dcsimg

A week in security (June 3 – 9)

Last week on Malwarebytes Labs, we rounded up some leaks and breaches, reported about Magecart skimmers found on Amazon CloudFront CDN, proudly announced we were awarded as Best Cybersecurity Vendor Blog at the annual EU Security Blogger Awards, discussed how Maine inches closer to shutting down ISP pay-for-privacy schemes, asked where our options to disable hyperlink auditing had gone, and … [Read more...]

A week in security (May 13 – 19)

Last week, Malwarebytes Labs reviewed active and unique exploit kits targeting consumers and businesses alike, reported about a flaw in WhatsApp used to target a human rights lawyer, and wrote about an important Microsoft patch that aimed to prevent a “WannaCry level” attack. We also profiled the Dharma ransomware—aka CrySIS—and imparted four lessons from the DDoS attack against the US … [Read more...]

Hackers snab emails and more in Microsoft Outlook, Hotmail, and MSN compromise

Long-time users of certain Microsoft products, such as Hotmail, MSN, and Outlook found they may be wrapped up in a hack grabbing snippets of email information, and in some cases, a little bit more. Microsoft email services have been around forever in Internet time. Yet, many users still have a few Hotmail accounts rattling around. While most have long since moved on from MSN and Hotmail to Live … [Read more...]

The global data privacy roadmap: a question of risk

For most American businesses, complying with US data privacy laws follows a somewhat linear, albeit lengthy, path. Set up a privacy policy, don’t lie to the consumer, and check the specific rules if you’re a health care provider, video streaming company, or kids’ app maker. For American businesses that want to expand to a new market, though, complying with global data privacy laws is more akin to … [Read more...]

Businesses: It’s time to implement an anti-phishing plan

Businesses: phishers aren’t just coming for you. They’re coming for your employees and your customers, too. Phishing attacks are on the rise this year, thanks in part to massive Emotet and TrickBot campaigns, which make use of phishing emails to deliver their payloads. If you don’t already have one in place, then it’s time to implement an anti-phishing plan. Where phishes are … [Read more...]

October 2018  – Microsoft Patch Tuesday 

October 2018  – Microsoft Patch Tuesday  Each year seems to go by more quickly than the last, and here we are – already into the fourth and last quarter of this year that feels as if it just started. Microsoft updates have already been in the news this month, and not in a good way. […] … [Read more...]

A week in security (September 24 – 30)

Last week on Labs was a busy one. We discussed how SMS phishing attacks target the job market, issued a warning for TV Licensing phishes, commented on how Apple confused Safari users with recent changes to how OSX handles browser extensions, and elaborated on holes found in Mojave’s privacy protection—deep breath! We also showed how a buggy implementation of CVE-2018-8373 vulnerability is used to … [Read more...]

A week in security (September 10 – 16)

Last week on Malwarebytes Labs, we assessed the security of a portable router, identified ways to waste a scammer’s time, named the many faces of omnichannel fraud, questioned the security of 2FAs, profiled a massive tech support scam operation, and exposed a new HMRC phishing campaign. Other cybersecurity news: Trend Micro addressed the burning questions related to their Mac App store apps … [Read more...]

Blocks for Flash and others coming to Office 365

If you’re a user of Microsoft Office products such as Word and Excel, you’re probably aware that they’ve been used as inroads for malware for a long, long time. But what about malware attacks without Macros? Sure. Macro malware for Macs? That, too. Malicious documents and spying tools? Danger, Will Robinson. We have some good news and some bad news. The good news is that monthly … [Read more...]

A week in security (May 7 – May 13)

Last week on Labs, we looked at the case of a fake Android AV, an annoying adware that goes by the name of Kuik, the return of threat actors behind the Shopper Stop tech scam, a new Netflix phishing scam, the recent zero-day vulnerability in Internet Explorer, and the insufficiency of merely relying on the presence of the green padlock. Also, in a brief blog post, we talked about why we removed … [Read more...]