Category: Malwarebytes Labs

Zero Trust is an information security framework that insists its users “never trust, always verify.” Is this the best security model for organizations today? We examine its strengths and weaknesses. Categories: Explained Tags: byodcloudframeworkidentity managementinsider threatsIoTlateral threat movementmfaperimeterrdpsecuritysecurity orchestrationstrategyzero trustzero…

Read more →

A roundup of the previous week’s most notable security stories and events, including tech support scams, deepfakes, and the latest ransomware attack in Florida. Categories: A week in security Tags: Appleawisblog recapbreachfacebook phishingfake job listingsGooglehiring scamJhoneRATNest IOTPupyRATransomwareratremote access Trojansextortiontech support…

Read more →

Florida newspaper The Tampa Bay Times suffered a Ryuk ransomware attack Thursday, making it the latest major victim of the notorious ransomware family that continues to rise in popularity. Categories: Ransomware Tags: Chicago TribuneCrowdStrikeDCH Health SystememotetImperial CountyImperial County CaliforniaLake CityLake…

Read more →

In a rare example of legislative haste, roughly one dozen state and federal bills were introduced in the past 12 months to regulate deepfakes, the relatively modern technology that some fear could upend democracy. Categories: Artificial Intelligence Tags: AB 602AB…

Read more →

We reveal the inner workings of WOOF locker, the most sophisticated browser locker campaign we’ve seen to date. Learn how this tech support scam evades researchers and ensnares users by hiding in plain sight. Categories: Social engineering Threat analysis Tags:…

Read more →

Our weekly security roundup for January 13-19, with a look at elastic servers, data enrichment, rootkits, regulation for deepfakes, and more. Categories: A week in security Tags: apt40Ciscocitrixdata enrichmentdeepfakeselastic serversemotetrootkittravelexweleakinfo (Read more…) The post A week in security (January 13…

Read more →

It’s all too easy to discover data leaks online, especially in cloud services. We take a look at misconfigurations in elastic servers that lead to exposed data on the Internet. Categories: Threat spotlight Tags: awsAWS bucketscloud databasecloud databasescloud infrastructureelastic databaseselastic…

Read more →

Data enrichment applies to the process of enhancing, refining, and improving raw data. Used by companies to improve marketing efforts, data enrichment impacts both privacy and security. Categories: Explained Tags: contact enrichmentdata cleaningdata enrichmentgdpr (Read more…) The post Explained: data…

Read more →

Rather than creating new policies or crimes for deepfakes—like making it illegal to use them to deceive—the NDAA seeks a better understanding to the burgeoning technology. Categories: Artificial Intelligence Tags: Barack ObamaBoris JohnsoncheapfakedeepfakedeepfakesDepartment of DefenseDirector of National IntelligenceDNIGavin NewsomGovernor Gavin…

Read more →

Rootkit attacks are considered one of the most dangerous cyberthreats today. Learn what they are, how they infect systems, and how to protect against them. Categories: How-tos Tags: application rootkitsbootloaderfirmware rootkitshardware rootkitskernel rootkitsphishingrootkitrootkit attacksSocial Engineeringvirtualized rootkits (Read more…) The post…

Read more →

A cybersecurity news roundup from January 6–12, with a look at Phobos ransomware and a discovery of pre-installed malware on government-funded phones. Categories: A week in security Tags: CESCES 2020Consumer Electronics Showeducation cybersecurityGooglePhobosPhobos ransomwarepre-installed mobile malwareransomwareretail industryRingsearch industrytiktok (Read more…)…

Read more →

Phobos, which many believe was named after the Greek god of fear, isn’t as widespread as it was before nor is it more novel than your average ransomware. Yet, it remains a threat to consumers and businesses alike. We dive…

Read more →

A US-funded government assistance program is selling budget-friendly mobile phones that come pre-installed with unremovable malicious apps. Malwarebytes Labs investigates the malware’s origins. Categories: Android Tags: android malwareAndroid/Trojan.Dropper.Agent.UMXAndroid/Trojan.HiddenAdschinaMobilemobile malwarepre-installed mobile malwarepre-installed softwaretrojan (Read more…) The post United States government-funded phones…

Read more →

Whether it’s a high-volume shopping season or not, retail businesses are at risk from cybercriminals in a number of ways. Learn how hackers target retailers and shoppers alike. Categories: Web threats Tags: credential stuffingEMV technologyMagecartnear field communicationnfc technologyonline retailonline retailersonline…

Read more →

Users often search the web for downloads when companies no longer support software, and what they find is dubious. How can they tell if the files are safe? We tell how to spot the difference. Categories: How-tos Tags: certificatechecksumdownloadpadlockscantrusted (Read…

Read more →

We look at the ways in which criminals and vultures use less-than-honest tactics to fleece the search engine industry for a piece of its billion-dollar pie. Categories: PUPs Tags: adfraudadvertisementsadwareextensionshijackerspotentially unwanted programsPUPsresultssearchsearch enginesearch engine optimizationsearch enginesSEOseo poisoningsponsored (Read more…) The…

Read more →

A roundup of the previous week’s most notable security stories and events, including new web skimmer techniques, an explanation of edge computing, and more. Categories: A week in security Tags: CISOmalwareskimmertiktokweek in securityweekly roundup (Read more…) The post A week…

Read more →

Most get-rich-quick schemes on the Internet prove to be scams in disguise—and that includes buying drugs. Learn how scammers take advantage of users looking for illegal activities online. Categories: Scams Tags: clearnetdark netdrug scamsdrugsfraudInternet crimeonline crimeonline drug scamsscams (Read more…)…

Read more →