dcsimg

A week in security (January 8 – January 14)

It’s very early in the year, yet everyone has already had a complete meltdown (pun intended) over a number of serious vulnerabilities found in legacy and modern microprocessors. Last week, rightly so, vendors released patches for hardware and OSes to help mitigate these threats. However, problems in patching persisted. As if this wasn’t challenging enough, some online criminals jumped … [Read more...]

Stripchat bot spells block

Here at Malwarebytes, we spent a lot of time and effort scouring the Internet looking for malicious websites that we can protect our users from. Sometimes, these websites are pushing malware or some kind of scam. Other times it comes down to bad advertising practices that are used to fool the user into clicking on something. We used to see a lot of this kind of trick with fake download buttons … [Read more...]

WPA3 will secure Wi-Fi connections in four significant ways in 2018

CES, the annual consumer electronics extravaganza in Las Vegas, isn’t just a showcase for virtual reality and poorly-timed power outages. It’s also an opportunity to get a peek at the future of network security. That’s why on the first day of CES, the Wi-Fi Alliance announced the newest security protocol for Wi-Fi devices: WPA3. The new protocol is the most significant upgrade to Wi-Fi security … [Read more...]

Alleged creator of Fruitfly indicted for 13 years of spying

Way back at the start of last year, we took a look at something called Fruitfly, a Mac backdoor using old code that had been around for a long time and could (deep breath) upload files to computers, record images and video, snoop around in victims’ information, take screenshots, and also log keystrokes. The malware, made up of just two files, was a mixture of “wow, that’s … [Read more...]

A week in security (January 1-8)

New year, new threats, as 2018 gets underway. On our blog, we had dubious searches aplenty for those hunting for Malwarebytes information, and we also covered the huge Meltdown/Spectre bug, affecting hardware going back to 10 years. Other news Coin miners are at it again, with a proof of concept for hacking public Wi-Fi and injecting cryptomining code into browsing sessions. (source: The … [Read more...]

Meltdown and Spectre: what you need to know

The Google Project Zero team, in collaboration with other academic researchers, has published information about three variants of a hardware bug with important ramifications. These variants—branch target injection (CVE-2017-5715), bounds check bypass (CVE-2017-5753) and rogue data cache load (CVE-2017-5754)—affect all modern processors. If you’re wondering if you could be impacted, the … [Read more...]

The seven most colossal data breaches of 2017

By Logan Strain If it seems like the words “leak,” “compromised data,” and “breach” are constantly in the news, it’s not just you. The frequency of major data breaches is increasing. According to the Identity Theft Resource Center, the number of breaches is expected to top 1,500 in 2017. That’s a 37 percent annual increase over 2016, which itself was a record year for exposed personal data. But … [Read more...]

A week in security (December 11–17)

Last week we explained what fast flux is and how it’s being abused, we showed you all kinds of Bitcoin-related scams, presented a video recording of a tech support scammer trying to sell free software, and pointed out some free software to keep an eye on your Internet traffic. We also informed you about an ad server found predominantly on adult websites, which has taken the lead in the … [Read more...]

Exosrv.com, an ad server for adult sites, tops Malwarebytes detections

There is a belief that most of what you’ll find on adult websites is going to harm your system. In many cases, this has proven to be true, but overall the adult industry has made numerous efforts to protect their customers and audience. While we would like to tell you that it’s completely safe to surf adult websites these days, we do still need to stay vigilant. That’s why … [Read more...]

A state of constant uncertainty or uncertain constancy? Fast flux explained

Last August, WireX made headlines. For one thing, it was dubbed the first-known DDoS botnet that used the Android platform. For another, it used a technique that—for those who have been around in the industry for quite a while now—rung familiar in the ears: fast flux. In the context of cybersecurity, fast flux could refer to two things: one, a network similar to a P2P that hosts a botnet’s … [Read more...]