Lucene search
K
MalwarebytesMost viewed

4709 matches found

Malwarebytes
Malwarebytes
added 2021/01/12 6:1 p.m.42 views

Ubiquiti breach, and other IoT security problems

Networking equipment manufacturer Ubiquiti sent out an email to warn users about a possible data breach. The email stated there had been unauthorized access to its IT systems that are hosted with a third-party cloud provider. Ubiquiti Networks sells networking devices and IoT devices. It did not...

0.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2020/11/30 4:0 p.m.42 views

German users targeted with Gootkit banker or REvil ransomware

This blog post was authored by Hasherezade and Jérôme Segura On November 23, we received an alert from a partner about a resurgence of Gootkit infections in Germany. Gootkit is a very capable banking Trojan that has been around since 2014 and possesses a number of functionalities such as keystrok...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2020/11/25 2:32 p.m.42 views

IoT cybersecurity bill passed by Senate

Days before taking a week-long Thanksgiving recess, the US Senate passed an almost mundane cybersecurity bill that, if approved by the President, will improve security guidelines and protocols for Internet of Things IoT devices purchased and owned by the Federal government. The bill, called the...

0.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2020/10/28 9:29 p.m.42 views

New Emotet delivery method spotted during downward detection trend

Emotet, one of cybersecurity’s most-feared malware threats, got a superficial facelift this week, hiding itself within a fake Microsoft Office request that asks users to update Microsoft Word so that they can take advantage of new features. This revamped presentation could point to internal effor...

1.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2020/10/05 5:0 p.m.42 views

A week in security (September 28 – October 4)

Last week on Malwarebytes Labs, we dug into what happens when card fraud comes calling, we gave a rundown on some novel ransomware attacks that took advantage of smart coffee makers, and we introduced VideoBytes, our new, monthly series in which well provide video coverage of some of the...

0.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2020/08/21 3:0 p.m.42 views

‘Just tell me how to fix my computer:’ a crash course on malware detection

Malware. You’ve heard the term before, and you know it’s bad for your computer—like a computer virus. Which begs the question: Do the terms “malware” and “computer virus” mean the same thing? How do you know if your computer is infected with malware? Is "malware detection" just a fancy phrase for...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2020/08/20 10:0 a.m.42 views

20 percent of organizations experienced breach due to remote worker, Labs report reveals

It is no surprise that moving to a fully remote work environment due to COVID-19 would cause a number of changes in organizations approaches to cybersecurity. What has been surprising, however, are some of the unanticipated shifts in employee habits and how they have impacted the security posture...

0.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2020/07/07 3:30 p.m.42 views

Lock and Code S1Ep10: Pulling apart the Internet of Things with JP Taggart

This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to JP Taggart, senior security researcher at Malwarebytes, about the Internet of Things. For years, Internet capabilities have crept into modern consumer...

Exploits0
Malwarebytes
Malwarebytes
added 2020/03/16 3:28 p.m.42 views

Lock and Code S1Ep2: On the challenges of managed service providers

This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to two representatives from an Atlanta-based managed service provider—a manager of engineering services and a data center architect—about the daily challeng...

Exploits0
Malwarebytes
Malwarebytes
added 2020/03/11 3:44 p.m.42 views

Securing the MSP: best practices for vetting cybersecurity vendors

Ironically, to keep costs low for their enterprise and mid-market clients, managed service providers MSPs are some of the most reliant on third-party vendors—including those providing security. While this is generally not an indication of dysfunction or vulnerability, the responsible MSP will be...

Exploits0
Malwarebytes
Malwarebytes
added 2019/12/09 4:47 p.m.42 views

A week in security (December 2 – December 8)

Last week on Malwarebytes Labs, we took a look at a new version of the IcedID Trojan, described web skimmers up to no good, and took a deep dive into containerization. We also explored a report bringing bad news for organizations and insider threats, and threw a spotlight on a video game phish...

Exploits0
Malwarebytes
Malwarebytes
added 2019/11/20 4:0 p.m.42 views

Deepfakes and LinkedIn: malign interference campaigns

Deepfakes haven't quite lost the power to surprise, but given their wholesale media saturation in the last year or so, there’s a sneaking suspicion in some quarters that they may have missed the bus. When people throw a fake Boris Johnson or Jeremy Corbyn online these days, the response seems to ...

Exploits0
Malwarebytes
Malwarebytes
added 2018/04/30 5:40 p.m.42 views

Spartacus ransomware: introduction to a strain of unsophisticated malware

Spartacus ransomware is a new sample that has been circulating in 2018. Written in C, the original sample is obfuscated, which we will go over as we extract it to its readable state. Spartacus is a relatively straight-forward ransomware sample and uses some similar techniques and code to others w...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/03/12 5:36 p.m.42 views

A week in security (March 05 – March 11)

Last week on Malwarebytes Labs, we paid homage to several women in tech, including some of our very own, on International Women's Day and shared their stories. We also looked into an adware posing as an Android app that claims to live stream the 2018 Winter Olympics, exposed scammers that go by t...

6.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/01/03 5:22 p.m.42 views

Search engine shenanigans: Malwarebytes mentions aren’t what they seem

Thing might be a touch quiet at the moment as we ease into 2018, but that doesn't mean dubious antics and dodgy dealings aren't still making waves online. As a matter of fact, should you go searching for some of our researchers, their blog posts, or just a couple of notable quotables from news...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2017/10/17 3:0 p.m.42 views

Old MS Office feature weaponized in malspam attacks

There have been a lot of talks recently following a write up and proof of concept about a Microsoft Office feature that can be misused and weaponized by malicious actors. The protocol, known as Dynamic Data Exchange.aspx DDE, has actually been around for a long time, and allows applications to...

7.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/05/21 11:8 a.m.41 views

TikTok, YouTube, and Roblox face scrutiny, but age gates won’t fix child safety

A damaging new report from Ofcom, the UK's communications regulator, has delivered a stark verdict: TikTok and YouTube's content feeds are "not safe enough" for children. This isn't just another regulatory slap on the wrist. Ofcom is putting out a wake-up call for anyone working in cybersecurity,...

5.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/06/24 7:7 a.m.41 views

A week in security (June 17 – June 23)

Last week on Malwarebytes Labs: Microsoft Recall delayed after privacy and security concerns Almost everything you always wanted to know about cybersecurity, but were too afraid to ask, with Tjitske de Vries: Lock and Code S05E13 43% of couples experience pressure to share logins and locations,...

7.6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/03/20 10:45 a.m.41 views

The ‘AT&T breach’—what you need to know

Earlier this week, the data of over 70 million people was posted for sale on an online cybercrime forum. The person selling the data claims it stems from a 2021 breach at AT&T. Back in 2021, a hacker named Shiny Hunters claimed to have breached AT&T and put the alleged stolen data up for sale for...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/02/28 3:58 p.m.41 views

One year later, Rhadamanthys is still dropped via malvertising

It was just a little over a year ago that the Rhadamanthys stealer was first publicly seen distributed via malicious ads. Throughout 2023, we observed a continuation in malvertising chains related to software downloads. Fast forward to 2024 and the same malvertising campaigns are still going on...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/11/10 1:42 p.m.41 views

YouTube shows ads for ad blocker, financial scams

After performing local experiments for a few months, YouTube recently expanded its effort to block ad blockers. The move was immediately unpopular with some users, and raised some questions in Europe about whether it was breaking privacy laws. In addition, there are some still some fundamental...

7.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/09/18 3:0 a.m.41 views

ThemeBleed exploit is another reason to patch Windows quickly

Included in the September 2023 Patch Tuesday updates was a fix for a vulnerability which has been dubbed ThemeBleed. A Proof-of-Concept PoC exploit has been released by Gabe Kirkpatrick, one of the researchers acknowledged for reporting the vulnerability. The Common Vulnerabilities and Exposures...

6.8CVSS7.4AI score0.39491EPSS
Exploits5
Malwarebytes
Malwarebytes
added 2023/04/13 1:30 p.m.41 views

Ransomware review: April 2023

This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, "known attacks" are those where the victim didn't pay a ransom. This provides the best overall picture of...

6.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/03/13 9:0 a.m.41 views

"Brad Pitt," a still body, ketchup, and a knife, or the best trick ever played on a romance scammer, with Becky Holmes: Lock and Code S04E06

Becky Holmes knows how to throw a romance scammer off script--simply bring up cannibalism. In January, Holmes shared on Twitter that an account with the name "Thomas Smith" had started up a random chat with her that sounded an awful lot like the beginning stages of a romance scam. But rather than...

6.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/02/24 2:15 p.m.41 views

Fake Amazon Prime email abuses LinkedIn's URL shortener

Over the last few days, scammers have been sending out phishing mails that disguise bogus URLs with something called Slinks--shortened Linkedin URLs. The shortened URLs redirect users to a different URL when they are clicked. If youve ever seen a Tiny URL, or a Bit.ly link, youll already be...

7.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/02/20 3:0 a.m.41 views

Chip company loses $250m after ransomware hits supply chain

Applied Materials, one of the worlds leading suppliers of equipment, services, and software for the manufacture of semiconductors, has warned that its second-quarter sales are likely to be hurt to the tune of $250 million due to a cybersecurity attack at one of its suppliers. MKS Instruments Inc...

0.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/07/14 4:5 p.m.41 views

Predatory Sparrow massively disrupts steel factories while keeping workers safe

Stuxnets attack on Irans uranium enrichment facilities manifested fears of cyberattacks leaking into the real world. What once was theory is now upon us. Two weeks ago, multiple Iranian steel facilities experienced a cyberattack that might have been pulled off by what many cybersecurity experts i...

1.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/07/14 3:3 p.m.41 views

New variant of Android SpyJoker malware removed from Play Store after 3 million+ installs

Security researcher Maxime Ingrao has found a new variant of Android/Trojan.Spy.Joker which hes dubbed Autolycos. Malware in this family secretly subscribes users to premium services. The researcher noted that the eight applications that contained this malware had racked up a total of over 3...

0.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/06/29 10:38 a.m.41 views

Forced Chrome extensions get removed, keep reappearing

In the continued saga of annoying search extensions we have a new end-of-level boss. Victims have been reporting browser extensions that were removed by Malwarebytes, but “magically” came back later. Since the victims also complained about the message saying their browser was "managed", we had a...

0.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/10/29 1:31 p.m.41 views

Shrootless: Microsoft finds Apple macOS vulnerability

Microsoft researchers have discovered a vulnerability in macOS, dubbed Shrootless, that can allow attackers to bypass System Integrity Protection SIP and perform malicious activities, such as gaining root privileges and installing rootkits on vulnerable devices. Microsoft reported the Shrootless...

0.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/08/19 11:26 a.m.41 views

Beware of COVID Pass scams

You’ve likely seen fake parcel delivery texts in the news recently, and we’ve covered a few of these ourselves. SMS missives claim a package is waiting to be delivered, and a small processing fee is required. There is no package; it’s a ruse to have people hand over their credit card details. It’...

Exploits0
Malwarebytes
Malwarebytes
added 2021/08/16 10:23 a.m.41 views

A week in security (August 9 – August 15)

Last week on Malwarebytes Labs: Home routers are being hijacked using a vulnerability disclosed just 2 before Ransomware turncoat leaks Conti data, lifts the lid on the ransomware business Check your passwords! Synology NAS devices are under attack from StealthWorker PrintNightmare and RDP RCE...

0.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/08/10 3:59 p.m.41 views

Check your passwords! Synology NAS devices under attack from StealthWorker

Synology PSIRT Product Security Incident Response Team has put out a warning that it has recently seen and received reports about an increase in brute-force attacks against Synology devices. PSIRT suspects the botnet commonly known as StealthWorker is responsible for this increase in activity...

0.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/08/02 11:29 a.m.41 views

A week in security (July 26 – August 1)

Last week on Malwarebytes Labs: OSX.XLoader hides little except its main purpose: What we learned in the installation process. The Clubhouse database “breach” is likely a non-breach. Here’s why. Kaseya Unitrends has unpatched vulnerabilities that could help attackers expand a breach. UDP Technolo...

7.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/06/09 4:27 p.m.41 views

How to clear cookies

Until the information age, cookies were only known as a tasty but unhealthy snack that some people enjoyed, and others avoided. HTTP cookies, also known as computer, browser, or Internet cookies, are similarly divisive. Although some people like the more personalized browsing experience created b...

0.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/04/20 4:43 p.m.41 views

Interview with a bug bounty hunter: Youssef Sammouda

Behind the scenes there are many people working in cyber-security that make the internet a safer place. Youssef Sammouda is one of these people. He has submitted at least a hundred reports to Facebook which have been resolved, making Facebook a safer platform along the way. Generally speaking,...

8.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/02/08 4:15 p.m.41 views

A week in security (February 1 – February 7)

Last week on Malwarebytes Labs, we dug into a load of security events. We first peered into how Fonix ransomware was giving up the ghost, swearing off a life of crime and even apologizing for past actions. We looked at a credit card skimmer that found opportunity in the latest Magento 1 hacking...

0.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/02/05 7:20 p.m.41 views

Android emulator abused to introduce malware onto PCs

Emulators have played a part in many tech-savvy users’ lives. They introduce a level of flexibility that not only allows another system to run on top of a user’s operating system—a Windows OS running on a MacBook laptop, for example—but also allows video gamers to play games designed to work on a...

7.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/02/03 6:19 p.m.41 views

Browser sync—what are the risks of turning it on?

Modern browsers include synchronization features like Google Chromes Sync so that all your browsers, on all your devices, share the same tabs, passwords, plugins, and other features. While this is certainly convenient, particularly when youre migrating to a new device, synchronizing browsers also...

Exploits0
Malwarebytes
Malwarebytes
added 2021/01/05 4:29 p.m.41 views

VPN usage is increasing, says December 2020 survey

I won’t reveal my mom’s exact age, but she’s in her late 60s. Other than her phone, my mom doesn’t own or use a computer—but she knows what Zoom is. Not since “Kleenex” has a brand become so pervasive that people use the brand name as a generic term for the product. For my mom, any kind of video...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2020/11/16 6:0 p.m.41 views

Malsmoke operators abandon exploit kits in favor of social engineering scheme

Exploit kits continue to be used as a malware delivery platform. In 2020, weve observed a number of different malvertising campaigns leading to RIG, Fallout, Spelevo and Purple Fox, among others. And, in September, we put out a blog post detailing a surge in malvertising via adult websites. One o...

0.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2020/04/20 4:36 p.m.41 views

A week in security (April 13 – 19)

Last week on Malwarebytes Labs, we looked at how to avoid Zoom bombing, weighed the risks of surveillance versus pandemics, and dug into a spot of WiFi credential theft. Other cybersecurity news: Malware creeps back into the home: With a pandemic forcing much of the workforce into remote position...

Exploits0
Malwarebytes
Malwarebytes
added 2020/02/11 8:1 a.m.41 views

Malwarebytes Labs releases 2020 State of Malware Report

Today is Safer Internet Day—and what better way to celebrate/pay homage than to immerse yourself in research on the latest in malware, exploits, PUPs, web threats, and data privacy? It so happens we've got just the right content to kick-start the party because today we released the results of our...

0.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2020/01/24 8:11 p.m.41 views

Tampa Bay Times hit with Ryuk ransomware attack

Florida newspaper The Tampa Bay Times suffered a Ryuk ransomware attack Thursday, making it the latest major victim of the notorious ransomware family that continues to rise in popularity. Curiously, the paper is at least the third Florida-based Ryuk victim in the past year. The attack, which The...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/12/16 6:40 p.m.41 views

Mac threat detections on the rise in 2019

Conventional wisdom has been that, although not invulnerable to cyberthreats as some old Apple ads would have you believe, Macs are afflicted with considerably fewer infections than Windows PCs. However, when reviewing our 2019 Mac detection telemetry, we noticed a startling upward trend. Indeed,...

Exploits0
Malwarebytes
Malwarebytes
added 2019/12/13 5:2 p.m.41 views

New Women in CyberSecurity (WiCyS) veterans program aims to bridge skills gap, diversify sector

The cybersecurity industry has a problem: We have zero unemployment rate. Or so we're told. With experts predicting millions of job openings in the years to come—coupled with the industry’s projected growth of US$289.9 billion by 2026 and soaring cyberattacks against businesses—now is as good a...

7.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/09/16 3:35 p.m.41 views

A week in security (September 9 – 15)

Last week on the Labs blog, we looked at free VPN offerings, how malware can hinder vital emergency services, and explored how the Heartbleed vulnerability is still causing problems. We also talked about a large FTC settlement involving Google, and how to keep an eye out for leaky AWS buckets...

7.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/10/17 4:52 p.m.41 views

Is FIDO the future instrument to prove our identity?

FIDO, short for Fast IDentity Online, is an industry consortium started in 2013 to address the lack of interoperability among strong authentication devices and the problems users face creating and remembering multiple usernames and passwords. Among the founders were those who work in the financia...

7.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/10/11 3:0 p.m.41 views

6 ways to keep up with cybersecurity without going crazy

As we dive headfirst into National Cybersecurity Awareness Month, it seems only fitting to discuss ways to stay on top of developments in modern cybersecurity and privacy. What's the best way to stay protected? How can you determine if something is a scam? Which big company has been breached now?...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/07/20 3:0 p.m.41 views

The danger of third parties: ads, pipelines, and plugins

It may or may not be comforting to know that, ultimately, bulletproof security is out of your hands. You can have the most locked down PC on Earth, have two-factor authentication 2FA set up across the board, take sensible actions to protect your personal information, and read all the EULAs under...

7.7AI score
Exploits0
Total number of security vulnerabilities4709