Last week on Malwarebytes Labs, we offered readers tips for safe online shopping now that cybercriminals are ramping up Internet-based attacks, showed the impact that GDPR has around the world, and helped users understand how social media platforms mine their personal data. We also hosted our bi-weekly podcast, Lock and Code, with guest Adam Kujawa, who discussed the state of data privacy … [Read more...]
April 6, 2020
January 28, 2020
Explained: the strengths and weaknesses of the Zero Trust model
In a US court of law, the accused are deemed to be innocent until proven guilty. In a Zero Trust security model, the opposite is true. Everything and everyone must be considered suspect—questioned, investigated, and cross-checked—until we can be absolutely sure it is safe to be allowed. Zero Trust is a concept created by John Kindervag in 2010 during his time as Vice President and Principal … [Read more...]
January 10, 2020
December 13, 2019
Threat spotlight: The curious case of Ryuk ransomware
Ryuk. A name once unique to a fictional character in a popular Japanese comic book and cartoon series is now a name that appears in several rosters of the nastiest ransomware to ever grace the wild web. For an incredibly young strain—only 15 months old—Ryuk ransomware gaining such notoriety is quite a feat to achieve. Unless the threat actors behind its campaigns call it quits, too—Remember … [Read more...]
May 15, 2019
Microsoft pushes patch to prevent ‘WannaCry’ level vulnerability
This month marks the two-year anniversary since the infamous WannaCry attack. As an anniversary present to the world, Microsoft has pushed out patches to secure a newly-identified Remote Desktop Protocol (RDP) vulnerability found in certain Windows operating systems. The potential damage of the newly-discovered RDP vulnerability matches the same dangers we experienced with the WannaCry … [Read more...]
May 15, 2019
Threat spotlight: CrySIS, aka Dharma ransomware, causing a crisis for businesses
CrySIS, aka Dharma, is a family of ransomware that has been evolving since 2006. We have noticed that this ransomware has become increasingly active lately, increasing by a margin of 148 percent from February until April 2019. The uptick in detections may be due to CrySIS’ effective use of multiple attack vectors. Profile of the CrySIS ransomware CrySIS/Dharma, which Malwarebytes … [Read more...]
October 8, 2018
A week in security (October 1 – 7)
Last week, Malwarebytes welcomed National Cybersecurity Awareness Month by renewing our pledge to do what we do best: offer the best protection for our customers and promote security awareness for all. On Labs, we raised the question of whether it is a good idea to bring your own security or not, talked a little bit more about fileless malware, homed in on a malware campaign targeting Fortnite … [Read more...]
August 13, 2018
A week in security (August 6 – 12)
Last week, we published a review of exploit kits, talked about everyday tech that can give you a headache, and showed how to protect RDP access from ransomware. We also published a study on the true cost of cybercrime. Other news: Discovered at Black Hat: WhatsApp “message manipulation” (Source: The Register) Discovered at Black Hat: AI attacks (Source: The Register) Once again, … [Read more...]
August 10, 2018
How to protect your RDP access from ransomware attacks
You didn’t really think that the ransomware wave was coming to an end, did you? You’d be tempted to think so, given the decline in reports about massive ransomware campaigns. But this relative radio silence may be due to some recent developments in the field. Ransomware attacks are getting more targeted to be more effective. And one of the primary attack vectors is the Remote Desktop … [Read more...]
