dcsimg

A week in security (January 21 – 27)

Last week on the Malwarebytes Labs blog, we took a look at Modlishka, the latest hurdle in two-factor authentication (2FA), the potential for abuse of push notifications, a malware-phishing combo by the name of CryTekk ransomware, and why we detect PUPs, but enforce the power of users’ choice. We also pushed out the 2019 State of Malware report, which you can readily download here. Other … [Read more...]

Sextortion emails: They’re probably not watching you

Back in July, Krebs on Security reported on a rather novel scam, where the threat actor would use credentials from old data dumps to suggest that they had directly hacked the victim and obtained the victim’s presumably sensitive browser history. Stolen credentials aside, sex-based extortion scams are actually fairly old and not all that sophisticated. A user on the Malwarebytes Forums … [Read more...]

Panerabread.com breach could have impacted millions

Customers who signed up for a Panerabread.com account in order to order fast-casual baked goods may want to guard their dough. Security researcher Brian Krebs reported yesterday that the website for the bakery chain leaked millions of customer records, including names, emails, physical addresses, birthdays, and the last four digits of customers’ credit card numbers. Until Monday, millions of … [Read more...]

A week in security (February 19 – February 25)

Last week on Malwarebytes Labs, we gave readers a primer on encryption, took a stab at that Deepfakes tool Internet users seem to be interested in, and started a new series that talks about GDPR. We also looked at a drive-by download campaign that starts in booby-trapped Chinese websites that drop malware via different exploits. This malware is a DDoS bot called Avzhan, which we then studied in … [Read more...]