The Malwarebytes team was at the annual Black Hat USA event held in Las Vegas at the Mandalay Bay Hotel from August 4–9. Large crowds walked through the expo floor, attended talks, and participated in trainings. Among the many topics discussed, ransomware came up as one of the main issues that both consumers and businesses face. While it has been slowing down from previous years, ransomware … [Read more...]
August 15, 2018
August 14, 2018
Back to school cybersecurity: hints, tips, and links for a safer school year
It’s that time of year again when parents are slowly gearing up for a new school term. Some schools have a strict policy of only using their own pre-approved lab devices, while others allow students to bring their own devices. Whatever the plan, it’s never too early to start thinking about some of the potential dangers. Following the herd When new schoolmates collide, there’s … [Read more...]
August 13, 2018
A week in security (August 6 – 12)
Last week, we published a review of exploit kits, talked about everyday tech that can give you a headache, and showed how to protect RDP access from ransomware. We also published a study on the true cost of cybercrime. Other news: Discovered at Black Hat: WhatsApp “message manipulation” (Source: The Register) Discovered at Black Hat: AI attacks (Source: The Register) Once again, … [Read more...]
August 8, 2018
White hat, black hat, and the emergence of the gray hat: the true costs of cybercrime
This post was written by Michael Osterman of Osterman Research. Osterman Research recently completed a major survey on behalf of Malwarebytes to determine the actual cost of cybercrime to businesses. Many studies have focused on the cost of lost reputation, lost future business, and other consequences of cybercrime—and while these are certainly valid considerations—we wanted to understand the … [Read more...]
August 6, 2018
July 30, 2018
A week in security (July 23 – July 29)
Last week on Labs, we looked at an adware called MobiDash getting stealthy, a new strain of Mac malware called Proton that was found after two years, and the ‘Hidden Bee’ miner that was delivered via an improved drive-by download toolkit. We also delved into the security improvements expected in the new Android P, and had a fresh look at Trojans to help users define what they really are. We also … [Read more...]
July 27, 2018
‘Hidden Bee’ miner delivered via improved drive-by download toolkit
This blog post was authored by @hasherezade and Jérôme Segura. We recently detected a drive-by a download attempt trying to exploit CVE-2018-4878, a vulnerability in Flash Player, in a sequence that was not matching any of the exploit kit patterns that we currently track. Upon investigation, we discovered something that was new to us, but is part of an existing exploitation framework discovered in … [Read more...]
July 26, 2018
July 23, 2018
A week in security (July 16 – July 22)
Last week on Labs, we looked at a Magniber expansion, explored open source vulnerabilities, and checked out the boons and drawbacks of smart assistants. We also continued our ad blocking article extravaganza, gave a whistlestop tour of third-party problems, and published our Q2 Cybercrime tactics & techniques report. Other news: Huge data breach in Singapore (Source: Straights Times) Venmo … [Read more...]
July 17, 2018
5 ways to find and fix open source vulnerabilities
Guest post by Limor Wainstein A recent discovery of surreptitious execution of cryptomining code by a sandboxed app, riding piggyback on the open source software (OSS) ecosystem, raises pertinent questions about the security of open source code and its dependencies. Programmers often use OSS as a jump-off for creating their software—and that includes malware authors. The rogue app, which was found … [Read more...]
