dcsimg
October 26, 2020

Lock and Code S1Ep18: Finding consumer value in Cybersecurity Awareness Month with Jamie Court

This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Jamie Court, president of the non-profit advocacy group Consumer Watchdog, about the consumer value in Cybersecurity Awareness Month. Launched initially as a joint effort between government and industry, this once-a-year awareness campaign is meant to … [Read more...]

Filed Under: brute force attacks, consumer cybersecurity, consumer privacy, consumer security, Consumer Watchdog, covid-19, cross-site scripting, CrowdStrike, cybersecurity awareness, cybersecurity integration, data breach, deepfake, general elections 2020, managed service providers, MSP, nation-state actors, national cybersecurity awareness month, NCSAM, NSA, Pfizer, podcast, Sensity, tech support scams, telegram, TSS, US elections 2020, xss
September 1, 2020

New web skimmer steals credit card data, sends to crooks via Telegram

The digital credit card skimming landscape keeps evolving, often borrowing techniques used by other malware authors in order to avoid detection. As defenders, we look for any kind of artifacts and malicious infrastructure that we might be able to identify to protect our users and alert affected merchants. These malicious artifacts can range from compromised stores to malicious JavaScript, … [Read more...]

Filed Under: credit card, credit card skimmer, credit card skimming, digital skimmer, gate, Magecart, skimmer, telegram, Telegram API, web skimmer, web skimming, Web threats
July 22, 2019

A week in security (July 15 – 21)

Last week on Malwarebytes Labs, we took an extensive look at Sodinokibi, one of the new ransomware strains found in the wild that many believe picked up where GandCrab left off. We also profiled Extenbro, a Trojan that protects adware; reported on the UK’s new Facebook reporting tool, homed in on new Magecart strategies that render them ‘”bulletproof;” identified challenges … [Read more...]

Filed Under: 2fa bypass, a week in security, advanced persistent threat, Android apps, APT, backdoor, BitPaymer ransomware, browser extensions, bulletproof, chrome, cybersecurity education, DataSpii, DDos attack, DoppelPaymer, EvilGnome, Extenbro, FaceApp, facebook, Facebook reporting tool, firefox, generation, Instagram, Ke3chang, Magecart, Media File Jacking, privacy, RingCentral flaw, Sodinokibi, telegram, vital infrastructure, whatsapp, Zhumu flaw, zoom zero-day
January 21, 2019

A week in security (January 14 – 20)

Last week on the Malwarebytes Labs blog, we took a look at how the government shutdown is influencing cybersecurity jobs, Advanced Persistent Threats group APT10, the comeback of Fallout EK, the hosting of malicious sites on legitimate servers, and the Collection 1 data breach. Other cybersecurity news New Zealand-based cryptocurrency exchange Cryptopia has gone offline after suffering a security … [Read more...]

Filed Under: APT10, ArsTechnica, BleepingComputer, CoinDesk, collection 1, cryptopia, cve-2019-0543, DAS, Fallout EK, fortnite, garmin, Garmin watch, hosting, HTTPS, oregon, powershell, PowerShell Team Blog, SC Media, Security world, shutdown, telegram, threadx, Week in security, youtube
October 1, 2018

A week in security (September 24 – 30)

Last week on Labs was a busy one. We discussed how SMS phishing attacks target the job market, issued a warning for TV Licensing phishes, commented on how Apple confused Safari users with recent changes to how OSX handles browser extensions, and elaborated on holes found in Mojave’s privacy protection—deep breath! We also showed how a buggy implementation of CVE-2018-8373 vulnerability is used to … [Read more...]

Filed Under: CVE, CVE-2018-8373, facebook, Googlr, iPhoneXS, Lojax, Magecart, Microsoft, Mojave, mutagen astronomy, osx, phishing, port of san diego, quasar rat, safari extensions, Security world, sms phishing, telegram, TV licensing, unwanted calls, Week in security
April 11, 2018

Keeping your business and personal instant messages secure

Most people want to know their instant messages are securely wrapped up—whether that’s for personal privacy or making sure online scammers can’t grab the message content. If you’re sending text on a sensitive topic, or perhaps some photo attachments intended for one person only, you definitely wouldn’t want them falling into the wrong hands. The same goes for business; … [Read more...]

Filed Under: 101, How-tos, IM, instant message, instant messaging, Mobile, phone, secure, signal, telegram