Lucene search
K
MalwarebytesMost viewed

4709 matches found

Malwarebytes
Malwarebytes
added 2023/10/26 5:52 a.m.19 views

Patch…later? Safari iLeakage bug not fixed

Apple has released updates for its phones, Macs, iPads, watches, and TV streaming devices, fixing a bunch of security problems. But amid all that activity, one fix is notably absent—there is nothing to address the vulnerability dubbed iLeakage. iLeakage is a side-channel attack that can force the...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/10/13 12:15 p.m.19 views

Explained: Quishing

Quishing is phishing using QR Quick Response codes. QR codes are basically two-dimensional barcodes that hold encoded data, and they can be used to work as a link. Point your phone's camera at a QR code and it will ask you if you want to visit the link. The use of QR codes in malicious campaigns ...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/09/12 4:0 a.m.19 views

Microsoft Teams used to deliver DarkGate Loader malware

Researchers have found a new method by which cybercriminals are spreading the DarkGate Loader malware. Until now, DarkGate was typically distributed via phishing emails. The malspam campaign used stolen email threads to lure victims into clicking a hyperlink, which downloaded the malware. But...

7.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/09/11 8:0 a.m.19 views

Re-air: What teenagers face growing up online: Lock and Code S04E19

This week on the Lock and Code podcast... In 2022, Malwarebytes investigated the blurry, shifting idea of "identity" on the internet, and how online identities are not only shaped by the people behind them, but also inherited by the internets youngest users, children. Children have always inherit...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/08/31 3:0 a.m.19 views

Prompt injection could be the SQL injection of the future, warns NCSC

The UK's National Cyber Security Centre NCSC has issued a warning about the risks of integrating large language models LLMs like OpenAIs ChatGPT into other services. One of the major risks is the possibility of prompt injection attacks. The NCSC points out several dangers associated with...

8.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/08/21 9:15 p.m.19 views

Chrome will soon start removing extensions that may be unsafe

Retroactive removals are finally on the way for malicious Chrome browser extensions. Beginning with Chrome 117, Chrome will "proactively highlight to users when an extension they have installed is no longer in the Chrome web store". Previously, if you installed an extension which was subsequently...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/08/07 11:0 a.m.19 views

New Security Advisor amps up security in minutes

Malwarebytes Security Advisor, a transformation of the Nebula customer experience, enables organizations to visualize and improve their organization's security posture in just a few minutes. "If youre not fully configured, you arent fully protected," says Jonny Rivera, Director, Customer Experien...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/07/14 4:15 p.m.19 views

Ransomware making big money through "big game hunting"

Ransomware generates big money for the groups behind it, with new research confirming some of the scale of the problem. Chainalysis, a blockchain research firm, looked at data from monitored cryptocurrency wallets, concluding that around $449 million has been taken from victims in the last six...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/07/05 2:0 a.m.19 views

Google plans to scrape everything you post online to train its AI

Additions to Googles Privacy Policy are making some observers worry that all of your content is about to be fed into Google's AI tools. Alterations to the T&Cs now explicitly state that your "publicly available information" will be used to train in-house Google AI models alongside other products...

6.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/06/19 2:15 p.m.19 views

Phishing scam takes $950k from DoorDash drivers

A particularly nasty slice of phishing, scamming, and social engineering is responsible for DoorDash drivers losing a group total of around $950k. DoorDash drivers are contractors who pick up food deliveries from stores and restaurants and deliver the products to the customer. A 21 year old man...

7.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/06/12 12:0 a.m.19 views

A week in security (June 5 - 11)

Last week on Malwarebytes Labs: Trusting AI not to lie: The cost of truth: Lock and Code S04E12 5 unusual cybersecurity tips that actually work The 2023 State of Ransomware in Education: 84% increase in attacks over 6-month period Information stealer compromises legitimate sites to attack other...

7.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/05/23 4:30 p.m.19 views

Employee guilty of joining ransomware attack on his own company

A 28-year old IT Security Analyst pleaded guilty and will consequently be convicted of blackmail and unauthorized access to a computer with intent to commit other offences. It all started when the UK gene and cell therapy company Oxford BioMedica fell victim to a cybersecurity incident which...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/05/11 5:0 a.m.19 views

Google adds unwanted tracker detection to Find My Device network

Last week we reported that Google and Apple were looking for input on a draft specification to alert users in the event of suspected unwanted tracking. Apple and Google said other tracker makers like Samsung, Tile, Chipolo, eufy Security, and Pebblebee have expressed interest in their draft. Now,...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/05/09 8:0 a.m.19 views

Fake system update drops Aurora stealer via Invalid Printer loader

Malvertising seems to be enjoying a renaissance as of late, whether it is from ads on search engine results pages or via popular websites. Because browsers are more secure today than they were 5 or 10 years ago, the attacks that we are seeing all involve some form of social engineering. A threat...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/04/21 7:0 p.m.19 views

Would-be hitman busted after being fooled by parody website

A member of the Air National Guard is facing federal charges after applying for a job online as an assassin. According to a Justice Department press release, Josiah Ernesto Garcia from Hermitage, Tennessee, was arrested by an undercover federal agent at a park on April 12, 2023. The FBI affidavit...

6.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/04/20 11:0 a.m.19 views

What your peers said: G2 comparison of top Endpoint Security vendors

Navigating the world of endpoint security is challenging, with numerous vendors stoking FUD and making bold claims that are difficult to verify. In times like these, the honest opinions of real users are invaluable for busy IT teams. Enter G2, an industry-leading peer-to-peer review site. Each...

6.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/04/14 4:0 a.m.19 views

WhatsApp introduces new security features

WhatsApp has announced several new security features which include an extra check when an account is transferred to a new device. This check asks that users confirm the transfer on their old device. This should warn users in case there is a transfer in progress started by somebody trying to hijac...

6.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/04/05 2:0 a.m.19 views

Western Digital confirms breach, affects My Cloud and SanDisk users

Western Digital, a big brand in digital storage, says it has suffered a "network security incident--potentially ransomware--which resulted in a breach and some system disruptions in its business operations. The company identified the incident on March 26 and said an unnamed third party unlawfully...

6.6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/04/03 10:30 a.m.19 views

New macOS malware steals sensitive info, including a user's entire Keychain database

A new macOS malware--called MacStealer--that is capable of stealing various files, cryptocurrency wallets, and details stored in specific browsers like Firefox, Chrome, and Brave, was discovered by security researchers from Uptycs, a cybersecurity company specializing in cloud security. It can al...

6.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/03/27 4:0 a.m.19 views

Ransomware gunning for transport sector's OT systems next

ENISA the European Union Agency for Cybersecurity has reason to believe that ransomware gangs will begin targeting transportation operational technology OT systems in the foreseeable future. This finding is further explored in the agency's 50-page report entitled ENISA Threat Landscape: Transport...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/03/03 11:45 a.m.19 views

LockBit ransomware demands $2 million for Pierce Transit data

The Pierce County Public Transportation Benefit Area Corporation Pierce Transit has fallen victim to a cyberattack using LockBit ransomware. Pierce Transit is a public transit operator in Washington state. The attack began on February 14, 2023, and required Pierce Transit to implement temporary...

7.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/03/02 3:0 a.m.19 views

Internet Explorer users still targeted by RIG exploit kit

Despite a very slim browser market share, Internet Explorer IE is still being exploited by exploit kits like the RIG exploit kit EK. One major advantage for the malware distributors behind the exploit kit is that the outdated browser has reached end-of-life EOL, which means it no longer receives...

0.6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/03/01 4:30 p.m.19 views

AI voice cracks telephone banking voice recognition

Voice ID is slowly rolling out across various banks worldwide as a way to perform user authentication over the phone. However, questions remain about just how secure it is. Now that we have freely available artificial intelligence AI happily replicating peoples voices, could it be a security risk...

7.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/02/17 3:30 p.m.19 views

Two Supreme Court cases could change the Internet as we know it

The Supreme Court is about to reconsider Section 230, a law thats been the foundation of the way we have used the Internet for decades. The court will be handling a few cases that at first glance are about online platforms' liability for hosting accounts from foreign terrorists. But at a deeper...

0.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/02/16 6:0 a.m.19 views

WordPress sites backdoored with ad fraud plugin

WordPress is an immensely popular content management system CMS powering over 43% of all websites. Many webmasters will monetize their sites by running ads and need to draw particular attention to search engine optimization SEO techniques to maximize their revenues. But some people will take a...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/02/08 10:0 a.m.19 views

Update now! GoAnywhere MFT zero-day patched

An emergency patch 7.1.2 has been released for an actively exploited zero-day vulnerability found in the GoAnywhere MFT administrator console. GoAnywhere MFT, which stands for managed file transfer, is a software solution that allows businesses to manage and exchange files in a secure and complia...

8.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/01/30 5:0 a.m.19 views

New data wipers deployed against Ukraine

As war in Ukraine rages, new destructive malware continues to be discovered. In a recent tweet, the Ukrainian Computer Emergency Response Team CERT-UA named five wipers used against Ukrinform, Ukraines national news agency. It suspects a link to the Sandworm group. UPDATE: UAC-0082 suspected...

0.6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/01/26 6:0 a.m.19 views

CISA releases advice on how to safeguard K–12 organizations

To help K-12 schools and school districts in their struggle against cybercrime the Cybersecurity & Infrastructure Security Agency CISA has released the report, Protecting Our Future: Partnering to Safeguard K-12 organizations from Cybersecurity Threats. A cybersecurity incident can significantly...

Exploits0
Malwarebytes
Malwarebytes
added 2023/01/26 1:0 a.m.19 views

"2.6 million DuoLingo account entries" up for sale

Not a week goes by where we dont see an example of data scraping causing concern for both business and folks at home. The latest target happens to be popular language platform DuoLingo, who is currently digging into a forum post concerning data related to its customer accounts. Scraping data for...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/01/23 2:0 a.m.19 views

T-Mobile reports data theft of 37 million customers in the US

T-Mobile has announced that an attacker has accessed "limited types of information" on customers. It says it is informing impacted customers. According to the press release, no passwords, payment card information, social security numbers, government ID numbers or other financial account informati...

0.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/01/16 1:0 p.m.19 views

"Untraceable" surveillance firm sued for scraping Facebook and Instagram data

Days after Meta achieved victory after suing the NSO Group for Computer Fraud and Abuse Act charges, Meta filed a lawsuit against surveillance company Voyager Labs for violations of its Terms and Policies and California law. According to court documents, Voyager Labs created 38,000 fake accounts ...

Exploits0
Malwarebytes
Malwarebytes
added 2023/01/11 7:0 a.m.19 views

2023 prediction: Security workforce shortage will lead to nationally significant cyberattack

If 2022 was any indication, businesses are about to face an unprecedented volume, frequency, and sophistication of cyberthreats in 2023. Global cyberattacks have increased by 483 percent over the last two years, and at the current rate of growth, damage from such attacks will amount to $10.5...

7.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/01/10 9:0 a.m.19 views

Pokemon NFT card game malware chooses you

Pokemon fans are urged to be on their guard after bogus card game portals have been offering up malware under the guise of NFTs. The sites in question offer up an enticing looking mix of card gaming with a splash of money making on the side. Digital card games are big business in gaming circles,...

0.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/12/21 7:0 a.m.19 views

The pitfalls of blocking IP addresses

In August 2022, the Austrian court ordered the block of 11 IP addresses for copyright violations on 14 websites. Sadly, there was an undesirable side-effect--thousands of websites were rendered inaccessible to internet users in Austria for two days. There are many possible reasons why governments...

0.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/10/26 10:30 p.m.19 views

Point-of-sale malware used to steal 167,000 credit cards

In the 19 months between February 2021 and September 2022, two point-of-sale POS malware operators have stolen more than 167,000 payment records, mainly from the US, according to researchers at Group-IB. The researchers were able to retrieve information about infected machines and compromised...

7.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/10/13 8:45 p.m.19 views

Android and Chrome start showing passwords the door

Google has announced that it's bringing passkey support to both Android and Chrome. On May 5, 2022, it said it would implement passwordless support in Android and Chrome and the latest annoncement about passkeys is an important step in that journey. Passkeys Passkeys are a replacement for...

6.6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/10/13 1:15 p.m.19 views

Only half of teens agree they "feel supported online" by parents

Not enough children and teenagers trust their parents to support them online, and not enough parents know exactly how to give the support their children need. Those are some of the latest findings from joint research conducted this summer by Malwarebytes and 1Password, which we have published tod...

7.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/10/04 3:0 p.m.19 views

TikTok's "secret operation" tracks you even if you don't use it

Consumer Reports CR, a US-based nonprofit consumer organization, has revealed that TikTok gathers data on people who don't even use the app itself. If this sounds familiar, it's because it's happened before. Meta's near-omnipresence wherever you are online enabled it to gather data on users, even...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/09/21 1:0 p.m.19 views

5 things to teach your kids about social media

With children now back at school, its time to think about social media, and their use of it. Are they already firing out tweets, chatting in Discord channels, or even just looking to set up a Tik-Tok account? Now is the time to consider giving your kids some security and privacy tips for all thei...

0.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/09/12 2:0 p.m.19 views

Facebook engineers aren't sure where all user data is kept

If it takes a village to raise a child, apparently it takes Facebook a team to tell you what data the company keeps about you and where they keep it. In the recently unsealed transcript of a hearing led by "Discovery Special Master" Daniel Garrie, an expert appointed by the court, two Facebook...

0.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/09/06 4:0 p.m.19 views

Instagram receives record fine of $400M for abuse of children's data

Ireland's Data Protection Commissioner DPC, the lead regulator in Europe for Meta and other tech giants, has slapped Instagram with a fine of €405M--roughly equivalent to $402M--following an investigation on how the company handled children's data. In the investigation that started in 2020, the D...

1.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/08/24 10:0 a.m.19 views

How to secure a Mac for your kids

If you want to know how to secure your Mac so your kids can use it safely, I can help. In 2018 I decided to give my kids an old Apple laptop to share, and I documented the steps I took to secure it. They were still a few years short of their tenth birthdays, and it was their first computer, so I...

7.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/08/17 2:0 p.m.19 views

Nearly 2,000 Signal users affected by Twilio phishing attack

New findings following the Twilio phishing attack revealed that Signal, one of its high-value clients and a popular encrypted messaging platform, was particularly affected. 1,900 of its users had their phone numbers and SMS registration codes exposed. However, Signal reassured users that the...

0.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/08/15 8:0 a.m.19 views

A week in security (August 8 - August 14)

Last week on Malwarebytes Labs: KMSpico explained: No, KMS is not "kill Microsoft" Twitter data breach affects 5.4M users Can your EDR handle a ransomware attack? 6-point checklist for an anti-ransomware EDR Twilio breached after social engineering attack on employees Summer of exploitation leads...

1.6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/08/04 8:0 p.m.19 views

Ransomware review: July 2022

Malwarebytes Threat Intelligence builds a monthly picture of ransomware activity by monitoring the information published by ransomware gangs on their Dark Web leak sites. This information represents victims who were successfully attacked but opted not to pay a ransom. In July, LockBit maintained...

0.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/08/03 8:1 a.m.19 views

How to protect yourself and your kids against device theft

In no time at all, kids will be going back to school or starting college. And while gearing up for this, it’s very important to be aware of the threat from device loss in the school environment. Maybe you are away at university for the first time and have a new place to live, or maybe your kids...

0.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/07/29 4:4 p.m.19 views

Criminals using compromised social media accounts to “post indecent images of children” says UK cybercrime organization

Action Fraud, the UKs national reporting center for fraud and cybercrime, is warning of a very disturbing scam involving social media and "indecent images of children." Details are light, but social media fans should take this as a warning to lock down their accounts immediately. Criminals are...

0.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/07/28 2:38 p.m.19 views

“Orwellian in the extreme” food store installs facial recognition cameras to stop crime, faces backlash

A convenience shop chain is under fire and facing legal charges for installing cameras with facial recognition software in 35 of its branches across the UK. The cameras analyze and convert video face captures into biometric data. The data is compared with a database of people who have committed...

7.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/07/27 1:22 p.m.19 views

Anti-vaxxer dating site exposes user data

An anti-vax dating site has been revealed as shockingly easy to compromise by security researchers. Many major aspects of the site, from membership subscriptions to support tickets, were found to be vulnerable. The site, called Unjected, has been around since last year. It functions as a sort of...

7.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/07/25 3:30 p.m.19 views

Malware spent months hoovering up credit card details from 300 US restaurants

Criminal hackers have been able to steal at least 50,000 credit cards from 300 restaurants in the US, after launching two Magecart campaigns that target the MenuDrive, Harbortouch, and InTouchPOS online payment platforms: Magecart is a web-skimmer—malware that is injected onto a vulnerable websit...

7AI score
Exploits0
Total number of security vulnerabilities4709