Category: Malwarebytes Labs

Read the original article: A week in security (September 12 – September 18) A roundup of interesting security news from our blog and around the web for the week of September 12 – September 18. Categories: A week in security…

Read more →

Read the original article: Deepfakes and the 2020 United States election: missing in action? We look at whether the 2020 United States election will be plagued by deepfakes, or if it’s not the concern experts once thought it was. Categories:…

Read more →

Read the original article: How Covid fatigue puts your physical and digital health in jeopardy More than seven months into the pandemic, much of the world is suffering from Covid fatigue. Learn how to identify the symptoms, why Covid fatigue…

Read more →

Read the original article: QR code scams are making a comeback With QR codes being used more as a means to help create a COVID-19 proof environment, we’re also seeing a comeback of QR codes scams. Categories: Scams Tags: advance…

Read more →

Read the original article: FIFA 21 game scams: watch out for unsporting conduct With the recent launch of the new FIFA 2021 video game, we look at some of the common scams to avoid. Categories: Cybercrime Social engineering Tags: coinsEAfakeFIFAfootballFUTgamesoriginscamsocial…

Read more →

Read the original article: Silent Librarian APT right on schedule for 20/21 academic year As expected, this Iranian APT set up a new campaign to target universities around the world when schools and universities went back. Categories: Malwarebytes news Tags:…

Read more →

Read the original article: Amazon Prime Day—8 tips for safer shopping Amazon Prime Day is here. With the ongoing pandemic further complicating life as we know it, how can you, the practical and cyber-sensible shopper, protect yourself from threats banking…

Read more →

Read the original article: Lock and Code S1Ep17: Journalism’s role in cybersecurity with Alfred Ng and Seth Rosenblatt Read more…) The post Lock and Code S1Ep17: Journalism’s role in cybersecurity with Alfred Ng and Seth Rosenblatt appeared first on Malwarebytes…

Read more →

Read the original article: Credit card skimmer targets virtual conference platform Criminals have gone after an online conference platform to steal credit card data from virtual attendees. Categories: Malwarebytes news Tags: InterMagecartskimmer (Read more…) The post Credit card skimmer targets…

Read more →

Read the original article: Healthcare security update: death by ransomware, what’s next? Read more…) The post Healthcare security update: death by ransomware, what’s next? appeared first on Malwarebytes Labs.   Advertise on IT Security News. Read the original article: Healthcare…

Read more →

Read the original article: Risky business: survey shows majority of people use work devices for personal use More people are working from home than ever before, many for the first time. And with that, come a lot more work devices.…

Read more →

Read the original article: Release the Kraken: Fileless APT attack abuses Windows Error Reporting service We discovered a new attack that injected its payload—dubbed “Kraken—into the Windows Error Reporting (WER) service as a defense evasion mechanism. Categories: Malware Malwarebytes news…

Read more →

Read the original article: Mobile network operator falls into the hands of Fullz House criminal group The Fullz House threat group has struck again, this time inserting a credit card skimmer into a mobile phone operator and seller. Categories: Malwarebytes…

Read more →

Read the original article: A week in security (September 28 – October 4) A roundup of the best cybersecurity stories from September 28 – October 4, including several tricky cases ransomware installed on… coffee makers? Categories: A week in security…

Read more →

Read the original article: Introducing VideoBytes, by Malwarebytes Labs This week, we’re launching VideoBytes, a new video series featuring research from Adam Kujawa, security evangelist and a director for Malwarebytes Labs. Categories: VideoBytes Tags: Explainedmalwarebytes labsplease don’t buy thisransomwarethreat cinemaTwitter…

Read more →

Read the original article: Caught in the payment fraud net: when, not if? Will we be stuck with payment fraud forever? Come with us as we explore what can go wrong, and why you shouldn’t blame yourself if you suffer…

Read more →

Read the original article: Lock and Code S1Ep16: Investigating digital vulnerabilities with Samy Kamkar This week on Lock and Code, we talk to Samy Kamkar, chief security officer and co-founder of Open Path, about the digital vulnerabilities in our physical…

Read more →

Read the original article: Lock and Code S1Ep16: Investigating digital vulnerabilities in our physical world with Samy Kamkar This week on Lock and Code, we talk to Samy Kamkar, chief security officer and co-founder of Open Path, about the digital…

Read more →

Read the original article: Lock and Code S1Ep15: Investigating digital vulnerabilities in our physical world with Samy Kamkar This week on Lock and Code, we talk to Samy Kamkar, chief security officer and co-founder of Open Path, about the digital…

Read more →

Read the original article: Taurus Project stealer now spreading via malvertising campaign The Taurus Project stealer gains an additional distribution vector via exploit kit. Categories: Malwarebytes news Tags: exploit kitsFallout EKmalvertisingpredator the thiefstealertaurus (Read more…) The post Taurus Project stealer…

Read more →

Read the original article: Sandbox in security: what is it, and how it relates to malware Sandboxes and virtual machines are tools that security researchers use to determine whether samples are malicious and what their payload is. Categories: Awareness Tags:…

Read more →

Read the original article: Phishers spoof reliable cybersecurity training company to garner clicks In a recent campaign, phishers were seen taking advantage of user trust on KnowBe4 and stealing their work email credentials. Categories: Scams Tags: Cofensecybersecurity trainingKnowBe4phishingphishing scamratremote access…

Read more →

Read the original article: A week in security (September 14 – 20) A round up of cybersecurity news from September 14 – 20, including the Zerologon exploit, BLURtooth vulnerability, APT41, and phishing scams. Categories: A week in security Tags: apt41blurtoothcharitiesChinesechrome…

Read more →

Read the original article: Is domain name abuse something companies should worry about? Should you worry about domain name abuse? For the most part it depends on what kind of company you are and what you expect to encounter. Categories:…

Read more →

Read the original article: Fintech industry developments, differences between Europe and the US The developments in fintech differ between regions due to legislation. How does that effect the industry and the safety of their customers? Categories: Business Tags: brexitfintechgdprlegislationonline shoppingpci…

Read more →

Read the original article: Charities and the advertising industry: data ecosystems and privacy risks We take a look at a study which dives into the connection between popular UK based charity organisations and tracking, Real Time Bidding, and data analysis…

Read more →

Read the original article: Fintech industry developments, differences between Europe and the US The developments in fintech differ between regions due to legislation. How does that effect the industry and the safety of their customers? Categories: Business Tags: brexitfintechgdprlegislationonline shoppingpci…

Read more →

Read the original article: Lock and Code S1Ep15: Safely using Google Chrome Extensions with Pieter Arntz This week on Lock and Code, we talk to Pieter Arntz, malware intelligence researcher for Malwarebytes, about Google Chrome extensions. Categories: Podcast Tags: advanced…

Read more →

Read the original article: The informed voter’s guide to election cyberthreats Read more…) The post The informed voter’s guide to election cyberthreats appeared first on Malwarebytes Labs.   Advertise on IT Security News. Read the original article: The informed voter’s…

Read more →

Read the original article: Report: Pandemic caused significant shift in buyer appetite in the dark web The pandemic has had a ripple effect on all facets of life—even the criminal. A new report looks at how the dark web has…

Read more →

Read the original article: Malvertising campaigns come back in full swing Threat actors monetize on adult traffic in several large malvertising campaigns. Categories: Social engineering Tags: ad networksbad adsexploit kitexploit kitsFallout EKmalvertisingmalvertising campaignsRIG EK (Read more…) The post Malvertising campaigns…

Read more →

Read the original article: A week in security (August 31 – September 6) A round up of the previous week’s most interesting security news and happenings. Categories: A week in security Tags: facebookmalwarephishround upscamsecuritytiktokweek in security (Read more…) The post…

Read more →

Read the original article: SMB cybersecurity posture weakened by COVID-19, Labs report finds In parsing the data for our August report on COVID-19, we learned that SMB cybersecurity faced many challenges, some of which are being unaddressed. Categories: Reports Tags:…

Read more →

Read the original article: PCI DSS compliance: why it’s important and how to adhere PCI DSS compliance is an important topic for those in the online payment and credit card industries. But if it’s so crucial, why is it so…

Read more →

Read the original article: How to keep K–12 distance learners cybersecure this school year As a new school season opens, educational institutions strive to adapt to the IT needs and challenges that come with the introduction of new learning schemes…

Read more →

Read the original article: New web skimmer steals credit card data, sends to crooks via Telegram Criminals steal payment data from online shoppers by abusing the Telegram instant messaging API, inserting credit card skimming code. Categories: Web threats Tags: credit…

Read more →

Read the original article: Apple’s notarization process fails to protect Read more…) The post Apple’s notarization process fails to protect appeared first on Malwarebytes Labs.   Advertise on IT Security News. Read the original article: Apple’s notarization process fails to…

Read more →

Read the original article: Lock and Code S1Ep14: Uncovering security hubris with Adam Kujawa This week on Lock and Code, we talk to Adam Kujawa, security evangelist and director of Malwarebytes Labs, about “security hubris.” Categories: Podcast Tags: enduring from…

Read more →

Read the original article: Missing person scams: what to watch out for Missing person alerts can be a prime source of inspiration for scammers looking to turn a quick buck. We explore some of the techniques used to further ill-gotten…

Read more →

Read the original article: Good news: Stalkerware survey results show majority of people aren’t creepy Stalkerware survey results are in. See how more than 4500 Labs readers responded when asked, “Have you ever used an app to monitor your partner’s…

Read more →

Read the original article: The cybersecurity skills gap is misunderstood The cybersecurity skills gap is misunderstood. Rather than a lack of talent, there is a lack of understanding in how to find and hire that talent. Categories: Business Tags: (ISC)Aspen…

Read more →

Read the original article: A week in security (August 17 – 23) A roundup of cybersecurity news from August 17 – 23, including our Enduring from Home report, and the impact of COVID-19 on healthcare security. Categories: A week in…

Read more →

Read the original article: ‘Just tell me how to fix my computer:’ a crash course on malware detection For the Luddites and the technologically challenged, this is your crash course on malware detection. Learn what it is, how it works,…

Read more →

Read the original article: 20 percent of organizations experienced breach due to remote worker, Labs report reveals In Labs’ latest report, Enduring From Home: COVID-19’s Impact on Business Security, we look at responses from 200 IT professionals on how they…

Read more →

Read the original article: The impact of COVID-19 on healthcare cybersecurity COVID-19 has put incredible pressure on the healthcare sector. How did the pandemic impact healthcare cybersecurity? Categories: Vital infrastructure Tags: covid-19healthcarehealthcare cybersecurityhealthcare securitysecurity (Read more…) The post The impact…

Read more →

Read the original article: Lock and Code S1Ep13: Monitoring the safety of parental monitoring apps with Emory Roane This week on Lock and Code, we talk to Emory Roane, policy counsel at Privacy Rights Clearinghouse, about parental monitoring apps. Categories:…

Read more →

Read the original article: Explosive technology and 3D printers: a history of deadly devices We look at how successful hardware hacks can damage devices—and potentially even put lives at risk. Categories: Hacking Tags: 3d printerhackershackinghackshardwareIoTmalwareprinterstuxnet (Read more…) The post Explosive…

Read more →

Read the original article: Chrome extensions that lie about their permissions Users have learned to review the list of permissions Chrome extensions require before installing them from the webstore. But what’s the use if they lie to you? Categories: PUP…

Read more →

Read the original article: Dutch ISP Ziggo demonstrates how not to inform your customers about a security flaw Dutch ISP Ziggo sent an email to customers about a security flaw that raised several red flags for phishing—despite being legitimate. Learn…

Read more →

Read the original article: The skinny on the Instacart breach With the sudden popularity of grocery and pick-up services in this pandemic era, online criminals were swift to target and compromise Instacart. How did it happen? Categories: Hacking Tags: credential…

Read more →

Read the original article: SBA phishing scams: from malware to advanced social engineering SBA loan scams continue to make the rounds targeting small business owners, CEOS, and CFOs. Learn what to look out for. Categories: Scams Tags: loanphishingSBAscam (Read more…)…

Read more →

Read the original article: A week in security (August 3 – 9) A roundup of cybersecurity news from August 3 – 9, including a look at business email compromises, a new data privacy bill, and the Inter skimming attack. Categories:…

Read more →

Read the original article: Inter skimming kit used in homoglyph attacks Threat actors load credit card skimmers using a known phishing technique called homoglyph attacks. Categories: Threat analysis Tags: credit card skimminghomoglyphInterkitMagecartskimmersskimming (Read more…) The post Inter skimming kit used…

Read more →

Read the original article: Data Accountability and Transparency Act of 2020 looks beyond consent The Data Accountability and Transparency Act proposes that, for American consumers, privacy shouldn’t be a right you can click away. Categories: Privacy Tags: consentData Accountability and…

Read more →

Read the original article: Business email compromise: gunning for goal We look at the latest happenings in the world of business email compromise (BEC). Categories: Cybercrime Social engineering Tags: becbusiness cybersecurityBusiness Email CompromiseCEO scamCFO fraudemailmail (Read more…) The post Business…

Read more →

Read the original article: Lock and Code S1Ep12: Pinpointing identity and access management’s future with Chuck Brooks Read more…) The post Lock and Code S1Ep12: Pinpointing identity and access management’s future with Chuck Brooks appeared first on Malwarebytes Labs.  …

Read more →

Read the original article: Avoid these PayPal phishing emails We cover some recent PayPal phish mails and link to anti-phish resources. Categories: Cybercrime Social engineering Tags: account is limitedintl-limitedPayPalphishphishingscam (Read more…) The post Avoid these PayPal phishing emails appeared first…

Read more →

Read the original article: Malspam campaign caught using GuLoader after service relaunch We discovered a spam campaign distributing GuLoader in the aftermath of the service’s relaunch Categories: Malware Threat analysis Tags: GuLoadermalspammalwarespamstealer (Read more…) The post Malspam campaign caught using…

Read more →

Read the original article: Cloud workload security: Should you worry about it? While the cloud workload is growing at a rapid pace, isn’t it time to start worrying about securing it? Categories: Business Tags: application layercloudcloud resourcescloud workload securitycontainerizationdatahypervisor layersecure-by-designsecurity…

Read more →

Read the original article: TikTok is being discouraged and the app may be banned Companies and organizations are dicouraging their employees to use TikTok, especially on work related devices. Will TikTok face a ban? Categories: Privacy Tags: amazonAustraliabanbytedancechinaindiaprivacyredditsocial mediatiktokusa (Read…

Read more →

Read the original article: A week in security (July 20 – 26) A roundup of cybersecurity news from July 20 – 26, including Deepfakes, Bluetooth technology, and APT groups. Categories: A week in security Tags: a week in securityadvanced persistent…

Read more →

Read the original article: Deepfakes or not: new GAN image stirs up questions about digital fakery We look at the latest splash of synthetic human deepfakes shenanigans working their way into mainstream news in order to cause disruption. Categories: Social…

Read more →

Read the original article: New Deepfakes using GAN stirs up questions about digital fakery We look at the latest splash of synthetic human deepfakes shenanigans working their way into mainstream news in order to cause disruption. Categories: Social engineering Tags:…

Read more →

Read the original article: EncroChat system eavesdropped on by law enforcement Dutch law enforcement cracked the encryption on EncroChat, a secure messaging platform popular with criminals, and made hundreds of arrests. But is this a dangerous precedent? Categories: Hacking Tags:…

Read more →

Read the original article: Chinese APT group targets India and Hong Kong using new variant of MgBot malware We uncovered an active campaign in early July that we attribute to a new Chinese APT group attacking India and Hong Kong…

Read more →

Read the original article: Lock and Code S1Ep11: Locating concerns of Bluetooth and beacon technology with Chris Boyd This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In…

Read more →

Read the original article: It’s baaaack: Public cyber enemy Emotet has returned Read more…) The post It’s baaaack: Public cyber enemy Emotet has returned appeared first on Malwarebytes Labs.   Advertise on IT Security News. Read the original article: It’s…

Read more →

Read the original article: How exposed are you to cybercrime? Passwordmanagers.co measures exposure to cybercrime by weighing risk of cyberattack against an organization’s security preparedness. How exposed are you? Categories: Cybercrime Tags: cybercrimecybercrime exposurecybersecurity exposure indexcybersecurity hygieneexposure ratepassword managerpassword managers…

Read more →

Read the original article: Coordinated Twitter attack rakes in 100 grand In a social engineering attack on Twitter, threat actors managed to scam $100,000 dollars in Bitcoin by taking over high-profile accounts. Categories: Social engineering Tags: 2fabitcoinSocial Engineeringtweetstwitterverified accounts (Read…

Read more →

Read the original article: Website misconfigurations and other errors to avoid Website misconfigurations can lead to hacking, malfunction, and worse. We take a look at recent mishaps and advise site owners on how to lock down their platforms. Categories: How-tos…

Read more →

Read the original article: Stalkerware advertising ban by Google a welcome, if incomplete, step Google will no longer allow advertising of stalkerware and spyware tools, but a written exception could allow some companies to skirt the rules. Categories: Stalkerware Tags:…

Read more →

Read the original article: A week in security (July 6 – 12) A roundup of cybersecurity news from July 6 – 12, including a look at pre-installed malware on some Android phones, and a Mac malware mystery. Categories: A week…

Read more →

Read the original article: Threat spotlight: WastedLocker, customized ransomware WastedLocker ransomware, attributed to the Russian Evil Corp gang, is such a targeted threat, you might call it a custom-built ransomware family. Categories: Threat spotlight Tags: evil corpRansom.BinADSransomwarewastedwastedlocker (Read more…) The…

Read more →

Read the original article: We found yet another phone with pre-installed malware via the Lifeline Assistance program We discovered yet another phone model with pre-installed malware provided from the Lifeline Assistance program via Assurance Wireless by Virgin Mobile. Categories: Android…

Read more →

Read the original article: We found yet another phone with pre-installed malware via the Lifeline Assistance program We discovered yet another phone model with pre-installed malware provided from the Lifeline Assistance program via Assurance Wireless by Virgin Mobile. Categories: Android…

Read more →

Read the original article: Mac ThiefQuest malware may not be ransomware after all We discovered a new Mac malware, ThiefQuest, that appeared to be ransomware at first glance. However, once we dug in deeper, we found out its true identity—and…

Read more →

Read the original article: Lock and Code S1Ep10: Pulling apart the Internet of Things with JP Taggart This week on Lock and Code, we talk to JP Taggart, senior security researcher at Malwarebytes, about the Internet of Things. Categories: Podcast…

Read more →

Read the original article: Credit card skimmer targets ASP.NET sites This unusual web skimmer campaign goes after sites running Microsoft’s IIS servers with an outdated version of the ASP.NET framework. Categories: Threat analysis Tags: ASP.netcredit cardcredit card skimmercredit card skimmingdigital…

Read more →

Read the original article: Do Chromebooks need antivirus protection? You may have heard that installing a Chromebook antivirus program is unnecessary. We take a look at the Chromebook’s security features and weigh in on whether that’s true. Categories: Opinion Tags:…

Read more →

Read the original article: New Mac ransomware spreading through piracy We analyze a new Mac ransomware that appears to encrypt user files with a bit of a time delay. Categories: Mac Tags: AbletonAbleton LiveencryptFindzipFindzip ransomwareLittle Snitchmacmac malwareMixed In Keyransomwaretime delay…

Read more →

Read the original article: Bluetooth beacons: one free privacy debate with your next order We take a look at Bluetooth beacons and their role behind the scenes in many real-world marketing campaigns—whether you’re aware of it or not. Categories: Privacy…

Read more →

Read the original article: A week in security (June 22 – 28) A roundup of cybersecurity news from June 22 – 28, inlcuding a zero day guide, tax season tips, and web skimmers using image files. Categories: A week in…

Read more →

Read the original article: The face of tomorrow’s cybercrime: Deepfake ransomware explained Deepfake ransomware is a mighty combination that several security experts fear would happen soon. But what is it exactly? Is it deepfake with a ransomware twist? Or ransomware…

Read more →

Read the original article: Web skimmer hides within EXIF metadata, exfiltrates credit cards via image files This credit card skimmer hides in plain sight, quite literally, as it resides inside the metadata of image files. Categories: Threat analysis Tags: EXIFMagecartmetadataskimmersskimming…

Read more →

Read the original article: Coughing in the face of scammers: security tips for the 2020 tax season In spite of everything happening in the world, taxes are due in the US. Here are some tips to protect your personal info…

Read more →

Read the original article: A zero-day guide for 2020: Recent attacks and advanced preventive techniques Zero-day vulnerabilities—and their potential, related attacks—can drive any security team mad. Here’s how you can bulk up your defenses. Categories: Exploits and vulnerabilities Tags: artificial…

Read more →

Read the original article: Lock and Code S1Ep9: Strengthening and forgetting passwords with Matt Davey and Kyle Swank On Lock and Code, we talk to Matt Davey and Kyle Swank of 1Password about secure passwords, alternatives to passwords, and the…

Read more →

Read the original article: Facial recognition: tech giants take a step back Some of the big players in the field of facial recognition announced they will not provide their technology to law enforcement while there is no governing law. Categories:…

Read more →

Read the original article: Multi-stage APT attack drops Cobalt Strike using Malleable C2 feature A newly discovered APT spear-phishing attack implements several evasion techniques to drop Cobalt Strike toolkit. Categories: Malware Threat analysis Tags: APTC2cobalt strikeMalleable C2 (Read more…) The…

Read more →

Read the original article: End of line: supporting IoT in the home Warranties which may not warranty, certificates which might fail to certify, lifespans which don’t match the length of cover promised. This could be IoT. Categories: Cybercrime Privacy Tags:…

Read more →

Read the original article: VPNs: should you use them? We’ve been getting questions about VPNs that are more advanced than before. It isn’t so much what a VPN is, as it is whether people should use them. Categories: Malwarebytes news…

Read more →

Read the original article: A week in security (June 8 – 14) A roundup of news and blog posts from the week of June 8 – 14, including the Honda ransomware attack, search hijackers, and what to look for in…

Read more →

Read the original article: Search hijackers change Chrome policy to remote administration Search hijackers are always looking for ways to get and stay installed. Here is one that changed a Chrome policy and set it to remote administration. Categories: Threat…

Read more →

Read the original article: MSPs, know what you’re really looking for in an RMM platform When ransomware targeting MSPs began making headlines, things started to change. This also made MSPs assess their current RMM platform and, should they decide to…

Read more →

Read the original article: Honda and Enel impacted by cyber attack suspected to be ransomware Car manufacturer Honda has been hit by a cyber attack, according to a report published by the BBC, and later confirmed by the company in…

Read more →

Read the original article: ParetoLogic facing complaint of alleged wrongdoing After Revenuewire settled with the FTC, its sister company ParetoLogic has to appear in court. They are sued in a US class-action by a disgruntled customer. Categories: Tech support scams…

Read more →

Read the original article: Lock and Code S1Ep8: Securely working from home (WFH) with John Donovan and Adam Kujawa On Lock and Code, we talk to Malwarebytes head of security John Donovan, Malwarebytes Labs director Adam Kujawa about securely working…

Read more →

Read the original article: New LNK attack tied to Higaisa APT discovered We describe a new spearphishing campaign tied to the potential North Korean Higaisa APT group. Categories: Malware Threat analysis Tags: APTHigaisakoreaLNKPlugXrat (Read more…) The post New LNK attack…

Read more →

Read the original article: Sodinokibi ransomware gang auctions off stolen data The Sodinokibi ransomware operators have opened an auction site to sell the stolen data of their victims to the highest bidder. Categories: Ransomware Tags: auctionhappy blogransomransomwareSodinokibi (Read more…) The…

Read more →

Read the original article: Teaching from home might become part of every teachers’ job description Read more…) The post Teaching from home might become part of every teachers’ job description appeared first on Malwarebytes Labs.   Advertise on IT Security…

Read more →