Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2022-11-01 14:00:00 |
Malware on the Google Play store leads to harmful phishing sites (lien direct) |
>Categories: AndroidCategories: NewsA family of malicious apps from developer Mobile apps Group are on Google Play infected with HiddenAds.
(Read more...)
|
Guideline
|
|
|
|
2022-11-01 11:00:00 |
Police warn of fake law enforcement arrest warrant calls (lien direct) |
>Categories: NewsTags: fake
Tags: fraud
Tags: police
Tags: cops
Tags: call
Tags: warrant
Tags: arrest
Tags: payment
We take a look at fake law enforcement calls leading to demands for money from victims.
(Read more...)
|
Guideline
|
|
|
|
2022-10-20 13:00:00 |
Microsoft breach reveals some customer data (lien direct) |
>Categories: NewsTags: Microsoft
Tags: breach
Tags: data
Tags: exposed
Tags: exposure
Tags: endpoint
We take a look at word of accidental data exposure leading to a reveal of Microsoft customer data.
(Read more...)
|
Guideline
|
|
|
|
2022-10-05 22:45:00 |
Admin from hell facing 10 years for sabotaging ex-employer\'s network (lien direct) |
>Categories: NewsTags: hire
Tags: hiring
Tags: rehire
Tags: insider threat
Tags: ex-employee
Tags: logins
Tags: network
Tags: FBI
Failing to keep a tight reign on ex-employees' credentials can lead to all manner of chaos.
(Read more...)
|
Guideline
|
|
|
|
2022-10-05 15:45:00 |
Bogus job offers hide trojanised open-source software (lien direct) |
>Categories: NewsTags: malware
Tags: ZINC
Tags: microsoft
Tags: infection
Tags: C&C
Tags: open source
Tags: job offer
Tags: fake
Tags: LinkedIn
A North Korean ZINC group is accused of creating compromised versions of KiTTY, PuTTY, TightVNC, and other popular open-source software apps
(Read more...)
|
Guideline
Medical
|
APT 38
|
|
|
2022-09-23 18:00:00 |
Malwarebytes recognized as endpoint security leader by G2 (lien direct) |
>Categories: BusinessG2 has released their Fall 2022 reports, ranking Malwarebytes as the leader across a number of endpoint protection categories based on factual customer reviews.
(Read more...)
|
Guideline
|
|
|
|
2022-09-21 13:15:00 |
Vulnerable children\'s identities used in tax fraud scheme (lien direct) |
>Categories: NewsCategories: ScamsA ringleader of a tax fraud business has been sentenced to 12 years, and fined for stealing and using children's data.
(Read more...)
|
Guideline
|
|
|
|
2022-08-22 17:00:00 |
Reddit users crowdsourcing explicit images and identities (lien direct) |
>Categories: NewsTags: stolen images
Tags: explicit
Tags: theft
Tags: compromise
Tags: blackmail
Tags: threats
Tags: reddit
Tags: video
We look at a report highlighting how explicit images are being shared without permission, and how this often leads to additional harassment.
(Read more...)
|
Guideline
|
|
|
|
2022-08-09 16:00:00 |
Summer of exploitation leads to healthcare under fire (lien direct) |
>Categories: NewsCategories: Threat IntelligenceTags: Healthcare
Tags: Medical
Read about trends in cyberattacks in the Healthcare and Medical industry, as well as our recommendations for helping to secure your healthcare organization.
(Read more...)
|
Guideline
|
|
|
|
2022-07-18 12:51:46 |
Extortionists target restaurants, demand money to take down bad reviews (lien direct) |
We take a look at reports of organised review bombing, leading to extortion threats to get the negative ratings removed.
|
Guideline
|
|
|
|
2022-06-20 13:59:17 |
DDoS-for-hire service provider jailed (lien direct) |
>Matthew Gatrel has been found guilty of three counts of computer-related crime. His partner in crime, Juan "Severon" Martinez, pleaded guilty before the trial.
|
Guideline
|
|
|
|
2022-05-16 11:54:12 |
Fake reCAPTCHA forms dupe users via compromised WordPress sites (lien direct) |
>Threat actors have launched a new campaign that starts with compromised WordPress sites and leads to fake reCAPTCHA sites designed to get visitors to accept web push notifications.
|
Guideline
|
|
|
|
2020-12-22 14:04:00 |
Beware: not so festive social media scams (lien direct) |
Social networks are rife with scams leading up to Christmas. We shine a light on some of the worst offenders.
Categories: CybercrimePrivacy
Tags: fakescamscammersSocial Engineeringsocial networks
(Read more...)
|
Guideline
|
|
|
|
2020-12-16 19:42:50 |
Likely lead generation scam targets potential Malwarebytes MSP partners (lien direct) |
A likely lead generation scam has been hitting potential Malwarebytes MSP partners, as fraudsters flood unsuspecting victims with repeated calls.
Categories: Scams
Tags: lead generationlead generation scamMalwarebytesMalwarebytes MSP ProgramMSPMSP ProgramscamUS Federal Trade CommissionUS FTC
(Read more...)
|
Guideline
|
|
|
|
2020-11-23 15:00:00 |
Lock and Code S1Ep20: Tracking the charities that track you online with Chris Boyd (lien direct) |
This week on Lock and Code, we talk to Chris Boyd, lead malware intelligence analyst for Malwarebytes, about charity organizations and online ad tracking.
Categories: Podcast
Tags: capcomcharitiescharitycharity organizationsChris KrebsdarksideFacebook MessengerforecastfunnydreamIoTMalsmokeonline ad trackingonline advertisement trackingonline advertisingplutonreal time biddingRTBwebnavigatorweek in security
(Read more...)
|
Malware
Guideline
|
|
|
|
2020-10-08 15:30:00 |
Healthcare security update: death by ransomware, what\'s next? (lien direct) |
Read more...)
|
Ransomware
Guideline
|
|
|
|
2020-09-21 16:16:34 |
A week in security (September 14 – 20) (lien direct) |
A round up of cybersecurity news from September 14 – 20, including the Zerologon exploit, BLURtooth vulnerability, APT41, and phishing scams.
Categories:
A week in security
Tags: apt41blurtoothcharitiesChinesechrome extensionsdanny palmerDDos attackdomain name abusefintechransomwaretax scamus department of the interiorweb-phishingzerologon
(Read more...)
|
Guideline
|
APT 41
|
|
|
2020-07-20 15:30:00 |
Lock and Code S1Ep11: Locating concerns of Bluetooth and beacon technology with Chris Boyd (lien direct) |
This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Chris Boyd, lead malware intelligence analyst for Malwarebytes, about Bluetooth and beacon technology. Last month, cybersecurity experts warned the public about the data collection embedded in the Donald Trump 2020...
Categories:
Podcast
Tags: atlas of surveillanceblackrockcisaconfidential vmsdnsgoldenhelperstalkerwaretwitterwebsite misconfigurations
(Read more...)
|
Malware
Guideline
|
|
|
|
2020-07-15 15:00:00 |
Website misconfigurations and other errors to avoid (lien direct) |
Website misconfigurations can lead to hacking, malfunction, and worse. We take a look at recent mishaps and advise site owners on how to lock down their platforms.
Categories:
How-tos
Tags: bankbankingblogCMSdnshijackredirectwebsite
(Read more...)
|
Guideline
|
|
|
|
2020-06-01 15:00:00 |
Coronavirus campaigns lead to surge in malware threats, Labs report finds (lien direct) |
Our latest, special edition for our quarterly CTNT report focuses on recent, increased malware threats which all have one, big thing in common-using coronavirus as a lure.
Categories:
Cybercrime
Malware
Reports
Scams
Social engineering
Threat analysis
Tags: Attack on home baseavemariaAZORultcoronaviruscovid-19CTNTCTNT reportcybercrime tactics & techniquescybercrime tactics and techniquesdanabotLokiBotMalwarebytesmalwarebytes labsnetwiredRCphishingphishing scamUNICEF
(Read more...)
|
Malware
Guideline
|
|
|
|
2020-04-08 16:00:32 |
Online credit card skimming increased by 26 percent in March (lien direct) |
Criminals are known to take advantage of events that capture people’s attention. This is true for any kind of attack that relies on social engineering, such as the phishing emails exploiting the Covid-19 pandemic. Certain events such as the current crisis not only get the attention of threat actors but they also lead to changes...
Categories:
Cybercrime
Tags: coronaviruscoviMagecartshoppingskimmersskimming
(Read more...)
|
Threat
Guideline
|
|
|
|
2020-02-19 17:21:08 |
Rudy Giuliani\'s Twitter mishaps invite typosquatters and scammers (lien direct) |
|
Guideline
|
|
|
|
2020-02-14 17:32:10 |
Misleading cybersecurity lessons from pop culture: how Hollywood teaches to hack (lien direct) |
We take a look at some of the most famous (or infamous) hacking scenes from TV and movies and the cybersecurity lessons, if any, we can learn from them.
Categories:
Awareness
Tags: black hatscybercrimecybercrime in the moviescybercrime on TVcybersecuritycybersecurity awarenesshackhackershackinghacking movieshacking TV showsHollywoodjurassic parkmr. robotNCISpop cultureswordfishthe flashthe matrixwhite hats
(Read more...)
|
Hack
Guideline
|
|
★★
|
|
2020-01-17 18:58:47 |
Business in the front, party in the back: backdoors in elastic servers expose private data (lien direct) |
It's all too easy to discover data leaks online, especially in cloud services. We take a look at misconfigurations in elastic servers that lead to exposed data on the Internet.
Categories:
Threat spotlight
Tags: awsAWS bucketscloud databasecloud databasescloud infrastructureelastic databaseselastic serversinsecure cloudpacspersonally identifiable informationport 9200
(Read more...)
|
Guideline
|
|
|
|
2019-08-05 15:00:00 |
How brain-machine interface (BMI) technology could create an Internet of Thoughts (lien direct) |
Several companies are developing brain-machine interface (BMI) technologies for medical applications in the near future. Will this lead to connecting the human brain to the cloud, creating an Internet of Thoughts? Or will practical, ethical, and security concerns stop progress.
Categories:
Artificial Intelligence
Tags: AIb/cibmibrainbrain-machine interfacechipsexoskeletonhuman brain/cloud interfaceIBMIntelinternet of thoughtsneural networksneuralnanoroboticsNeurolinkneuromorphic designneuromorphic engineeringneuroscienceSamsung
(Read more...)
|
Guideline
|
|
|
|
2019-07-17 14:17:02 |
Compromising vital infrastructure: problems in education security continue (lien direct) |
While educational organizations lack funding they are high on the target lists of cybercriminals. Does one fact lead to another?
Categories:
Vital infrastructure
Tags: educationfundingmalwarevital infrastructure
(Read more...)
|
Guideline
|
|
|
|
2019-06-27 16:14:03 |
Fake jquery campaign leads to malvertising and ad fraud schemes (lien direct) |
We look for answers in a long-running and yet mysterious malware campaign that has compromised thousands of websites to date.
Categories:
Threat analysis
Tags: ad fraudAndroidAPKfake jquerymalvertisingtraffic
(Read more...)
|
Malware
Guideline
|
|
|
|
2019-05-24 18:05:02 |
Medical industry struggles with PACS data leaks (lien direct) |
PACS servers are often used to store and transmit patient data. But how is their security implemented? We take a look at case of how poor setup can easily lead to data leaks.
Categories:
Threat analysis
Tags: %USERNAME%datadata leaksData privacydefault credentialshealthcare securitymedical industrymedical recordsPACS serverspasswordspatient dataservers
(Read more...)
|
Guideline
|
|
|
|
2019-04-01 15:00:00 |
Compromising vital infrastructure: water management (lien direct) |
Water management is an essential part of our infrastructure. Loss of it can lead to service outages, diseases, and famine. So the cybersecurity should be top notch.
Categories:
Business
Security world
Tags: awwabyodcity of atlantacrashoverrideemotetinsider threatsransomwarescadastuxnetvital infrastructurewater managementwater plants
(Read more...)
|
Guideline
|
|
|
|
2019-03-26 15:00:00 |
Plugin vulnerabilities exploited in traffic monetization schemes (lien direct) |
The latest round of vulnerable WordPress plugins leads to an active traffic monetization campaign via hacked websites.
Categories:
Criminals
Threat analysis
Tags: ad fraudEasy WP STMPhackedmalvertisingpluginsscamsskimmerSocial WarfaretrafficWordPress GDPR
(Read more...)
|
Guideline
|
|
|
|
2018-11-21 16:00:04 |
Are Deepfakes coming to a scam near you? (lien direct) |
Deepfake is a machine learning technique that is capable of perfect imitations of facial expressions in videos. Will adding voice imitations to them lead to the perfect scam?
Categories:
Social engineering
Technology
Tags: AIceo fraudcoinminersdeep fakedeep learningdeepfakedeepfakesmachine learningscam
(Read more...)
|
Guideline
|
|
|
|
2018-09-20 17:42:04 |
Mass WordPress compromises redirect to tech support scams (lien direct) |
Thousands of WordPress sites have been injected with the same malicious redirection. We review the infection details and the malicious traffic leading to browser lockers.
Categories:
Social engineering
Threat analysis
Tags: bitcoinBitcoin CodebrowlockIndicators of compromiseinjectionsJavaScripttech support scamsTSSwordpressZues
(Read more...)
|
Guideline
|
|
|
|
2018-05-31 15:00:00 |
Instagram story spam claims free Apple Watch (lien direct) |
We take a look at Instagram story spam leading to a "free Apple Watch" giveaway on a recently compromised celebrity account.
Categories:
Social engineering
Threat analysis
Tags: Apple WatchInstagramscamsocial mediasocial networkspamsurveysurveys
(Read more...)
|
Guideline
|
|
|
|
2018-04-04 15:00:05 |
LockCrypt ransomware: weakness in code can lead to recovery (lien direct) |
A lesser-known variant called LockCrypt ransomware has been creeping around under the radar since June 2017. We take a look inside its code and expose its flaws.
Categories:
Malware
Threat analysis
Tags: LockCryptLockCrypt ransomwareransomware
(Read more...)
|
Guideline
|
|
|
|
2018-02-27 18:56:04 |
Human Factor Podcast: Jenny Radcliffe and Chris Boyd (lien direct) |
Hear Lead Malware Intelligence Analyst Chris Boyd talk about 10 years of experience in security and research on the Human Factor podcast hosted by Jenny Radcliffe.
Categories:
101
FYI
Tags: human factor podcastjenny radcliffemany hats clubpodcastrecording
(Read more...)
|
Guideline
|
|
|
|
2018-01-30 16:35:05 |
Stolen security logos used to falsely endorse PUPs (lien direct) |
To gain the trust of users, the makers of PUPs put the logos of reputable security and tech firms on their websites to imply their product is endorsed by the companies. They are not.
Categories:
101
Social engineering
Tags: logosMcAfeemicrosoftmisleadingnortonPieter ArntzPUPs
(Read more...)
|
Guideline
|
|
|
|
2017-09-13 16:27:50 |
Multiple flaws found in smart syringe pump (lien direct) |
As more life-saving medical devices are capable of connecting to the internet, the potential threat of malicious hacking leading to physical bodily harm becomes more real. An independent researcher recently found multiple vulnerabilities plaguing a particular syringe pump. ICS-CERT offers several defensive measures.
Categories:
Security world
Technology
Tags: IoTiot threatsMedfusion 4000 Wireless Syringe Infusion Pumpmedical devicemedical device threatsmart syringe pumpsyringe pump vulnerability
(Read more...)
|
Guideline
|
|
|
|
2017-06-09 14:00:36 |
Please stop posting your X-rays to social media (lien direct) |
Many people post unredacted medical images to Twitter and Instagram. They shouldn't because the details included on the image often can compromise personal identity online and in rare instances, lead to a possible attack on an exposed piece of medical IT infrastructure.
Categories:
Cybercrime
Privacy
Tags: doxxinghackinghealth recordsmedical recordsMRIprivacySocial Engineeringsocial mediaX-Ray
(Read more...)
|
Guideline
|
|
|
|
2017-03-03 16:00:07 |
Free antivirus coupon leads to tech support scam (lien direct) |
Yet another trick to watch out for with this free antivirus offer that misleads you into calling tech support scammers.
Categories:
Social engineering
Threat analysis
Tags: antiviruscouponGoogle ChromeMcAfeenortontech support scamTSS
(Read more...)
|
Guideline
|
|
|
|
2017-01-12 16:00:10 |
More phishy sponsored tweets (lien direct) |
Watch out: sponsored Tweets leading to phishing pages are doing the rounds once more. We take a look at the latest phishing scam being pushed to unsuspecting Twitter users, and show how the scammers are after a double-whammy of login credentials and credit card information.Categories:
Cybercrime
Social engineeringTags: phishphishingscamscammerssponsoredtweettwitter(Read more...) |
Guideline
|
|
|
|
2016-12-19 19:00:34 |
Scam as a service 2: the B team (lien direct) |
Interest in Tor based threats is increasing to the extent that some vendors will scoop up all activity they find on Tor and provide you a nice front end to search through it at your leisure. This might lead the casual observer to assume that the darkness is a one stop shop for cyber threats, but criminals existed on the internet prior to Tor, and still do quite well for themselves without it. In fact, bad guys with good OPSEC tend to be the exception, rather than the rule. So let's take a quick look at some unpleasant stuff and the nadir of bad OPSEC, Facebook.Categories:
Cybercrime
Privacy
Social engineeringTags: darknetfacebookscamsocial mediatech supporttech support scam(Read more...) |
Guideline
|
|
|
|
2016-12-15 19:00:45 |
Tech support scams, stolen data, and botnets (lien direct) |
We've found a scam in a box company that also offers intelligence leads. That is, they'll sell you the scam and point you at the most vulnerable targets first.Categories:
Criminals
Threat analysisTags: botnetBPO Experts GlobalBPOreseroucesDellscams as a servicetech supporttech support scamTSSwinlogon(Read more...) |
Guideline
|
|
|
|
2016-10-31 09:00:40 |
Promoted Tweet leads to credit card phishing (lien direct) |
There's been a bit of an issue with promoted Tweets on Twitter in the last few days - well, one specific promoted Tweet at any rate - in the form of a rogue phish asking for login credentials and payment information. We take a look at what the scammers have been up to, and how this scam could end up being quite successful for those involved...
Categories:
Cybercrime
Social engineeringTags: phishphishingscamtwitter(Read more...) |
Guideline
|
|
|
|
2016-10-07 21:10:11 |
PUP Friday: Let\'s talk generic (lien direct) |
|
Guideline
|
|
|