Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2019-08-02 16:00:00 |
Capital One breach exposes over 100 million credit card applications (lien direct) |
The Capital One data breach is an exceptional example, if only because of how much we already know. Not only that, but the breach happened to one of the technical front-runners in banking.
Categories:
Reports
Tags: Amazon Elastic Compute CloudAmazon web servicesawsCapital OneCapital One data breachdata breachEC2EquifaxEquifax breachfintechiamidentity access managementPaige Thompson
(Read more...)
|
Data Breach
|
Equifax
|
|
|
2019-08-02 15:00:00 |
Everything you need to know about ATM attacks and fraud: part 2 (lien direct) |
In part two of this two-part series on ATM attacks and fraud, we outline the final two ATM attack types-logical and social engineering-and provide info on how they are conducted, the different malware families used in these attacks, and how to protect against them.
Categories:
101
Tags: ALICEanunakassistance fraudatm attacksatm cash-out attacksatm fraudatm malwarebarnaby jackblack box attacksblog seriesc0decalccarbanakcutlet makerdaniel regaladodefrauding the elderlydistraction fraudeavesdroppingextensions for financial servicesgreendispenserjackpottinglogical attacksmalware-based attackpadpinploutussdeletesecure deleteshoulder surfingsocial engineering attacksstimulatorsucefultyupkinxfs middleware
(Read more...)
|
Malware
|
|
|
|
2019-08-01 16:00:00 |
Making the case: How to get the board to invest in government cybersecurity (lien direct) |
CISOs are increasingly tapped to communicate with the board and executive management about security. Here's what government officials need to know for success.
Categories:
Business
Tags: c-levelc-suitesCIOsCISOCISOsCSOsfunding cybersecuritygovernment cybersecuritylocal governmentmunicipalitiessecurity executives
(Read more...)
|
|
|
|
|
2019-08-01 15:00:00 |
No summer break for Magecart as web skimming intensifies (lien direct) |
Despite the heat, criminals are hard at work stealing credit card data from unaware shoppers. July marks a notable increase in web skimmer attacks over previous months.
Categories:
Web threats
Tags: code injectiongateMagecartmagentomalicious domainsmalicious IPsmalicious websitesskimmerskimmerssnifferweb skimmersweb threatweb threatswiper
(Read more...)
|
|
|
|
|
2019-07-31 16:05:04 |
QR code scam can clean out your bank account (lien direct) |
QR code scams are still popular. We should learn to treat QR codes like we do any other unrecognizable URL: with suspicion on where it will take us.
Categories:
Scams
Tags: banking phishlogin credentialsmalicious websitespaymentQR codeQR code scamscamscamsSocial Engineeringurl
(Read more...)
|
|
|
|
|
2019-07-30 16:20:03 |
(Déjà vu) Exploit kits: summer 2019 review (lien direct) |
In this edition of our seasonal review of exploit kits, we review active and unique EKs hitting consumers and businesses over the summer 2019 season.
Categories:
Threat analysis
Tags: drive-byEKEKsexploit kitsexploitsFalloutGreenFlash SundownMagnitudeRIGSpelevoUnderminer
(Read more...)
|
|
|
|
|
2019-07-30 15:00:00 |
How to get your Equifax money and stay safe doing it (lien direct) |
Equifax has been ordered to pay at least $650 million in relation to its enormous 2017 data breach. Users who were affected might be eligible for a claim. But watch out for scams!
Categories:
Awareness
Tags: credit monitoringdata breachdata breach settlementEquifaxEUEuropean UnionFederal Trade Commissionfraudfraud preventionFTCgdprGeneral Data Protection Regulationidentity theftphishingscamssettlementsocial security numbers
(Read more...)
|
|
Equifax
|
|
|
2019-07-29 17:55:01 |
Mobile Menace Monday: Dark Android Q rises (lien direct) |
The Android Q operating system is being developed with privacy and security in mind. We take a look at both, examining new features intended for giving users better control of their devices and data.
Categories:
Mobile
Mobile Menace Monday
Tags: Androidandroid Q betaAndroidQapp permissionsappsBetadeveloper's cornerGoogleprivacysecurity
(Read more...)
|
|
|
|
|
2019-07-29 15:50:05 |
A week in security (July 22 – 28) (lien direct) |
The latest cybersecurity news for the week of July 22–28. We look at Phobos ransomware, stalkerware's similarities to parental monitoring apps, and the investigation into Malaysian Airlines Flight 17.
Categories:
A week in security
Tags: a week in securityAdwCleanerAmazongBlueKeepcloud securityElasticsearchElectronic Privacy Information CenterFaceAppfacebookFederal Trade CommissionFlight 17FTCMalaysian AirlinesMarcus Hutchinsoffice 365online privacyparental monitoringparental monitoring appsPhobospre-installed softwareransomwareRing doorbellrussiarussian disinformationstalkerwareUS Federal Trade CommissionWannaCryweek in security
(Read more...)
|
|
Wannacry
|
|
|
2019-07-26 16:45:01 |
Good Twitter Samaritans accidentally prevent shoeshine scam (lien direct) |
We take a look at how a shoeshine scam nearly took place in real life-until people online trying to help in one way, ended up assisting in quite another.
Categories:
Social engineering
Tags: indiascamshoe shinesocial mediatraveltravellingtwitter
(Read more...)
|
|
|
|
|
2019-07-25 15:59:05 |
Changing California\'s privacy law: A snapshot at the support and opposition (lien direct) |
|
|
|
|
|
2019-07-24 18:09:03 |
A deep dive into Phobos ransomware (lien direct) |
We take an in-depth look into Phobos ransomware which threat actors distribute via RDP and look at similarities with Dharma (AKA CrySis) ransomware.
Categories:
Threat analysis
Tags: crysisdharmaPhobosransomware
(Read more...)
|
Ransomware
Threat
|
|
|
|
2019-07-24 16:38:02 |
FaceApp scares point to larger data collection problems (lien direct) |
The blowback against FaceApp-for which data the company can collect and how it can use that data-is a bit overblown. Countless American companies do the exact same thing today.
Categories:
Privacy
Tags: Chuck Schumerend user license agreementFaceAppfacial recognitiongovernment surveillanceprivacy policyrussiaterms of service
(Read more...)
|
|
|
|
|
2019-07-23 21:40:00 |
Your device, your choice: AdwCleaner now detects preinstalled software (lien direct) |
Because you, the user, should be able to decide which software ends up on your devices, Malwarebytes AdwCleaner 7.3.0 now detects preinstalled software.
Categories:
Malwarebytes news
Product updates
Tags: AdwCleanerchoicedevicepre-installed softwarequarantine
(Read more...)
|
|
|
|
|
2019-07-23 15:54:05 |
Malaysia Airlines Flight 17 investigation shows Russian disinformation campaigns have global reach (lien direct) |
In June, investigators released a warrant to arrest Russian and Ukrainian nationals for shooting down Malaysian Airlines Flight 17. However, Russian disinformation campaigns have spread about the true cause of the fight's demise. How can we separate fact from fiction and protect against fake news?
Categories:
Social engineering
Tags: bellingcatbukdisinformationfake newsIRAJITmalaysia airlinesmh17russiarussian disinformationrussian propagandasocial mediatwitterukraine
(Read more...)
|
|
|
|
|
2019-07-22 15:50:03 |
A week in security (July 15 – 21) (lien direct) |
A roundup of cybersecurity news from July 15–21, including the Zoom camera vulnerability, Extenbro, Sodinokibi, Magecart, and cybersecurity challenges facing the education sector.
Categories:
A week in security
Tags: 2fa bypassadvanced persistent threatAndroid appsAPTbackdoorBitPaymer ransomwarebrowser extensionsbulletproofchromecybersecurity educationDataSpiiDDos attackDoppelPaymerEvilGnomeExtenbroFaceAppfacebookFacebook reporting toolfirefoxgenerationInstagramKe3changMagecartMedia File JackingprivacyRingCentral flawSodinokibitelegramvital infrastructurewhatsappZhumu flawzoom zero-day
(Read more...)
|
|
APT 15
APT 25
|
|
|
2019-07-22 15:00:00 |
Parental monitoring apps: How do they differ from stalkerware? (lien direct) |
What are the differences between stalkerware apps and parental monitoring apps? What is an “acceptable” or “safe” parental monitoring app? And how can a parent know whether they're downloading a “legitimate” parental monitoring app or instead a stalkerware app merely disguised as a tool for parents?
Categories:
Stalkerware
Tags: AndroidApp Storechild monitoringchild monitoring appschildren's monitoringchildren's monitoring appsCircle with DisneyCitizenLabCornell Universitydigital monitoringdigital monitoring appsFamily OrbitFlexiSpyGizmodoGoogle PlayGoogle Play StoreHoverwatchIntimate Partner ViolenceiOSKidguardkids monitoring appsMCCPTAmspyNautilusOffice of the Privacy Commissioner of Canadaparental monitoringparental monitoring appsPredator in Your PocketPrivacy Rights ClearinghousespousewarespywarestalkerwaresurveillanceTeenSafeUNICEF |
Tool
|
|
|
|
2019-07-19 15:00:00 |
New Facebook ad reporting tool launches in UK (lien direct) |
Consumer expert Martin Lewis took Facebook to court over multiple rogue ads bearing his likeness. It's now been settled out of court, and Facebook users have a new tool in the fight against bad ads.
Categories:
Scams
Tags: adsadvertisementsadvertsfacebookfacebook lawsuitMartin lewisscam reportingscam reporting tooluk
(Read more...)
|
Tool
|
|
|
|
2019-07-18 17:58:02 |
Threat Spotlight: Sodinokibi ransomware attempts to fill GandCrab void (lien direct) |
There's a new ransomware-as-a-service (RaaS) in town, and it can twist tongues for giggles as much as twist organizations' arms for cash. Get to know the Sodinokibi ransomware, including how to protect against this fledgling threat.
Categories:
Threat spotlight
Tags: 177a571d7c6a6e4592c60a78b574fe0ebf9359046c4f5c24de0a9de28bbabd14caasCisco Taloscrime-as-a-serviceCVE-2018-8453CVE-2019-2725e713658b666ff04c9863ebecb458f174FruitArmor APTgandcrabHeaven's Gatemalvertisingmanaged service providersmsp hackOracle WebLogic vulnerabilityraasRansom.SodinokibiransomwareRansomware as a Servicerevilsalsa20shadow copysodinSodinokibivolume snapshot servicevssWin32k vulnerabilityzero-day vulnerability
(Read more...)
|
Ransomware
Threat
|
|
|
|
2019-07-18 15:00:01 |
No man\'s land: How a Magecart group is running a web skimming operation from a war zone (lien direct) |
|
|
|
|
|
2019-07-17 14:17:02 |
Compromising vital infrastructure: problems in education security continue (lien direct) |
While educational organizations lack funding they are high on the target lists of cybercriminals. Does one fact lead to another?
Categories:
Vital infrastructure
Tags: educationfundingmalwarevital infrastructure
(Read more...)
|
Guideline
|
|
|
|
2019-07-16 17:14:04 |
Hi, honey. It\'s mom. My phone is acting funny again. (lien direct) |
Read more...)
|
|
|
|
|
2019-07-15 14:54:00 |
Meet Extenbro, a new DNS-changer Trojan protecting adware (lien direct) |
We found a new Trojan that uses aggressive techniques, including blocking access to security sites, to deliver an adware bundler. Read up on what Extenbro can do and how to get this pest off your system.
Categories:
Trojans
Tags: adwarebundlerbundlewarednsDNS serversDNS-changerExtenbromalware removalRoot certificatescheduled taskstrojanTrojans
(Read more...)
|
|
|
|
|
2019-07-15 14:27:00 |
A week in security (July 8 – 14) (lien direct) |
A roundup of cybersecurity news from July 8–14, including secure data sending, federal data privacy law, the Soft Cell attack, and more.
Categories:
A week in security
Tags: agent smithamazonamazon primeamazon prime day 2019amazon prime phishingAndroidandroid malwarefacial recognitiongoogle home audiomacmalwarepale moonphishingprivacyrounduptargeted spear phishingtrickbotweek in securitywhalingzoom zero-day
(Read more...)
|
|
|
|
|
2019-07-12 15:30:00 |
Cellular networks under fire from Soft Cell attacks (lien direct) |
We break down the recently revealed attacks on telco operators around the globe, targeting specific high-value individuals.
Categories:
Hacking
Tags: call detail recordscellularChina Choppercompromisedomain controllerhackhackingmalwareMobilenation-state attackoperation soft cellPoison IvyRATsVPN servers
(Read more...)
|
|
|
|
|
2019-07-11 17:34:05 |
Caution: Misuse of security tools can turn against you (lien direct) |
If not implemented correctly, the very security tools we use to keep our information private may actually cause data leaks themselves. We outline a few cases and provide suggestions for researchers and security admins.
Categories:
Researcher's corner
Tags: automationCarbon Blackdata leaksEDR platformsexesinfosecopsecpluginsremediation and preventionrules-based segmentationsecurity solutionssecurity toolsvirustotalVT
(Read more...)
|
|
|
|
|
2019-07-10 15:00:00 |
What should a US federal data privacy law ideally include? (lien direct) |
What do small, privacy-protective companies think about a federal data privacy law for the US? It turns out, they're all for it. Here are some of their ideas for US data privacy legislation.
Categories:
Privacy
Tags: AB 846AB 873BraveBrave browserCalifornia Consumer Privacy Actdata brokerData privacydata privacy lawsdata privacy legislationdigital bill of rightsDisconnectDuckDuckGoEuropean Unionfederal data privacy lawfederal data privacy legislationgdprGeneral Data Protection RegulationGhosteryinternet service providerLavabitMainepreemptpreemptionprotonmailPurismright to accesssocial purpose companyUS data privacy lawsUS data privacy legislationUS Senate Judiciary CommitteeVermontVivaldi
(Read more...)
|
|
|
|
|
2019-07-10 14:19:03 |
Enterprise incident response: getting ahead of the wave (lien direct) |
As with traditional warfare, beating back attacks and winning depends on having a plan. Here are several incident respond models security researchers have developed for responding to threats.
Categories:
Business
Tags: enterpriseIncident Responsekill chainthreat intelligence
(Read more...)
|
|
|
|
|
2019-07-08 16:00:00 |
How to securely send your personal information (lien direct) |
On its own, email is not safe for sending credit card or passport numbers. Here's how to securely send personal information over the Internet.
Categories:
Privacy
Tags: data at restdata in transitemailencryptionend-to-end encryptionpersonal informationPIIsecure messagingsignalwhatsappwire
(Read more...)
|
|
|
|
|
2019-07-08 15:08:03 |
A week in security (July 1 – 7) (lien direct) |
A roundup of cybersecurity news from July 1-7, including stalkerware, Bitcoin generators, app permissions, Chinese spyware, some giant leaks, and a new malware attack method.
Categories:
A week in security
Tags: bitcoinbitcoin generatorscash generatorschinaEquifaxgermanygodluaironpythonopenpgppermissionsryuksmart homestalkerware
(Read more...)
|
Malware
|
Equifax
|
|
|
2019-07-03 18:19:02 |
Steer clear of Bitcoin Cash generators (lien direct) |
We take a look at a number of sites claiming to offer free Bitcoin Cash money.
Categories:
Crypto
Tags: bitcoinbitcoin cashcryptocurrencycryptocurrency scamsgaming scamsgeneratorscamsvideo games
(Read more...)
|
|
|
|
|
2019-07-02 16:53:01 |
Cooperating apps and automatic permissions are setting you up for failure (lien direct) |
Apps that cooperate and share permissions might seem convenient, but are they worth the security and privacy risk?
Categories:
Awareness
Tags: cooperating appsfacebookgmailgoogle calendarpermissionssocial mediatwitter
(Read more...)
|
|
|
|
|
2019-07-01 17:02:05 |
A week in security (June 24 – 30) (lien direct) |
A roundup of cybersecurity news from June 24–30, including top malicious web campaigns, updates on the GreenFlash Sundown exploit, a Malwarebytes initiative to double down on stalkerware detection and awareness, and more.
Categories:
A week in security
Tags: atm attacksatm fraudatm malware strainsATM scamAzurecryptocurrency scamsfacial recognitionfake jquerygreenflasInternet of ThingsIoTJavaScriptMassachusettesMicrosoft AzurescarewareSlackSlack outageSomervillespywarestalkerwareYandex
(Read more...)
|
Malware
|
|
|
|
2019-07-01 16:51:05 |
Helping survivors of domestic abuse: What to do when you find stalkerware (lien direct) |
Starting today, we're doing more to protect stalkerware victims than improve our detection capabilities. We're helping survivors understand how to tell if they're being watched on their devices-and how to safely get out of the situation.
Categories:
Stalkerware
Tags: burnerburner phoneCerberusdomestic abusedomestic violenceElectronic Frontier FoundationFlexiSpyHighster MobileHoverwatchkasperskyMobiStealthmspynational domestic violence hotlineNational Network to End Domestic ViolenceOperation Safe EscapeSafety NetSnap MapsSnapchat MapsspywarestalkerwareStealthGeniesurveillancewareTeenSafeTheTruthSpyTileW.O.M.A.N.W.O.M.A.N. IncWoman INc
(Read more...)
|
|
|
|
|
2019-06-27 16:14:03 |
Fake jquery campaign leads to malvertising and ad fraud schemes (lien direct) |
We look for answers in a long-running and yet mysterious malware campaign that has compromised thousands of websites to date.
Categories:
Threat analysis
Tags: ad fraudAndroidAPKfake jquerymalvertisingtraffic
(Read more...)
|
Malware
Guideline
|
|
|
|
2019-06-26 18:30:04 |
GreenFlash Sundown exploit kit expands via large malvertising campaign (lien direct) |
The GreenFlash exploit kit, which we typically saw targeting South Korean users, reaches globally with a large malvertising campaign via a popular website.
Categories:
Exploits
Threat analysis
Tags: EKexploit kitGreenFlash Sundownmalvertisingseon ransomware
(Read more...)
|
|
|
|
|
2019-06-25 15:00:00 |
Recipe for success: tech support scammers zero in via paid search (lien direct) |
We take a deep dive into the recently reported Azure-hosted tech support scam pages, identifying this as one of the most successful scam campaigns in use today.
Categories:
Tech support scams
Tags: browlocksbrowser lockerbrowser lockersmalvertisingscammersscamstech support scamtech support scammerstech support scams
(Read more...)
|
|
|
|
|
2019-06-24 16:29:04 |
(Déjà vu) A week in security (June 17 – 23) (lien direct) |
A roundup of security news from June 17–23, including Android attacks, IoT mishaps, cities under fire from ransomware, and much more.
Categories:
A week in security
Tags: a week in securityAndroidIoTmalwarephishinground uptwitter
(Read more...)
|
|
|
|
|
2019-06-24 15:00:00 |
Mobile stalkerware: a long history of detection (lien direct) |
Does Malwarebytes detect stalkerware? Absolutely, and for good reason. Moreover, we've been doing so for a long time-but it's time to up our efforts.
Categories:
Android
Tags: AndroidAndroid spywaredomestic abuseMobilemobile phonemonitorspywarestalkerwarestalking
(Read more...)
|
|
|
|
|
2019-06-21 16:51:02 |
Fresh “video games” site welcomes new users with Steam phish (lien direct) |
A recent Steam phishing campaign caught our eye, but looking deeper, we found it's been around for a few months. We investigate the phish to show users how to spot the telltale signs of social engineering.
Categories:
Social engineering
Tags: account hijackev certificatefake steam logingaminggaming securityphishingsteamsteam phishingsteam scamvalvevideo gameszombie account
(Read more...)
|
|
|
|
|
2019-06-21 15:30:00 |
Chernobyl\'s lessons for critical-infrastructure cybersecurity (lien direct) |
|
|
|
|
|
2019-06-20 17:20:03 |
Radiohead\'s ransom response shows novel approach for ransomware victims (lien direct) |
|
Ransomware
|
|
|
|
2019-06-20 15:33:03 |
New Mac cryptominer Malwarebytes detects as Bird Miner runs by emulating Linux (lien direct) |
A new Mac cryptominer we call Bird Miner was found on pirated music production software that interestingly runs via Linux. Learn how this unique malware attempts, and ultimately fails, at stealth techniques.
Categories:
Mac
Tags: Bird Minercryptominercryptominersmacmac malwaremacOSmalwareMalwarebytes for Mac
(Read more...)
|
Malware
|
|
|
|
2019-06-19 15:00:00 |
Labs report: Malicious AI is coming-is the security world ready? (lien direct) |
Malwarebytes Labs' latest report looks at the near-future reality of malicious artificial intelligence (AI), evaluating how the technology is being used today, and how it realistically might be abused in the next few years.
Categories:
Artificial Intelligence
Tags: AIAnomaly Detectionartificial intelligencedeep learningdeepfakesfake newsmachine learningsocial mediavulnerabilities
(Read more...)
|
|
|
|
|
2019-06-18 17:17:00 |
Smart cities, difficult choices: privacy and security on the grid (lien direct) |
We take a look at Google's Sidewalk Labs woes with a planned smart city build in Toronto, and explore some of the general concerns about making our living spaces 24/7 Internet wonderlands.
Categories:
Privacy
Tags: advertisingmapssmart citiessmart citytorontotrackingwaterfrontwifi
(Read more...)
|
|
|
|
|
2019-06-17 17:09:01 |
A week in security (June 10 – 16) (lien direct) |
A roundup of security news from June 10–16, including MegaCortex, the latest news on privacy, the abuse of Twitter's Lists feature, and more.
Categories:
A week in security
Tags: ACLUad blockersadwareAIAmerican Civil Liberties UnionAPTartificial intelligencebreachCBPCustoms and Border Protectioncyberbullyingdisinformation campaignfishwrapGoogle Calendar notification abusehealthcare securityMaineMuddyWatersprivacyPUPspush notificationssextortiontrollingtwitter list abuseVLC
(Read more...)
|
|
|
|
|
2019-06-14 19:09:03 |
Trolls abuse Twitter Lists to collate their targets (lien direct) |
Twitter, like any social network, is faced with the challenge of addressing cyberbullying. And trolls have been abusing the platform's Lists feature to home in on targets. But have no fear: There are ways to protect users from social attacks, and Twitter is moving to make itself a safer place.
Categories:
Social engineering
Tags: block togethercyberbullyingonline harassmenttrollingtwitter block chaintwitter list abuse
(Read more...)
|
|
|
|
|
2019-06-13 18:36:01 |
Adware and PUPs families add push notifications as an attack vector (lien direct) |
Push notifications are being added to the arsenal of PUPs, adware, and even a Trojan browser extension that spams Facebook groups.
Categories:
Adware
Tags: adwarebrowser extensionsextensionsfacebookFacebook spammerfbspammernotificationspluginpluginsPUPPUPspush notificationssearch hijackerstrojanTrojans
(Read more...)
|
|
|
|
|
2019-06-12 16:42:04 |
Apple iOS 13 will better protect user privacy, but more could be done (lien direct) |
Apple's newest iOS features provide simple, easy-to-use options that can leave users more informed and more in control of their online privacy. But privacy experts agreed: Apple can-and should-go further.
Categories:
Privacy
Tags: "just once"AppleElectronic Frontier FoundationfacebookGoogleiOS 13location trackingonline privacyprivacyPrivacy InternationalRanking Digital Rightsrelay email addressSign in with AppleSign in with FacebookSign in with Googlesign-onsingle sign-onssouser privacyWWDCWWDC 19WWDC 2019WWDC19
(Read more...)
|
|
|
|
|
2019-06-12 16:03:02 |
MegaCortex continues trend of targeted ransomware attacks (lien direct) |
In this threat spotlight, we feature MegaCortex, another custom ransomware designed for targeted attacks on enterprises. Will this Matrix-inspired malware strike again?
Categories:
Threat spotlight
Tags: aes128ctrbusiness securitymegacortexransomransom.megacortexransomwareransomware attacktargeted ransomware
(Read more...)
|
Ransomware
Malware
Threat
|
|
|