dcsimg

Compromising vital infrastructure: problems in education security continue

The educational system and many of its elements are targets for cybercriminals on a regular basis. While education is a fundamental human right recognized by the United Nations, the financial means of many schools and other entities in the global educational system are often limited. These limited budgets often result in weak or less-than-adequate protection against cyberthreats. … [Read more...]

A week in security (July 8 – 14)

Last week on Malwarebytes Labs, we looked at ways to send your sensitive information in a secure fashion, examined some tactics in incident response land, and explored federal data privacy law. We also looked at how security tools can turn against you, and took a deep dive into the rather fiendish Soft Cell attack. Other cybersecurity news The UK government backs facial recognition tech: The … [Read more...]

Cellular networks under fire from Soft Cell attacks

We place a lot of trust in our mobile experience, given they’re one of the most constant companions we have. Huge reams of data, tied to a device we always carry with us, with said device frequently offering additional built-in app functionality. An astonishing wealth of information, for anyone bold enough to try and take it. Security firm Cybereason uncovered an astonishing attack dubbed … [Read more...]

A week in security (June 17 – 23)

Last week on the Malwarebytes Labs blog, we took a look at the growing pains of smart cities, took a deep dive into AI, jammed along to Radiohead, and looked at the lessons learned from Chernobyl in relation to critical infrastructure. We also explored a new Steam phish attack, and pulled apart a Mac cryptominer. Other cybersecurity news Florida City falls to ransomware: Riviera Beach City … [Read more...]

New Mac cryptominer Malwarebytes detects as Bird Miner runs by emulating Linux

A new Mac cryptocurrency miner Malwarebytes detects as Bird Miner has been found in a cracked installer for the high-end music production software Ableton Live. The software is used as an instrument for live performances by DJs, as well as a tool for composing, recording, mixing, and mastering. And while cryptomining is not new on Mac, this one has a unique twist: It runs via Linux … [Read more...]

Skimmer acts as payment service provider via rogue iframe

Criminals continue to target online stores to steal payment details from unaware customers at a rapid pace. There are many different ways to go about it, from hacking the shopping site itself, to compromising its supply-chain. A number of online merchants externalize the payment process to a payment service provider (PSP) for various reasons, including peace of mind that transactions will be … [Read more...]

Threat spotlight: CrySIS, aka Dharma ransomware, causing a crisis for businesses

CrySIS, aka Dharma, is a family of ransomware that has been evolving since 2006. We have noticed that this ransomware has become increasingly active lately, increasing by a margin of 148 percent from February until April 2019. The uptick in detections may be due to CrySIS’ effective use of multiple attack vectors. Profile of the CrySIS ransomware CrySIS/Dharma, which Malwarebytes … [Read more...]

Vital infrastructure: Threats target financial institutions, fintech, and cryptocurrencies

With news of a malware attack on accounting firm Wolters Kluwer causing a “quiet panic” in the accounting world this week, our assertion that financial institutions—from banks to brokers—are part of the vital infrastructure of society has been solidified. According to its website, Wolters Kluwer provides software and services to all of the top 100 accounting firms in the United … [Read more...]

Sophisticated threats plague ailing healthcare industry

The healthcare industry is no longer circling the drain, but it’s still in critical condition. While many organizations in healthcare have aimed at or made positive strides toward a more robust cybersecurity and privacy posture, they still have a long way to go. In 2018, healthcare had the highest number of breaches recorded compared to other industries. This is according to … [Read more...]

A week in security (April 22 – 28)

Last week on Labs, we looked at security threats to headphones, privacy options in the world of law, and wandered through the FBI’s 2018 IC3 online crime report. We also explored another MageCart attack, and we released our 2019 Q1 Crime Tactics and Techniques report. Other cybersecurity news Fooling automated surveillance cameras: Bypassing neural network frameworks with colourful abstract … [Read more...]