Lucene search
K
MalwarebytesMost viewed

4709 matches found

Malwarebytes
Malwarebytes
added 2020/12/14 4:54 p.m.38 views

A week in security (December 7 – December 13)

Last week on Malwarebytes podcast we talked to Doug Levin, founder of the K12 cybersecurity resource center and advisor to the K12 Security Information Exchange, about how schools can plan for a cybersecure 2021. We also released a Malwarebytes Labs report revealing that 50 percent of schools did...

7.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2020/12/04 4:30 p.m.38 views

File-sharing and cloud storage sites: How safe are they?

There it is again—that annoying message that pops up when your email client informs you that a file is too big to attach. Those of us that are confronted with this problem on a regular basis—and those of us that want to attach files that could get picked up by anti-malware scanners along the...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2020/10/21 8:41 p.m.38 views

XSS to TSS: tech support scam campaign abuses cross-site scripting vulnerability

Tech support browser lockers continue to be one of the most common web threats. Not only are they a problem for end users who might end up on the phone with scammers defrauding them of hundreds of dollars, theyve also caused quite the headache for browser vendors to fix. Browser lockers are only...

0.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2020/10/14 3:30 p.m.38 views

FIFA 21 game scams: watch out for unsporting conduct

Despite COVID-19, soccer season is slowly ebbing its way back into daily life around the world. Its also sneaking back onto TV screens in the form of huge-budget video games. Step up to the plate, FIFA 21. FIFA games: the football juggernaut The FIFA series is an absolute monster in terms of sale...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2020/04/06 5:5 p.m.38 views

A week in security (March 30 – April 5)

Last week on Malwarebytes Labs, we offered readers tips for safe online shopping now that cybercriminals are ramping up Internet-based attacks, showed the impact that GDPR has around the world, and helped users understand how social media platforms mine their personal data. We also hosted our...

0.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2020/02/03 7:0 p.m.38 views

A week in security (January 27 – February 2)

Last week on Malwarebytes Labs, we looked at the strengths and weaknesses of the Zero Trust model, gave you the low-down on spear phishing, and took a delve into the world of securing the managed service provider MSP. Other cybersecurity news UN compromised via Sharepoint hack: An extraordinary...

0.6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2020/01/08 6:4 p.m.38 views

6 ways hackers are targeting retail businesses

Retail hacking is no new phenomenon, although it has increased in frequency over the last few years. In fact, retailers experienced more breaches than any other industry in 2019, and they've lost over $30 billion to cybersecurity attacks. Both brick-and-mortar and online businesses experience...

7.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/12/30 4:55 p.m.38 views

A week in security (December 23 – 29)

Last week on Malwarebytes Labs, we continued our retrospective coverage with a look at how lawmakers in the United States treated online privacy this year, finding trends in multiple federal bills introduced in the Senate. Then we took a little break for the holidays. Other cybersecurity news: No...

7.6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/12/23 5:40 p.m.38 views

A week in security (December 16 – 22)

Last week on Malwarebytes Labs, we signalled that Mac threat detections have been on the rise in 2019, discussed how a new Consumer Online Privacy Rights Act COPRA would empower American users, warned that the Spelevo exploit kit debuts a new social engineering trick, and let our own Statler and...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/07/24 3:0 p.m.38 views

New strain of Mac malware Proton found after two years

Last week, Kaspersky reported on a new variant of the Mac malware Proton, which they have dubbed Calisto, that has been around for at least two years. Calisto is thoroughly dead at this point, but there are still potential security implications involved with these older infections. Proton was fir...

0.6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/01/12 4:43 p.m.38 views

Alleged creator of Fruitfly indicted for 13 years of spying

Way back at the start of last year, we took a look at something called Fruitfly, a Mac backdoor using old code that had been around for a long time and could deep breath upload files to computers, record images and video, snoop around in victims' information, take screenshots, and also log...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2017/10/02 7:0 p.m.38 views

National cybersecurity awareness month: simple steps for online safety

With each new devastating breach of security—Equifax, Deloitte, and Sonic, to name a few recent cyber fails—the need for increased cybersecurity awareness has never been more apparent. It’s a good thing, then, that this month is National Cybersecurity Awareness Month NCSAM. Observed every October...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2017/06/13 2:0 p.m.38 views

The numeric tech support scam campaign

There are many different tech support scam TSS campaigns active at any given moment, the majority of them are fueled by malicious adverts the browser lockers, or bundled software the screen lockers. Something interesting happened recently, where legitimate - but hacked - websites would redirect t...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/06/03 8:59 a.m.37 views

Infostealers are becoming the go-to phishing payload

Phishing has changed. Slowly but surely, cybercriminals are turning to infostealers instead. Traditional phishing hasn't gone away. Far from it. But many attackers are no longer focused solely on tricking victims into entering usernames and passwords on fake login pages. Instead, they are using...

5.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/04/22 1:30 p.m.37 views

All Gmail users at risk from clever replay attack

Cybercriminals are abusing Google’s infrastructure, creating emails that appear to come from Google in order to persuade people into handing over their Google account credentials. This attack, first flagged by Nick Johnson, the lead developer of the Ethereum Name Service ENS, a blockchain...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/01/28 1:18 p.m.37 views

Apple users: Update your devices now to patch zero-day vulnerability

Apple has released a host of security updates across many devices, including for a zero-day bug which is being actively exploited in iOS. Apple said: "A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against...

7.8CVSS7AI score0.18668EPSS
Exploits5
Malwarebytes
Malwarebytes
added 2024/06/21 7:34 a.m.37 views

Was T-Mobile compromised by a zero-day in Jira?

A moderator of the notorious data breach trading platform BreachForums is offering data for sale they claim comes from a data breach at T-Mobile. The moderator, going by the name of IntelBroker, describes the data as containing source code, SQL files, images, Terraform data, t-mobile.com...

10CVSS8.2AI score0.0481EPSS
Exploits0
Malwarebytes
Malwarebytes
added 2024/06/17 7:3 a.m.37 views

A week in security (June 10 – June 16)

Last week on Malwarebytes Labs: Truist bank confirms data breach Update now! Google Pixel vulnerability is under active exploitation Adobe clarifies Terms of Service change, says it doesn’t train AI on customer content 23andMe data breach under joint investigation in two countries When things go...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/04/15 7:27 a.m.37 views

A week in security (April 8 – April 14)

Last week on Malwarebytes Labs: How to change your Social Security Number Apple warns people of mercenary attacks via threat notification system How to check if your data was exposed in the AT&T breach Microsoft’s April 2024 Patch Tuesday includes two actively exploited zero-day vulnerabilities H...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/03/20 9:49 p.m.37 views

[updated] Apex Legends Global Series plagued by hackers

The North American finals of online shooter game Apex Legends has been postponed after games were disrupted by hacking incidents. Apex Legends, published by EA, is currently in an important stage of its Global Series, the regional finals mode. This is a big deal for the top players since there is...

7.6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/01/29 3:58 p.m.37 views

Hewlett Packard Enterprise also searched by Cozy Bear

Hewlett Packard Enterprise HPE has disclosed that the state-sponsored actor known as Cozy Bear aka Midnight Blizzard, gained unauthorized access to HPE’s cloud-based email environment. This news comes only days after Microsoft broke very similar news that it got hacked by this same state sponsore...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/01/10 4:1 p.m.37 views

ThreatDown earns highest ratings across EDR and MDR categories in G2 Winter 2024 results

The peer-to-peer review source G2 has released its Winter 2024 reports, ranking ThreatDown products on top across several Endpoint Detection and Response EDR and Managed Detection and Response MDR categories. Based on verified customer reviews, ThreatDown EDR was voted a Leader in the overall and...

7.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/08/17 1:0 a.m.37 views

Citrix NetScalers backdoored in widespread exploitation campaign

Fox-IT has uncovered a large-scale exploitation campaign of Citrix NetScalers in a joint effort with the Dutch Institute of Vulnerability Disclosure DIVD. Over 1900 instances were found to have a backdoor in the form of a web shell. These backdoored NetScalers can be taken over at will by an...

7.5CVSS8.6AI score0.99445EPSS
Exploits16
Malwarebytes
Malwarebytes
added 2023/07/18 11:0 a.m.37 views

FakeSG enters the 'FakeUpdates' arena to deliver NetSupport RAT

Over 5 years ago, we began tracking a new campaign that we called FakeUpdates also known as SocGholish that used compromised websites to trick users into running a fake browser update. Instead, victims would end up infecting their computers with the NetSupport RAT, allowing threat actors to gain...

7.6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/05/31 11:45 p.m.37 views

Financial services company OneMain fined $4.25 million for security lapses

A series of security errors and mishaps has cost personal loan provider OneMain $4.25m in penalties, issued by the New York State department of financial services. The fines, coming at the end of a detailed investigation into how security practices at the company were determined to be below-par,...

6.6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/04/10 8:15 a.m.37 views

How the cops buy a "God view" of your location data, with Bennett Cyphers: Lock and Code S04E09

The list of people and organizations that are hungry for your location data--collected so routinely and packaged so conveniently that it can easily reveal where you live, where you work, where you shop, pray, eat, and relax--includes many of the usual suspects. Advertisers, obviously, want to sen...

6.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/03/07 1:0 a.m.37 views

Warning issued over Royal ransomware

As part of its StopRansomware effort, the Cybersecurity and Infrastructure Security Agency CISA has published a Cybersecurity Advisory CSA about Royal ransomware. Royal ransomware is a Ransomware-as-a-service Raas that first made an appearance in January 2022. In September of that year, it began...

0.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/01/24 1:0 a.m.37 views

Riot Games compromised, new releases and patches halted

Popular game developer Riot Games brings word of a system compromise which may cause issues for updates to well known titles, although for the time being it seems as though customer data isn't affected. A social engineering development Making the notification via Twitter late last week, were stil...

0.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/02/07 11:13 a.m.37 views

A week in security (January 31 – February 6)

Last week on Malwarebytes Labs: Threat actor steals email with Zimbra zero-day FBI warns of bogus job postings on recruitment sites Investment scams are on the rise A worrying Etsy listing reveals the stalking potential of Apple’s AirTags Beware bogus OperaGX sponsorship offers $320 milllion stol...

Exploits0
Malwarebytes
Malwarebytes
added 2022/01/11 1:6 p.m.37 views

The Facebook Pixel Hunt aims to unravel Facebook’s tracking methods. Will you join?

Browser developer Mozilla has announced a research project to provide insights into, and data about, a space that’s opaque to policymakers, researchers and users themselves. Tracking the trackers is the name of the game. Give up some of your data voluntarily to stop the involuntary collection by...

0.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/12/01 1:45 p.m.37 views

Here’s what data the FBI can get from WhatsApp, iMessage, Signal, Telegram, and more

Not every secure messaging app is as safe as it would like us to think. And some are safer than others. A recently disclosed FBI training document shows how much access to the content of encrypted messages from secure messaging services US law enforcement can gain and what they can learn about yo...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/11/23 5:0 p.m.37 views

Please don’t buy this! 3 gift card scams to watch out for this holiday season

With the holiday season around the corner, we thought it was a good time to look at the dangers that come with gift cards. Gift cards can be an easy win in cases where you don’t know the receiver well enough to decide on a fitting gift, or when their wishes are out of your price range. But there...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/10/18 3:51 p.m.37 views

“Killware”: Is it just as bad as it sounds?

On October 12, after interviewing US Secretary of Homeland Security Alejandro Mayorkas, USA TODAY’s editorial board warned its readers about a dangerous new form of cyberattack under this eye-catching headline: “The next big cyberthreat isnt ransomware. Its killware. And its just as bad as it...

7.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/08/03 4:44 p.m.37 views

Zoom and gloom? Video comms org agrees to settle for $85m

Zoom has agreed to an $85m settlement regarding privacy, zoom-bombing, and data sharing. The class action privacy lawsuit filed in the US against the embattled company wasn’t particularly impressed with the following: Zoom-bombing running wild in video sessions. Zoom-bombing, the practice of...

7.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/07/14 2:0 p.m.37 views

Is crypto’s criminal rollercoaster approaching a terminal dip?

It’s a turbulent time in the cryptomining realm, especially for malware authors. Some big attacks and a lot of publicity has resulted in prolific groups promising to disband, even if potentially only temporarily. Running a tighter ship The mining banhammer continues to swing as China keeps puttin...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/07/02 3:17 p.m.37 views

Beware password-spraying fancy bears

The NSA, FBI, and CISA, in cooperation with the UKs National Cyber Security Centre NCSC, have issued a report that describes in detail why, and how, they think that a Russian military unit is behind large-scale brute-force attacks on the cloud-IT resources of government and private sector compani...

Exploits0
Malwarebytes
Malwarebytes
added 2021/07/01 4:32 p.m.37 views

SMS authentication code includes ad: a very bad idea

SMS authentication codes are back in the news, and the word Id use to summarise their reappearance is "embattled." I can still remember a time where two-factor authentication 2FA, authentication grids, regional lockouts, Yubikeys, and offline authentication apps simply did not exist. And if they...

7.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/06/15 3:41 p.m.37 views

Windows 10 to retire in four years (or 52 Patch Tuesdays, in sysadmin years)

Microsoft will terminate support for Windows 10 Home and Pro on 14 October 2025, a decade after the original Windows 10 was brought to market. Although some may claim that a Microsoft document has been "quietly edited" over the weekend to reflect this "sudden change", this reveal isnt new. In fac...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/06/04 3:51 p.m.37 views

Security pros agree about threats—convincing everyone else is the problem

How about that Colonial Pipeline? As troubling as this event may be, for those of us working in the world of cybersecurity it can be hard to convince others to take dangers like this seriously—regardless of how real and immediate they are. “Sadly, the upper leadership team does not understand the...

0.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/04/30 10:52 a.m.37 views

What is an IP address? Do I need one?

An IP address tells computers how to find a certain device within a computer network. An IP address is like an address label for information packets. For each network your computer is connected to, it has a unique IP address on that network. So, one device can have several IP addresses at the sam...

Exploits0
Malwarebytes
Malwarebytes
added 2021/03/05 10:37 p.m.37 views

New steganography attack targets Azerbaijan

This blog post was authored by Hossein Jazi Threat actors often vary their techniques to thwart security defenses and increase the efficiency of their attacks. One of the tricks they use is known as steganography and consists of hiding content within images. We recently observed a malicious Word...

7.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/02/16 5:15 p.m.37 views

Egregor ransomware hit by arrests

In a collaboration between French and Ukranian law enforcement, arrests have been made that might put a dent in one of the worlds most sophisticated ransomware operations. As reported first by France Inter, law enforcement made the arrests after French authorities traced ransom payments to...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/02/09 9:54 a.m.37 views

Android devices caught in Matryosh botnet

Researchers at Netlab have discovered a new botnet that re-uses the Mirai framework to pull vulnerable Android devices into DDoS attacks. The new botnet, which is called Matryosh, is named after the Russian nesting dolls because the encryption algorithm it uses, and the process of obtaining comma...

1.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/01/04 3:52 p.m.37 views

A week in security (December 28 – January 3)

First off we would like to wish all our readers a happy and secure 2021! Last week on Malwarebytes Labs we presented an overview of developments in the SearchDimension hijackers, we looked at the most enticing cyberattacks of 2020, and we also looked back at the strangest cybersecurity events of...

0.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2020/12/10 9:37 p.m.37 views

Malwarebytes detects leaked tools from FireEye breach

Hello folks! If you have not heard yet, the security firm FireEye has had a breach of many red team assessment tools used for identification of vulnerabilities to help protect customers. While it is not known exactly who was behind this attack, a big concern is the sharing and use of these stolen...

1.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2020/10/06 3:0 p.m.37 views

Release the Kraken: Fileless injection into Windows Error Reporting service

This blog post was authored by Hossein Jazi and Jérôme Segura. On September 17th, we discovered a new attack called Kraken that injected its payload into the Windows Error Reporting WER service as a defense evasion mechanism. That reporting service, WerFault.exe, is usually invoked when an error...

7.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2020/06/01 3:0 p.m.37 views

Coronavirus campaigns lead to surge in malware threats, Labs report finds

In the first three months of 2020, as the world clamped down to limit coronavirus, cyber threats ramped up. Our latest, special edition for our quarterly CTNT report focuses on recent, increased malware threats which all have one, big thing in common—using coronavirus as a lure. Our report,...

1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2020/04/07 3:52 p.m.37 views

Cybersecurity labeling scheme introduced to help users choose safe IoT devices

The Internet of Things IoT is a term used to describe a wide variety of devices that are connected to the Internet to improve user experience. For example, a doorbell becomes part of the IoT when it connects to the Internet and allows users to see visitors outside their door. But the way in which...

Exploits0
Malwarebytes
Malwarebytes
added 2020/03/23 4:44 p.m.37 views

A week in security (March 16 – 22)

Last week on Malwarebytes Labs, we concluded our series on child identity theft. We also looked into threat actors and campaigns that ride the COVID-19 train, namely the criminal group APT36 and threat actors purporting to be the World Health Organization WHO but instead spreading malware. Lastly...

1.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2020/03/17 4:33 p.m.37 views

Child identity theft, part 2: How to reclaim your child’s identity

In a world where children as young as a single day old can fall prey to fraud, it is more important than ever to educate parents and other caretakers about the dangers of child identity theft. While the hope is that perceptions can be changed and criminals brought to justice, likely the biggest...

6.9AI score
Exploits0
Total number of security vulnerabilities4709