dcsimg
February 20, 2019

Sophisticated phishing: a roundup of noteworthy campaigns

Phishing is a problem nearly as old as the Internet. Yet, criminals continue to reach into their bag of phishing tricks in 2019 because, in a nutshell, it just works. Dialing into the human psyche and capitalizing on emotions such as fear, anxiety, or plain laziness, phishing attacks are successful because they take aim at our weaknesses and exploit them—in much the same way an exploit kit takes … [Read more...]

Filed Under: cybercrime, font file phishing, google translate phishing, phishing, phishing kit, phishing template, Social engineering
February 18, 2019

A week in security (February 11 – 17)

Last week on Malwarebytes Labs we discussed the return of the Sextortion Bitcoin scams, we gave you an early overview of the exploit kits in the winter of 2019, we talked about the destruction of VFEmail service, for consumers we discussed whether you should remove yourself from social media, for businesses we discussed the implementation of an anti-phishing plan, and the concept of whole team … [Read more...]

Filed Under: anti-phishing-plan, bank of valetta, emotet, exploit kits, Security world, sextortion, sgx, VFEmail, Week in security, whole team security, wordpress plugin
February 13, 2019

Businesses: It’s time to implement an anti-phishing plan

Businesses: phishers aren’t just coming for you. They’re coming for your employees and your customers, too. Phishing attacks are on the rise this year, thanks in part to massive Emotet and TrickBot campaigns, which make use of phishing emails to deliver their payloads. If you don’t already have one in place, then it’s time to implement an anti-phishing plan. Where phishes are … [Read more...]

Filed Under: 101, anti-phishing, Business, email, mail, Microsoft, Office 365, organisation, phishing, scam, spam
February 11, 2019

A week in security (February 4 – 8)

Last week on Malwarebytes Labs, we took a closer look at the technical and reputational challenges for Facebook as it tries to integrate secure messaging across Messenger, WhatsApp, and Instagram. We explored Google’s latest attempts to change how the public sees—literally—web browser URLs, gave some of our best tips on how to safely browse the Internet at work, and detailed a unique spam campaign … [Read more...]

Filed Under: amazon, Apple, AT&T, Australia, bitcoin, bounty hunters, cryptocurrency, cryptography, cybersecurity, Do Not Track, eBooks, facebook, Google, Instagram, internet, Jeff Bezos, John wick, kindle, messenger, safari, secure messaging, Security world, Sprint, T-Mobile, URLs, Week in security, whatsapp, Zcash, zero day
February 6, 2019

Google Chrome announces plans to improve URL display, website identity

“Unreadable gobbledygook” is one way to describe URLs today as we know them, and Google has been attempting to redo their look for years. In their latest move to improve how Chrome—and of course, how the company hopes other browsers would follow suit—displays the URL in its omnibox (the address bar), Google’s Chrome team has made public two projects that usher them in this direction. First, they … [Read more...]

Filed Under: 101, chrome improvement timeline, FYI, Google, google changes url presentation, Google Chrome, google kills the url, phishing, url display
February 4, 2019

A week in security (January 28 – February 3)

Last week, we ran another in our interview with a malware hunter series, explained a FaceTime vulnerability, and took a deep dive into a new stealer. We also threw some light  on a Houzz data breach, and what exactly happened between Apple and Facebook. Other cybersecurity news Kwik Fit hit by malware: Car service specialist runs into trouble when systems go offline. (Source: BBC) Mozilla … [Read more...]

Filed Under: facebook, hosting, Malware, phishing, Security world, social media, Week in security, weekly round up
January 28, 2019

A week in security (January 21 – 27)

Last week on the Malwarebytes Labs blog, we took a look at Modlishka, the latest hurdle in two-factor authentication (2FA), the potential for abuse of push notifications, a malware-phishing combo by the name of CryTekk ransomware, and why we detect PUPs, but enforce the power of users’ choice. We also pushed out the 2019 State of Malware report, which you can readily download here. Other … [Read more...]

Filed Under: 2019 State of Malware report, 2fa, ALPR, android malware, anpr, Ars Technica, Bleeping Computer, crytekk, crytekk ransomware, Dark Reading, fortnight, GDPR, GoDaddy, Help Net Security, KrebsOnSecurity, mitsubishi, modlishka, phishing, recap, Security Week, Security world, TechCrunch, The Wall Street Journal, vishing, voicemail phishing, vulnerability, Week in security, weekly blog roundup, youtube
January 25, 2019

Sly criminals package ransomware with malicious ransom note

Ransomware continues to show signs of evolution. From a simple screen locker to a highly-sophisticated data locker, ransomware has now become a mainstream name, even if (historically), it has been around far longer than we want to look back. Although the criminals behind ransomware campaigns are observed to be refining their approaches—from the “spray and pray” tactic to something akin to wide … [Read more...]

Filed Under: crytekk, crytekk ransomware, cybercrime, hybrid ransomware, paypal phishing, phishing, Social engineering
January 25, 2019

A user’s right to choose: Why Malwarebytes detects Potentially Unwanted Programs (PUPs)

Potentially Unwanted Programs (PUPs): the name says it all. While the programs themselves might have legitimate uses, their vendors often use inappropriate methods to drive downloads or hide within a program bundle. At Malwarebytes, we feel we have an obligation to help protect our customers from PUPs by identifying and detecting them and giving the user the right to choose whether they continue … [Read more...]

Filed Under: Enigma, Malwarebytes, Malwarebytes news, potentially unwanted programs, PUP criteria, PUPs, SpyHunter
January 21, 2019

A week in security (January 14 – 20)

Last week on the Malwarebytes Labs blog, we took a look at how the government shutdown is influencing cybersecurity jobs, Advanced Persistent Threats group APT10, the comeback of Fallout EK, the hosting of malicious sites on legitimate servers, and the Collection 1 data breach. Other cybersecurity news New Zealand-based cryptocurrency exchange Cryptopia has gone offline after suffering a security … [Read more...]

Filed Under: APT10, ArsTechnica, BleepingComputer, CoinDesk, collection 1, cryptopia, cve-2019-0543, DAS, Fallout EK, fortnite, garmin, Garmin watch, hosting, HTTPS, oregon, powershell, PowerShell Team Blog, SC Media, Security world, shutdown, telegram, threadx, Week in security, youtube
Next Page »