Lucene search
K
MalwarebytesMost viewed

4709 matches found

Malwarebytes
Malwarebytes
added 2017/10/27 7:1 a.m.44 views

Traditional AV solutions shown ineffective in real-time global heat map

It's no secret that antivirus technology AV has faced increased scrutiny in the tech industry for quite some time. With signature-based detection methods, traditional AV solutions are simply weak against unknown malware and other malicious content. Meanwhile, consumers and businesses continue to...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2017/09/01 4:52 p.m.44 views

Insider threats in your work inbox

Recently, our friends at Barracuda found a new phishing campaign that banks on the popularity of cloud services used in most businesses, such as Microsoft Office 365. According to their blog post, this latest scheme takes advantage of the natural trust employees place on messages they receive fro...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2017/07/19 9:25 p.m.44 views

Terror EK actor experiments with URL shortener fraud

Terror EK is an exploit kit made from a mishmash of stolen code and with very limited distribution. In the past few months, we have seen a few minor updates to its code base which remains largely simplistic in comparison to professional-grade exploit kits of the past such as Angler EK, or...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/02/09 3:52 p.m.43 views

Ransomware in 2023 recap: 5 key takeaways

This article is based on research by Marcelo Rivero, Malwarebytes’ ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, “known attacks” are those where the victim did not pay a ransom. This provides the best overall picture of...

7.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/01/17 11:18 a.m.43 views

Ivanti vulnerabilities now actively exploited in massive numbers

Last week we wrote about two vulnerabilities in all supported versions of Ivanti Connect Secure and Ivanti Policy Secure Gateways that were being actively exploited. The researchers that discovered the active exploitation are warning that these attacks are now very widespread. "Victims are global...

6.4CVSS7.4AI score0.99999EPSS
Exploits23
Malwarebytes
Malwarebytes
added 2024/01/02 5:57 p.m.43 views

Oops! Black Basta ransomware flubs encryption

Researchers at SRLabs have made a decryption tool available for Black Basta ransomware, allowing some victims of the group to decrypt files without paying a ransom. The decryptor works for victims whose files were encrypted between November 2022 and December 2023. The decryptor, called Black Bast...

7.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/10/25 6:44 a.m.43 views

Update vCenter Server now! VMWare fixes critical vulnerability

VMWare has issued an update to address one out-of-bounds write and one information disclosure vulnerability in its server management software, vCenter Server. Since there are no in-product workarounds, customers are advised to apply the updates urgently. The affected products are VMware vCenter...

7.5CVSS7.4AI score0.99428EPSS
Exploits1
Malwarebytes
Malwarebytes
added 2023/09/12 2:0 a.m.43 views

Two Apple issues added by CISA to its catalog of known exploited vulnerabilities

The Cybersecurity & Infrastructure Security Agency CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This means that Federal Civilian Executive Branch FCEB agencies need to remediate this vulnerability by October 2, 20...

4.4CVSS7.3AI score0.15263EPSS
Exploits2
Malwarebytes
Malwarebytes
added 2023/08/28 2:0 a.m.43 views

A week in security (August 21 - August 27)

Last week on Malwarebytes Labs: Teenage members of Lapsus$ ransomware gang convicted Update now! Google Chrome's first weekly update has arrived Smart lightbulb and app vulnerability puts your Wi-Fi password at risk Malwarebytes acquires Cyrus Security Ivanti Sentry critical vulnerability--don't...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/08/25 6:15 p.m.43 views

Update now! Google Chrome's first weekly update has arrived

Google has published details about the first weekly update for the Chrome browser. Recently Google announced that it would start shipping weekly security updates for the Stable channel the version most of us use. Regular Chrome releases will still come every four weeks, but to get security fixes...

6.8CVSS7.4AI score0.3398EPSS
Exploits0
Malwarebytes
Malwarebytes
added 2023/02/14 3:0 a.m.43 views

Android 14 developer preview highlights multiple security improvements

Android developers have been given a taste of whats to come in the next big step up in mobile land, thanks to Android 14 waiting on the horizon. The developer preview is a great way for those most familiar with the mobile operating system to see which changes theyll enjoy and what ones theyll hav...

7.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/08/29 4:0 p.m.43 views

Playing Doom on a John Deere tractor with Sick Codes: Lock and Code S03E18

In 1993, the video game developers at id Software released Doom, a first-person shooter that placed a nameless protagonist into the fiery depths of hell, equipped with an arsenal of weapons to mow down imps, demons, lost souls, and the intimidating "Barons of Hell." In 2022, the hacker Sick Codes...

0.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/06/22 9:24 a.m.43 views

Watch out for the email that says “You have a new voicemail!”

A phishing campaign is using voicemail notification messages to go after victims Office 365 credentials. According to researchers at ZScaler, the campaign uses spoofed emails with an HTML attachment that contains encoded javascript. The email claims that you have a new voicemail and that you can...

0.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/04/05 1:23 p.m.43 views

CISA advises D-Link users to take vulnerable routers offline

On April 4 2022, the Cybersecurity & Infrastructure Security Agency CISA added CVE-2021-45382 to its known exploited vulnerabilities catalog. But since the affected products have reached end of life EOL, the advice is to disconnect them, if still in use. CISA catalog The CISA catalog of known...

10CVSS10AI score0.97836EPSS
Exploits1
Malwarebytes
Malwarebytes
added 2021/11/23 5:41 p.m.43 views

Millions of GoDaddy customer data compromised in breach

Domain name registrar giant and hosting provider GoDaddy yesterday disclosed to the Securities and Exchange Commission SEC that it had suffered a security breach. In the notice, it explained it had been compromised via an "unauthorized third-party access to our Managed WordPress hosting...

7.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/09/02 5:32 p.m.43 views

Vulnerable WordPress plugin leaves online shoppers vulnerable

The most popular web content management system CMS is WordPress, which is used by more than 30% of all websites. By extension, the most popular ecommerce platform in the world is WooCommerce, a plugin that turns a WordPress website into an online shop. In fact, WooCommerce is so popular that it...

6.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/05/26 12:42 p.m.43 views

How to delete your Twitter account: the deactivation process

You may decide to delete your Twitter account, because social media isn’t for everyone. Perhaps you set up an account to see what the big deal is. Maybe you wanted to hang out with friends but you’re all moving to a new platform. It’s possible the service just isn’t very good and filled with trol...

7.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/05/19 8:26 p.m.43 views

“Have I been pwnd?”– What is it and what to do when you *are* pwned

Adobe. Yahoo!. The US Department of Energy DoE. The New York Times. What these names have in common is that they have all experienced at least one breach in 2013—the year when threat actors started targeting organizations across industries to either steal data for profit or leak them to "teach...

0.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/03/23 8:26 p.m.43 views

When contractors attack: two years in jail for vengeful IT admin

An IT contractor working for an IT consultancy company took it upon himself to perform an act of revenge against the firm he worked at, after they complained about his performance. The charge he faced was breaking into the network of a company in Carlsbad, California. And it got him two years in...

0.6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/03/16 5:40 p.m.43 views

Careers in cybersecurity: Malwarebytes talks to teachers and students

Every year, I take part in talks for universities and schools. The theme is often breaking into infosec. I give advice to teens considering pursuing tech as a further area of study. I explain a typical working day for degree undergraduates. Sometimes I’m asked to give examples of conference talks...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/02/17 2:32 p.m.43 views

Yandex sysadmin caught selling access to email accounts

Yandex, a European multinational technology firm best known for being the most-used search engine in Russia, has revealed it had a security breach, leading to the compromise of almost 5,000 Yandex email accounts. The company says it spotted the breach after a routine check by its security team...

Exploits0
Malwarebytes
Malwarebytes
added 2021/01/11 4:1 p.m.43 views

A week in security (January 4 – January 10)

Last week on Malwarebytes Labs, we released survey results about VPN usage and found that 36 percent of our respondents use it. We also talked about Adobe Flash Player reaching its end of life—meaning, Adobe wont be supporting the updating and patching of its Flash Player software; covered the...

7.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/01/06 10:44 a.m.43 views

Adobe Flash Player reaches end-of-life

“What now? My farm is no longer working. Can you have a look, honey?” Like millions of other people my wife likes to play online browser games. You know, the ones that don’t require a fast connection because your virtual life is not in constant danger, and an occasional harvest is enough to make...

7.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2020/12/17 8:28 p.m.43 views

VideoBytes: Brute force attacks increase due to more open RDP ports

Hello Folks! In this Videobyte, we’re talking about why brute force attacks are increasing and why that is a problem for everyone. The number of RDP ports exposed to the Internet grew from about three million in January 2020 to over four and a half million in March. The reason for this increase i...

0.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2020/05/19 3:15 p.m.43 views

When the coronavirus infodemic strikes

Social media sites are stepping up their efforts in the war against misinformation… specifically, the coronavirus/COVID-19 infodemic30461-X/fulltext. There’s a seemingly endless stream of potentially dangerous misinformation flying around online related to the COVID-19 pandemic, and that could ha...

6.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2020/05/13 3:30 p.m.43 views

How CVSS works: characterizing and scoring vulnerabilities

The Common Vulnerability Scoring System CVSS provides software developers, testers, and security and IT professionals with a standardized process for assessing vulnerabilities. You can use the CVSS to assess the threat level of each vulnerability, and then prioritize mitigation accordingly. This...

0.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2020/03/26 5:5 p.m.43 views

Coronavirus Bitcoin scam promises “millions” working from home

In the last week, we’ve seen multiple coronavirus scams pushed by bad actors, including RAT attacks via fake health advisories, bogus e-books working in tandem with Trojans, and lots of other phishing shenanigans. Now we have another one to add to the ever-growing list: dubious coronavirus Bitcoi...

6.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/09/27 6:58 p.m.43 views

Phone spampocalypse: fighting back in the age of unwanted calls

When Nigel Guest, then president of the Council of Neighborhood Associations CNA, sent an email with the subject line, “test,” and the small letter “x” in its message body, the city of Berkeley, CA, went into a frenzy. You see, Mr. Guest thought he sent it only to himself, but he actually posted...

6.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/09/25 4:0 p.m.43 views

Safari users: Where did your extensions go?

Safari 12 has brought with it some changes to how OSX handles browser extensions. At WWDC in June, Apple announced that Safari would block legacy extensions installed from outside the Extensions Gallery, which itself would now be deprecated. As a replacement, Safari will now rely on "app...

Exploits0
Malwarebytes
Malwarebytes
added 2018/02/21 9:0 a.m.43 views

How to build an incident response program: GDPR guidelines

In today’s computing world, it is not a matter of “if” an organization will get compromised, but “when.” That’s why, in addition to the European Union’s General Data Protection Regulation GDPR going into effect this May, many organizations need to have a robust incident response program to ensure...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2017/10/18 5:28 p.m.43 views

When an “Outstanding” rating from CNET isn’t enough

The editors at respected tech site CNET/Download.com recently awarded Malwarebytes for Windows with an “outstanding” rating of 4.5 stars out of five. In the review, editor Tom McNamara recommended Malwarebytes because the scanning engine is of “high quality,” it works well with Windows 10, and do...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2017/10/09 8:26 p.m.43 views

A week in security (October 02 – October 08)

Last week, we gave you some tips for National Cybersecurity Awareness Month, walked through an exploration of a small adware file, and explored the complicated world of the Homograph attack. Here's what else happened in security. VB2017 Many of our team members attended VB2017 in Madrid, one of t...

6.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2017/08/07 7:19 p.m.43 views

A week in security (July 31 – August 6)

Last week we explored some basic PowerShell commands, dived into the new methods used by TrickBot, and wrote at length about the Magnitude exploit kit redirection chain. Our teams were busy at both BlackHat and DefCon, and outside of those famous hallways, we also took time to fire up some basic...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/03/26 11:3 a.m.42 views

Booking.com phish uses fake CAPTCHAs to trick hotel staff into downloading malware

A new phishing campaign that uses the fake CAPTCHA websites we reported about recently is targeting hotel staff in a likely attempt to access customer data, according to research from ThreatDown. Here's how it works: Cybercriminals send a fake Booking.com email to a hotel’s email address, asking...

7.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/06/05 10:3 a.m.42 views

Big name TikTok accounts hijacked after opening DM

High profile TikTok accounts, including CNN, Sony, and—er­—Paris Hilton have been targeted in a recent attack. CNN was the first account takeover that made the news, with Semafor reporting that the account was down for several days after the incident. According to Forbes, the attack happens witho...

7.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/11/07 1:0 p.m.42 views

Introducing ThreatDown: A new chapter for Malwarebytes

Since I started Malwarebytes 15 years ago the threat landscape has changed. Our offerings have evolved. And now the next chapter of our journey begins today. How did we get here? My first cyber “combatant” was an early form of adware running amok on my family’s computer. Removing it was a team...

7.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/04/21 3:15 a.m.42 views

Update now, there's a Chrome zero-day in the wild

Google has announced an important update for Chrome to help fend off a zero-day. The update fixes several issues, and readers are advised to ensure they're using the latest version of the browser. Mitigation If youre using Chrome on Mac, Windows, or Linux, you need to update as soon as you possib...

8.8AI score0.05786EPSS
Exploits0
Malwarebytes
Malwarebytes
added 2023/02/01 12:0 p.m.42 views

Malwarebytes earns AV-TEST Top Product awards for fifth consecutive quarter

AV-TEST, a leading independent tester of cybersecurity solutions, has just ranked Malwarebytes as a Top Product for consumers and businesses for the fifth quarter in a row. Every two months, experts at AV-Test evaluate Windows antivirus software across three categories: Protection against malware...

7.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/09/07 10:45 p.m.42 views

Evasive Shikitega Linux malware drops Monero cryptominer

Researchers from the AT&T Alien Labs Resarch have discovered a new and stealthy Linux malware it's dubbed Shikitega. Once it's on a machine or device, Shitega executes a "multistage infection chain" involving small files, a couple of vulnerabilities, and the use of Mettle, a portable Metasploit...

7.2CVSS1.2AI score0.94921EPSS
Exploits179
Malwarebytes
Malwarebytes
added 2022/04/29 10:18 a.m.42 views

Warning! Instagram Stories hides a scam in plain sight

When someone finds their social media account compromised, they first think about letting their followers know. And they do. They warn others from reading any strange posts, usually containing a rogue link, before they sort out the matter behind the scenes. Some curious followers who missed these...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/03/22 9:24 p.m.42 views

A new rootkit comes to an ATM near you

Its not unusual to hear about malware created to affect automated teller machines ATMs. Malware can be planted at the ATMs PC or its network, or attackers could launch a Man-in-the-Middle MiTM attack. Recently, a new rootkit, which the Mandiant Advanced Practices team have named CAKETAP, was foun...

1.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/10/25 5:39 p.m.42 views

Beyond the VPN: Ultimate online privacy, with The Tor Project’s Isabela Bagueros: Lock and Code S02E20

"What does online privacy mean to you?" This beguilingly simply question can produce dozens of overlapping and distinct answers, all depending on who you ask. A VPN service might tell you that online privacy means obscuring your IP address and hiding your Internet activity from your Internet...

0.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/08/04 2:25 p.m.42 views

Chrome casts away the padlock—is it good riddance or farewell?

It’s been an interesting journey for security messaging where browsers are concerned. Back in the day, many of the websites you’d visit on a daily basis weren’t secure. By secure, I mean that they didnt use HTTPS. There was no padlock, which meant that the traffic between you and the website wasn...

6.6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/06/23 4:51 p.m.42 views

MITRE introduces D3FEND framework

The US National Security Agency NSA has announced it will fund the development of a knowledge base of defensive countermeasures for the most common techniques used by malicious threat actors. The project will be made available through MITRE and will be called D3FEND as it complements MITRE’s...

7.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/06/23 10:32 a.m.42 views

City of Liège hit by ransomware, Ryuk suspected

Liège, the third largest city in Belgium, and a major educational hub, has been hit by a ransomware attack, disrupting its IT services and network. The municipality of Lieges official website, which was translated from the French. According to its official website pictures above: The City of Lièg...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/06/01 7:25 p.m.42 views

WhatsApp reverses course, will not limit app functionality

WhatsApp, the end-to-end encrypted messaging service that has lost users, its founders, and a large amount of public goodwill, issued a reversal on its recent privacy policy enforcement measures, clarifying that it will no longer punish users who refuse to share some of their data with the...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/04/29 6:51 p.m.42 views

What is Smishing? The 101 guide

Smishing is a valuable tool in the scammers armoury. Youve likely run into it, even if you didnt know that is its name. It doesnt arrive by email or social media direct message, instead choosing a route directly aimed at what may be your most personal device: the mobile phone. So, what is Smishin...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/03/18 9:11 a.m.42 views

Mother charged with using deepfakes to shame daughter’s cheerleading rivals

A Pennsylvania woman reportedly sent doctored photos and videos of her daughters cheerleader rivals to their coaches, in an attempt to embarrass them and get them kicked off the team. Shes alleged to have used deepfake technology to create photo and video depictions of the girls naked, drinking,...

0.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/02/01 8:0 p.m.42 views

Fonix ransomware gives up life of crime, apologizes

Ransomware gangs deciding to pack their bags and leave their life of crime is not new, but it is a rare thing to see indeed. And the Fonix ransomware also known as FonixCrypter and Xinof, one of those ransomware-as-a-service RaaS offerings, is the latest to join the club. End of FonixCrypter...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/01/12 6:1 p.m.42 views

Ubiquiti breach, and other IoT security problems

Networking equipment manufacturer Ubiquiti sent out an email to warn users about a possible data breach. The email stated there had been unauthorized access to its IT systems that are hosted with a third-party cloud provider. Ubiquiti Networks sells networking devices and IoT devices. It did not...

0.1AI score
Exploits0
Total number of security vulnerabilities4709