dcsimg

A week in security (May 13 – 19)

Last week, Malwarebytes Labs reviewed active and unique exploit kits targeting consumers and businesses alike, reported about a flaw in WhatsApp used to target a human rights lawyer, and wrote about an important Microsoft patch that aimed to prevent a “WannaCry level” attack. We also profiled the Dharma ransomware—aka CrySIS—and imparted four lessons from the DDoS attack against the US … [Read more...]

WhatsApp fix goes live after targeted attack on human rights lawyer

If you use WhatsApp, you’ll want to update both app and device as soon as possible due to a freshly-discovered exploit. The vulnerability was found in Google Android, Apple iOS, and Microsoft Windows Phone builds of the app. Unlike many mobile attacks, potential victims aren’t required to install or click on anything—they may not even be aware something malicious has taken place. This attack came … [Read more...]

The top six takeaways for corporate data privacy compliance

For nearly two months, Malwarebytes Labs has led readers on a journey through data privacy laws around the world, exploring the nuances between “personal information” and “personal data,” as well as between data breach notification laws in Florida, Utah, California, and Iowa. We explored the risks of jumping into the global data privacy game, comparing the European Union’s laws with the laws … [Read more...]

Consumers have few legal options for protecting privacy

There are no promises in the words, “We care about user privacy.” Yet, these words appear on privacy policy after privacy policy, serving as disingenuous banners to hide potentially invasive corporate practices, including clandestine data collection, sharing, and selling. This is no accident. It is a strategy. In the US, companies that break their own privacy policies can—and do—face … [Read more...]

Facebook’s history betrays its privacy pivot

Facebook CEO Mark Zuckerberg proposed a radical pivot for his company this month: it would start caring—really—about privacy, building out a new version of the platform that turns Facebook less into a public, open “town square” and more into a private, intimate “living room.” Zuckerberg promised end-to-end encryption across the company’s messaging platforms, interoperability, disappearing … [Read more...]

A week in security (February 4 – 8)

Last week on Malwarebytes Labs, we took a closer look at the technical and reputational challenges for Facebook as it tries to integrate secure messaging across Messenger, WhatsApp, and Instagram. We explored Google’s latest attempts to change how the public sees—literally—web browser URLs, gave some of our best tips on how to safely browse the Internet at work, and detailed a unique spam campaign … [Read more...]

Merging Facebook Messenger, WhatsApp, and Instagram: a technical, reputational hurdle

Secure messaging is supposed to be just that—secure. That means no backdoors, strong encryption, private messages staying private, and, for some users, the ability to securely communicate without giving up tons of personal data. So, when news broke that scandal-ridden, online privacy pariah Facebook would expand secure messaging across its Messenger, WhatsApp, and Instagram apps, a broad community … [Read more...]

Mobile Menace Monday: Fake WhatsApp can steal info from your phone

Last month, a blogger at My Online Security reported receiving a spam comment containing WhatsApp Plus. Going through the process, they downloaded an APK of this so-called WhatsApp Plus. Where they ended was as stated, I am not certain exactly what this does, but from the sandbox reports it looks like it has the potential to steal information, photos, phone numbers etc from your mobile … [Read more...]

A week in security (November 27 – December 03)

Last week on Labs, we touched on a huge macOS High Sierra vulnerability, a PayPal phish, and Terror EK’s new tactic. We also took a crack at identity theft protection services, drive-by cryptomining, and rounded up interesting talks while attending a security conference in Ireland called IRISSCON. Other news Our friends at Zimperium investigated a fake WhatsApp on Google Play, and found … [Read more...]