dcsimg
January 10, 2020

Threat spotlight: Phobos ransomware lives up to its name

Ransomware has struck dead on organizations since it became a mainstream tool in cybercriminals’ belts years ago. From massive WannaCry outbreaks in 2017 to industry-focused attacks by Ryuk in 2019, ransomware’s got its hooks in global businesses and shows no signs of stopping. That includes a malware family known as Phobos ransomware, named after the Greek god of fear. Phobos is … [Read more...]

Filed Under: brute force, coveware, crysis, crysis ransomware, dharma, Dharma ransomware, disorganised crime, mfa, Multi-Factor Authorization, Phobos, Phobos NextGen, Phobos NotDharma, Phobos ransomware, raas, ransomware, Ransomware as a Service, rdp, remote desktop protocol, Server Message Block, SMB, Sodinokibi, threat spotlight, virtual private networks, vpn
October 25, 2019

How to protect yourself from doxing

“Abandon hope all ye who enter.” This ominous inscription affixed atop the gates to Hell in Dante’s Divine Comedy applies peculiarly well to describe the state of the Internet today. It’s hard to draw a parallel to the utility that the Internet has offered to modern civilization—perhaps no other technological innovation has brought about greater change. Yet, one of its many consequences is … [Read more...]

Filed Under: dox, doxer, doxing, How-tos, ip address, mobile VPNs, online privacy, password manager, personal data, personally identifiable information, privacy, Social engineering, social media, vpn, VPNs, WHOIS
October 21, 2019

A week in security (October 14 – 20)

Last week on Malwarebytes Labs, we tried to unlock the future of the password (its vulnerabilities, current alternatives, and possible future disappearance), analyzed the lagging response by many businesses in adopting a patch for Pulse VPN vulnerability, looked at Instagram’s bulked-up security against phishing emails scams, and were reminded that ransomware remains a dominant threat facing … [Read more...]

Filed Under: a week in security, amazon, dark web, domestic abuse, domestic abuse survivor, domestic abuse survivors, domestic violence, facebook, facial recognition, Instagram, jackpot, jackpotting, kindle, Mark Zuckerberg, national cybersecurity awareness month, National domestic violence awareness month, Oracle, password, passwords, phish, phishing, phishing scam, ransomware, tor, Tor browser, US Customs and Border Enforcement, vpn, vulnerabilities, vulnerability
October 18, 2019

Pulse VPN patched their vulnerability, but businesses are trailing behind

In April 2019, Pulse Secure published an advisory about a vulnerability in their software. In August, cybercriminals were massively scanning for systems that were running a vulnerable version. Now it’s October, and still many organizations have not applied the patches that are available for this vulnerability. This is a trend we’ve seen repeated with dozens of other publicly-known … [Read more...]

Filed Under: Business, cybercriminals, exploit, exploit kits, Exploits, patch, patching, pulse, vpn, vulnerabilities, vulnerability
September 10, 2019

300 shades of gray: a look into free mobile VPN apps

The times, they are a changin’. When users once felt free to browse the Internet anonymously, post about their innermost lives on social media, and download apps with frivolity, folks are playing things a little closer to the vest these days. Nowadays, users are paying more attention to privacy and how their personal information is transmitted, processed, stored, and shared. Nearly every … [Read more...]

Filed Under: Android, anonymity, Apple App Store, black mirror, CDT, centennials, Commonwealth Scientific and Industrial Research Organization, CSIRO, dark web, DNS hijacking, DNS leak, emerging markets, encryption, fake av, free, free VPN, Global Web Index, GlobalWebIndex, Google Play Store, Guideline 5.4, Hotspot Shield, Hotspot Shield complaint, Innet VPN, iOS, IPv6 leak, KilpVip, Luminati, malvertising, millenials, mobile VPN apps, motivations for VPN usage, MyMobileSecure, netflix, onion browser, privacy, Queen Mary University of London, risk-free, Rob Mardisalu, rogueware, Sapienza University of Rome, Secnet VPN, Simon Migliano, TheBestVPN, top 20 VPN apps, Top10VPN, transparency, UC Berkeley, University of South Wales, virtual private networks, vpn
September 4, 2019

5 simple steps to securing your remote employees

As remote working has become standard practice, employees are working from anywhere and using any device they can to get the job done. That means repeated connections to unsecured public Wi-Fi networks—at a coffee shop or juice bar, for example—and higher risks for data leaks from lost, misplaced, or stolen devices. Think about it. Let’s say your remote employee uses his personal smart … [Read more...]

Filed Under: 2fa, approved device list, bring your own device, Business, BYOD, encryption, Find my iPhone, Find my Mobile, governance, IDG Connect, jailbreak, man-in-the-middle, man-in-the-middle attack, multi-factor authentication, passcode, password, public wi-fi, RBAC, remote, remote employees, remote wiping, remote workforce, role-based access control, single sign-on, sso, two-factor authentication, vpn
September 3, 2019

A week in security (August 26 – September 1)

Last week on Malwarebytes Labs, we analysed the Android xHelper trojan, we wondered why the Nextdoor app would send out letters on behalf of their customers, reported about a study that explores the clickjacking problem across top Alexa-ranked websites, wondered how to get the board to invest in higher education cybersecurity, and shared our view on the discovery of unprecedented new iPhone … [Read more...]

Filed Under: a week in security, asruex, blockchain, clickjacking, coinmining, emotet, iPhone, nextdoor, retadup, trickbot, vpn, xHelper
May 20, 2019

A week in security (May 13 – 19)

Last week, Malwarebytes Labs reviewed active and unique exploit kits targeting consumers and businesses alike, reported about a flaw in WhatsApp used to target a human rights lawyer, and wrote about an important Microsoft patch that aimed to prevent a “WannaCry level” attack. We also profiled the Dharma ransomware—aka CrySIS—and imparted four lessons from the DDoS attack against the US … [Read more...]

Filed Under: Android, bloatware, breaches, crysis ransomware, DDos attack, dharma, Hacking, healthcare cybersecurity, mds, Meltdown, Microsoft, ransomware, Security world, server vulnerabilities, Spectre, typosquatting, vpn, vulnerabilities, Week in security, whatsapp
April 15, 2019

A week in security (April 8 – 14)

Last week on Labs, we said hello to Baldr, a new stealer on the market, we wondered who is managing the security of medical management apps, discussed the different perceptions of personal information, and we looked at fake Instagram assistance apps found on Google Play that are stealing passwords. Other cybersecurity news German pharmaceuticals giant Bayer says it has been hit by malware, … [Read more...]

Filed Under: alexa, amazon, Baldr, china, facebook, fake news, Instagram, personal information, security, Security world, sextortion scams, vpn, week, Week in security
January 31, 2019

Apple pulls Facebook enterprise certificate

It’s been an astonishing few days for Facebook. They’ve seen both an app and their enterprise certificate removed and revoked with big consequences. What happened? Apple issue enterprise certificates to organizations with which they can create internal apps. Those apps don’t end up released on the Apple store, because the terms of service don’t allow it. Anything storefront-bound must go … [Read more...]

Filed Under: app, Apple, Data privacy, facebook, Facebook privacy, Mobile, privacy, Security world, store, vpn
Next Page »