dcsimg

Malwarebytes Labs wins best cybersecurity vendor blog at InfoSec’s European Security Blogger Awards

Infosec Europe is now well underway, and last night was the annual EU Security Blogger Awards, where InfoSecurity Magazine: …recognise[s] the best blogs in the industry as first nominated by peers and then judged by a panel of (mostly) respected industry experts. Malwarebytes Labs was announced as winner of the Best Cybersecurity Vendor Blog. We previously won best corporate security blog in … [Read more...]

A week in security (April 1 – 7)

Last week, Malwarebytes Labs took readers on a brief tour of some of the world’s most notable data privacy laws, explored how gamers can protect themselves against cyberthreats, and offered thoughts about the reports that a 23-year-old Chinese woman gained access to President Donald Trump’s Mar-a-Lago resort while carrying four cellphones, a hard drive, a laptop, and a thumb drive that was … [Read more...]

Facebook’s history betrays its privacy pivot

Facebook CEO Mark Zuckerberg proposed a radical pivot for his company this month: it would start caring—really—about privacy, building out a new version of the platform that turns Facebook less into a public, open “town square” and more into a private, intimate “living room.” Zuckerberg promised end-to-end encryption across the company’s messaging platforms, interoperability, disappearing … [Read more...]

A user’s right to choose: Why Malwarebytes detects Potentially Unwanted Programs (PUPs)

Potentially Unwanted Programs (PUPs): the name says it all. While the programs themselves might have legitimate uses, their vendors often use inappropriate methods to drive downloads or hide within a program bundle. At Malwarebytes, we feel we have an obligation to help protect our customers from PUPs by identifying and detecting them and giving the user the right to choose whether they continue … [Read more...]

2019 State of Malware report: Trojans and cryptominers dominate threat landscape

Each quarter, the Malwarebytes Labs team gathers to share intel, statistics, and analysis of the tactics and techniques made popular by cybercriminals over the previous three months. At the end of the year, we synthesize this data into one all-encompassing report—the State of Malware report—that aims to follow the most important threats, distribution methods, and other trends that shaped the … [Read more...]

How threat actors are using SMB vulnerabilities

Some of the most devastating ransomware and Trojan malware variants depend on vulnerabilities in the Windows Server Message Block (SMB) to propagate through an organization’s network. Windows SMB is a protocol used by PCs for file and printer sharing, as well as for access to remote services. A patch was released by Microsoft for SMB vulnerabilities in March 2017, but many organizations and home … [Read more...]

New Flash Player zero-day used against Russian facility

For the past couple of years, Office documents have largely replaced exploit kits as the primary malware delivery vector, giving threat actors the choice between social engineering lures and exploits or a combination of both. While today’s malicious spam (malspam) heavily relies on macros and popular vulnerabilities (i.e. CVE-2017-11882), attackers can also resort to zero-days when trying to … [Read more...]

New ‘Under the Radar’ report examines modern threats and future technologies

As if you haven’t heard it enough from us, the threat landscape is changing. It’s always changing, and usually not for the better. The new malware we see being developed and deployed in the wild have features and techniques that allow them to go beyond what they were originally able to do, either for the purpose of additional infection or evasion of detection. To that end, we decided … [Read more...]

Teamwork takes down massive ad fraud botnets

On November 27th 2018, the Department of Justice announced the indictment of 8 individuals involved in a major ad fraud case that cost digital advertisers millions of dollars. The operation, dubbed “3ve“, was the combination of the Boaxxe and Kovter botnets which the FBI, in collaboration with the private sector, was able to dismantle. The US CERT advisory indicates that 3ve was … [Read more...]

Why Malwarebytes decided to participate in AV testing

Starting this month, Malwarebytes began participating in the antivirus software for Windows comparison test performed by AV-test.org. This is uncharted territory for us, as we have refrained from participating in these types of tests since our inception. Although recent testing results show Malwarebytes protecting against more than 97 percent of web vector threats and detecting and removing 99.5 … [Read more...]