dcsimg

A week in security (March 2 – 8)

Last week on Malwarebytes Labs, we fired up part 1 of our series on child identity theft, asked how well law enforcement can deal with cybercriminals, and took a trip down the memory lane of moral panic. We also looked at the positives and negatives of VPNs and examined our own progress in the fight against stalkerware, spyware, and monitoring apps. Other cybersecurity news Trouble strikes for … [Read more...]

Bring your own privacy: VPNs for consumers and orgs

VPNs (virtual private networks) have been popular for quite some time now, and they’re worth a huge amount of money for the companies working in this area. They’re also at the forefront of combating potential repression and censorship around the world. It might all sound a bit esoteric and unrelated to your general day-to-day requirements, but VPNs are absolutely a mainstream topic whether at home … [Read more...]

United States government-funded phones come pre-installed with unremovable malware

A United States–funded mobile carrier that offers phones via the Lifeline Assistance program is selling a mobile device pre-installed with not one, but two malicious applications. Assurance Wireless by Virgin Mobile offers the UMX U686CL phone as their most budget conscious option. At only $35 under the government-funded program, it’s an attractive offering. However, what it comes installed with … [Read more...]

The little-known ways mobile device sensors can be exploited by cybercriminals

The bevy of mobile device sensors in modern smartphones and tablets make them more akin to pocket-sized laboratories and media studios than mere communication devices. Cameras, microphones, accelerometers, and gyroscopes give incredible flexibility to app developers and utility to mobile device users. But the variety of inputs also give clever hackers new methods of bypassing conventional mobile … [Read more...]

A week in security (November 4 – November 10)

Last week on Malwarebytes Labs, we announced the launch of Malwarebytes 4.0, tackled data privacy legislation, and explored some of the ways robocalls come gunning for your data and your money. We also laid out the steps involved in popular vendor email compromise attacks. Other cybersecurity news Bug bounty bonanza: Rockstar Games open up their bounty program to include the newly-released Red … [Read more...]

A week in security (September 9 – 15)

Last week  on the Labs blog, we looked at free VPN offerings, how malware can hinder vital emergency services, and explored how the Heartbleed vulnerability is still causing problems. We also talked about a large FTC settlement involving Google, and how to keep an eye out for leaky AWS buckets. Other cybersecurity news The Cobalt Dickens group has returned to cause trouble. (Source: … [Read more...]

Mobile Menace Monday: Dark Android Q rises

Android Q, the upcoming 10th major release of the Android mobile operating system, was developed by Google with three major themes in mind: innovation, security, and privacy. Today, we are going to focus mostly on security and privacy, although there are still many potential changes and updates on the horizon that can be discussed. Privacy Privacy has been a top priority in developing … [Read more...]

Cellular networks under fire from Soft Cell attacks

We place a lot of trust in our mobile experience, given they’re one of the most constant companions we have. Huge reams of data, tied to a device we always carry with us, with said device frequently offering additional built-in app functionality. An astonishing wealth of information, for anyone bold enough to try and take it. Security firm Cybereason uncovered an astonishing attack dubbed … [Read more...]

Mobile stalkerware: a long history of detection

Recently, we have received an alarming question from many Malwarebytes users, asking, “Do you detect stalkerware?” The answer is an overwhelming, “Absolutely, and for good reason!” Moreover, we have been doing so for a long time, and are expanding our efforts in the months to come. Going back more than five years, Malwarebytes researchers have detected applications and software that monitor … [Read more...]

WhatsApp fix goes live after targeted attack on human rights lawyer

If you use WhatsApp, you’ll want to update both app and device as soon as possible due to a freshly-discovered exploit. The vulnerability was found in Google Android, Apple iOS, and Microsoft Windows Phone builds of the app. Unlike many mobile attacks, potential victims aren’t required to install or click on anything—they may not even be aware something malicious has taken place. This attack came … [Read more...]