dcsimg
October 14, 2019

Europol: Ransomware remains top threat in IOCTA report

The European Union Agency for Law Enforcement Cooperation, or Europol, just released its annual Internet Organized Crime Threat Assessment (IOCTA) report for the year. And we weren’t surprised to find that ransomware, despite its palpable decline in volume these past few months—a trend we’ve also seen and documented—remains the most prominent threat in terms of prevalence and financial … [Read more...]

Filed Under: Awareness, bec, Business Email Compromise, child sexual exploitation, cse, ddos, europol, fraud, internet organized crime threat assessment, iocta, phishing, ransomware, spear phishing
October 14, 2019

A week in security (October 7 – 13)

Last week on Malwarebytes Labs, we peered into the possible future of cybersecurity insurance, described the process for securing today’s managed service provider, and provided an in-depth explainer on the business espionage tactic known as “war shipping.” Further, in considering the intersection of National Cybersecurity Awareness Month and National Domestic Violence Awareness Month, we gave … [Read more...]

Filed Under: a week in security, amazon, body cams, bots, chrome, cybersecurity, facial recognition, GitHub, Google, ice, Insurance, insurance cybersecurity, managed service providers, multi-factor authentication, national cybersecurity awareness month, National domestic violence awareness month, NCSAM, police body cams, security, stalkerware, twitter, US Immigration and Customs Enforcement, war shipping
October 7, 2019

A week in security (September 30 – October 6)

Last week on Malwarebytes Labs, Malwarebytes renewed its pledge to fight stalkerware for National Cybersecurity Awareness (NCSA) and Domestic Violence Awareness Month. We also looked into what security orchestration is and reported about partnering with security firm, HYAS, to determine the relationship between Magecart Group 4 and Cobalt, the infamous APT group behind sophisticated financially … [Read more...]

Filed Under: a week in security, Adwind RAT, APT, Cobalt, consumer behavior study, DaaS, disinformation-as-a-service, domestic violence awareness month, GhostCat-3PC, Google Alert, HYAS, Insikt Group, Magecart Group 4, Microsoft Office, Microsoft Word, National Cyber Security Centre, national cybersecurity awareness month, NCSAM, NCSC, ODT, OpenDocument Text, ransomware, robocall, scams in ads, security orchestration, Security Research Labs, simjacking, SMS-based attacks, SRLabs, stalkerware, The Media Trust, VPN vulnerabilities
September 30, 2019

A week in security (September 23 – 29)

Last week on Labs, we highlighted an Emotet campaign using Snowden’s new book as a lure, discussed how 15,000 webcams are vulnerable to attack, how insurance data security laws skirt political turmoil, and how the new iOS exploit checkm8 allows permanent compromise of iPhones. Other cybersecurity news Google said its quantum computer outperformed conventional models, but it will still be … [Read more...]

Filed Under: a week in security, ccleaner, checkm8, doordash, emotet, ihandy, insurance data, nodersok, webcams
September 23, 2019

A week in security (September 16 -22)

Last week on Labs, we sounded the alarm about the relaunch of Emotet, one of the year’s most dangerous forms of malware, with a new spam campaign. We also reported on how international students in UK are targeted by visa scammers, what CEOs think about a potential US data privacy law, and introduced Malwarebytes Browser Guard. Finally, we looked at the role of data destruction in … [Read more...]

Filed Under: a week in security, amazon, Browser guard, data destruction, education cybersecurity, emotet, Google, Google Chrome, Instagram, phishing, privacy law, S3buckets, visa, visa scam, youtube
September 23, 2019

A week in security (September 16 -22)

Last week on Labs, we sounded the alarm about the relaunch of Emotet, one of the year’s most dangerous forms of malware, with a new spam campaign. We also reported on how international students in UK are targeted by visa scammers, what CEOs think about a potential US data privacy law, and introduced Malwarebytes Browser Guard. Finally, we looked at the role of data destruction in … [Read more...]

Filed Under: a week in security, amazon, Browser guard, data destruction, education cybersecurity, emotet, Google, Google Chrome, Instagram, phishing, privacy law, S3buckets, visa, visa scam, youtube
September 16, 2019

A week in security (September 9 – 15)

Last week  on the Labs blog, we looked at free VPN offerings, how malware can hinder vital emergency services, and explored how the Heartbleed vulnerability is still causing problems. We also talked about a large FTC settlement involving Google, and how to keep an eye out for leaky AWS buckets. Other cybersecurity news The Cobalt Dickens group has returned to cause trouble. (Source: … [Read more...]

Filed Under: a week in security, infosec, Malware, Mobile, phishing, social network, weekly roundup
September 9, 2019

A week in security (September 2 – 8)

Last week on Malwarebytes Labs, we looked at a smart social engineering toolkit, delved into TrickBot tampering with trusted texts, and explained five ways to help keep remote workers safe. Other cybersecurity news A new Chinese Deepfake app is under fire for privacy concerns related to the use of uploaded images. (Source: CNN)Bucking the current trend for city councils and organizations … [Read more...]

Filed Under: a week in security, back to school, back to school cybersecurity, Capital One data breach, china, cyber insurance, deepfake, deepfake for voices, facebook, iphone compromise, Paige Thompson, ransomware, remote workers, romance scam, scammers, Social engineering, spear phishing, targeted attacks, trickbot, Uyghur Muslims
September 3, 2019

A week in security (August 26 – September 1)

Last week on Malwarebytes Labs, we analysed the Android xHelper trojan, we wondered why the Nextdoor app would send out letters on behalf of their customers, reported about a study that explores the clickjacking problem across top Alexa-ranked websites, wondered how to get the board to invest in higher education cybersecurity, and shared our view on the discovery of unprecedented new iPhone … [Read more...]

Filed Under: a week in security, asruex, blockchain, clickjacking, coinmining, emotet, iPhone, nextdoor, retadup, trickbot, vpn, xHelper
August 30, 2019

Five years later, Heartbleed vulnerability still unpatched

The Heartbleed vulnerability was introduced into the OpenSSL crypto library in 2012. It was discovered and fixed in 2014, yet today—five years later—there are still unpatched systems.  This article will provide IT teams with the necessary information to decide whether or not to apply the Heartbleed vulnerability fix. However, we caution: The latter could leave your users’ data exposed to future … [Read more...]

Filed Under: cryptography, EKs, exploit kits, Exploits, heartbeat extension, heartbleed, heartbleed vulnerability, IT, IT teams, Malwarebytes news, open source, OpenSSL, SSL, TSL
Next Page »