Lucene search
K
MalwarebytesMost viewed

4706 matches found

Malwarebytes
Malwarebytes
added 2022/12/12 3:30 a.m.105 views

Indiana sues TikTok, describes it as "Chinese Trojan Horse"

On Wednesday, the State of Indiana filed two lawsuits against TikTok, Inc, the company behind the same name app, and its parent company, ByteDance. The first suit alleges TikTok's 12+ rating on the Apple App Store and a "T" for "Teen" rating in the Google Play Store and the Microsoft Store are...

0.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/10/29 2:35 p.m.105 views

Update your OptinMonster WordPress plugin immediately

WordPress, the incredibly popular content management platform, is currently dealing with a nasty plugin bug which allows redirects. What is a WordPress plugin? Like most blogging platforms, WordPress allows you to change up its default functionality. This is done by adding bits of kit called...

6.4CVSS8.3AI score0.2327EPSS
Exploits1
Malwarebytes
Malwarebytes
added 2019/03/01 4:43 p.m.105 views

Spectre, Google, and the Universal Read Gadget

Spectre, a seemingly never ending menace to processors, is back in the limelight once again thanks to the Universal Read Gadget. First seen at the start of 2018, Spectre emerged alongside Meltdown as a major potential threat to people’s system security. Meltdown and Spectre Meltdown targeted Inte...

0.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/02/21 5:0 p.m.105 views

The lazy person’s guide to cybersecurity: minimum effort for maximum protection

Are you tired of that acquaintance who keeps bugging you with computer questions? Do you avoid visiting certain people because you know you will spend most of the evening cleaning up their machine? My uncle Bob is one of those people. He’s a nice guy, but with computers, he’s not just an accident...

6.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/01/08 7:49 p.m.105 views

Ryuk ransomware attacks businesses over the holidays

While families gathered for food and merriment on Christmas Eve, most businesses slumbered. Nothing was stirring, not even a mouse—or so they thought. For those at Tribune Publishing and Data Resolution, however, a silent attack was slowly spreading through their networks, encrypting data and...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2017/08/02 3:0 p.m.105 views

Enemy at the gates: Reviewing the Magnitude exploit kit redirection chain

Over the last few months, we have been keeping an eye on the Magnitude exploit kit which is mainly used to deliver the Cerber ransomware to specific countries in Asia. Our telemetry shows that South Korea is most impacted via ongoing malvertising campaigns. When a visitor goes to a website that...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/03/22 1:0 a.m.105 views

Google Pixel: Cropped or edited images can be recovered

Most of us have a camera on us at all times, and so photo taking and image sharing has become almost ubiquitous. But when sharing an image, you want to have control over what you share. And that might lead you to crop images, or redact parts of them. Maybe you cropped out a person that didn't wan...

5.2AI score0.00499EPSS
Exploits2
Malwarebytes
Malwarebytes
added 2022/08/11 1:0 p.m.104 views

[updated] Thousands of Zimbra mail servers backdoored in large scale attack

Researchers at Volexity have discovered that a known vulnerability has been used in a large scale attack against Zimbra Collaboration Suite ZCS email servers. But the vulnerability was supposed to be hard to exploit since it required authentication. So they decided to dig deeper. An incomplete fi...

6.5CVSS9.1AI score0.98586EPSS
Exploits16
Malwarebytes
Malwarebytes
added 2018/12/10 3:0 p.m.104 views

Something else is phishy: How to detect phishing attempts on mobile

In a report published in 2011, IBM revealed that mobile users are three times more likely to fall for phishing scams compared to desktop users. This claim was based on accessed log files found on Web servers used to host websites involved in phishing campaigns. Almost a decade later, we continue ...

0.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/10/01 2:0 p.m.104 views

Malwarebytes is a champion of National Cybersecurity Awareness Month

October is here. For most of us in the US cybersecurity industry, it’s the month when we commemorate National Cybersecurity Awareness Month NCSAM. For those who are unfamiliar with this campaign, NCSAM generally aims at driving awareness for safe Internet use, whether you're a regular consumer or...

7.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2017/07/10 5:18 p.m.104 views

A week in security (July 03 – July 09)

Last week, we released our second quarter Cybercrime Tactics & Techniques report, where we revealed that ransomware outbreaks were dominant during this quarter. You can read the full report on the post below: Report: Second quarter dominated by ransomware outbreaks Our researchers continue to sha...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/08/15 10:38 a.m.103 views

Microsoft patches bug that could have allowed an attacker to revert your computer back to an older, vulnerable version

Microsoft has released a patch for a bug for a "downgrade attack" that was recently revealed by researchers at security conferences Black Hat and Def Con. What does that mean in layman terms? You: Let me check whether my system is fully updated Windows: Sure, all’s well Attacker: Chuckles and...

7.3CVSS7.4AI score0.01678EPSS
Exploits0
Malwarebytes
Malwarebytes
added 2021/11/10 3:2 p.m.103 views

Playstation 5 hacked—twice!

Over the weekend, hackers revealed that the Playstation 5 PS5, Sony’s latest darling, has been broken into—not just once but twice. Fail0verflow, the hacking group notorious for breaking Playstation consoles, and Andy "TheFlow" Nguyen, a security engineer at Google and widely known in the...

6.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/09/04 2:6 p.m.103 views

5 simple steps to securing your remote employees

As remote working has become standard practice, employees are working from anywhere and using any device they can to get the job done. That means repeated connections to unsecured public Wi-Fi networks—at a coffee shop or juice bar, for example—and higher risks for data leaks from lost, misplaced...

6.6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/02/15 4:40 p.m.103 views

Tackling the shortage in skilled IT staff: whole team security

Is your IT department understaffed, overworked, and are you looking for reinforcements in vain? Maybe these hard-to-hire reinforcements can be hired from within, rather than having to outsource or hire expensive, short-term extra help. While this was usually only done if your own staff was fallin...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/01/12 4:0 a.m.102 views

Update now! Patch Tuesday January 2023 includes one actively exploited vulnerability

The first Microsoft Patch Tuesday of 2023 is an important one to start of the year with. In total 98 vulnerabilities were patched, including 11 that were labelled critical and one that is being actively exploited in the wild. This is also the last time we expect to see fixes for Windows 8.1...

8.9AI score0.41806EPSS
Exploits0
Malwarebytes
Malwarebytes
added 2022/03/25 12:7 a.m.102 views

Anti-war open-source software developer targets Russians and Belarussians with “protestware”

Russia is in the midst of its fourth week of attack against Ukraine. People worldwide have been increasingly and passionately showing support for Ukrainians since day one while condemning the atrocities of Russian President Vladimir Putin, the Russian military, and Belarus, its allied country...

10CVSS0.4AI score0.04194EPSS
Exploits1
Malwarebytes
Malwarebytes
added 2022/02/10 8:58 a.m.102 views

SAP customers are urged to patch critical vulnerabilities in multiple products

German enterprise software maker SAP has patched three critical vulnerabilities affecting Internet Communication Manager ICM, a core component of SAP business applications. Customers are urged by both SAP and CISA to address these critical vulnerabilities as soon as possible. On February 8, SAP...

10CVSS8.7AI score0.97945EPSS
Exploits8
Malwarebytes
Malwarebytes
added 2019/10/16 8:17 p.m.102 views

When can we get rid of passwords for good?

Or perhaps I should have asked, "Can we ever get rid of passwords for good?" The security world knows passwords are a problem. Products ship with default passwords that are never changed. People reuse old passwords or adopt easy-to-guess passwords that hackers easily defeat via brute force. Or...

7.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/06/20 5:20 p.m.102 views

Radiohead’s ransom response shows novel approach for ransomware victims

Last week, British rock band Radiohead thwarted an attempted digital ransom, in which unnamed hackers stole roughly 18 hours of unreleased music dating back to the band’s recording of its studio album OK, Computer, revealing some less-than-ok computer security sorry. Instead of paying a ransom to...

6.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/04/09 3:0 p.m.102 views

Say hello to Baldr, a new stealer on the market

By William Tsing, Vasilios Hioureas, and Jérôme Segura Over the past few months, we have noticed increased activity and development of new stealers. Unlike many banking Trojans that wait for the victim to log into their bank's website, stealers typically operate in grab-and-go mode. This means th...

6.6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/01/28 4:0 p.m.102 views

What does ‘consent to tracking’ really mean?

Thanks to Jerome Boursier for contributions. Post GDPR, many social media platforms will ask end users to consent to some form of tracking as a condition of using the service. It's easy to make assumptions as to what that means, especially when the actual terms of service or data policy for the...

0.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/11/05 5:37 p.m.102 views

A week in security (October 29 – November 4)

Last week on Malwarebytes Labs, we looked at a rogue cryptocurrency app installing backdoors, took a dive into the world of printer security, explored browser privacy tweaks, highlighted a music festival–themed breach, and introduced Malwarebytes for Chromebook. Other cybersecurity news Memory...

0.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/04/03 3:30 p.m.102 views

Malicious gaming extensions: a child’s play to infection

Did you ever lend your laptop to a child to play a video game, only to get it back filled with advertisements? Our CEO knows a little bit about that predicament, having unknowingly infected his parents' computer when he was a kid. But times have changed since then. Let us play for you a modern-da...

6.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/01/12 11:26 p.m.102 views

Stripchat bot spells block

Here at Malwarebytes, we spent a lot of time and effort scouring the Internet looking for malicious websites that we can protect our users from. Sometimes, these websites are pushing malware or some kind of scam. Other times it comes down to bad advertising practices that are used to fool the use...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2017/08/30 6:0 p.m.102 views

Malware vaccination tricks: blue pills or red pills

First, let me explain what I mean by malware vaccination tricks. Most of you will have heard about some of these. Vaccination tricks are in fact techniques that use safety checks done by malware against that same malware. The malware checks for the presence of certain files or registry keys as a...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2017/06/30 4:53 p.m.102 views

EternalPetya – yet another stolen piece in the package?

Since June 27th we have been investigating the outbreak of the new Petya-like malware armed with an infector similar to WannaCry. Since day one, various contradicting theories started popping up. Some believed that this malware is a rip-off of the original Petya, while others think that it is...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/04/03 8:40 p.m.101 views

Google patches critical vulnerability for Androids with Qualcomm chips

In April’s update for the Android operating system OS, Google has patched 28 vulnerabilities, one of which is rated critical for Android devices equipped with Qualcomm chips. You can find your device’s Android version number, security update level, and Google Play system level in your Settings ap...

7.5CVSS8.6AI score0.0068EPSS
Exploits0
Malwarebytes
Malwarebytes
added 2023/12/11 10:17 a.m.101 views

Insights into your unpatched vulnerabilities

Every day, nearly 70 brand-new vulnerabilities are discovered in software products around the world. That’s almost 25,550 new problems each year, of which roughly 4,250 or every one-in-six will be classified as “critical.” But with little guidance beyond “critical” classifications—and with the...

10CVSS8.6AI score0.99735EPSS
Exploits10
Malwarebytes
Malwarebytes
added 2023/11/15 10:4 p.m.101 views

Update now! Microsoft patches 3 actively exploited zero-days

Another important update round for this months Patch Tuesday. Microsoft has patched a total of 63 vulnerabilities in its operating systems. Five of these vulnerabilities qualify as zero-days, with three listed as being actively exploited. Microsoft considers a vulnerability to be a zero-day if it...

6.8CVSS7.2AI score0.88196EPSS
Exploits2
Malwarebytes
Malwarebytes
added 2023/06/09 4:0 a.m.101 views

VMware patches critical vulnerabilities in Aria Operations for Networks

VMware has released security updates to fix three vulnerabilities in Aria Operations for Networks which could result in information disclosure and remote code execution. The vulnerabilities were found in Aria Operations for Networks which was formerly known as vRealize Network Insight. Users of...

7.5CVSS8.7AI score0.98281EPSS
Exploits7
Malwarebytes
Malwarebytes
added 2021/06/15 2:35 p.m.101 views

Patch now! Apple fixes in-the-wild iPhone vulnerabilities

Apple has fixed two vulnerabilities in Safaris WebKit component, announcing it is aware of a report that they may have been actively exploited. Both vulnerabilities could be abused by maliciously crafted web content that could lead to arbitrary code execution: In other words, the bugs let rogue...

10AI score0.10986EPSS
Exploits0
Malwarebytes
Malwarebytes
added 2019/07/18 3:0 p.m.101 views

No man’s land: How a Magecart group is running a web skimming operation from a war zone

Our Threat Intelligence team has been monitoring the activities of a number of threat actors involved in the theft of credit card data. Often referred to under the Magecart moniker, these groups use simple pieces of JavaScript code skimmers typically injected into compromised e-commerce websites ...

0.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/08/02 3:0 p.m.101 views

Social engineering attacks: What makes you susceptible?

We now live in a world where holding the door open for someone balancing a tray of steaming hot coffee—she can’t seem to get her access card out to place it near the reader—is something we need to think twice about. Courtesy isn’t dead, mind you, but in this case, you'd almost wish it were. Becau...

0.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/10/27 5:11 a.m.100 views

Update now! Apple patches a raft of vulnerabilities

Apple has released security updates for its phones, iPads, Macs, watches and TVs. Updates are available for these products: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th...

6.8CVSS8.8AI score0.51517EPSS
Exploits5
Malwarebytes
Malwarebytes
added 2019/06/20 3:33 p.m.100 views

New Mac cryptominer Malwarebytes detects as Bird Miner runs by emulating Linux

A new Mac cryptocurrency miner Malwarebytes detects as Bird Miner has been found in a cracked installer for the high-end music production software Ableton Live. The software is used as an instrument for live performances by DJs, as well as a tool for composing, recording, mixing, and mastering. A...

7.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/06/19 3:0 p.m.100 views

Labs report: Malicious AI is coming—is the security world ready?

Imagine a world in which artificial intelligence has gone rogue—the robots have revolted against their masters and have now enslaved all of humanity. There's no more natural beauty in the world and everything is awful. Get that out of your system? Good. The reality of malicious AI, at least in th...

0.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/05/08 3:0 p.m.100 views

The top six takeaways for user privacy

Last week, Malwarebytes Labs began closing out our data privacy and cybersecurity law blog series, a two-month long exploration spanning five continents, 50 states, just as many data breach notification laws, three non-universal definitions of personal information and personal data, five pending ...

6.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/05/07 3:0 p.m.100 views

What to do when you discover a data breach

Your cell phone goes off in the middle of your well-deserved sleep and you try to find it before your partner wakes up as well. “What could be wrong? Why would they page me in the middle of the night?” More asleep than awake, you stumble down the stairs and call the number on the screen, which yo...

6.6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/02/05 4:0 p.m.100 views

How to browse the Internet safely at work

This Safer Internet Day, we teamed up with ethical hacking and web application security company Detectify to provide security tips for both workplace Internet users and web developers. This article is aimed at employees of all levels. If you’re a programmer looking to create secure websites, visi...

7.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/11/19 5:8 p.m.100 views

A week in security (November 12 – 18)

Last week on Malwarebytes Labs, we found out that TrickBot became a top business threat, so we took a deeper look at what's new with it. With Christmas just around the corner, the Secret Sister scam returned. We also touched on the security and privacy or lack thereof in smart jewelry, air traffi...

7.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/09/10 3:0 p.m.100 views

Assessing the security of a portable router: a look inside its hardware

Network administrators should perform security assessments of hardware that they will provide their users, or particularly paranoid users might want to poke at their devices just to be extra sure. In this blog post, we will demonstrate the techniques used to assess security on a generic portable...

7.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2017/08/04 4:11 p.m.100 views

DEFCON 25

After a few days in Las Vegas and after BlackHat, DEFCON 25 is finally over! It was an amazing time around awesome people. I didn't attend all the talks, but most of the ones I saw were interesting: There's no place like 127.0.0.1 - Achieving reliable DNS rebinding in modern browsers, by Luke...

7.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/09/13 12:0 p.m.99 views

BackupBuddy WordPress plugin vulnerable to exploitation, update now!

Users of WordPress may need to perform an urgent update related to the popular BackupBuddy plugin. BackupBuddy is a plugin which offers backup solutions designed to combat "hacks, malware, user error, deleted files, and running bad commands". Unfortunately, running an older version of BackupBuddy...

7.5AI score0.63761EPSS
Exploits2
Malwarebytes
Malwarebytes
added 2022/08/25 3:0 p.m.99 views

Exploits and TrickBot disrupt manufacturing operations

September 2021 saw a huge spike of exploit detections against the manufacturing industry, with a distributed spread between California, Florida, Ohio, and Missouri. This is combined with heavy detections of unseen malware, identified through our AI engine, spiking in May as well as September 2021...

4.6CVSS0.1AI score0.58132EPSS
Exploits17
Malwarebytes
Malwarebytes
added 2022/03/01 9:39 a.m.99 views

Unusual sign-in activity mail goes phishing for Microsoft account holders

We’ve received an interesting spam email which deliberately or not could get people thinking about the current international crisis. Being on your guard will pay dividends over the coming days and weeks, as more of the below is sure to follow. Unusual sign-in activity detected? The emails subject...

7.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/07/31 4:5 p.m.99 views

QR code scam can clean out your bank account

“Excuse me sir, can I ask you for a favor? I want to pay for parking my car in this spot, but there are no machines around that accept cash. If I give you five dollars in cash, can you pay the parking for me? All you need to do is scan this QR code with your banking app.” Of course, John felt the...

7.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/09/03 3:0 p.m.99 views

A week in security (August 27 – September 2)

Last week, we looked at dubious antics in mobile land, a peculiar case of spam on the official Cardi B website, and we deep dived into fileless malware. We also explored the inner workings of Hidden Bee, and gave an explainer of Regex. Other cybersecurity news: Huge data breach affects Chinese...

1.2AI score0.00987EPSS
Exploits5
Malwarebytes
Malwarebytes
added 2022/09/13 2:0 p.m.98 views

[updated] Important update! iPhones, Macs, and more vulnerable to zero-day bug

On Monday, Apple released a long list of patched vulnerabilities to its software, including a new zero-day flaw affecting Macs and iPhones. The company revealed it's aware that threat actors may have been actively exploiting this vulnerability, which is tracked as CVE-2022-32917. As it's a...

10CVSS0.1AI score0.16342EPSS
Exploits0
Malwarebytes
Malwarebytes
added 2022/04/21 3:11 p.m.98 views

Lenovo issues fixes for laptop backdoors

Researchers have discovered three vulnerabilities affecting various Lenovo consumer laptop models. The vulnerabilities were found in UEFI firmware drivers originally meant to be used only during the manufacturing process, along with a vulnerability in the SW SMI handler function. The list of...

1AI score0.02999EPSS
Exploits1
Total number of security vulnerabilities4706