Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2020-06-29 16:25:48 |
A week in security (June 22 – 28) (lien direct) |
A roundup of cybersecurity news from June 22 – 28, inlcuding a zero day guide, tax season tips, and web skimmers using image files.
Categories:
A week in security
Tags: BlueLeaksGoogleIBMimage filesLuciferNephilimnvidiapasswordsPPS DDOSSodinokibitax seasonTik-Toktwitterweb skimmerzero-day guide
(Read more...)
|
|
|
|
|
2020-06-26 17:24:27 |
The face of tomorrow\'s cybercrime: Deepfake ransomware explained (lien direct) |
Read more...)
|
Ransomware
|
|
|
|
2020-06-25 17:28:12 |
Web skimmer hides within EXIF metadata, exfiltrates credit cards via image files (lien direct) |
This credit card skimmer hides in plain sight, quite literally, as it resides inside the metadata of image files.
Categories:
Threat analysis
Tags: EXIFMagecartmetadataskimmersskimming
(Read more...)
|
|
|
|
|
2020-06-24 14:30:00 |
Coughing in the face of scammers: security tips for the 2020 tax season (lien direct) |
In spite of everything happening in the world, taxes are due in the US. Here are some tips to protect your personal info during this unusually taxing tax season.
Categories:
How-tos
Tags: 2019 taxes2020 tax seasoncoronaviruscoronavirus tax seasoncovid-19cybersecurity awarenesspandemictax ID fraudtax identity theft
(Read more...)
|
|
|
|
|
2020-06-23 15:00:00 |
A zero-day guide for 2020: Recent attacks and advanced preventive techniques (lien direct) |
Zero-day vulnerabilities-and their potential, related attacks-can drive any security team mad. Here's how you can bulk up your defenses.
Categories:
Exploits and vulnerabilities
Tags: artificial intelligenceEDRendpoint detection and responseInternet ExplorerIP securitymachine learningmicrosoftzero dayzero day exploitzero-dayzero-day vulnerability
(Read more...)
|
|
|
|
|
2020-06-22 15:00:00 |
Lock and Code S1Ep9: Strengthening and forgetting passwords with Matt Davey and Kyle Swank (lien direct) |
On Lock and Code, we talk to Matt Davey and Kyle Swank of 1Password about secure passwords, alternatives to passwords, and the future-and potential death-of passwords.
Categories:
A week in security
Tags: a week in securityawiscastinginfoseclock & codelock and codepodcast
(Read more...)
|
|
|
|
|
2020-06-18 15:30:00 |
Facial recognition: tech giants take a step back (lien direct) |
Some of the big players in the field of facial recognition announced they will not provide their technology to law enforcement while there is no governing law.
Categories:
Artificial Intelligence
Privacy
Tags: ACLUAIamazonbiometricsEFFfacial recognitionIBMlaw enforcementmicrosoftMLPII
(Read more...)
|
|
|
|
|
2020-06-17 17:30:00 |
Multi-stage APT attack drops Cobalt Strike using Malleable C2 feature (lien direct) |
A newly discovered APT spear-phishing attack implements several evasion techniques to drop Cobalt Strike toolkit.
Categories:
Malware
Threat analysis
Tags: APTC2cobalt strikeMalleable C2
(Read more...)
|
|
|
|
|
2020-06-17 15:30:00 |
End of line: supporting IoT in the home (lien direct) |
Warranties which may not warranty, certificates which might fail to certify, lifespans which don't match the length of cover promised. This could be IoT.
Categories:
Cybercrime
Privacy
Tags: advertisementappappliancefridgeguaranteehomeInternet of ThingsIoTlawslegalnetflixprivacyrokutrackingtvupdatewarranty
(Read more...)
|
|
|
|
|
2020-06-16 15:30:00 |
VPNs: should you use them? (lien direct) |
We've been getting questions about VPNs that are more advanced than before. It isn't so much what a VPN is, as it is whether people should use them.
Categories:
Privacy
Tags: fail closefail openinternet service providerISPkill switchpeer-to-peerrouterthrottlevirtual private networkvirtual private networksvpnVPNs
(Read more...)
|
|
|
|
|
2020-06-15 15:30:00 |
(Déjà vu) A week in security (June 8 – 14) (lien direct) |
A roundup of news and blog posts from the week of June 8 - 14, including the Honda ransomware attack, search hijackers, and what to look for in an RMM platform.
Categories:
A week in security
Tags: Babylon Healthbanking appBraveBrave browsercovid-19data breachEnel ransomwarefacebookfake gift cardhealthcare app data breachHonda ransomwaremanaged service providersMSPparetologicprivacyransomwareRMMRMM platformSnake ransomwareSpeedyPCtwitterwhatsapp
(Read more...)
|
Ransomware
|
|
|
|
2020-06-11 15:30:00 |
Search hijackers change Chrome policy to remote administration (lien direct) |
Search hijackers are always looking for ways to get and stay installed. Here is one that changed a Chrome policy and set it to remote administration.
Categories:
Threat spotlight
Tags: capitachrome policieschrome policyextensioninstallforcelistmanaged by your organizationmanaged outside of chromemazypolicy changesearch hijackersearchspace
(Read more...)
|
|
|
|
|
2020-06-10 15:30:00 |
MSPs, know what you\'re really looking for in an RMM platform (lien direct) |
Read more...)
|
Ransomware
|
|
|
|
2020-06-10 03:53:20 |
Honda and Enel impacted by cyber attack suspected to be ransomware (lien direct) |
Car manufacturer Honda has been hit by a cyber attack, according to a report published by the BBC, and later confirmed by the company in a tweet. Another similar attack, also disclosed on Twitter, hit Edesur S.A., one of the companies belonging to Enel Argentina which operates in the business of energy distribution in the...
Categories:
Ransomware
Threat analysis
Tags: ekansenelhondaransomwareSnake
(Read more...)
|
Ransomware
|
|
|
|
2020-06-09 15:00:00 |
ParetoLogic facing complaint of alleged wrongdoing (lien direct) |
After Revenuewire settled with the FTC, its sister company ParetoLogic has to appear in court. They are sued in a US class-action by a disgruntled customer.
Categories:
Tech support scams
Tags: paretologicregistry cleanerrevenuewiresystem optimizertech support scamtech support scammers
(Read more...)
|
|
|
|
|
2020-06-08 15:31:22 |
Lock and Code S1Ep8: Securely working from home (WFH) with John Donovan and Adam Kujawa (lien direct) |
On Lock and Code, we talk to Malwarebytes head of security John Donovan, Malwarebytes Labs director Adam Kujawa about securely working from home (WFH).
Categories:
Podcast
Tags: cloud data breachcontact tracingcoronavirusdata modificationgame savesHigaisalnk attackmongoliasecureshelter in placeSign in with AppleSodinokibiteaching from homevoice message phishingWFH
(Read more...)
|
|
|
|
|
2020-06-04 15:30:22 |
Sodinokibi ransomware gang auctions off stolen data (lien direct) |
The Sodinokibi ransomware operators have opened an auction site to sell the stolen data of their victims to the highest bidder.
Categories:
Ransomware
Tags: auctionhappy blogransomransomwareSodinokibi
(Read more...)
|
Ransomware
|
|
|
|
2020-06-04 15:00:00 |
New LNK attack tied to Higaisa APT discovered (lien direct) |
We describe a new spearphishing campaign tied to the potential North Korean Higaisa APT group.
Categories:
Malware
Threat analysis
Tags: APTHigaisakoreaLNKPlugXrat
(Read more...)
|
|
|
|
|
2020-06-03 17:00:00 |
Teaching from home might become part of every teachers\' job description (lien direct) |
Read more...)
|
|
|
|
|
2020-06-03 15:00:00 |
A brief history of video game saves and data modification (lien direct) |
We look at a history of saving game data in video games, and how it usually provides modders and hackers with the best chance of tampering with game data.
Categories:
Cybercrime
Hacking
Tags: animal crossinggamingnintendo switchsave gamesvideo gamesvideogames
(Read more...)
|
|
|
|
|
2020-06-01 15:00:00 |
Coronavirus campaigns lead to surge in malware threats, Labs report finds (lien direct) |
Our latest, special edition for our quarterly CTNT report focuses on recent, increased malware threats which all have one, big thing in common-using coronavirus as a lure.
Categories:
Cybercrime
Malware
Reports
Scams
Social engineering
Threat analysis
Tags: Attack on home baseavemariaAZORultcoronaviruscovid-19CTNTCTNT reportcybercrime tactics & techniquescybercrime tactics and techniquesdanabotLokiBotMalwarebytesmalwarebytes labsnetwiredRCphishingphishing scamUNICEF
(Read more...)
|
Malware
Guideline
|
|
|
|
2020-06-01 14:30:13 |
(Déjà vu) A week in security (May 25 – 31) (lien direct) |
A roundup of news and blog posts from the week of May 25 - 31
Categories:
A week in security
Tags: awiscybrsecurityfakefake newsfraudmalwarenewspandemicroundupscamweek in security
(Read more...)
|
|
|
|
|
2020-05-29 15:00:00 |
Maze: the ransomware that introduced an extra twist (lien direct) |
Maze ransomware attacks featured the first group of cyber-criminals to add the threat of publishing exfiltrated data to the ransomware business model
Categories:
Threat spotlight
Tags: dataFalloutMazepulseransomwareSpelevovpn
(Read more...)
|
Threat
Ransomware
|
|
|
|
2020-05-28 15:15:00 |
The best test for an EDR solution is one that works for you (lien direct) |
Since its inception, the endpoint detection and response (EDR) market has evolved rapidly with new innovations to better address the cyber landscape and meet customers' needs for an effective and simple solution that just works. But finding something that just works means something quite different for every business, depending on their size, security expertise, and requirements.
Categories:
Awareness
Explained
Opinion
Security world
Tags: alert fatigueautomationCapterracomprehensive securitydetectiondetection and responseEDREDR platformsedr testingendpoint detection and responseendpoint detection and response testingG2CrowdGartnerGartner Peer Insightsproactive protection
(Read more...)
|
|
|
|
|
2020-05-27 15:00:32 |
Coalition Against Stalkerware bulks up global membership (lien direct) |
The Coalition Against Stalkerware brought aboard 11 new organizations to address the potentially dangerous capabilities of stalkerware.
Categories:
Stalkerware
Tags: Anonyome LabsAppEsteem Corporationbff Bundesverband Frauenberatungsstellen und FrauennotrufeCentre Hubertine AuclertCoalition Against StalkerwareCommonwealth Peoples' Association of UgandaCommunity Overcoming Relationship AbuseCopperheadcoronavirusCorrataCyber Peace Foundationdomestic abusedomestic violenceF-SecureIllinois Stalking Advocacy CenterMalwarebytesmonitormonitoring applicationsmonitoring appsSPARCspywarestalkerware
(Read more...)
|
|
Uber
|
|
|
2020-05-26 15:27:00 |
Lock and Code S1Ep7: Sounding the trumpet on web browser privacy with Pieter Arntz (lien direct) |
This week on Lock and Code, we talk to Pieter Arntz about web browser privacy-an often neglected subcategory of data privacy.
Categories:
Malwarebytes news
Podcast
Tags: Android spywarebecbest MSP practicesBusiness Email CompromisecoronavirusDark Webdating appsfacial recognitionhackinginfodemiclock and codelock and code podcastMagecartMagecart mythsmanaged service providersMandrakeMSPmythsNorfundscammingsilent nightzbotZloader
(Read more...)
|
|
|
|
|
2020-05-21 15:00:00 |
Shining a light on “Silent Night” Zloader/Zbot (lien direct) |
The latest Malwarebytes Threat Intel report focuses on Silent Night, a new banking Trojan recently tracked as Zloader/Zbot.
Categories:
Malware
Threat analysis
Tags: banking Trojanbanking TrojansHYASsilent nightterdotzbotZeusZloader
(Read more...)
|
Threat
|
|
|
|
2020-05-20 15:15:00 |
10 best practices for MSPs to secure their clients and themselves from ransomware (lien direct) |
For MSPs, securing themselves from ransomware is just as much a practice in securing clients. See how to save data-and money-with these best practices.
Categories:
How-tos
Tags: account managementB2Bbackupbackupsbest MSP practicescredential managementcrisis of credibilityemployee educationinsider threatsmanaged service providersmfaMSPmulti-factor authenticationnetwork segmentationpassword managementpatch managementphishingransomwaresecurity hygienevirtual private networksvpn
(Read more...)
|
Ransomware
|
|
|
|
2020-05-19 15:15:00 |
When the coronavirus infodemic strikes (lien direct) |
What are the biggest social media platforms doing to combat the rise in COVID-19 conspiracy theories spreading online?
Categories:
Scams
Tags: archiveconspiracy theoriesconspiracy theorycoronaviruscovid-19facebookinfodemicscamssocial mediaspamtiktoktwittervideosyoutube
(Read more...)
|
|
|
|
|
2020-05-18 15:28:43 |
A week in security (May 11 – May 17) (lien direct) |
A roundup of the previous week's security news, including attacks at MobiFriends, Cognizant, WeLeakData, and Magellan Health plus more news.
Categories:
A week in security
Tags: air-gappedcognizantearn it actmagellan healthmobifriendsNorth Koreaprintdemonthunderboltweleakdata
(Read more...)
|
|
|
|
|
2020-05-14 15:30:24 |
Sodinokibi drops greatest hits collection, and crime is the secret ingredient (lien direct) |
A major legal firm has been attacked by the Sodinokibi gang. What happened?
Categories:
Cybercrime
Hacking
Tags: lady gagalegalmadonnamalwaremusicransomwaresodinokibi ransomware
(Read more...)
|
|
|
|
|
2020-05-13 15:30:00 |
How CVSS works: characterizing and scoring vulnerabilities (lien direct) |
CVSS, or Common Vulnerability Scoring System, provides developers, testers, and security professionals with a standardized process to assess vulnerabilities.
Categories:
Malwarebytes news
Tags: attack complexityattack vectorbug bountycommon vulnerability scoring systemCVSSCVSS 3.1FIRSTForum of Incident Response and Security Teamsprivileges requiredsoftware vulnerabilitystandardizationuser interaction (UI)vulnerabilitiesvulnerability
(Read more...)
|
Vulnerability
|
|
|
|
2020-05-12 15:30:00 |
RevenueWire to pay $6.7 million to settle FTC charges (lien direct) |
The FTC filed a complaint against payment provider RevenueWire and its CEO for laundering credit card payments and facilitating and assisting in fraud.
Categories:
Tech support scams
Tags: browlockfake online scannersfraudFTCpayment providerrevenuewirescammersscamstech support
(Read more...)
|
|
|
|
|
2020-05-11 15:15:30 |
Lock and Code S1Ep6: Recognizing facial recognition\'s flaws with Chris Boyd (lien direct) |
Read more...)
|
|
|
|
|
2020-05-07 15:15:00 |
Data privacy law updates eyed by Singapore (lien direct) |
Data privacy updates-including data portability and a data breach notification requirement-are being considered by Singapore's government.
Categories:
Malwarebytes news
Privacy
Tags: CaliforniaCalifornia Consumer Privacy Actdata breach notificationdata breach notification lawdata breach notification requirementdata portabilitydata privacy lawdata privacy lawsdata privacy legislationEUEuropean UniongdprGeneral Data Protection RegulationPDPAPDPCPersonal Data Protection ActPersonal Data Protection Commissionsingapore
(Read more...)
|
Data Breach
|
|
|
|
2020-05-06 15:59:36 |
New Mac variant of Lazarus Dacls RAT distributed via Trojanized 2FA app (lien direct) |
The Lazarus group improves their toolset with a new RAT specifically designed for the Mac.
Categories:
Mac
Malware
Threat analysis
Tags: APTDaclsLazarusmacmalwarerattinkaOTP
(Read more...)
|
Medical
|
APT 38
|
|
|
2020-05-06 15:15:00 |
Credit card skimmer masquerades as favicon (lien direct) |
Criminals register fake domain to hide their web skimmer as an innocuous image file.
Categories:
Threat analysis
Tags: ants and cockroachcredit carcredit card skimmerfaviconMagecartmagentoskimmer
(Read more...)
|
|
|
|
|
2020-05-05 15:15:00 |
Explained: cloud-delivered security (lien direct) |
What is cloud delivered security aka security as a service? Is it something that can benefit your organization? There's a good chance that it might.
Categories:
Explained
Tags: cloudiaasidentity managementMSPpaassaassmaller businesses
(Read more...)
|
|
|
|
|
2020-05-04 15:17:37 |
(Déjà vu) A week in security (April 27 – May 3) (lien direct) |
A roundup of the previous week's security news, including cloud data protection, Troldesh, VPNs, the cybercrime economy, and more.
Categories:
Malwarebytes news
Tags: AppleAPTawisbluetoothbluetooth attackBluetooth vulnerabilitiesCivicSmartcloud securitycoronaviruscovid-19hackedhospitalsJITjust in timeoceanlotuspandemic survival bookPhantomLancephishing scamransomwarerecapscadaSMBTroldesh ransomwarevpnweekly blog roundupzoomzoom phishing
(Read more...)
|
|
APT 32
|
|
|
2020-05-01 15:30:00 |
What to do when you receive an extortion e-mail (lien direct) |
xtortion e-mails are nothing new, but with the recent increase in frequency, many people are looking for guidance. If you have received such an e-mail message and want to know how you should respond, you're in the right place. Read on!
Categories:
Malwarebytes news
Tags: 2faBitcoin sextortionextortiononline extortionpassphrasepassword managerpassword managerssextortionsextortion emailsextortion scamstwo factortwo-factor authentication
(Read more...)
|
|
|
|
|
2020-04-30 15:11:45 |
Cybersecurity and the economy: when recession strikes (lien direct) |
Could a recession brought on by the current COVID-19 pandemic cause an increase in cybercrime? Did cybercrime increase during the recession of 2009? Or is this just too complex a subject to pin down one way or the other?
Categories:
Cybercrime
Privacy
Tags: 2008 financial crisis20092009 financial crisis2020coronaviruscovid-19cybercrimedepressionmalwarerecession
(Read more...)
|
|
|
|
|
2020-04-29 15:15:00 |
VPNs are mainstream, which is good news (lien direct) |
According to a recent report, the use of virtual private networks (VPNs) has been on a steady growth since 2017. During this coronavirus season, that growth has been palpable-but also unavoidable. Let's dive in and see what the numbers tell us.
Categories:
Privacy
Tags: covid-19data retention lawdragnet lawGlobalWebIndexmotivations for VPN usageSleepwetThe Global VPN Usage Report 2020Top10VPNvirtual private networksVPNs
(Read more...)
|
|
|
|
|
2020-04-28 17:08:32 |
Threat actors release Troldesh decryption keys (lien direct) |
On GitHub a user called shade-team released hundreds of thousands of Troldesh decryption keys. Can victims of the ransomware safely use them to decrypt their files?
Categories:
Ransomware
Tags: decryption keysno more ransomshade-teamTroldesh
(Read more...)
|
Threat
Ransomware
|
|
|
|
2020-04-28 15:15:00 |
Switching from a “Just in Time” delivery system should include planning ahead (lien direct) |
Imminent changes in the software organizations are using will come with security implications. How can organizations prepare for the future?
Categories:
Security world
Tags: JITjust in timesdpsoftware changesoftware defined perimeterzero trust
(Read more...)
|
|
|
|
|
2020-04-27 18:05:00 |
Cloud data protection: how to secure what you store in the cloud (lien direct) |
With robust security measures and a healthy dose of general internet safety guidelines, cloud storage can be as secure as any other option on the market.
Categories:
How-tos
Tags: cloudcloud datacloud data protectioncloud securitycloud storagecloud usageData privacydata securitythe cloud
(Read more...)
|
|
|
|
|
2020-04-27 15:00:00 |
Lock and Code S1Ep5: Mythbusting and understanding VPNs with JP Taggart (lien direct) |
This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to JP Taggart, senior security researcher at Malwarebytes, about VPNs-debunking their myths, explaining their actual capabilities, and providing some advice on what makes a strong VPN.
Categories:
A week in security
Tags: android trojanbiometricsbotsiOS mail buglock and codelock and code podcastLock and Code S01E05Lock and Code S1Ep5Malwarebytes Privacyonline privacyOpenSSLprivacysmart hubsVivaldivpnVPNs
(Read more...)
|
|
|
|
|
2020-04-23 12:00:00 |
Introducing Malwarebytes Privacy (lien direct) |
It's important to use a VPN you can trust to protect your privacy on the Internet. That's why we launched Malwarebytes Privacy, a next-gen VPN for better privacy, performance, and security when you go online.
Categories:
Malwarebytes news
Tags: Data privacyencryptionIP addressMalwarebytes Privacyonline privacypersonal informationpersonally identifiable informationprivacyvirtual private networkvirtual private networksvpnVPNs
(Read more...)
|
|
|
|
|
2020-04-22 17:54:33 |
iOS Mail bug allows remote zero-click attacks (lien direct) |
A newly-discovered vulnerability in iOS Mail can be used to attack an iPhone remotely using a malicious e-mail message, even if you're running the latest version of iOS (13.4.1).
Categories:
Mac
Tags: AppleApple mailiOSiOS mailiOS mail bugiOS mail vulnerabilityiOS vulnerabilitymailmaildvulnerabilityzero-day vulnerability
(Read more...)
|
Vulnerability
|
|
|
|
2020-04-21 15:00:00 |
The passwordless present: Will biometrics replace passwords forever? (lien direct) |
The effectiveness of passwords to protect data has long been debated. Many have called for the death of passwords, instead pushing for biometrics to secure their most precious information. But is biometrics really a better, safer option?
Categories:
Privacy
Tags: Applebehaviometricsbiometricsbrute forceCCCChaos Computer ClubDirk EnglingDNA testingeyeDiskfacebookfacial recognitionfingerprint recognitionfingerprint scanningFrank Riegergait recognitionGoogleHenry Classification Systemiris recognitioniris scanningJoão de BarrosJohn SeymourMadhusudhan RpasswordsPenTest PartnersSamsungSamsung GalaxyShashidhara Rsignature analysisSir W.J. Herschelspeaker recognitionTouchIDvoice deepfakevoice recognition
(Read more...)
|
|
|
|
|
2020-04-20 16:36:48 |
A week in security (April 13 – 19) (lien direct) |
A roundup of the previous week's security news, including phishing scams, coronavirus scams, Apple scams, and more.
Categories:
A week in security
Tags: adwareAndroidcoronavirusmalwarephishweek in securityweekly roundup
(Read more...)
|
|
|
|