dcsimg
February 25, 2020

Biotech health care innovations meet security challenges

The level and speed of innovations taking place in the biotech industry are baffling. On the one hand, it makes us hopeful we can quickly reduce the number of illnesses and their consequences through technological advancement—saving thousands of lives. On the other, concerns about the application of Internet-connected technology leave us wondering: at what cost? Where does the mix of technology … [Read more...]

Filed Under: AI, biosensors, BLE, bluetooth, dna-test, fda, pacemaker, pharmaceuticals, smart pill, sweyntooth, vital infrastructure, vulnerabilities
October 21, 2019

A week in security (October 14 – 20)

Last week on Malwarebytes Labs, we tried to unlock the future of the password (its vulnerabilities, current alternatives, and possible future disappearance), analyzed the lagging response by many businesses in adopting a patch for Pulse VPN vulnerability, looked at Instagram’s bulked-up security against phishing emails scams, and were reminded that ransomware remains a dominant threat facing … [Read more...]

Filed Under: a week in security, amazon, dark web, domestic abuse, domestic abuse survivor, domestic abuse survivors, domestic violence, facebook, facial recognition, Instagram, jackpot, jackpotting, kindle, Mark Zuckerberg, national cybersecurity awareness month, National domestic violence awareness month, Oracle, password, passwords, phish, phishing, phishing scam, ransomware, tor, Tor browser, US Customs and Border Enforcement, vpn, vulnerabilities, vulnerability
October 18, 2019

Pulse VPN patched their vulnerability, but businesses are trailing behind

In April 2019, Pulse Secure published an advisory about a vulnerability in their software. In August, cybercriminals were massively scanning for systems that were running a vulnerable version. Now it’s October, and still many organizations have not applied the patches that are available for this vulnerability. This is a trend we’ve seen repeated with dozens of other publicly-known … [Read more...]

Filed Under: Business, cybercriminals, exploit, exploit kits, Exploits, patch, patching, pulse, vpn, vulnerabilities, vulnerability
September 24, 2019

15,000 webcams vulnerable to attack: how to protect against webcam hacking

Webcams may have been around for a long time, but that doesn’t mean we know what we’re doing with them. Webcam hacking has been around for equally as long, yet new research from Wizcase indicates that more than 15,000 private, web-connected cameras are exposed and readily accessible to the general public. So forget hacking, cybercriminals can just take a stroll through the Internet and grab … [Read more...]

Filed Under: cam, camera, devices, hackers, Hacking, hub, Internet of Things, IoT, IoT devices, monitor, security by design, vulnerabilities, webcam, webcam hacks
September 13, 2019

Hacking with AWS: incorporating leaky buckets into your OSINT workflow

Penetration testing is often conducted by security researchers to help organizations identify holes in their security and fix them, before cybercriminals have the chance. While there’s no malicious intent for the researcher, part of his job is to think and act like a cybercriminal would when hacking, or attempting to breach, an enterprise network. Therefore, in this article, I will review … [Read more...]

Filed Under: amazon, aws, AWS buckets, data, Hacking, Intel, intelligence gathering, open source intelligence, OSINT, Pen Testing, Penetration Testing, recon, reconnaisance, Researcher's corner, vulnerabilities
June 19, 2019

Labs report: Malicious AI is coming—is the security world ready?

Imagine a world in which artificial intelligence has gone rogue—the robots have revolted against their masters and have now enslaved all of humanity. There’s no more natural beauty in the world and everything is awful. Get that out of your system? Good. The reality of malicious AI, at least in the near future, is far less dystopian. However, it is a reality, and it’ll be here … [Read more...]

Filed Under: AI, Anomaly Detection, artificial intelligence, deep learning, deepfakes, fake news, machine learning, social media, vulnerabilities
May 20, 2019

A week in security (May 13 – 19)

Last week, Malwarebytes Labs reviewed active and unique exploit kits targeting consumers and businesses alike, reported about a flaw in WhatsApp used to target a human rights lawyer, and wrote about an important Microsoft patch that aimed to prevent a “WannaCry level” attack. We also profiled the Dharma ransomware—aka CrySIS—and imparted four lessons from the DDoS attack against the US … [Read more...]

Filed Under: Android, bloatware, breaches, crysis ransomware, DDos attack, dharma, Hacking, healthcare cybersecurity, mds, Meltdown, Microsoft, ransomware, Security world, server vulnerabilities, Spectre, typosquatting, vpn, vulnerabilities, Week in security, whatsapp
May 8, 2019

Vulnerabilities in financial mobile apps put consumers and businesses at risk

Security hubris. It’s the phrase we use to refer to our feeling of confidence grounded on assumptions we all have (but may not be aware of or care to admit) about cybersecurity—and, at times, privacy. It rears its ugly head when (1) we share the common notion that programmers know how to code securely; (2) we cherry-pick perceived-as-easier security and privacy practices over difficult and … [Read more...]

Filed Under: 101, app vulnerabilities, client-side injection, development hygiene, exposure of database parameters and sql queries, financial, financial mobile app flaws, FYI, implicit trust of all certificates, insecure data storage, insecure random number generator, lack of binary protections, man-in-the-middle, man-int-the-middle, mitm, private key exposure, secure app development, security hubris, SQL injection, unintended data leakage, vulnerabilities, weak encryption
April 16, 2019

Electrum Bitcoin wallets under siege

By Adam Thomas, with additional contributions from Jérôme Segura, Vasilios Hioueras and S!Ri Since at least late December 2018, many users of the popular Electrum Bitcoin wallet have fallen victim to a series of phishing attacks, which we estimate netted crooks well over 771 Bitcoins—an amount equivalent to approximately $4 million USD at current exchange rates. Threat actors were able to … [Read more...]

Filed Under: bitcoin, bitcoins, botnet, cybercrime, ddos, Electrum, exploit kit, Exploits, RIG, RIG EK, Social engineering, vulnerabilities, wallet
April 10, 2019

Who is managing the security of medical management apps?

One truth that is consistent across every sector—be it technology or education—is that software is vulnerable, which means that any device running software applications is also at risk. While virtually any application-running device could be compromised by an attacker, vulnerabilities in medical management apps pose a unique and more dangerous set of problems. Now add to vulnerabilities the issue … [Read more...]

Filed Under: 101, Business, Data privacy, health apps, healthcare, HIPPA, medical apps, medical management apps, vulnerabilities
Next Page »