Lucene search
K
MalwarebytesMost viewed

4706 matches found

Malwarebytes
Malwarebytes
added 2022/05/05 2:44 p.m.155 views

Google fixes two critical Pixel vulnerabilities: Get your updates when you can!

Google has made updates available for Android 10, 11, 12 and 12L. The May Android Security Bulletin contains details of security vulnerabilities affecting Android devices. The Pixel Update Bulletin contains details of security vulnerabilities and functional improvements affecting supported Pixel...

8.1AI score0.01301EPSS
Exploits0
Malwarebytes
Malwarebytes
added 2022/02/09 12:10 p.m.155 views

Update now! Firefox and Adobe updates are more critical than Microsoft’s

The most critical updates for this “Patch Tuesday” come from Firefox and Adobe. While Microsoft addresses 70 vulnerabilities in its February 2022 Patch Tuesday release, none of them are ranked as critical. Firefox and Adobe however have fixed a few issues that could be qualified as critical...

7.2CVSS10AI score0.16825EPSS
Exploits1
Malwarebytes
Malwarebytes
added 2019/07/16 5:14 p.m.155 views

Hi, honey. It’s mom. My phone is acting funny again.

Whether it’s setting up access to a Netflix account on a smart TV or enabling personal email on an iPhone, some people—of all ages—have a hard time figuring out user-friendly technology. However, often times it's older generations that have to turn to their progeny for everything from uploading...

7.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/02/21 4:0 p.m.153 views

How does macOS protect against malware?

Mac users often are told that "Macs don't get viruses." This is not really true, of course. Macs can and do get infected. However, it is true that macOS provides some basic protection against malware. This protection can be quite effective in some ways, but, unfortunately, quite ineffective in...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/06/20 4:0 a.m.152 views

Update now! ASUS fixes nine security flaws

ASUS has released firmware updates for several router models fixing two critical and several other security issues. The new firmware with accumulated security updates is available for the models GT6, GT-AXE16000, GT-AX11000 PRO, GT-AXE11000, GT-AX6000, GT-AX11000, GS-AX5400, GS-AX3000, XT9, XT8,...

10CVSS10AI score0.86539EPSS
Exploits14
Malwarebytes
Malwarebytes
added 2021/03/29 3:10 p.m.152 views

Steam users: Don’t fall for the “I accidentally reported you” scam

Suppose that, out of the blue, a Steam user tells you theyve accidentally reported you for something you didn’t do, like making an illegal purchase, and that your Steam account is going to be suspended. They ask you to message a Steam admin, whose profile they kindly provide, to help you sort out...

Exploits0
Malwarebytes
Malwarebytes
added 2021/03/09 11:45 p.m.152 views

TinyCheck: Stalkerware detection that doesn’t leave a trace

In 2019, when Malwarebytes helped found the Coalition Against Stalkerware, which brings together cybersecurity vendors and nonprofits to detect and raise awareness about stalkerware, we encountered a significant roadblock in our fight: For some users, the very detection of these potentially...

7.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/02/16 10:0 a.m.150 views

Arris router vulnerability could lead to complete takeover

Security researcher Yerodin Richards has found an authenticated remote code execution RCE vulnerability in Arris routers. This is the type of router that ISPs typically provide in loan for customers telephony and internet access. After responsible disclosure Richards has published a...

9.4AI score0.42326EPSS
Exploits6
Malwarebytes
Malwarebytes
added 2021/08/26 4:27 p.m.150 views

Latest iPhone exploit, FORCEDENTRY, used to launch Pegasus attack against Bahraini activists

Researchers from Citizen Lab, an academic research and development lab based in the University of Toronto in Canada, has recently discovered that an exploit affecting iMessage is being used to target Bahraini activists with the Pegasus spyware. The Bahrain government and groups linked to them—suc...

0.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/06/09 12:41 p.m.149 views

Update now! Patch against vulnerabilities in Meeting Owl Pro and Whiteboard Owl devices

After a decent amount of pressure, Owl Labs has finally released updates for vulnerabilities in Meeting Owl, and Whiteboard Owl cameras. The vulnerabilities were reported to Owl Labs in January, One of the vulnerabilities, CVE-2022-31460 has been added to the Known exploited vulnerabilities catal...

5.4CVSS0.3AI score0.03408EPSS
Exploits5
Malwarebytes
Malwarebytes
added 2017/10/24 11:8 p.m.149 views

BadRabbit: a closer look at the new version of Petya/NotPetya

Petya/NotPetya aka EternalPetya, made headlines in June, due to it's massive attack on Ukraine. Today, we noted an outbreak of a similar-looking malware, called BadRabbit, probably prepared by the same authors. Just like the previous edition, BadRabbit has an infector allowing for lateral...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/08/10 3:18 p.m.148 views

Ransomware turncoat leaks Conti data, lifts the lid on the ransomware business

Last week, The Record broke the news that a self-described "pen tester" for the infamous Conti ransomware gang, who goes by the handle m1Geelka, had leaked manuals, technical guides, and software on the underground forum XSS. According to the screenshot of m1Geelkas original forum post—and...

6.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/08/03 11:41 a.m.148 views

RDP brute force attacks explained

While you read these words, the chances are that somebody, somewhere, is trying to break in to your computer by guessing your password. If your computer is connected to the Internet it can be found, quickly, and if it can be found, somebody will try to break in. And it isnt like the movies. The...

7.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/06/07 11:11 a.m.148 views

Amazon Sidewalk starts sharing your WiFi tomorrow, thanks

Amazon smart device owners only have until June 8 to opt out of a new program that will group their Echo speakers and Ring doorbells into a shared wireless network with their neighbors, a new feature that the shopping giant claims will provide better stability for smart devices during initial set...

6.6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/12/10 6:3 p.m.147 views

[Update: CISA issues Log4j vulnerabilities scanner] Log4j zero-day “Log4Shell” arrives just in time to ruin your weekend

If youre running a service that relies on Apache Struts or uses the popular Apache Log4j utility we hope you havent made plans for the weekend. An exploit listed as CVE-2021-44228 was made public on December 9, 2021. The exploit is simple, easy to trigger, and can be used to perform remote code...

9.3CVSS10AI score0.99999EPSS
Exploits356
Malwarebytes
Malwarebytes
added 2021/01/28 8:1 a.m.147 views

Why Data Privacy Day matters

Our Lock and Code special episode on Data Privacy Day, featuring guests from Mozilla, DuckDuckGo, and Electronic Frontier Foundation can be listened to here. Today, January 28, is Data Privacy Day, the annual, multinational event in which governments, companies, and schools can inform the public...

7.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/02/28 4:0 p.m.147 views

Key considerations for building vs. buying identity access management solutions

Time and time again, organizations learn the hard way that no matter which security solutions they have in place, if they haven’t properly secured the end user, their efforts can be easily rendered moot. The classic slip-up most often associated with end-user-turned-insider-threat is falling for ...

0.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/01/22 6:3 p.m.147 views

Browser push notifications: a feature asking to be abused

“I’m seeing a lot of ads popping up in the corner of my screen, and the Malwarebytes scan does not show there is anything wrong. It says my computer is clean. So what's happening?” Our support team runs into questions like this regularly, but the volume seems to be increasing lately. In most of...

6.6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/04/20 2:53 p.m.146 views

Oracle releases massive Critical Patch Update containing 520 security patches

Oracle has issued a Critical Patch Update which contains 520 new security patches across various product families. A few of these updates may need your urgent attention if you are a user of the affected product. Publicly disclosed computer security flaws are listed in the Common Vulnerabilities a...

7.5CVSS9.5AI score0.98253EPSS
Exploits73
Malwarebytes
Malwarebytes
added 2019/02/01 6:0 p.m.146 views

Houzz data breach: Why informing your customers is the right call

Houzz is an online platform dedicated to home renovation and design. Today February 1, 2019, they notified their customers about a data breach that reportedly happened in December 2018. Data breaches unfortunately have become a common event. In fact, we dubbed 2018 the year of the data breach...

7.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/10/16 9:0 a.m.145 views

The forgotten malvertising campaign

In recent weeks, we have noted an increase in malvertising campaigns via Google searches. Several of the threat actors we are tracking have improved their techniques to evade detection throughout the delivery chain. We believe this evolution will have a real world impact among corporate users...

7.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/07/11 2:0 a.m.145 views

"TootRoot" Mastodon vulnerabilities fixed: Admins, patch now!

One of Twitters big rivals, Mastodon, recently finished fixing four issues which in the worst case allowed for the creation of files on the instances server. Mastodon, whose main selling point is lots of separate communities living on different servers yet still able to communicate, was notified ...

6.5CVSS7.9AI score0.4011EPSS
Exploits0
Malwarebytes
Malwarebytes
added 2023/01/19 4:0 a.m.145 views

Update now! Two critical flaws in Git's code found, patched

In a sponsored security source code audit, security experts from X41 D-SEC GmbH Eric Sesterhenn and Markus Vervier and GitLab Joern Schneeweisz found two notable critical flaws in Git's code. A vulnerability on Git could generally compromise source code repositories and developer systems, but...

10CVSS10AI score0.92178EPSS
Exploits21
Malwarebytes
Malwarebytes
added 2021/04/06 12:7 p.m.145 views

Has Facebook leaked your phone number?

Unless you keep your social media at a pole’s distance, you have probably heard that an absolutely enormous dataset—containing over 500 million phone numbers—has been made public. These phone numbers have been in the hands of some cybercriminals since 2019 due to a vulnerability in Facebook that...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/01/21 4:15 p.m.145 views

Has two-factor authentication been defeated? A spotlight on 2FA’s latest challenge

Multiple news reports about the defeat of two-factor authentication 2FA have been making rounds lately. In November 2018, our friends at ESET discovered a purported Android battery utility tool called “Optimization Android” from a third-party app store. This app was designed to steal money from a...

7.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/08/24 1:36 p.m.144 views

Realtek-based routers, smart devices are being gobbled up by a voracious botnet

A few weeks ago we blogged about a vulnerability in home routers that was weaponized by the Mirai botnet just two days after disclosure. Mirai hoovers up vulnerable Internet of Things IoT devices and adds them to its network of zombie devices, which can then be used to launch huge Distributed...

10CVSS0.3AI score0.99983EPSS
Exploits7
Malwarebytes
Malwarebytes
added 2019/09/20 6:18 p.m.144 views

What role does data destruction play in cybersecurity?

When organization leaders think about cybersecurity, it's usually about which tools and practices they need to add to their stack—email protection, firewalls, network and endpoint security, employee awareness training, AI and machine-learning technology—you get the idea. What's not often consider...

6.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/08/15 3:26 p.m.144 views

The Hidden Bee infection chain, part 1: the stegano pack

About a year ago, we described the Hidden Bee miner delivered by the Underminer Exploit Kit. Hidden Bee has a complex and multi-layered internal structure that is unusual among cybercrime toolkits, making it an interesting phenomenon on the threat landscape. That's why we're dedicating a series o...

10CVSS9.5AI score0.93688EPSS
Exploits5
Malwarebytes
Malwarebytes
added 2018/01/17 4:0 p.m.144 views

A coin miner with a “Heaven’s Gate”

You might call the last two years the years of ransomware. Ransomware was, without a doubt, the most popular type of malware. But at the end of last year, we started observing that ransomware was losing its popularity to coin miners. It is very much possible that this trend will grow as 2018...

7.6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/03/09 7:51 p.m.143 views

Update now! Microsoft patches three zero-day vulnerabilities on Patch Tuesday

The updates for Microsofts March 2022 Patch Tuesday should fix 92 vulnerabilities, including three zero-day vulnerabilities. Of the 92 vulnerabilities, 21 are for Microsoft Edge and originate from the Chromium Project. Of the 71 others, three are classified as Critical because they allow remote...

7.2CVSS8.6AI score0.40789EPSS
Exploits3
Malwarebytes
Malwarebytes
added 2021/11/02 4:48 p.m.143 views

Google patches zero-day vulnerability, and others, in Android

Google has issued security patches for the Android Operating System. In total, the patches address 39 vulnerabilities. There are indications that one of the patched vulnerabilities may be under limited, targeted exploitation. The most severe of these issues is a critical security vulnerability in...

10CVSS8.7AI score0.03057EPSS
Exploits0
Malwarebytes
Malwarebytes
added 2020/08/06 5:0 p.m.143 views

Inter skimming kit used in homoglyph attacks

As we continue to track web threats and credit card skimming in particular, we often rediscover techniques weve encountered elsewhere before. In this post, we share a recent find that involves what is known as an homoglyph attack. This technique has been exploited for some time already, especiall...

0.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/08/27 5:36 p.m.143 views

Study explores clickjacking problem across top Alexa-ranked websites

Clickjacking has been around for a long time, working hand-in-hand with the unwitting person doing the clicking to send them to parts unknown—often at the expense of site owners. Scammers achieve this by hiding the page object the victim thinks they’re clicking on under a layer or layers of...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/04/03 3:0 p.m.143 views

How gamers can protect against increasing cyberthreats

A few years ago, cybersecurity scryers predicted that the video gaming industry would be the next big target of cybercriminals. Whether this will come true in the future or not, the average gamer may have little to no idea of what awaits them, much less be prepared for it. In fact, while generall...

7.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/11/12 5:17 p.m.142 views

A week in security (November 5 – 11)

Last week on Malwarebytes Labs, we looked at browser lockers that fly under the radar with complete obfuscation, transport and logistics in our series about compromising vital infrastructure, Google logins now requiring JavaScript, how to create a sticky cybersecurity training program, and an...

10CVSS8.9AI score0.9995EPSS
Exploits11
Malwarebytes
Malwarebytes
added 2022/07/13 12:21 p.m.141 views

Update now—July Patch Tuesday patches include fix for exploited zero-day

It’s time to triage a lot of patching again. Microsoft’s July Patch Tuesday includes an actively exploited local privilege escalation vulnerability in the Windows Client/Server Runtime Subsystem CSRSS. This vulnerability immediately made it to the Cybersecurity & Infrastructure Security Agency CI...

7.2CVSS9.5AI score0.18765EPSS
Exploits2
Malwarebytes
Malwarebytes
added 2021/04/06 11:37 a.m.141 views

Research claims Google Pixel phones share 20 times more data than iPhones

If youre an Android phone user, now might be a good time to invest in a good pair of ear plugs. Fans of iPhones arent known for being shy when it comes to telling Android users that Apple products are superior, and things may be about to get worse, thanks to a new research paper pdf. Researchers ...

6.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/04/26 3:0 a.m.140 views

APC warns about critical vulnerabilities in online UPS monitoring software

In a security notification, APC has warned home and corporate users about critical vulnerabilities in the software used to monitor and control their UPS systems online. APC, which started as the American Power Conversion in 1981, today is a part of Schneider Electric™. APC is an industry leader i...

8.2AI score0.01315EPSS
Exploits0
Malwarebytes
Malwarebytes
added 2021/07/19 7:32 p.m.140 views

Remcos RAT delivered via Visual Basic

This blog post was authored by Erika Noerenberg Introduction Over the past months, Malwarebytes researchers have been tracking a unique malspam campaign delivering the Remcos remote access trojan RAT via financially-themed emails. Remcos is often delivered via malicious documents or archive files...

7.6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/05/19 12:42 p.m.139 views

VMWare vulnerabilities are actively being exploited, CISA warns

The Cybersecurity & Infrastructure Security Agency has issued an Emergency Directive ED 22-03 and released a Cybersecurity Advisory CSA about ongoing, and expected exploitation of multiple vulnerabilities in several VMware products. Chaining unpatched VMware vulnerabilities The title of the...

10CVSS10AI score0.99997EPSS
Exploits34
Malwarebytes
Malwarebytes
added 2022/01/12 5:2 p.m.139 views

[updated] You can update now: Microsoft patches 97 bugs including 6 zero-days and a wormable one

How time flies sometimes. Microsoft yesterday released the first patch Tuesday security updates of the year 2022. The update includes fixes for six zero-day vulnerabilities and a total of 97 bugs. This includes two Remote Code Execution RCE vulnerabilities affecting open source libraries. None of...

10CVSS0.9279EPSS
Exploits24
Malwarebytes
Malwarebytes
added 2021/12/16 10:47 a.m.139 views

After Log4j, December’s Patch Tuesday has snuck up on us

For anyone about to sit back after checking their environment for the Log4j vulnerabilities and applying patches where needed, here are some more things that need patching. Microsoft In 2021’s final Patch Tuesday, Microsoft included a total of 67 fixes for security vulnerabilities. The total set ...

7.5CVSS10AI score0.11963EPSS
Exploits1
Malwarebytes
Malwarebytes
added 2021/09/24 11:9 a.m.139 views

SonicWall warns users to patch critical vulnerability “as soon as possible”

SonicWall has issued a security notice about its SMA 100 series of appliances. The vulnerability could potentially allow a remote unauthenticated attacker the ability to delete arbitrary files from a SMA 100 series appliance and gain administrator access to the device. SonicWall SonicWall is a...

9.6AI score0.80701EPSS
Exploits4
Malwarebytes
Malwarebytes
added 2019/03/22 3:0 p.m.139 views

Researchers go hunting for Netflix’s Bandersnatch

A new research paper from the Indian Institute of Technology Madras explains how popular Netflix interactive show Bandersnatch could fall victim to a side-channel attack. In 2016, Netflix began adding TLS Transport Layer Security to their video content to ensure strangers couldn’t eavesdrop on...

0.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2017/08/14 7:51 p.m.139 views

Week in Security (August 7 – August 13)

Last week, we explained how security certificates work and how malware authors have used them to block security software from being downloaded and executed. We also showed how the Magnitude exploit kit is spreading a Cerber ransomware variant that uses binary padding in an attempt to get skipped,...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/08/03 1:0 p.m.138 views

Update now! VMWare patches critical vulnerabilities in several products

In a new critical security advisory, VMSA-2022-0021, VMWare describes multiple vulnerabilities in several of its products, one of which has a CVSS score of 9.8. Exploiting these vulnerabilities would enable a threat actor with network access to bypass authentication and execute code remotely...

9.5AI score0.18994EPSS
Exploits6
Malwarebytes
Malwarebytes
added 2018/07/19 5:24 p.m.137 views

How to block ads like a pro

In part one of this series, we had a look at a few reasons why you should be blocking online advertisements on your network and devices. From malvertising attacks and privacy-invading tracking systems to just being an outright annoyance, online ads and trackers are a nuisance that provides an...

0.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2017/09/15 3:0 p.m.137 views

Explained: YARA rules

YARA rules are a way of identifying malware or other files by creating rules that look for certain characteristics. YARA was originally developed by Victor Alvarez of Virustotal and is mainly used in malware research and detection. It was developed with the idea to describe patterns that identify...

6.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2017/08/01 7:10 p.m.137 views

TrickBot comes with new tricks – attacking Outlook and browsing data

Last year we reported about a new modular malware using a network protocol similar to Dyreza - you can read about it here. The malware was not very stealthy and some parts were looking to be under development, but we noticed its potential and capability to be easily extended. Indeed, authors of...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/01/24 8:0 a.m.136 views

Own an older iPhone? Check you're on the latest version to avoid this bug

In December, 2022, we warned our readers about an actively exploited vulnerability in Apples WebKit. Back then we wondered why Apple specifically stated that the issue may have been actively exploited against versions of iOS released before iOS 15.1. At the time, our resident Apple expert Thomas...

9.2AI score0.08523EPSS
Exploits0
Total number of security vulnerabilities4706