What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2016-10-17 21:29:04 | A week in security (Oct 09 – Oct 15) (lien direct) |  A compilation of notable security news and blog posts from the 9th of October to the 15th. This week, we touched on threat modeling, a PUP, IRS fraud, and laws concerning the usage of social media in the UK.Categories:
Security world
Week in securityTags: irs fraudpotentially unwanted programsrecapsocial mediathreat modelingweekly blog roundup(Read more...) |
|||
|
2016-10-17 19:00:24 | New-looking Sundown EK drops Smoke Loader, Kronos banker (lien direct) |  In this post we take a quick glance at some changes made to the Sundown exploit kit. The landing page has been tweaked and uses various obfuscation techniques. Sundown is used in some smaller campaigns and in this particular case dropped a downloader followed by a banking Trojan.Categories:
Exploits
Threat analysisTags: EKexploit kitInternet ExplorerkronosmalvertisingRIG EKsmoke loadersundownSundown EKTrojans(Read more...) |
|||
|
2016-10-17 17:42:18 | Mobile Menace Monday: Beware of monitoring apps (lien direct) |  We mobile researchers sometimes classify apps in order to warn users of its presence because of its potential harm, but leave it up to the users' discretion to remove. This is the case when it comes to a subcategory of PUPs called monitors. Monitoring apps are those that can be great tools if you lose your phone, but could also be easily used to spy on an unsuspecting target.Categories:
Cybercrime
MobileTags: AndroidAndroid LostGoogle PlayMobilemobile menace mondaymonitormonitoring appPUPstriple m(Read more...) |
|||
|
2016-10-14 13:00:40 | New UK legal guidelines for law enforcement and social media (lien direct) |  The UK's Crown Prosecution Services (CPS) has recently updated its social media guidelines for prosecutors and law enforcement in an effort to aid them in deciding on whether charges can be pressed against internet users based on certain online behaviors.Categories:
Government
Security worldTags: baitingCrown Prosecution Servicesdog-pilingdoxxingsextingsocial mediatrollingUK social media guidelinesUnited Kingdomvirtual mobbing(Read more...) |
|||
|
2016-10-12 16:00:23 | Threat Modeling – What are you so afraid of? (lien direct) |  There are many, many threat models available on the internet with extensive documentation on how to apply them to your organization. Most are designed to map out data flow, identify soft points in organizational processes, and assign mitigations based on specific type of probable attacker and their identified motivations. These models are great, they are thorough, and nobody ever uses them.Categories:
101
How-tosTags: APTGameraHackerMecha GodzillaThreat Intelthreat modeling(Read more...) |
|||
|
2016-10-11 16:00:23 | Youndoo creates new Chrome profile (lien direct) |  A new Youndoo hijacker from the Elex family copies most of the settings from an existing Chrome user account to create a fake, infected one.Categories:
Cybercrime
MalwareTags: browser hijackerchromeelexfake Chrome profilePieter ArntzPUPPUPsYoundoo(Read more...) |
|||
|
2016-10-10 20:35:55 | Multiple scam centers raided in India for IRS fraud (lien direct) |  Over 600 fake call center employees in India were detained early last week for suspicion of conducting fraudulent or scam calls to US taxpayers while posing as IRS agents.Categories:
Business
Security worldTags: fake call centersIRS tax fraudrogue call centerstax fraudtax scam(Read more...) |
|||
|
2016-10-10 16:00:10 | A week in security (Oct 02 – Oct 08) (lien direct) | A compilation of notable security news and blog posts from the 2nd of October to the 8th. This week, we talked about National Cybersecurity Awareness Month, the Eko malware, why we're toughening up on PUPs, and WMI hijackers.Categories:
Security world
Week in securityTags: eko malwareNCSAMpotentially unwanted programsrecapweekly blog roundupwmi hijackers(Read more...) |
|||
|
2016-10-07 21:10:11 | PUP Friday: Let\'s talk generic (lien direct) | Guideline | |||
|
2016-10-07 16:00:31 | Press H to Hack: Earth Defense Force needs defending (lien direct) |  Video games! They're great, except when they're not. And in this case, a very good game is giving players some very bad experiences in the realm of "all my data is ruined". Gaming cheats cause problems for those wanting to keep their save games free from harm. We take a look at the issue, and show how to avoid getting caught up in a spot of save game ruination.Categories:
Cybercrime
HackingTags: cloudgamesgaminghackingpcpress h to hacksteamsyncvideo games(Read more...) |
|||
|
2016-10-06 18:34:17 | Malware “Eko†affecting French Facebook users (lien direct) |  French Facebook users have been falling victim to a new Facebook Messenger “Trojan horse†arriving into their private message (PM) inboxes from network contacts.Categories:
Cybercrime
Social engineeringTags: eko malwarefacebookFacebook Messengerfacebook scamfake videofake youtube videomalwaretrojan(Read more...) |
|||
|
2016-10-06 16:00:24 | October is National Cybersecurity Awareness Month (lien direct) |  National Cybersecurity Awareness Month, observed every October, was created to ensure that every American has the resources they need to stay safe online.Categories:
101
FYITags: cybercrimecybersecuritynational cyber security alliancenational cybersecurity awarenessuser awareness(Read more...) |
|||
|
2016-10-05 19:01:22 | Malwarebytes gets tougher on PUPs (lien direct) |  We are getting even more critical about what we call a PUP, and what what we are going to be detecting and removing from user systems. Categories:
CEO announcements
Malwarebytes newsTags: malwareMalwarebytesmarcin kleczynskiPUPPUPs(Read more...) |
|||
|
2016-10-05 16:00:07 | Explained: WMI hijackers (lien direct) |  This post describes how WMI hijackers work and why they are hard to find on an affected system. It also shows an example of such a hijacker called Yeabests after the domain it hijacks to.Categories:
Cybercrime
MalwareTags: elexhijackerPieter ArntzPUPshortclnshortcutwindows management instrumentationwmi(Read more...) |
|||
|
2016-10-03 17:16:08 | Mobile Menace Monday: You\'ve Been INFECTED!!! Or Have You? (lien direct) | ||||
|
2016-10-03 16:00:36 | A week in security (Sep 25 – Oct 01) (lien direct) | A compilation of notable security news and blog posts from September 25th to October 1st. This week, we discussed Komplex, that new Snap eyewear, a fake browser extension, more malvertising campaigns, and some little known truths about spoofing file extensions.Categories:
Security world
Week in securityTags: exploit kitfile extensionsKomplexmac malwareMac PUPmalvertisingPUPrecapRIG exploit kitweekly blog roundup(Read more...) |
|||
|
2016-09-30 17:00:20 | PUP Friday: Nikoff Security redux (lien direct) |  Last Friday, I wrote about a set of 6 PUP apps by Nikoff Security. This week, there have been some new developments in the story, some good news and some bad news.Categories:
PUPs
Threat analysisTags: AppleMac App StoreNikoff SecurityPUPPUPs(Read more...) |
|||
|
2016-09-30 15:00:55 | Lesser known tricks of spoofing extensions (lien direct) |  It is a well-known fact that malware using social engineering tricks is designed to hide itself from being an obvious executable. In this short article, we will present two other less common tricks used to deceive users.Categories:
Cybercrime
MalwareTags: file extensionsmalwarepetyaSocial Engineeringspoofing(Read more...) |
|||
|
2016-09-30 13:50:23 | Imitation uBlock Origin app spotted on Chrome Store (lien direct) |  Today, one of our researchers noticed a fake version of uBlock Origin, uploaded on the 29th of September, on the Chrome Web Store. If ever you find yourself searching for the said app within the store, you'll want to avoid imitations...Categories:
Cybercrime
Social engineeringTags: fake ad blockerfake chrome extensionfake ublock origin app(Read more...) |
|||
|
2016-09-29 22:26:16 | Vendor Security Alliance formed to improve cybersecurity of third-party providers (lien direct) |  A new security alliance is created to address concerns surrounding third-party providers who are associated with some of the biggest brands users trust. They aim to increase their compliance to cybersecurity standards and lessen the risks they may pose on businesses.Categories:
Business
Security worldTags: airbnbAtlassianbusiness securityDropboxGoDaddysecuritysecurity allianceSquaretwitterUbervendor security allianceVSA(Read more...) |
Uber | ||
|
2016-09-29 16:00:59 | Snapchat rebrands, introduces new ad platform and hardware (lien direct) |  Snapchat is now called Snap Inc. CEO Evan Spiegel talks about 3V advertising, the platform his company adapted for ad monetization. Then he unveils a new "toy" you can wear like Google Glass, but works more like GoPro. Boom.Categories:
Privacy
Security world
TechnologyTags: advertisingGoogle Glassprivacysnap incsnapchatspecspectacles(Read more...) |
|||
|
2016-09-28 16:02:29 | Brad Pitt subject of new hoax after split with Jolie (lien direct) |  Facebook has once again become the inadvertent launchpad of another celebrity death hoax campaign, luring fans of celebrity couple Brad Pitt and Angelina Jolie within the network to click potentially harmful links not a day long after the news of their divorce has hit mainstream media.Categories:
Cybercrime
Social engineeringTags: Angelina JolieBrad Pittbrad pitt hoaxcelebrity death hoaxfacebookfacebook hoaxmalwaresocial mediasocial media hoax(Read more...) |
|||
|
2016-09-27 20:00:14 | Komplex Mac backdoor answers old questions (lien direct) |  A new piece of Mac malware, dubbed Komplex, has been discovered by Palo Alto Networks. This malware provides a backdoor into the system, like most other recent Mac malware. Where it gets most interesting, though, isn't in its capabilities, but in the connections it allows us to make.Categories:
Malware
Threat analysisTags: KomplexmacMacKeepermalwarePalo Alto NetworksSofacy(Read more...) |
|||
|
2016-09-27 16:10:54 | RIG exploit kit takes on large malvertising campaign (lien direct) |  In the battle of exploit kits, RIG EK has earned some extra mileage by being leveraged in a high profile malvertising attack on popular website answers.com. The same domain shadowing campaigns that were popular in the Angler era are continuing with RIG now.Categories:
ExploitsTags: exploit kitsmalvertisingneutrinoRIGRIG exploit kitsRIGEKwscript(Read more...) |
|||
|
2016-09-26 15:13:09 | A week in security (Sep 18 – Sep 24) (lien direct) | A compilation of notable security news and blog posts from September 18th to September 24th. This week, we talked about malvertising, a pop star "marketing" stunt that may go horribly wrong in the long run, and ways one can secure their mobile phones.Categories:
Security world
Week in securityTags: ATM scamhosts fileJack JohnsonJust For Menmalvertisingmobile menace mondaymobile securityPUP FridayrecapSebastian Olzanskiweekly blog roundup(Read more...) |
|||
|
2016-09-23 17:00:19 | PUP Friday: Nikoff Security (lien direct) |  My attention was drawn a few weeks ago to a group of 6 apps in the Mac App Store, all made by someone named Nicholas Ebner. Part of what drew my attention was the name of one of the apps: Adware WebMedic Pro, suspiciously similar to the name of my old AdwareMedic app. This would...Categories:
PUPs
Threat analysisTags: antivirusmacMalwarebytesPUPPUPsransomware(Read more...) |
|||
|
2016-09-22 18:10:28 | Here\'s your unlimited ATM card (lien direct) | ||||
|
2016-09-21 18:30:14 | Top 10 ways to secure your mobile phone (lien direct) |  To get a leg up against a rising tide of mobile malware activity, don't just phone it in-secure your mobile phone with these tried and true methods.Categories:
101
How-tosTags: mobile phone securitymobile security(Read more...) |
|||
|
2016-09-21 17:00:43 | Hosts file hijacks (lien direct) |  The hosts file is the internet variant of a personal phonebook. We discuss a few malware variants that replace or change that phonebook, so you end up calling the wrong sites. The ones they want you to call.Categories:
Cybercrime
MalwareTags: dnshijackhostsMalwarebytesPieter Arntzthe more you knowtrojan(Read more...) |
|||
|
2016-09-21 15:58:34 | Think tank summarizes what happens to healthcare records after breach (lien direct) |  The ICIT, an American cybersecurity research institute, made a case on the importance of healthcare security in an age where the threat landscape is rapidly changing yet medical institutions continually fail or are slow to adapt. As a result, patients end up at the losing end.Categories:
Business
Security worldTags: breachhealthcarehealthcare securityICITmedical recordsprivacystudy(Read more...) |
|||
|
2016-09-20 17:00:25 | Just For Men website serves malware (lien direct) |  The website for Just For Men, a company that sells various products for men, had their website breached and was serving a password stealing Trojan. The malicious code embedded in the WordPress site was part of the EITest campaign and pushed the RIG exploit kit.Categories:
Cybercrime
ExploitsTags: anti exploitCombeeitestexploit kitJust For MenjustformenmalwareRIG EKtrojanwordpress(Read more...) |
|||
|
2016-09-20 14:00:51 | #Hackedbyseb: musical (password) chairs (lien direct) |  Singers will often use inventive ways to gain attention from an audience, or even draw new fans in. One trend in pop circles seems to be gaining popularity, but it might not be the best hype train to hop aboard. What could go wrong by sending your favourite singer login credentials to have them post a cool message from your account? Quite a bit, actually...Categories:
Security world
TechnologyTags: loginspasswordsphishingsingerssocial mediatwitter(Read more...) |
|||
|
2016-09-19 18:42:40 | Mobile Menace Monday: Fake AV makes it onto Google Play (lien direct) |  Beware of Antivirus Free 2016 in the Google Play story, it could very easily be confused for a legitimate AV scanner.Categories:
Cybercrime
MobileTags: antivirusfake avGoogle Playmobile menace monday(Read more...) |
|||
|
2016-09-19 18:00:31 | A week in security (Sep 11 – Sep 17) (lien direct) | A compilation of notable security news and blog posts from September 11th to September 17th. This week, we talked about DetoxCrypto ransomware, a tax fraud campaign, malvertisement on adult sites, and phishers having a bad day.Categories:
Security world
Week in securityTags: afraidgatedetoxcryptoHMRCneutrinophishingransomwarerecaptax fraudweekly blog roundup(Read more...) |
|||
|
2016-09-16 19:23:07 | PSA: DetoxCrypto Ransomware imitating Malwarebytes (lien direct) |  Scammers will always try and imitate legitimate tools and services in an effort to trick people into harming their accounts and devices. If it isn't fake logins, it's dubious links on social media. If we're wading knee deep in 419 emails, you can bet another round of tech support scams will be along in a minute. Today we look at an attempt at pushing DetoxCrypto Ransomware which suggests its from Malwarebytes...Categories:
Cybercrime
MalwareTags: detoxDetoxCrypto RansomwaremalwareMalwarebytesmalwerbyteransomransomwarescam(Read more...) |
|||
|
2016-09-16 16:24:43 | Free console games on Instagram? Not exactly… (lien direct) |  Take a look at some fake "free game" sites found on Instagram. Anyone with children in their family who can't get enough of freebies online may want to gently steer them away from the below. Everyone from PS4 to Nintendo gamers are potential targets.Categories:
Cybercrime
Social engineeringTags: fakeInstagramnintendophishPS4scamsurveysxbox(Read more...) |
|||
|
2016-09-15 23:09:59 | IT companies unite against illegal online hate speech (lien direct) |  Facebook, Twitter, Google, and Microsoft have taken up the mantle to curb harmful speech on their platforms. The latest company to join this cause is Instagram, the popular image-sharing social media network among teens.Categories:
Business
Security worldTags: addressing hate speechEUfacebookGooglehate speechInstagramtrollingtwitter(Read more...) |
|||
|
2016-09-15 18:21:06 | It\'s a hard life for phishers… (lien direct) | ||||
|
2016-09-14 16:05:20 | Ahoy there! More HMRC tax refund scams ahead (lien direct) |  Phishing campaigns banking on the HM Revenue & Customs (HMRC) tax claim are not unheard of, especially in the UK. In this blog, we take a look at a recent phishing email.Categories:
Cybercrime
Social engineeringTags: HMRChmrc fraudhmrc phishPAYE fraudphishingtax refund fraud(Read more...) |
|||
|
2016-09-13 17:00:40 | Surfacing HTA infections (lien direct) |  We show two examples of HTA induced infections we have seen recently. Nothing fancy, but feel free to consider it a general warning, that malware authors are expanding the number of file extensions they are using, to spread their payload.Categories:
Cybercrime
MalwareTags: attachmenthtaLockymalwarePieter Arntzransomwarethe more you know(Read more...) |
|||
|
2016-09-13 15:00:59 | Neutrino EK\'s Afraidgate pushed in malvertising attack (lien direct) | Read more...) | |||
|
2016-09-12 15:00:17 | Avoid: BofA, Wells Fargo SMS Phishing (lien direct) |  It always pays to train a wary eye on your text messages, as conniving phishers don't always stick to the tried and tested route of email scams. We take a look at a pair of SMS phishes sent directly to a mobile device - if you bank with Wells Fargo or Bank of America, these are two to watch out for.Categories:
Cybercrime
Social engineeringTags: bankBank of AmericaphishphishingsmsWells Fargo(Read more...) |
|||
|
2016-09-12 14:00:43 | A week in security (Sep 04 – Sep 10) (lien direct) | A compilation of notable security news and blog posts from September 4th to September 10th. This week, we talked about a fake Pokémon Go app, a Mac OSX junk app, and some new Google Safe Browsing updates.Categories:
Security world
Week in securityTags: cybersecurityfacebookGooglemacpokemon GOransomwarerecaptrojanweekly blog roundup(Read more...) |
|||
|
2016-09-09 15:00:32 | PUP Friday: MPlayerX (lien direct) |  MPlayerX has been around for over 2 years. With it's adware installer, adware, analysis avoidance behavior, and other PUPs calling it a PUP is a no-brainer.Categories:
PUPs
Threat analysisTags: adwareIronCoremalwareMalwarebytesMPlayerXPUPVSearch(Read more...) |
|||
|
2016-09-08 14:00:53 | Google empowers website owners with added security features (lien direct) |  The Google Safe Browsing service is used by a number of other technologies to check threats against. These include Google's own products, such as Chrome and Android, and browsers like Apple Safari and Mozilla Firefox.Categories:
Business
Security worldTags: business securityGooglesafe browsingsite security(Read more...) |
|||
|
2016-09-05 14:00:09 | Mobile Menace Monday: Pokemon NO NO (lien direct) |  A new mobile Trojan has been found using the popular game Pokémon Go as bait. Rest assured that this won't be the last mobile malware exploiting Pokémon Go.Categories:
Cybercrime
MobileTags: Androidfake pokemon gomalwareMobilemobile mondaypokemon GO(Read more...) |
|||
|
2016-09-05 13:45:32 | A week in security (Aug 28 – Sep 03) (lien direct) | A compilation of notable security news and blog posts from August 28th to September 3rd. This week, we talked about browser-based fingerprinting; what was going on with the Mac app, Transmission; and a tech support scam that banked on an iPad error popping up on Windows systems.Categories:
Security world
Week in securityTags: recapweekly blog roundup(Read more...) |
|||
|
2016-09-02 16:07:27 | iPad error? Windows fakeout (lien direct) |  This bogus error site can't decide if Windows or an iPad is at risk. Given the URL, you'd expect to see some sort of iPad related shenanigans taking place - an interesting twist on the well worn theme of tech support scams.Categories:
Cybercrime
Social engineeringTags: Appleerrorfakeipadscamvirus warningwindows(Read more...) |
|||
|
2016-09-01 21:24:55 | Transmission hijacked again to spread malware (lien direct) |  In this article, we take a look at a couple important takeaways from 2 recent hacks on Transmission. Categories:
Mac
Threat analysisTags: AppleKeRangerKeydnapmacmalwareransomwaretorrent(Read more...) |
|||
|
2016-08-30 16:48:45 | Explained: the Malwarebytes Website Protection module (lien direct) |  Learn about the strengths and possible improvements of the Malicious Website Protection module that comes with Malwarebytes Premium.Categories:
101
FYITags: maliciousMysteryFCMPieter Arntzprotection modulesteven burnwebsite(Read more...) |
To see everything:
Our RSS (filtrered)
