dcsimg
January 25, 2021

A week in security (January 18 – January 24)

Last week on Malwarebytes Labs, we looked at changes to WhatsApp’s privacy policy, we provided information about Malwarebytes being targeted by the same threat actor that was implicated in the SolarWinds breach, we told the story of ZeroLogon, looked at the pros and cons of Zoom watermarking, studied the vulnerabilities in dnsmasq called DNSpooq, asked if TikTok’s new settings are enough to keep … [Read more...]

Filed Under: a week in security, bec, Brave, chrome, Cisco, dnsmasq, dnspooq, ema, gamarue, IoT, kindle, Malwarebytes news, messenger scam, passwords, phishing, QNAP, singapore, solarwinds, tiktok, whatsapp, zerologon, zoom
January 20, 2021

Zoom watermarking: pros and cons

Metadata, which gives background information on pieces of data, is typically hidden. It becomes a problem when accidentally revealed. Often tied to photography mishaps, it can be timestamps. It might be location. In some cases, it can be log analysis. Many tutorials exist to strip this information out. This is because it can reveal more than intended when it hits the public domain. Default … [Read more...]

Filed Under: audio, data, embed, leak, privacy, recording, The Intercept, video, videoconferencing, zoom
November 30, 2020

A week in security (November 23 – November 29)

Last week on Malwarebytes Labs, we talked with Chris Boyd about charities that track you online. We also looked back at Zoom, and wondered whether it’s any safer months after its first vulnerability was reported. We talked about how Apple’s security is hampering the detection of potentially unwanted programs (PUPs). Lastly, we reported on Spotify resetting some user accounts after … [Read more...]

Filed Under: a week in security, Apple, awis, Chris Boyd, covid-19, fbi, lock and code podcast, Minecraft, Minecraft mod, Mustang Panda, online video gaming, pandemic, remote work, remote working, smart doorbells, Social engineering, Spotify, Vatican, vishing, voice phishing, Week in security, zoom
November 24, 2020

Looks like we’re stuck with Zoom: Is it any safer?

Earlier this month, Zoom’s stock price took a dive on news of two promising COVID vaccines offering over 90 percent effectiveness against the virus (a third vaccine was just announced). That’s nice. Glad to know some people think this nightmare is ending soon and we’ll all go back to the office and the classroom. But our ability to walk into a clinic and get either of these vaccines is still … [Read more...]

Filed Under: e2e encryption, Malwarebytes news, remote working, zoom, zoombombing
November 2, 2020

A week in security (October 26 – November 1)

We had a very busy week at Malwarebytes Labs. We offered advice on Google’s patch for an actively exploited zero-day bug that affects Chrome users, our podcast talked about finding consumer value in Cybersecurity Awareness Month with Jamie Court, we provided guidance about keeping ransomware cash away from your business, pointed out how scammers are spoofing bank phone numbers to rob … [Read more...]

Filed Under: covid-19 survey, CVE-2020-14882, cybersecurity awareness month, disinformation, email compromise, emotet, facebook, Google Chrome, Google patch, hp printer issue, Malwarebytes news, oracle weblogic, ransomware, satellite hacking, spoofing, suncrypt, vastaamo, wandera, zero day, zerologon, zoom
August 17, 2020

Lock and Code S1Ep13: Monitoring the safety of parental monitoring apps with Emory Roane

This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Emory Roane, policy counsel at Privacy Rights Clearinghouse, about parental monitoring apps. These tools offer parents the capabilities to spot where their children go, read what their kids read, and prevent them from, for instance, visiting websites … [Read more...]

Filed Under: Chrome Extension, covid-19 scams, defcon, HBO phishing, HBO scam, Instacart, Instacart breach, Intel, Intel leak, lock & code, lock and code, lock and code podcast, malwarebytes labs podcast, malwarebytes podcast, Netflix phishing, Netflix scam, phishing, phishing scam, podcast, SBA scam, scam, spying apps, stalkerware, tiktok, Twitch phishing, Twitch scam, vulnerabilities, YouTube phishing, YouTube scam, ziggo, zoom, Zoom vulnerabilities
May 4, 2020

A week in security (April 27 – May 3)

Last week on Malwarebytes Labs, we looked at how secure the cloud is, understood why unexpected demand can influence an organization to consider their “just in time” (JIT) system, speculated on why the threat actors behind the Troldesh ransomware suddenly released thousands of decryption keys, preached the good news about VPN being mainstream, touched on the relationship between cybercrime and a … [Read more...]

Filed Under: Apple, APT, awis, bluetooth, bluetooth attack, Bluetooth vulnerabilities, CivicSmart, Cloud Security, coronavirus, covid-19, hacked, hospitals, JIT, just in time, Malwarebytes news, oceanlotus, pandemic survival book, PhantomLance, phishing scam, ransomware, recap, scada, SMB, Troldesh ransomware, vpn, weekly blog roundup, zoom, zoom phishing
April 14, 2020

Keep Zoombombing cybercriminals from dropping a load on your meetings

While shelter in place has left many companies struggling to stay in business during the COVID-19 epidemic, one company in particular has seen its fortunes rise dramatically. Zoom, the US-based maker of teleconferencing software, has become the web conference tool of choice for employees working from home (WFH), friends coming together for virtual happy hour, and families trying to stay connected. … [Read more...]

Filed Under: coronavirus, covid-19, exploit, Exploits, how-to zoom, How-tos, teleconferencing, virtual meetings, Webinars, zoom, zoom squatting, zoombombers, zoombombing, zooming
April 6, 2020

A week in security (March 30 – April 5)

Last week on Malwarebytes Labs, we offered readers tips for safe online shopping now that cybercriminals are ramping up Internet-based attacks, showed the impact that GDPR has around the world, and helped users understand how social media platforms mine their personal data. We also hosted our bi-weekly podcast, Lock and Code, with guest Adam Kujawa, who discussed the state of data privacy … [Read more...]

Filed Under: a week in security, covid-19, cyber volunteers, draytek, GDPR, houseparty, Marriott, online shopping, rdp, vpn, zoom, zoom-bombing