dcsimg

A week in security (January 21 – 27)

Last week on the Malwarebytes Labs blog, we took a look at Modlishka, the latest hurdle in two-factor authentication (2FA), the potential for abuse of push notifications, a malware-phishing combo by the name of CryTekk ransomware, and why we detect PUPs, but enforce the power of users’ choice. We also pushed out the 2019 State of Malware report, which you can readily download here. Other … [Read more...]

A week in security (October 22 – 28)

Last week on Malwarebytes Labs, we took a look at some new Mac malware,  gave you a roundup of 2018 exploit kits, and dispensed some advice on sextortion scams. We also looked at the Cathay Pacific breach, groaned at the revival of an old browser trick, and explained how voting machines and elections are vulnerable to attack. Other cybersecurity news More problems for British Airways (Source: … [Read more...]

Millions of accounts affected in latest Facebook hack

Facebook announced earlier today that its social network had been hacked, resulting in 40 million accounts that were directly impacted, while another 50 million were also considered to be potentially affected. Attackers exploited a feature in Facebook called “View As,” which essentially shows how your profile looks to others. The flaw enabled them to get ahold of so-called Access Tokens, which … [Read more...]

Buggy implementation of CVE-2018-8373 vulnerability used to deliver Quasar RAT

A variant of a remote code execution vulnerability with Internet Explorer’s scripting engine known as CVE-2018-8373 patched last August has been found in the wild. Looking at the IOCs posted by our colleagues at TrendMicro, we recognized the infrastructure serving this exploit. The same static domain has been active since at least early July, and is being redirected to from an adult website … [Read more...]

A week in security (September 17 – 23)

Last week, we took a look at a low level spam campaign on Twitter, explored the signs of falling victim to phishing, and examined a massive WordPress compromise. We also explained some SASL vulnerabilities and covered a breaking Emotet spam campaign. Other cybersecurity news: NewEgg attacked by MageCart (Source: Volexity) UKGOV tackled the talent gap (Source: The Register) Maximum fine touted for … [Read more...]

Explained: regular expression (regex)

Regular expression, or “regex” for short, is a mathematical term for the theory used to describe regular languages. But in computing, regexes are used to search for patterns in files and databases, and their functionality is incorporated into many modern programming languages. Regex search patterns make wildcards look like clumsy clowns because they offer a whole slew of additional … [Read more...]

Researchers discover vulnerabilities in smart assistants’ voice commands

Virtual personal assistants (VPA), also known as smart assistants like Amazon’s Alexa and Google’s Assistant, are in the spotlight for vulnerabilities to attack. Take, for example, that incident about an Oregon couple’s Echo smart speaker inadvertently recording their conversation and sending it to a random contact. Or that time when the Alexa started laughing out of the blue. Indeed, something … [Read more...]

A week in security (May 7 – May 13)

Last week on Labs, we looked at the case of a fake Android AV, an annoying adware that goes by the name of Kuik, the return of threat actors behind the Shopper Stop tech scam, a new Netflix phishing scam, the recent zero-day vulnerability in Internet Explorer, and the insufficiency of merely relying on the presence of the green padlock. Also, in a brief blog post, we talked about why we removed … [Read more...]

4G LTE vulnerabilities leave users open to attack

A team of researchers have uncovered critical flaws in 4G LTE protocol that could be exploited to intercept phone calls and text messages, knock devices offline, track devices’ locations and spoof emergency alerts. The vulnerabilities, which were identified in a research paper by Purdue University’s Syed Rafiul Hussain, Shagufta Mehnaz and Elisa Bertino, and the University of Iowa’s Omar … [Read more...]