dcsimg
October 15, 2018

A week in security (October 8 – 14)

Last week, we warned you away from some dubious Doctor Who streams, explained how Endpoint Detection and Response may not be enough, and explored what happens during a confusing supply chain story. We also showed you how to keep up with security, explained the risks of fake browser updates, and explored the unpleasant world of workplace violence. Other cybersecurity news: Google Plus suffers a … [Read more...]

Filed Under: breach, cybersecurity, cybersecurity news, Industroyer, MageCart attacks, Malware, NotPeyta, phishing, roundup, Security world, Week in security, weeks roundup
October 15, 2018

Malwarebytes Labs Cybercrime Tactics and Techniques Report (CTNT) shows shift to business targets in Q3

Once again, it’s that time of year: time for the quarterly Malwarebytes Labs Cybercrime Tactics and Techniques Report. Strap in your seat belts, folks, because the third quarter of 2018 was quite a wild ride. After a sleepy first two quarters, cybercriminals shook out the cobwebs and revved up their engines in Q3 2018. With cryptominers and exploit kits maturing, ransomware ramping up with … [Read more...]

Filed Under: CTNT, CTNT report, cybercrime tactics and techniques, labs report, malwarebytes labs, Malwarebytes news, Q3 2018, Q3 2018 report, report
October 12, 2018

Fake browser update seeks to compromise more MikroTik routers

This blog post was authored by @hasherezade and Jérôme Segura. MikroTik, a Latvian company that makes routers and ISP wireless systems, has been dealing with several vulnerabilities affecting its products’ operating system over the past few months. Ever since a critical flaw in RouterOS was identified in late April 2018, attacks have been going on at an alarming rate, made worse when … [Read more...]

Filed Under: coinhive, exploit, Exploits, MiKroTik, miner, router security, RouterOS, routers, Threat analysis, WinBox
October 8, 2018

A week in security (October 1 – 7)

Last week, Malwarebytes welcomed National Cybersecurity Awareness Month by renewing our pledge to do what we do best: offer the best protection for our customers and promote security awareness for all. On Labs, we raised the question of whether it is a good idea to bring your own security or not, talked a little bit more about fileless malware, homed in on a malware campaign targeting Fortnite … [Read more...]

Filed Under: adobe, Android, anti-swatting, blockchain, bring your own security, byos, Chrome Extension, Fake Fortnite, fortnite, hack the marine corps, IoT, IoT botnet, Lojack, national cybersecurity awareness month, NCSAM, not botnet, password manager, phishing, phishing campaign, rdp, recap, rip attacks, SC Magazine, Security world, swatting, Torii, voice phishing, vulnerabilities, Week in security, weekly blog roundup, ZDNet
October 4, 2018

LoJack for computers used to attack European government bodies

Security researchers have detected the first known instance of a UEFI bootkit being used in targeted campaigns against government entities across Central and Eastern Europe. The attack focuses on UFEI-enabled computers and relies on a persistence mechanism that has been stolen from a legitimate, but often questioned, software called Computrace that comes by default on many computer systems. This … [Read more...]

Filed Under: bootkit, Hacking, Lojack, Lojax, UFEI, XAgent
October 1, 2018

A week in security (September 24 – 30)

Last week on Labs was a busy one. We discussed how SMS phishing attacks target the job market, issued a warning for TV Licensing phishes, commented on how Apple confused Safari users with recent changes to how OSX handles browser extensions, and elaborated on holes found in Mojave’s privacy protection—deep breath! We also showed how a buggy implementation of CVE-2018-8373 vulnerability is used to … [Read more...]

Filed Under: CVE, CVE-2018-8373, facebook, Googlr, iPhoneXS, Lojax, Magecart, Microsoft, Mojave, mutagen astronomy, osx, phishing, port of san diego, quasar rat, safari extensions, Security world, sms phishing, telegram, TV licensing, unwanted calls, Week in security
September 28, 2018

Millions of accounts affected in latest Facebook hack

Facebook announced earlier today that its social network had been hacked, resulting in 40 million accounts that were directly impacted, while another 50 million were also considered to be potentially affected. Attackers exploited a feature in Facebook called “View As,” which essentially shows how your profile looks to others. The flaw enabled them to get ahold of so-called Access Tokens, which … [Read more...]

Filed Under: access tokens, big breaches, breach, cybercrime, data breach, facebook, Facebook breach, facebook hack, password reset, social media, social networks, View As, vulnerabilities, vulnerability
September 28, 2018

How to protect your data from Magecart and other e-commerce attacks

In today’s golden age of online shopping, consumers take to the Internet, punch in a few credit card details, and happily receive products at their doorstep, safe in the knowledge that their online vendor is well-known, vetted, and therefore their website has to be secure, right? Dut did you know that hackers can steal your credit card details with only a few lines of JavaScript? Attacks on … [Read more...]

Filed Under: breach, cybercrime, e-commerce, Hacking, Magecart, magento, skimmer, web skimmers
September 24, 2018

A week in security (September 17 – 23)

Last week, we took a look at a low level spam campaign on Twitter, explored the signs of falling victim to phishing, and examined a massive WordPress compromise. We also explained some SASL vulnerabilities and covered a breaking Emotet spam campaign. Other cybersecurity news: NewEgg attacked by MageCart (Source: Volexity) UKGOV tackled the talent gap (Source: The Register) Maximum fine touted for … [Read more...]

Filed Under: Android, emotet, Equifax, Equifax breach, fine, MagaCart, Malware, phishing, play, ransomware, round up. ukgov, sasl, Security world, vulnerability, Week in security
September 17, 2018

A week in security (September 10 – 16)

Last week on Malwarebytes Labs, we assessed the security of a portable router, identified ways to waste a scammer’s time, named the many faces of omnichannel fraud, questioned the security of 2FAs, profiled a massive tech support scam operation, and exposed a new HMRC phishing campaign. Other cybersecurity news: Trend Micro addressed the burning questions related to their Mac App store apps … [Read more...]

Filed Under: 2fa, a week in security, Android, android browser, banking Trojan, banking Trojans, botnets, hmrc phish, Microsoft, omnichannel fraud, phishing, portable router, project verify, ram nit, Ramnit Trojan, ransomware, recap, recon malware, scammer, security of portable router, Security world, tech support scam, tech support scams, tor, trojan, two-factor authentication, Week in security, weekly blog roundup
Next Page »