We place a lot of trust in our mobile experience, given they’re one of the most constant companions we have. Huge reams of data, tied to a device we always carry with us, with said device frequently offering additional built-in app functionality. An astonishing wealth of information, for anyone bold enough to try and take it. Security firm Cybereason uncovered an astonishing attack dubbed … [Read more...]
July 12, 2019
June 7, 2019
Video game portrayals of hacking: NITE Team 4
Note: The developers of NITE Team 4 granted the blog author access to the game plus DLC content. A little while ago, an online acquaintance of mine asked if a new video game based on hacking called NITE Team 4 was in any way realistic, or “doable” in terms of the types of hacking it portrayed (accounting for the necessary divergences from how things would work outside of a scripted, plot-goes-here … [Read more...]
May 21, 2019
Skimmer acts as payment service provider via rogue iframe
Criminals continue to target online stores to steal payment details from unaware customers at a rapid pace. There are many different ways to go about it, from hacking the shopping site itself, to compromising its supply-chain. A number of online merchants externalize the payment process to a payment service provider (PSP) for various reasons, including peace of mind that transactions will be … [Read more...]
May 20, 2019
A week in security (May 13 – 19)
Last week, Malwarebytes Labs reviewed active and unique exploit kits targeting consumers and businesses alike, reported about a flaw in WhatsApp used to target a human rights lawyer, and wrote about an important Microsoft patch that aimed to prevent a “WannaCry level” attack. We also profiled the Dharma ransomware—aka CrySIS—and imparted four lessons from the DDoS attack against the US … [Read more...]
April 16, 2019
Hackers snab emails and more in Microsoft Outlook, Hotmail, and MSN compromise
Long-time users of certain Microsoft products, such as Hotmail, MSN, and Outlook found they may be wrapped up in a hack grabbing snippets of email information, and in some cases, a little bit more. Microsoft email services have been around forever in Internet time. Yet, many users still have a few Hotmail accounts rattling around. While most have long since moved on from MSN and Hotmail to Live … [Read more...]
April 1, 2019
A week in security (March 25 – 31)
Last week, we looked at plugin vulnerabilities, location tracking app problems, and talked about plain text password woes. We also looked at federal data privacy regulation and took a deep dive into BatMobi Adware. Other cybersecurity news Poisoned software update headache for ASUS (Source: The Register) Britain’s Huawei oversight board releases its findings (Source: UK.GOV) Trojanised terror … [Read more...]
March 21, 2019
March 1, 2019
Spectre, Google, and the Universal Read Gadget
Spectre, a seemingly never ending menace to processors, is back in the limelight once again thanks to the Universal Read Gadget. First seen at the start of 2018, Spectre emerged alongside Meltdown as a major potential threat to people’s system security. Meltdown and Spectre Meltdown targeted Intel processors and required a malicious process running on the system to interact with it. Spectre could … [Read more...]
February 14, 2019
Hacker destroys VFEmail service, wipes backups
An email service called VFEmail was essentially put out of business after a hack intended to delete everything in (and out of) sight. “Yes, @VFEmail is effectively gone. It will likely not return. I never thought anyone would care about my labor of love so much that they’d want to completely and thoroughly destroy it.” This wasn’t “just” a simple webpage compromise, … [Read more...]
January 18, 2019
Collection 1 data breach: what you need to know
Yesterday, news broke that the largest data dump in history had been discovered, with more than 770 million people’s Personally Identifiable Information (PII) decrypted, catalogued, and up for grabs on the Internet. The files, which are being dubbed Collection 1, were originally found on cloud service MEGA, and later posted to a popular hacking forum. The Collection 1 folder contains more … [Read more...]
