dcsimg
April 22, 2019

A week in security (April 15 – 21)

Last week, Malwarebytes Labs revealed multiple giveaway online scam campaigns banking on the popularity (and generosity) of Ellen DeGeneres, weighed in on the hack that compromised legacy Microsoft email service accounts like Hotmail and MSN, explained what “like-farming” means and how to spot it on social media, and spotlighted on uncharacteristic executable file formats one of our researchers … [Read more...]

Filed Under: a week in security, Cyber Resilience, Ellen DeGeneres, fake Airbnb sites, Flame 2.0, IE vulnerability, like-farming, notre dame disinformation, Security world, VPN flaw, Week in security
April 16, 2019

Electrum Bitcoin wallets under siege

By Adam Thomas, with additional contributions from Jérôme Segura, Vasilios Hioueras and S!Ri Since at least late December 2018, many users of the popular Electrum Bitcoin wallet have fallen victim to a series of phishing attacks, which we estimate netted crooks well over 771 Bitcoins—an amount equivalent to approximately $4 million USD at current exchange rates. Threat actors were able to … [Read more...]

Filed Under: bitcoin, bitcoins, botnet, cybercrime, ddos, Electrum, exploit kit, Exploits, RIG, RIG EK, Social engineering, vulnerabilities, wallet
April 15, 2019

A week in security (April 8 – 14)

Last week on Labs, we said hello to Baldr, a new stealer on the market, we wondered who is managing the security of medical management apps, discussed the different perceptions of personal information, and we looked at fake Instagram assistance apps found on Google Play that are stealing passwords. Other cybersecurity news German pharmaceuticals giant Bayer says it has been hit by malware, … [Read more...]

Filed Under: alexa, amazon, Baldr, china, facebook, fake news, Instagram, personal information, security, Security world, sextortion scams, vpn, week, Week in security
April 9, 2019

Say hello to Baldr, a new stealer on the market

By William Tsing, Vasilios Hioureas, and Jérôme Segura Over the past few months, we have noticed increased activity and development of new stealers. One such new stealer, called Baldr, first appeared in January 2019, and our analysis of this malware finds that its authors were serious about making a long-lasting product. Unlike many banking Trojans that wait for the victim to log into their … [Read more...]

Filed Under: Baldr, Criminals, information stealer, spyware, stealer, stealer functionality, Threat analysis, unpacking code
April 8, 2019

A week in security (April 1 – 7)

Last week, Malwarebytes Labs took readers on a brief tour of some of the world’s most notable data privacy laws, explored how gamers can protect themselves against cyberthreats, and offered thoughts about the reports that a 23-year-old Chinese woman gained access to President Donald Trump’s Mar-a-Lago resort while carrying four cellphones, a hard drive, a laptop, and a thumb drive that was … [Read more...]

Filed Under: bayer, chinese cyberattacks, chinese cyberthreats, critical infrastructure, facebook, Malwarebytes news, mar-a-lago, passwords, social media, Week in security
April 3, 2019

Was this really an attempt by the Chinese?

Last weekend, during President Trump’s visit to the Mar-a-Lago resort, a 23-year-old Chinese woman attempted to gain access to the Florida resort by lying and bluffing her way in. After some discussion at the gate, she was escorted to the reception of the resort where it was found out that she was not on the list of people that were allowed to enter. According to the report a search of her … [Read more...]

Filed Under: cybercrime, Malware
April 1, 2019

A week in security (March 25 – 31)

Last week, we looked at plugin vulnerabilities, location tracking app problems, and talked about plain text password woes. We also looked at federal data privacy regulation and took a deep dive into  BatMobi Adware. Other cybersecurity news Poisoned software update headache for ASUS (Source: The Register) Britain’s Huawei oversight board releases its findings (Source: UK.GOV) Trojanised terror … [Read more...]

Filed Under: adware, Hacking, Malware, Mobile, phishing, roundup, Security world, Week in security
March 25, 2019

A week in security (March 18 – 24)

Last week on Malwarebytes Labs, we touched on the susceptibility of hospitals against phishing attacks, password reuse, the risk of interactive TV shows to side-channel attacks, and Facebook’s new and out-of-character plan to promote privacy in the platform. Other cybersecurity news A study highlighted that 20 percent of Americans do not trust anyone with the protection of their data, … [Read more...]

Filed Under: bandersnatch, bec. cdc spam, Business Email Compromise, center for disease control and prevention, cybersecurity, education, epic games, facebook, formjacking, gandcrab, google photos, iPhone, kiddle, learn4life, malicious app, netflix, network security, Password reuse, phishing, privacy, security fatigue, Security world, steam, vulnerabilities, Week in security
March 18, 2019

A week in security (March 11 – 17)

Last week on Malwarebytes Labs, we looked at the Lazarus group in our series about APT groups, we discussed the introduction of Payment Service Directive 2 (PSD2) in the EU, we tackled Google’s Nest fiasco, and the launch of Mozilla’s Firefox Send. In addition, we gave you an overview of the pervasive threat, Emotet, and we discussed reputation management in the age of cyberattacks against … [Read more...]

Filed Under: Apex Legends, Chinese DNA, emotet, facebook, Facebook outage, Firefox Send, Google Nest, Google Play, Lazarus Group, netflix, psd2, Security world, Spotify, Week in security
March 11, 2019

A week in security (March 4 – 11)

Last week, Malwarebytes Labs released its in-depth, international data privacy survey of nearly 4,000 individuals, revealing that every generation, including Millennials, cares about online privacy. We also covered a novel case of zombie email that involved a very much alive account user, delved into the typical data privacy laws a US startup might have to comply with on its journey to success, … [Read more...]

Filed Under: Apple, Baby Boomer, Baby Boomers, chrome, data privacy laws, dev-fuse, Gen Zed, Google Chrome, iPhone, machine learning, Millennial, Millennials, National Security Agency, NSA, ransom.troldesh, ransomware, RSA, RSA Conference, Security world, shade, study, surveillance, survey, Tim Apple, Tim Cook, Troldesh, Troldesh ransomware, ultrasound, ultrasound scanning, US data privacy laws, Verizon, vulnerability, Week in security, zero day, zombie email
Next Page »