we’re no strangers to using virtual private networks VPNs to protect our privacy while browsing online. Regular readers of our blog will remember that we’ve advised on VPN usage on many occasions, whether for mobile device users looking for anonymity or business owners wanti...

0.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2020/02/26 5:3 p.m.44 views

Fraudsters cloak credit card skimmer with fake content delivery network, ngrok server

Threat actors love to abuse legitimate brands and infrastructure—this, we know. Last year we exposed how web skimmers had found their way onto Amazon's Cloudfront content delivery network CDN via insecure S3 buckets. Now, we discovered scammers pretending to be CDNs while exfiltrating data and...

7.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/12/18 4:0 p.m.44 views

Spelevo exploit kit debuts new social engineering trick

2019 has been a busy year for exploit kits, despite the fact that they haven't been considered a potent threat vector for years, especially on the consumer side. This time, we discovered the Spelevo exploit kit with its virtual pants down, attempting to capitalize on the popularity of adult...

1.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/10/23 6:43 p.m.44 views

Growing rate of robocalls threatens user privacy

When a person sees a call from an unknown number and picks up to hear a recorded voice on the other end, they've received a robocall. Some are helpful, such as reminders of upcoming doctor's appointments or school announcements. However, the vast majority are from unsolicited parties trying to...

6.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/09/16 5:4 p.m.44 views

Emotet is back: botnet springs back to life with new spam campaign

After a fairly long hiatus that lasted nearly four months, Emotet is back with an active spam distribution campaign. For a few weeks, there were signs that the botnet was setting its gears in motion again, as we observed command and control C2 server activity. But this morning, the Trojan started...

0.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/07/01 5:2 p.m.44 views

A week in security (June 24 – 30)

Last week on Malwarebytes Labs, we peeled back the mystery on an elusive malware campaign that relied on blank JavaScript injections, detailed for readers our latest telemetry on the tricky GreenFlash Sundown exploit, and looked at one of the top campaigns directing traffic toward scareware pages...

0.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/03/27 3:0 p.m.44 views

Facebook’s plain text misstep, and other password sins

Two days after an article by Brian Krebs disclosed that hundreds of millions of Facebook account passwords had been stored in plain text for years, Facebook released a statement indicating they hash and salt passwords, more or less in accordance with industry best practice. Plain text storage of...

0.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/04/23 4:6 p.m.44 views

A week in security (April 16 – April 22)

Last week, we took a stroll down memory lane talking about Facebook and MySpace, noticed a change in the Magnitude exploit kit—wherein it started adopting the GandCrab ransomware, took a good look at a new form of adware that is based on Python, chatted a bit about Russian hacking with a...

6.9AI score
Exploits0
Total number of security vulnerabilities4709