Lucene search
K
MalwarebytesMost viewed

4709 matches found

Malwarebytes
Malwarebytes
added 2024/01/23 1:27 p.m.19 views

Microsoft got hacked by state sponsored group it was investigating

In a spy-vs-spy type of scenario, Microsoft has acknowledged that a group called Midnight Blizzard also known as APT29 or Cozy Bear, gained access to a Microsoft legacy non-production test tenant account. According to Microsoft, the group managed to access the account in November after subjecting...

7.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/12/07 8:49 p.m.19 views

US government is snooping on people via phone push notifications, says senator

Many people don’t realize that the instant alert push notifications you get on your phone are routed through Google or Apples servers, depending on which device you use. So if you have an iPhone or iPad, any push notifications can be seen by Apple, and if you use an Android, they can be seen by...

6.6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/12/06 4:28 p.m.19 views

How IT teams can conduct a vulnerability assessment for third-party applications

Google Chrome, Adobe Acrobat Reader, TeamViewer, you name it—there’s no shortage of third-party apps that IT teams need to constantly check for vulnerabilities. But to get a better picture of the problem, lets bust out some napkin math. The average company uses about 200 applications overall...

7.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/12/06 2:31 p.m.19 views

Windows 10 gets its own extended security updates program

The day that Windows 10 machines will get their last security updates is set for October 14, 2025. So if you want to stay secure, you’d have to upgrade to a newer version. Either to Windows 11, which is not all that different, but more demanding when it comes to system requirements. Or to the...

7.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/12/05 12:59 p.m.19 views

Roblox and Twitch provider Tipalti breached by ransomware [updated]

As a response to this post, Tipalti reached out to us and asked us to post the following statement: Tipalti takes the security of our systems and data very seriously and has strong security protocols and tools in place. The Tipalti cybersecurity team and third-party forensic experts have been...

7.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/12/04 10:37 a.m.19 views

Social media giants to testify over failing to protect kids

US senators have urgently invited the CEOs of five of the major social media giants to testify about their failure to protect children online. The Senate Judiciary Committee said it will hear from Meta CEO Mark Zuckerberg, X formerly Twitter CEO Linda Yaccarino, TikTok CEO Shou Zi Chew, Snap CEO...

7.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/11/13 7:28 a.m.19 views

A week in security (November 06 – November 12)

Last week on Malwarebytes Labs: Defeating Little Brother requires a new outlook on privacy: Lock and Code S04E23 Medical research data Advarra stolen after SIM swap Okta breach happened after employee logged into personal Google account Introducing ThreatDown: A new chapter for Malwarebytes...

7.6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/10/26 5:52 a.m.19 views

Patch…later? Safari iLeakage bug not fixed

Apple has released updates for its phones, Macs, iPads, watches, and TV streaming devices, fixing a bunch of security problems. But amid all that activity, one fix is notably absent—there is nothing to address the vulnerability dubbed iLeakage. iLeakage is a side-channel attack that can force the...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/10/13 12:15 p.m.19 views

Explained: Quishing

Quishing is phishing using QR Quick Response codes. QR codes are basically two-dimensional barcodes that hold encoded data, and they can be used to work as a link. Point your phone's camera at a QR code and it will ask you if you want to visit the link. The use of QR codes in malicious campaigns ...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/09/12 4:0 a.m.19 views

Microsoft Teams used to deliver DarkGate Loader malware

Researchers have found a new method by which cybercriminals are spreading the DarkGate Loader malware. Until now, DarkGate was typically distributed via phishing emails. The malspam campaign used stolen email threads to lure victims into clicking a hyperlink, which downloaded the malware. But...

7.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/09/11 8:0 a.m.19 views

Re-air: What teenagers face growing up online: Lock and Code S04E19

This week on the Lock and Code podcast... In 2022, Malwarebytes investigated the blurry, shifting idea of "identity" on the internet, and how online identities are not only shaped by the people behind them, but also inherited by the internets youngest users, children. Children have always inherit...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/08/31 3:0 a.m.19 views

Prompt injection could be the SQL injection of the future, warns NCSC

The UK's National Cyber Security Centre NCSC has issued a warning about the risks of integrating large language models LLMs like OpenAIs ChatGPT into other services. One of the major risks is the possibility of prompt injection attacks. The NCSC points out several dangers associated with...

8.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/08/21 9:15 p.m.19 views

Chrome will soon start removing extensions that may be unsafe

Retroactive removals are finally on the way for malicious Chrome browser extensions. Beginning with Chrome 117, Chrome will "proactively highlight to users when an extension they have installed is no longer in the Chrome web store". Previously, if you installed an extension which was subsequently...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/08/07 11:0 a.m.19 views

New Security Advisor amps up security in minutes

Malwarebytes Security Advisor, a transformation of the Nebula customer experience, enables organizations to visualize and improve their organization's security posture in just a few minutes. "If youre not fully configured, you arent fully protected," says Jonny Rivera, Director, Customer Experien...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/07/14 4:15 p.m.19 views

Ransomware making big money through "big game hunting"

Ransomware generates big money for the groups behind it, with new research confirming some of the scale of the problem. Chainalysis, a blockchain research firm, looked at data from monitored cryptocurrency wallets, concluding that around $449 million has been taken from victims in the last six...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/07/05 2:0 a.m.19 views

Google plans to scrape everything you post online to train its AI

Additions to Googles Privacy Policy are making some observers worry that all of your content is about to be fed into Google's AI tools. Alterations to the T&Cs now explicitly state that your "publicly available information" will be used to train in-house Google AI models alongside other products...

6.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/06/19 2:15 p.m.19 views

Phishing scam takes $950k from DoorDash drivers

A particularly nasty slice of phishing, scamming, and social engineering is responsible for DoorDash drivers losing a group total of around $950k. DoorDash drivers are contractors who pick up food deliveries from stores and restaurants and deliver the products to the customer. A 21 year old man...

7.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/06/12 12:0 a.m.19 views

A week in security (June 5 - 11)

Last week on Malwarebytes Labs: Trusting AI not to lie: The cost of truth: Lock and Code S04E12 5 unusual cybersecurity tips that actually work The 2023 State of Ransomware in Education: 84% increase in attacks over 6-month period Information stealer compromises legitimate sites to attack other...

7.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/05/23 4:30 p.m.19 views

Employee guilty of joining ransomware attack on his own company

A 28-year old IT Security Analyst pleaded guilty and will consequently be convicted of blackmail and unauthorized access to a computer with intent to commit other offences. It all started when the UK gene and cell therapy company Oxford BioMedica fell victim to a cybersecurity incident which...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/05/11 5:0 a.m.19 views

Google adds unwanted tracker detection to Find My Device network

Last week we reported that Google and Apple were looking for input on a draft specification to alert users in the event of suspected unwanted tracking. Apple and Google said other tracker makers like Samsung, Tile, Chipolo, eufy Security, and Pebblebee have expressed interest in their draft. Now,...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/05/09 8:0 a.m.19 views

Fake system update drops Aurora stealer via Invalid Printer loader

Malvertising seems to be enjoying a renaissance as of late, whether it is from ads on search engine results pages or via popular websites. Because browsers are more secure today than they were 5 or 10 years ago, the attacks that we are seeing all involve some form of social engineering. A threat...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/04/21 7:0 p.m.19 views

Would-be hitman busted after being fooled by parody website

A member of the Air National Guard is facing federal charges after applying for a job online as an assassin. According to a Justice Department press release, Josiah Ernesto Garcia from Hermitage, Tennessee, was arrested by an undercover federal agent at a park on April 12, 2023. The FBI affidavit...

6.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/04/20 11:0 a.m.19 views

What your peers said: G2 comparison of top Endpoint Security vendors

Navigating the world of endpoint security is challenging, with numerous vendors stoking FUD and making bold claims that are difficult to verify. In times like these, the honest opinions of real users are invaluable for busy IT teams. Enter G2, an industry-leading peer-to-peer review site. Each...

6.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/04/14 4:0 a.m.19 views

WhatsApp introduces new security features

WhatsApp has announced several new security features which include an extra check when an account is transferred to a new device. This check asks that users confirm the transfer on their old device. This should warn users in case there is a transfer in progress started by somebody trying to hijac...

6.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/04/05 2:0 a.m.19 views

Western Digital confirms breach, affects My Cloud and SanDisk users

Western Digital, a big brand in digital storage, says it has suffered a "network security incident--potentially ransomware--which resulted in a breach and some system disruptions in its business operations. The company identified the incident on March 26 and said an unnamed third party unlawfully...

6.6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/04/03 10:30 a.m.19 views

New macOS malware steals sensitive info, including a user's entire Keychain database

A new macOS malware--called MacStealer--that is capable of stealing various files, cryptocurrency wallets, and details stored in specific browsers like Firefox, Chrome, and Brave, was discovered by security researchers from Uptycs, a cybersecurity company specializing in cloud security. It can al...

6.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/03/27 4:0 a.m.19 views

Ransomware gunning for transport sector's OT systems next

ENISA the European Union Agency for Cybersecurity has reason to believe that ransomware gangs will begin targeting transportation operational technology OT systems in the foreseeable future. This finding is further explored in the agency's 50-page report entitled ENISA Threat Landscape: Transport...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/03/03 11:45 a.m.19 views

LockBit ransomware demands $2 million for Pierce Transit data

The Pierce County Public Transportation Benefit Area Corporation Pierce Transit has fallen victim to a cyberattack using LockBit ransomware. Pierce Transit is a public transit operator in Washington state. The attack began on February 14, 2023, and required Pierce Transit to implement temporary...

7.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/03/02 3:0 a.m.19 views

Internet Explorer users still targeted by RIG exploit kit

Despite a very slim browser market share, Internet Explorer IE is still being exploited by exploit kits like the RIG exploit kit EK. One major advantage for the malware distributors behind the exploit kit is that the outdated browser has reached end-of-life EOL, which means it no longer receives...

0.6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/02/17 3:30 p.m.19 views

Two Supreme Court cases could change the Internet as we know it

The Supreme Court is about to reconsider Section 230, a law thats been the foundation of the way we have used the Internet for decades. The court will be handling a few cases that at first glance are about online platforms' liability for hosting accounts from foreign terrorists. But at a deeper...

0.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/02/16 6:0 a.m.19 views

WordPress sites backdoored with ad fraud plugin

WordPress is an immensely popular content management system CMS powering over 43% of all websites. Many webmasters will monetize their sites by running ads and need to draw particular attention to search engine optimization SEO techniques to maximize their revenues. But some people will take a...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/02/08 10:0 a.m.19 views

Update now! GoAnywhere MFT zero-day patched

An emergency patch 7.1.2 has been released for an actively exploited zero-day vulnerability found in the GoAnywhere MFT administrator console. GoAnywhere MFT, which stands for managed file transfer, is a software solution that allows businesses to manage and exchange files in a secure and complia...

8.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/01/30 5:0 a.m.19 views

New data wipers deployed against Ukraine

As war in Ukraine rages, new destructive malware continues to be discovered. In a recent tweet, the Ukrainian Computer Emergency Response Team CERT-UA named five wipers used against Ukrinform, Ukraines national news agency. It suspects a link to the Sandworm group. UPDATE: UAC-0082 suspected...

0.6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/01/26 6:0 a.m.19 views

CISA releases advice on how to safeguard K–12 organizations

To help K-12 schools and school districts in their struggle against cybercrime the Cybersecurity & Infrastructure Security Agency CISA has released the report, Protecting Our Future: Partnering to Safeguard K-12 organizations from Cybersecurity Threats. A cybersecurity incident can significantly...

Exploits0
Malwarebytes
Malwarebytes
added 2023/01/16 1:0 p.m.19 views

"Untraceable" surveillance firm sued for scraping Facebook and Instagram data

Days after Meta achieved victory after suing the NSO Group for Computer Fraud and Abuse Act charges, Meta filed a lawsuit against surveillance company Voyager Labs for violations of its Terms and Policies and California law. According to court documents, Voyager Labs created 38,000 fake accounts ...

Exploits0
Malwarebytes
Malwarebytes
added 2023/01/11 7:0 a.m.19 views

2023 prediction: Security workforce shortage will lead to nationally significant cyberattack

If 2022 was any indication, businesses are about to face an unprecedented volume, frequency, and sophistication of cyberthreats in 2023. Global cyberattacks have increased by 483 percent over the last two years, and at the current rate of growth, damage from such attacks will amount to $10.5...

7.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/01/10 9:0 a.m.19 views

Pokemon NFT card game malware chooses you

Pokemon fans are urged to be on their guard after bogus card game portals have been offering up malware under the guise of NFTs. The sites in question offer up an enticing looking mix of card gaming with a splash of money making on the side. Digital card games are big business in gaming circles,...

0.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/12/21 7:0 a.m.19 views

The pitfalls of blocking IP addresses

In August 2022, the Austrian court ordered the block of 11 IP addresses for copyright violations on 14 websites. Sadly, there was an undesirable side-effect--thousands of websites were rendered inaccessible to internet users in Austria for two days. There are many possible reasons why governments...

0.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/10/31 11:45 a.m.19 views

A week in security (October 24 - 30)

Last week on Malwarebytes Labs: Lock and Code: A gym heist in London goes cyber Healthcare site leaks personal health information via Google and Meta tracking pixels An odd kind of cybercrime: Gift vouchers, medical records, and...food Cisco warns of ISE vulnerability with no fixed release or...

0.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/10/26 10:30 p.m.19 views

Point-of-sale malware used to steal 167,000 credit cards

In the 19 months between February 2021 and September 2022, two point-of-sale POS malware operators have stolen more than 167,000 payment records, mainly from the US, according to researchers at Group-IB. The researchers were able to retrieve information about infected machines and compromised...

7.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/10/20 1:0 p.m.19 views

Microsoft breach reveals some customer data

Microsoft customers find themselves in the middle of a data breach situation. The Microsoft Security Response Center blog reports that researchers reported a misconfigured Microsoft endpoint on September 24. This miscongifuration resulted in the possibility of "unauthenticated access to some...

7.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/10/13 8:45 p.m.19 views

Android and Chrome start showing passwords the door

Google has announced that it's bringing passkey support to both Android and Chrome. On May 5, 2022, it said it would implement passwordless support in Android and Chrome and the latest annoncement about passkeys is an important step in that journey. Passkeys Passkeys are a replacement for...

6.6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/10/13 1:15 p.m.19 views

Only half of teens agree they "feel supported online" by parents

Not enough children and teenagers trust their parents to support them online, and not enough parents know exactly how to give the support their children need. Those are some of the latest findings from joint research conducted this summer by Malwarebytes and 1Password, which we have published tod...

7.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/10/04 3:0 p.m.19 views

TikTok's "secret operation" tracks you even if you don't use it

Consumer Reports CR, a US-based nonprofit consumer organization, has revealed that TikTok gathers data on people who don't even use the app itself. If this sounds familiar, it's because it's happened before. Meta's near-omnipresence wherever you are online enabled it to gather data on users, even...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/09/21 1:0 p.m.19 views

5 things to teach your kids about social media

With children now back at school, its time to think about social media, and their use of it. Are they already firing out tweets, chatting in Discord channels, or even just looking to set up a Tik-Tok account? Now is the time to consider giving your kids some security and privacy tips for all thei...

0.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/09/12 2:0 p.m.19 views

Facebook engineers aren't sure where all user data is kept

If it takes a village to raise a child, apparently it takes Facebook a team to tell you what data the company keeps about you and where they keep it. In the recently unsealed transcript of a hearing led by "Discovery Special Master" Daniel Garrie, an expert appointed by the court, two Facebook...

0.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/09/12 1:0 p.m.19 views

The North Face hit by credential stuffing attack

The North Face clothing brand, which specialises in outdoor and heavy weather outerwear, has experienced a "large-scale" credential stuffing attack. This has resulted in no fewer than 194,905 accounts being compromised. What is credential stuffing, and how did it affect The North Face customers?...

0.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/08/17 2:0 p.m.19 views

Nearly 2,000 Signal users affected by Twilio phishing attack

New findings following the Twilio phishing attack revealed that Signal, one of its high-value clients and a popular encrypted messaging platform, was particularly affected. 1,900 of its users had their phone numbers and SMS registration codes exposed. However, Signal reassured users that the...

0.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/08/15 8:0 a.m.19 views

A week in security (August 8 - August 14)

Last week on Malwarebytes Labs: KMSpico explained: No, KMS is not "kill Microsoft" Twitter data breach affects 5.4M users Can your EDR handle a ransomware attack? 6-point checklist for an anti-ransomware EDR Twilio breached after social engineering attack on employees Summer of exploitation leads...

1.6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/08/04 8:0 p.m.19 views

Ransomware review: July 2022

Malwarebytes Threat Intelligence builds a monthly picture of ransomware activity by monitoring the information published by ransomware gangs on their Dark Web leak sites. This information represents victims who were successfully attacked but opted not to pay a ransom. In July, LockBit maintained...

0.9AI score
Exploits0
Total number of security vulnerabilities4709