Zero Trust is an information security framework that insists its users “never trust, always verify.” Is this the best security model for organizations today? We examine its strengths and weaknesses. Categories: Explained Tags: byodcloudframeworkidentity managementinsider threatsIoTlateral threat movementmfaperimeterrdpsecuritysecurity orchestrationstrategyzero trustzero…
Category: Malwarebytes Labs
A week in security (January 20 – 26)
A roundup of the previous week’s most notable security stories and events, including tech support scams, deepfakes, and the latest ransomware attack in Florida. Categories: A week in security Tags: Appleawisblog recapbreachfacebook phishingfake job listingsGooglehiring scamJhoneRATNest IOTPupyRATransomwareratremote access Trojansextortiontech support…
Tampa Bay Times hit with Ryuk ransomware attack
Florida newspaper The Tampa Bay Times suffered a Ryuk ransomware attack Thursday, making it the latest major victim of the notorious ransomware family that continues to rise in popularity. Categories: Ransomware Tags: Chicago TribuneCrowdStrikeDCH Health SystememotetImperial CountyImperial County CaliforniaLake CityLake…
Deepfakes laws and proposals flood US
In a rare example of legislative haste, roughly one dozen state and federal bills were introduced in the past 12 months to regulate deepfakes, the relatively modern technology that some fear could upend democracy. Categories: Artificial Intelligence Tags: AB 602AB…
WOOF locker: Unmasking the browser locker behind a stealthy tech support scam operation
We reveal the inner workings of WOOF locker, the most sophisticated browser locker campaign we’ve seen to date. Learn how this tech support scam evades researchers and ensnares users by hiding in plain sight. Categories: Social engineering Threat analysis Tags:…
A week in security (January 13 – 19)
Our weekly security roundup for January 13-19, with a look at elastic servers, data enrichment, rootkits, regulation for deepfakes, and more. Categories: A week in security Tags: apt40Ciscocitrixdata enrichmentdeepfakeselastic serversemotetrootkittravelexweleakinfo (Read more…) The post A week in security (January 13…
Business in the front, party in the back: backdoors in elastic servers expose private data
It’s all too easy to discover data leaks online, especially in cloud services. We take a look at misconfigurations in elastic servers that lead to exposed data on the Internet. Categories: Threat spotlight Tags: awsAWS bucketscloud databasecloud databasescloud infrastructureelastic databaseselastic…
Explained: data enrichment
Data enrichment applies to the process of enhancing, refining, and improving raw data. Used by companies to improve marketing efforts, data enrichment impacts both privacy and security. Categories: Explained Tags: contact enrichmentdata cleaningdata enrichmentgdpr (Read more…) The post Explained: data…
Rules on deepfakes take hold in the US
Rather than creating new policies or crimes for deepfakes—like making it illegal to use them to deceive—the NDAA seeks a better understanding to the burgeoning technology. Categories: Artificial Intelligence Tags: Barack ObamaBoris JohnsoncheapfakedeepfakedeepfakesDepartment of DefenseDirector of National IntelligenceDNIGavin NewsomGovernor Gavin…
How to prevent a rootkit attack
Rootkit attacks are considered one of the most dangerous cyberthreats today. Learn what they are, how they infect systems, and how to protect against them. Categories: How-tos Tags: application rootkitsbootloaderfirmware rootkitshardware rootkitskernel rootkitsphishingrootkitrootkit attacksSocial Engineeringvirtualized rootkits (Read more…) The post…
A week in security (January 6 – 12)
A cybersecurity news roundup from January 6–12, with a look at Phobos ransomware and a discovery of pre-installed malware on government-funded phones. Categories: A week in security Tags: CESCES 2020Consumer Electronics Showeducation cybersecurityGooglePhobosPhobos ransomwarepre-installed mobile malwareransomwareretail industryRingsearch industrytiktok (Read more…)…
Threat spotlight: Phobos ransomware lives up to its name
Phobos, which many believe was named after the Greek god of fear, isn’t as widespread as it was before nor is it more novel than your average ransomware. Yet, it remains a threat to consumers and businesses alike. We dive…
United States government-funded phones come pre-installed with unremovable malware
A US-funded government assistance program is selling budget-friendly mobile phones that come pre-installed with unremovable malicious apps. Malwarebytes Labs investigates the malware’s origins. Categories: Android Tags: android malwareAndroid/Trojan.Dropper.Agent.UMXAndroid/Trojan.HiddenAdschinaMobilemobile malwarepre-installed mobile malwarepre-installed softwaretrojan (Read more…) The post United States government-funded phones…
6 ways hackers are targeting retail businesses
Whether it’s a high-volume shopping season or not, retail businesses are at risk from cybercriminals in a number of ways. Learn how hackers target retailers and shoppers alike. Categories: Web threats Tags: credential stuffingEMV technologyMagecartnear field communicationnfc technologyonline retailonline retailersonline…
Dubious downloads: How to check if a website and its files are malicious
Users often search the web for downloads when companies no longer support software, and what they find is dubious. How can they tell if the files are safe? We tell how to spot the difference. Categories: How-tos Tags: certificatechecksumdownloadpadlockscantrusted (Read…
Billion-dollar search engine industry attracts vultures, shady advertisers, and cybercriminals
We look at the ways in which criminals and vultures use less-than-honest tactics to fleece the search engine industry for a piece of its billion-dollar pie. Categories: PUPs Tags: adfraudadvertisementsadwareextensionshijackerspotentially unwanted programsPUPsresultssearchsearch enginesearch engine optimizationsearch enginesSEOseo poisoningsponsored (Read more…) The…
A week in security (December 30 – January 5)
A roundup of the previous week’s most notable security stories and events, including new web skimmer techniques, an explanation of edge computing, and more. Categories: A week in security Tags: CISOmalwareskimmertiktokweek in securityweekly roundup (Read more…) The post A week…
How not to buy drugs on the Internet
Most get-rich-quick schemes on the Internet prove to be scams in disguise—and that includes buying drugs. Learn how scammers take advantage of users looking for illegal activities online. Categories: Scams Tags: clearnetdark netdrug scamsdrugsfraudInternet crimeonline crimeonline drug scamsscams (Read more…)…