Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2020-09-10 20:29:40 |
Report: Pandemic caused significant shift in buyer appetite in the dark web (lien direct) |
The pandemic has had a ripple effect on all facets of life-even the criminal. A new report looks at how the dark web has changed post COVID.
Categories:
Cybercrime
Tags: 2faairbnbCash Appcovid-19Dark WebDark Web Market Price Index 2020: Covid-19 EditionDisney+facebookFitbithaveibeenpwnedHeadspaceInstacartMasterClassnetflixOnlyFanspandemicpassword managerPayPalPelotonSIM jackingSIM swappingSimon MiglianoSpotifyTop10VPNVerizonWowcherYouTube Premium
(Read more...)
|
|
|
|
|
2020-09-09 17:07:14 |
Malvertising campaigns come back in full swing (lien direct) |
Threat actors monetize on adult traffic in several large malvertising campaigns.
Categories:
Social engineering
Tags: ad networksbad adsexploit kitexploit kitsFallout EKmalvertisingmalvertising campaignsRIG EK
(Read more...)
|
|
|
|
|
2020-09-07 14:24:20 |
A week in security (August 31 – September 6) (lien direct) |
A round up of the previous week's most interesting security news and happenings.
Categories:
A week in security
Tags: facebookmalwarephishround upscamsecuritytiktokweek in security
(Read more...)
|
|
|
|
|
2020-09-04 15:00:00 |
SMB cybersecurity posture weakened by COVID-19, Labs report finds (lien direct) |
In parsing the data for our August report on COVID-19, we learned that SMB cybersecurity faced many challenges, some of which are being unaddressed.
Categories:
Reports
Tags: business securitycovid-19cybersecuritycybersecurity awarenessenduring from homeITIT adminslock and codelock and code podcastpandemicsmall and medium sized businessessmall businessesSMBSMBsWFHworking from home
(Read more...)
|
|
|
|
|
2020-09-03 20:57:25 |
PCI DSS compliance: why it\'s important and how to adhere (lien direct) |
|
|
|
|
|
2020-09-02 18:03:44 |
How to keep K–12 distance learners cybersecure this school year (lien direct) |
As a new school season opens, educational institutions strive to adapt to the IT needs and challenges that come with the introduction of new learning schemes like remote schooling, otherwise known as distance learning. With their children's overall health and safety as top priority, there is one other thing parents and guardians must also keep in mind: how to keep them from cybercriminals as far away as possible.
Categories:
How-tos
Tags: back to schoolback to school cybersecuritycovid-19distance learningemergency homeschoolingschool cybersecuritytemporary homeschoolingzoombombingzoomsquatting
(Read more...)
|
|
|
|
|
2020-09-01 14:15:00 |
New web skimmer steals credit card data, sends to crooks via Telegram (lien direct) |
Criminals steal payment data from online shoppers by abusing the Telegram instant messaging API, inserting credit card skimming code.
Categories:
Web threats
Tags: credit cardcredit card skimmercredit card skimmingdigital skimmergateMagecartskimmertelegramTelegram APIweb skimmerweb skimming
(Read more...)
|
|
|
|
|
2020-08-31 16:54:31 |
Apple\'s notarization process fails to protect (lien direct) |
Read more...)
|
|
|
|
|
2020-08-31 15:26:43 |
Lock and Code S1Ep14: Uncovering security hubris with Adam Kujawa (lien direct) |
This week on Lock and Code, we talk to Adam Kujawa, security evangelist and director of Malwarebytes Labs, about "security hubris."
Categories:
Podcast
Tags: enduring from homelock and codelock and code podcastpodcastsecurity hubris
(Read more...)
|
|
|
|
|
2020-08-27 15:00:00 |
Missing person scams: what to watch out for (lien direct) |
Missing person alerts can be a prime source of inspiration for scammers looking to turn a quick buck. We explore some of the techniques used to further ill-gotten gains.
Categories:
Cybercrime
Social engineering
Tags: abductionfacebookfakemissing childmissing personscamtwitter
(Read more...)
|
|
|
|
|
2020-08-26 15:00:00 |
Good news: Stalkerware survey results show majority of people aren\'t creepy (lien direct) |
|
|
|
|
|
2020-08-25 15:00:00 |
The cybersecurity skills gap is misunderstood (lien direct) |
The cybersecurity skills gap is misunderstood. Rather than a lack of talent, there is a lack of understanding in how to find and hire that talent.
Categories:
Business
Tags: (ISC)Aspen InstituteCSIScybersecurity skills gapcybersecurity skills shortageEnterprise Strategy GroupInternational Information System Security Certification ConsortiumISACAMalwarebytesUC Santa Cruz Silicon Valley ExtensionUniversity of California Santa Cruz Silicon Valley extensionWiCySWomen in CyberSecurity
(Read more...)
|
|
|
|
|
2020-08-24 16:12:20 |
A week in security (August 17 – 23) (lien direct) |
A roundup of cybersecurity news from August 17 – 23, including our Enduring from Home report, and the impact of COVID-19 on healthcare security.
Categories:
A week in security
Malwarebytes news
Tags: a week in securityawiscallcovid-19enduring from homegaminghealthcarehealthcare cybersecuritylocksmalwarephishphishingphonescamsecurity roundup
(Read more...)
|
|
|
|
|
2020-08-21 15:00:00 |
\'Just tell me how to fix my computer:\' a crash course on malware detection (lien direct) |
For the Luddites and the technologically challenged, this is your crash course on malware detection. Learn what it is, how it works, and why it's important.
Categories:
Awareness
Tags: 101anti-exploitAnti-Malwareantiviruscybersecurity awarenessmalwaremalware detectionmalware removalremediationremediation and preventionsecurity 101security awarenesswindows defender
(Read more...)
|
Malware
|
|
|
|
2020-08-20 10:00:00 |
20 percent of organizations experienced breach due to remote worker, Labs report reveals (lien direct) |
In Labs' latest report, Enduring From Home: COVID-19's Impact on Business Security, we look at responses from 200 IT professionals on how they handled the transition to WFH, what are their biggest cybersecurity concerns, and what are their plans for optimizing remote security in the future.
Categories:
Reports
Tags: cybersecurity awarenessenduring from homelabs reportmalwarebytes labsremote workremote workerssecure remote workers
(Read more...)
|
|
|
|
|
2020-08-18 19:30:39 |
The impact of COVID-19 on healthcare cybersecurity (lien direct) |
COVID-19 has put incredible pressure on the healthcare sector. How did the pandemic impact healthcare cybersecurity?
Categories:
Vital infrastructure
Tags: covid-19healthcarehealthcare cybersecurityhealthcare securitysecurity
(Read more...)
|
|
|
|
|
2020-08-17 15:30:00 |
Lock and Code S1Ep13: Monitoring the safety of parental monitoring apps with Emory Roane (lien direct) |
This week on Lock and Code, we talk to Emory Roane, policy counsel at Privacy Rights Clearinghouse, about parental monitoring apps.
Categories:
Podcast
Tags: Chrome Extensioncovid-19 scamsdefconHBO phishingHBO scamInstacartInstacart breachIntelIntel leaklock & codelock and codelock and code podcastmalwarebytes labs podcastmalwarebytes podcastNetflix phishingNetflix scamphishingphishing scampodcastSBA scamscamspying appsstalkerwaretiktokTwitch phishingTwitch scamvulnerabilitiesYouTube phishingYouTube scamziggozoomZoom vulnerabilities
(Read more...)
|
|
|
|
|
2020-08-14 16:45:51 |
Explosive technology and 3D printers: a history of deadly devices (lien direct) |
We look at how successful hardware hacks can damage devices-and potentially even put lives at risk.
Categories:
Hacking
Tags: 3d printerhackershackinghackshardwareIoTmalwareprinterstuxnet
(Read more...)
|
|
|
|
|
2020-08-13 17:52:49 |
Chrome extensions that lie about their permissions (lien direct) |
Users have learned to review the list of permissions Chrome extensions require before installing them from the webstore. But what's the use if they lie to you?
Categories:
PUP
Tags: permissionsPUPpup.optional.searchenginehijacks2redirect.coms3arch.pagesearch hijackertabs
(Read more...)
|
|
|
|
|
2020-08-12 15:00:00 |
Dutch ISP Ziggo demonstrates how not to inform your customers about a security flaw (lien direct) |
Dutch ISP Ziggo sent an email to customers about a security flaw that raised several red flags for phishing-despite being legitimate. Learn how to avoid such mistakes in your organization'sexternal and internal communications.
Categories:
Scams
Tags: branded firmwarecorporate communicationsdutch ispinternet service providerISPmailphishingsecurity weaknessziggoziggobooster
(Read more...)
|
|
|
|
|
2020-08-11 16:32:59 |
The skinny on the Instacart breach (lien direct) |
With the sudden popularity of grocery and pick-up services in this pandemic era, online criminals were swift to target and compromise Instacart. How did it happen?
Categories:
Hacking
Tags: credential stuffingInstacart bad securityInstacart breachInstacart credential stuffingInstacart securityPassword reuse
(Read more...)
|
|
|
|
|
2020-08-10 16:30:05 |
SBA phishing scams: from malware to advanced social engineering (lien direct) |
SBA loan scams continue to make the rounds targeting small business owners, CEOS, and CFOs. Learn what to look out for.
Categories:
Scams
Tags: loanphishingSBAscam
(Read more...)
|
Malware
|
|
|
|
2020-08-10 15:30:00 |
A week in security (August 3 – 9) (lien direct) |
A roundup of cybersecurity news from August 3 – 9, including a look at business email compromises, a new data privacy bill, and the Inter skimming attack.
Categories:
A week in security
Tags: australian signals directoratebecchrome web storeData Accountability and Transparency ActenclavehomoglyphiamInstagramlockbitMicrosoft Officetaidoortiktokus electionszoombombing
(Read more...)
|
|
|
|
|
2020-08-06 17:00:00 |
Inter skimming kit used in homoglyph attacks (lien direct) |
Threat actors load credit card skimmers using a known phishing technique called homoglyph attacks.
Categories:
Threat analysis
Tags: credit card skimminghomoglyphInterkitMagecartskimmersskimming
(Read more...)
|
|
|
|
|
2020-08-05 16:35:00 |
Data Accountability and Transparency Act of 2020 looks beyond consent (lien direct) |
The Data Accountability and Transparency Act proposes that, for American consumers, privacy shouldn't be a right you can click away.
Categories:
Privacy
Tags: consentData Accountability and Transparency ActData privacydata privacy lawdata privacy legislationend user license agreementEULAOhioonline privacyonline privacy lawonline privacy legislationSen. Sherron BrownSenator Sherrod BrownSherrod Brown
(Read more...)
|
|
|
|
|
2020-08-04 15:00:00 |
Business email compromise: gunning for goal (lien direct) |
We look at the latest happenings in the world of business email compromise (BEC).
Categories:
Cybercrime
Social engineering
Tags: becbusiness cybersecurityBusiness Email CompromiseCEO scamCFO fraudemailmail
(Read more...)
|
|
|
|
|
2020-08-03 15:30:00 |
Lock and Code S1Ep12: Pinpointing identity and access management\'s future with Chuck Brooks (lien direct) |
|
|
|
|
|
2020-07-31 15:00:00 |
Avoid these PayPal phishing emails (lien direct) |
We cover some recent PayPal phish mails and link to anti-phish resources.
Categories:
Cybercrime
Social engineering
Tags: account is limitedintl-limitedPayPalphishphishingscam
(Read more...)
|
|
|
|
|
2020-07-30 16:55:21 |
Malspam campaign caught using GuLoader after service relaunch (lien direct) |
We discovered a spam campaign distributing GuLoader in the aftermath of the service's relaunch
Categories:
Malware
Threat analysis
Tags: GuLoadermalspammalwarespamstealer
(Read more...)
|
Spam
|
|
|
|
2020-07-29 17:30:00 |
Cloud workload security: Should you worry about it? (lien direct) |
While the cloud workload is growing at a rapid pace, isn't it time to start worrying about securing it?
Categories:
Business
Tags: application layercloudcloud resourcescloud workload securitycontainerizationdatahypervisor layersecure-by-designsecurity orchestration
(Read more...)
|
|
|
|
|
2020-07-28 16:55:59 |
TikTok is being discouraged and the app may be banned (lien direct) |
Companies and organizations are dicouraging their employees to use TikTok, especially on work related devices. Will TikTok face a ban?
Categories:
Privacy
Tags: amazonAustraliabanbytedancechinaindiaprivacyredditsocial mediatiktokusa
(Read more...)
|
|
|
|
|
2020-07-27 15:30:00 |
(Déjà vu) A week in security (July 20 – 26) (lien direct) |
A roundup of cybersecurity news from July 20 – 26, including Deepfakes, Bluetooth technology, and APT groups.
Categories:
A week in security
Tags: a week in securityadvanced persistent threatsAndroidandroid malwareAPTatm attacksawisbitcoinBitcoin hackblackrockblog recapcybersecurity violationsdeepfakeshong kongindiajackpottingphishingransomwarescamsstolen datatwitterweekly blog roundupYouTube scams
(Read more...)
|
|
|
|
|
2020-07-23 15:00:00 |
New Deepfakes using GAN stirs up questions about digital fakery (lien direct) |
We look at the latest splash of synthetic human deepfakes shenanigans working their way into mainstream news in order to cause disruption.
Categories:
Social engineering
Tags: AIarticleblogdeepfakedeepfakesdeepfakes definitionfake newsGANgenerative adversarial networkmisinformationnewsphotoSocial Engineeringstorysynthetic
(Read more...)
|
|
|
|
|
2020-07-22 15:00:00 |
EncroChat system eavesdropped on by law enforcement (lien direct) |
Dutch law enforcement cracked the encryption on EncroChat, a secure messaging platform popular with criminals, and made hundreds of arrests. But is this a dangerous precedent?
Categories:
Hacking
Tags: cryptophoneencrochatencryptionend-to-end encryptionlaw enforcementmalwareotrPGP
(Read more...)
|
|
|
|
|
2020-07-21 15:00:00 |
Chinese APT group targets India and Hong Kong using new variant of MgBot malware (lien direct) |
We uncovered an active campaign in early July that we attribute to a new Chinese APT group attacking India and Hong Kong with MgBot malware.
Categories:
Threat analysis
Tags: APTchinachinese aptgovernment of indiahong kongindialoaderMgBotmgbot malwarestate sponsored cyberattack
(Read more...)
|
Malware
|
|
|
|
2020-07-20 15:30:00 |
Lock and Code S1Ep11: Locating concerns of Bluetooth and beacon technology with Chris Boyd (lien direct) |
This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Chris Boyd, lead malware intelligence analyst for Malwarebytes, about Bluetooth and beacon technology. Last month, cybersecurity experts warned the public about the data collection embedded in the Donald Trump 2020...
Categories:
Podcast
Tags: atlas of surveillanceblackrockcisaconfidential vmsdnsgoldenhelperstalkerwaretwitterwebsite misconfigurations
(Read more...)
|
Malware
Guideline
|
|
|
|
2020-07-17 18:17:18 |
It\'s baaaack: Public cyber enemy Emotet has returned (lien direct) |
Read more...)
|
Spam
|
|
|
|
2020-07-17 15:00:00 |
How exposed are you to cybercrime? (lien direct) |
Passwordmanagers.co measures exposure to cybercrime by weighing risk of cyberattack against an organization's security preparedness. How exposed are you?
Categories:
Cybercrime
Tags: cybercrimecybercrime exposurecybersecurity exposure indexcybersecurity hygieneexposure ratepassword managerpassword managers
(Read more...)
|
|
|
|
|
2020-07-16 17:53:42 |
Coordinated Twitter attack rakes in 100 grand (lien direct) |
In a social engineering attack on Twitter, threat actors managed to scam $100,000 dollars in Bitcoin by taking over high-profile accounts.
Categories:
Social engineering
Tags: 2fabitcoinSocial Engineeringtweetstwitterverified accounts
(Read more...)
|
Threat
|
|
|
|
2020-07-15 15:00:00 |
Website misconfigurations and other errors to avoid (lien direct) |
Website misconfigurations can lead to hacking, malfunction, and worse. We take a look at recent mishaps and advise site owners on how to lock down their platforms.
Categories:
How-tos
Tags: bankbankingblogCMSdnshijackredirectwebsite
(Read more...)
|
Guideline
|
|
|
|
2020-07-14 16:03:43 |
Stalkerware advertising ban by Google a welcome, if incomplete, step (lien direct) |
Google will no longer allow advertising of stalkerware and spyware tools, but a written exception could allow some companies to skirt the rules.
Categories:
Stalkerware
Tags: Coalition Against StalkerwareGoogleGoogle Adsmonitormonitoring appmonitoring appsspywarestalkerware
(Read more...)
|
|
|
|
|
2020-07-13 15:30:09 |
A week in security (July 6 – 12) (lien direct) |
A roundup of cybersecurity news from July 6 – 12, including a look at pre-installed malware on some Android phones, and a Mac malware mystery.
Categories:
A week in security
Tags: Androidawismalwarephishingransomwarescamssecuritysocial mediaweek in security
(Read more...)
|
Malware
|
|
|
|
2020-07-10 18:10:37 |
Threat spotlight: WastedLocker, customized ransomware (lien direct) |
WastedLocker ransomware, attributed to the Russian Evil Corp gang, is such a targeted threat, you might call it a custom-built ransomware family.
Categories:
Threat spotlight
Tags: evil corpRansom.BinADSransomwarewastedwastedlocker
(Read more...)
|
Threat
Ransomware
|
|
|
|
2020-07-08 15:30:00 |
We found yet another phone with pre-installed malware via the Lifeline Assistance program (lien direct) |
We discovered yet another phone model with pre-installed malware provided from the Lifeline Assistance program via Assurance Wireless by Virgin Mobile.
Categories:
Android
Tags: android malwareAndroid/PUP.Riskware.Autoins.FotaAndroid/Trojan.Downloader.WotbyAndroid/Trojan.HiddenAdsMobilemobile malwarepre-installed mobile malware
(Read more...)
|
Malware
|
|
|
|
2020-07-07 17:20:00 |
Mac ThiefQuest malware may not be ransomware after all (lien direct) |
We discovered a new Mac malware, ThiefQuest, that appeared to be ransomware at first glance. However, once we dug in deeper, we found out its true identity-and intention.
Categories:
Mac
Tags: Appledecryptionmacmac antivirusmac malwaremac ransomwaremacOSmalwareransomwarestolen dataThiefQuestviruswiper
(Read more...)
|
Ransomware
Malware
|
|
|
|
2020-07-07 15:30:00 |
Lock and Code S1Ep10: Pulling apart the Internet of Things with JP Taggart (lien direct) |
This week on Lock and Code, we talk to JP Taggart, senior security researcher at Malwarebytes, about the Internet of Things.
Categories:
Podcast
Tags: beaconsbluetoothChromebookchromebook antivirusInternet of ThingsIoTLittle Snitchlock and codelock and code podcastThiefQuest
(Read more...)
|
|
|
|
|
2020-07-06 16:36:50 |
Credit card skimmer targets ASP.NET sites (lien direct) |
This unusual web skimmer campaign goes after sites running Microsoft's IIS servers with an outdated version of the ASP.NET framework.
Categories:
Threat analysis
Tags: ASP.netcredit cardcredit card skimmercredit card skimmingdigital skimmerIISMagecartskimmerweb skimmerweb skimmersweb skimming
(Read more...)
|
|
|
|
|
2020-07-01 17:26:17 |
Do Chromebooks need antivirus protection? (lien direct) |
You may have heard that installing a Chromebook antivirus program is unnecessary. We take a look at the Chromebook's security features and weigh in on whether that's true.
Categories:
Opinion
Tags: Chromebookchromebook antiviruschromebook securitychromebook virus protectionmalware
(Read more...)
|
|
|
|
|
2020-06-30 16:09:35 |
New Mac ransomware spreading through piracy (lien direct) |
We analyze a new Mac ransomware that appears to encrypt user files with a bit of a time delay.
Categories:
Mac
Tags: AbletonAbleton LiveencryptFindzipFindzip ransomwareLittle Snitchmacmac malwareMixed In Keyransomwaretime delay
(Read more...)
|
Ransomware
|
|
|
|
2020-06-30 15:00:00 |
Bluetooth beacons: one free privacy debate with your next order (lien direct) |
We take a look at Bluetooth beacons and their role behind the scenes in many real-world marketing campaigns-whether you're aware of it or not.
Categories:
Privacy
Tags: ARbeaconsbluetooth beacongeofencingmarketingprivacysalesstore
(Read more...)
|
|
|
|