What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2018-10-25 17:57:02 | Huge breach affects 9 million Cathay Pacific customers (lien direct) |
Airline company Cathay Pacific revealed that a huge breach took place in March 2018, affecting around 9 million customers. We take a look at some of the potential fallout.
Categories:
Cybercrime
Privacy
Tags: airlinebreachBritish AirwaysBritish Airways casecathay pacificCathy Pacificdata
(Read more...)
|
|||
|
2018-10-25 15:00:00 | Sextortion emails: They\'re probably not watching you (lien direct) | Read more...) | |||
|
2018-10-24 16:10:05 | Exploit kits: fall 2018 review (lien direct) |
With a fresh exploit kit in town, the drive-by download landscape shows new signs of life in fall 2018.
Categories:
Exploits
Threat analysis
Tags: anti exploitAZORultEKEKsexploit kitexploit kitsexploitsFalloutFallout EKgrandsoftGrandSoft EKMagnitudemagnitude EKramnitRamnit TrojanRIGRIG EKsmoke loaderSmoke Loader MalwareUnderminerUnderminer EK
(Read more...)
|
|||
|
2018-10-24 15:00:04 | Mac malware intercepts encrypted web traffic for ad injection (lien direct) |
New Mac malware has been found that intercepts encrypted traffic for the purpose of injecting ads into web pages. But could this adware be used for more devious purposes in the future?
Categories:
Mac
Threat analysis
Tags: adwaremacMac adwaremacOSmalwaremitm
(Read more...)
|
Malware | ||
|
2018-10-23 12:00:00 | Compromising vital infrastructure: how voting machines and elections are vulnerable (lien direct) |
What are our options for secure and honest election results? Should we be using voting machines or are there better alternatives?
Categories:
Cybercrime
Hacking
Tags: compromising voting machinesDenial of Service attackselectionsinfrastructuremachinesvotingVoting machines
(Read more...)
|
|||
|
2018-10-22 16:23:01 | A week in security (October 15 – 21) (lien direct) |
A roundup of the security news from October 15–21, including how to build your own security camera, the FIDO standard, Twitter information operations, and our Q3 CTNT report.
Categories:
Security world
Week in security
Tags: a week in securityCTNT reportfacebookfidograndcrabgreyenergyoceansaltpentagonsecurity camerastwitter
(Read more...)
|
APT 32 | ||
|
2018-10-18 15:00:00 | Information operations on Twitter: new data released on election tampering (lien direct) |
New information released by Twitter sheds fresh light on the various professional troll campaigns deployed alongside the 2016 presidential elections.
Categories:
Cybercrime
Social engineering
Tags: 2016 US electionsdatasetselection tamperingfake storiesiranrussiaRussian Facebook adsSocial Engineeringtwitter
(Read more...)
|
|||
|
2018-10-17 16:52:00 | Is FIDO the future instrument to prove our identity? (lien direct) |
FIDO, which stands for Fast Identity Online, is set of standards that enable simpler and more secure user authentication across websites and mobile services. Does this mean the end of passwords? Time will tell.
Categories:
Security world
Technology
Tags: authenticationctapfidofido2passwordpasswordswebauthn
(Read more...)
|
|||
|
2018-10-16 15:00:00 | How to build your own motion-activated security camera (lien direct) |
Attention makers! Are you looking for a challenging project that not only gets your gears grinding but helps to keep you secure while traveling? Welcome to the build-your-own security camera tutorial.
Categories:
Security world
Technology
Tags: hardwaremaker spacemakerssecuritysecurity cameratutorial
(Read more...)
|
|||
|
2018-10-15 15:56:01 | A week in security (October 8 – 14) (lien direct) |
A roundup of the security news from October 8–14 including breaches, phishing attacks, and hacking tools.
Categories:
Security world
Week in security
Tags: breachcybersecuritycybersecurity newsIndustroyerMageCart attacksmalwareNotPeytaphishingroundupweek in securityweeks roundup
(Read more...)
|
|||
|
2018-10-15 07:01:00 | Malwarebytes Labs Cybercrime Tactics and Techniques Report (CTNT) shows shift to business targets in Q3 (lien direct) |
The quarterly Malwarebytes Labs Cybercrime Tactics and Techniques Report is here! Learn how Q3 2018 marked a major turning point in cybercrime trends-especially for businesses.
Categories:
CTNT report
Malwarebytes news
Tags: CTNTCTNT reportcybercrime tactics and techniqueslabs reportmalwarebytes labsQ3 2018Q3 2018 reportreport
(Read more...)
|
|||
|
2018-10-12 16:00:00 | Workplace violence: the forgotten insider threat (lien direct) |
Among insider threats, workplace violence could be considered the most dangerous. And yet, the majority of organizations are not prepared. What should they do to protect their employees?
Categories:
101
Business
Tags: active shootingAlertALICECounterCriminal intentCustomer/ClientEvaluateInforminsider threatsLockdownPonemon InstituteWorkplace bullyingworkplace violenceWPV
(Read more...)
|
Threat | ||
|
2018-10-12 15:00:00 | Fake browser update seeks to compromise more MikroTik routers (lien direct) |
Threat actors are social engineering users with a fake update that, once installed, will scan the Internet in an attempt to exploit vulnerable MikroTik routers.
Categories:
Exploits
Threat analysis
Tags: coinhiveexploitMiKroTikminerrouter securityRouterOSroutersWinBox
(Read more...)
|
|||
|
2018-10-11 15:00:00 | 6 ways to keep up with cybersecurity without going crazy (lien direct) |
As we dive headfirst into National Cyber Security Awareness Month, it seems only fitting to discuss ways to stay on top of cybersecurity news. But what if following along makes you feel a little overwhelmed? Try these six methods of information-gathering to brush up on your cybersecurity know-how without losing your mind.
Categories:
101
How-tos
Tags: cybersecuritycybersecurity awarenessnational cybersecurity awareness monthNCSAMsecurity professionalssocial mediatwitter
(Read more...)
|
|||
|
2018-10-10 16:00:00 | Bloomberg blunder highlights supply chain risks (lien direct) |
A potentially erroneous report from Bloomberg claimed that Chinese spies were able to infiltrate US hardware supplier Supermicro, and therefore, our technology supply chain. Learn how this unverified story could ultimately come true-and what, if anything, can be done to stop it.
Categories:
Cybercrime
Hacking
Tags: amazonAppleBloombergblunderhardwaremicrochipsignal conditioning couplerSupermicrosupply chain
(Read more...)
|
|||
|
2018-10-09 15:00:00 | When Endpoint Detection and Response (EDR) is not enough (lien direct) |
As cybercriminals continue to validate the reality that no security is going to stop every threat every time, companies are turning to endpoint detection and response solutions to close the gap. But is it enough to keep businesses and their data protected?
Categories:
Malwarebytes news
Product updates
Tags: business productsEDRendpoint protection and responseproductsremediation
(Read more...)
|
Threat | ||
|
2018-10-08 16:39:03 | Avoid these Doctor Who Series 11 scams (lien direct) |
Doctor Who Series 11 is upon us, and so too are the dubious streams and links promising fresh content. We take a look at what's currently on offer, separating the spam from the timey-wimey wibbly wobbly.
Categories:
Cybercrime
Social engineering
Tags: bestv(dot)onlinedoctor whomoviessign upstreamingyoutube
(Read more...)
|
Spam | ||
|
2018-10-08 16:31:05 | A week in security (October 1 – 7) (lien direct) |
A roundup of the security news from October 1–7 including National Cybersecurity Awareness Month, LoJack, fileless malware, and BYOS.
Categories:
Security world
Week in security
Tags: adobeAndroidanti-swattingblockchainbring your own securitybyosChrome ExtensionFake Fortnitefortnitehack the marine corpsIoTIoT botnetLojacknational cybersecurity awareness monthNCSAMnot botnetpassword managerphishingphishing campaignrdprecaprip attacksSC MagazineswattingToriivoice phishingvulnerabilitiesweek in securityweekly blog roundupZDNet
(Read more...)
|
|||
|
2018-10-05 15:00:00 | Fileless malware: part deux (lien direct) |
In part two of this series on fileless malware, our malware analyst walks readers through two demonstrations of fileless malware attacks and shows the problems with detecting them using static signatures.
Categories:
Malwarebytes news
Tags: dynamic detectionfileless malwarefileless ransomwaremalware analystsecurity researchersignaturesstatic detection
(Read more...)
|
Malware | ||
|
2018-10-04 15:00:00 | LoJack for computers used to attack European government bodies (lien direct) |
Security researchers have detected the first known instance of a UEFI bootkit being used against government bodies in Central and Eastern Europe. The attack relies on a persistence mechanism stolen from a legitimate software called Computrace-essentially LoJack for computers-that comes by default on many machines.
Categories:
Hacking
Tags: bootkitLojackLojaxUFEIXAgent
(Read more...)
|
|||
|
2018-10-02 15:00:00 | Bring your own security (BYOS): good idea or not? (lien direct) |
We know about BYOD. What about BYOS? Is it a good idea to Bring Your Own Security, or use your own security solution on devices that you use for work? What if they are company owned? We walk companies and employees through the pros and cons of each.
Categories:
Business
Technology
Tags: bring your own devicebring your own securitybusinessbyodbyospolicyvpn
(Read more...)
|
|||
|
2018-10-02 14:00:00 | Fortnite gamers targeted by data theft malware (lien direct) |
If you've ever been tempted to cheat at Fortnite, think again-with the release of season six of the popular video game, we found a data theft malware masquerading as a cheat tool, ready to steal your browser sessions, cookies, and even your Bitcoin.
Categories:
Cybercrime
Malware
Tags: .EXEbitcoinbt-fortnite-cheats(dot)tkfortnitefortnite malwarefree V-BucksgamesgamingratstealersteamSub2UnlockTrojan.Malpackvideo gameswallet
(Read more...)
|
Malware | ★★★★ | |
|
2018-10-01 16:44:02 | A week in security (September 24 – 30) (lien direct) |
A roundup of the security news from September 24–30 including phishing, Apple woes, a vulnerability in the wild, e-commerce attacks, phone spam, and a massive Facebook breach.
Categories:
Security world
Week in security
Tags: CVECVE-2018-8373facebookGooglriPhoneXSLojaxMagecartmicrosoftMojavemutagen astronomyosxphishingport of san diegoquasar ratsafari extensionssms phishingtelegramTV licensingunwanted calls
(Read more...)
|
Vulnerability | ||
|
2018-10-01 14:00:03 | Malwarebytes is a champion of National Cyber Security Awareness Month (lien direct) |
As we bid hello to National Cyber Security Awareness Month, we at Malwarebytes not only pledge to provide the best protection for our customers. We also re-commit ourselves to fostering cybersecurity education and awareness for all.
Categories:
101
FYI
Tags: cybersecurity awarenessnational cybersecurity awareness monthNCSAMsecurity 101user awareness
(Read more...)
|
|||
|
2018-09-28 19:39:01 | Millions of accounts affected in latest Facebook hack (lien direct) |
Facebook announced earlier today that its social network had been breached, resulting in 40 million accounts that were directly impacted. Learn more as the Facebook breach story develops.
Categories:
Cybercrime
Tags: access tokensbig breachesbreachdata breachfacebookFacebook breachfacebook hackpassword resetsocial mediasocial networksView Asvulnerabilitiesvulnerability
(Read more...)
|
Hack | ||
|
2018-09-28 15:00:05 | How to protect your data from Magecart and other e-commerce attacks (lien direct) |
Magecart and other criminal groups are causing mayhem by stealing payment information from e-commerce sites, big and small. Learn how they are doing it and how to mitigate against it.
Categories:
Cybercrime
Hacking
Tags: Base64breachBritish Airways casecontent Security PolicyCVVe-commerceMagecartmagentoMitigationsneweggNoScriptskimmerssl certificateweb skimmers
(Read more...)
|
|||
|
2018-09-27 18:58:02 | Phone spampocalypse: fighting back in the age of unwanted calls (lien direct) |
US telecommunications companies have the technology to protect customers against the rising tide of unwanted calls-they just haven't done it yet. So it's up to lawmakers and consumers themselves to fight back against phone spampocalypse. Here's how they're doing it.
Categories:
101
FYI
Tags: Berkleycall-blocking actCNADNODNO listMitigateNigel Guestphone spamRAY BAUM'S ActrobocallsROBOCOP Actspamspampocalypseunwanted calls
(Read more...)
|
|||
|
2018-09-26 17:13:02 | Buggy implementation of CVE-2018-8373 vulnerability used to deliver Quasar RAT (lien direct) |
A threat actor implements a newer vulnerability exploited in Internet Explorer to serve up the Quasar RAT and diversify the portfolio of attacks.
Categories:
Exploits
Threat analysis
Tags: anti exploitCVE-2018-8174CVE-2018-8373exploitIndicators of compromiseIOCIOCspastebinpatchQuasarratremote administration toolvirustotalvulnerabilitiesvulnerability
(Read more...)
|
Vulnerability Threat | ||
|
2018-09-26 15:00:00 | Holes found in Mojave\'s privacy protection (lien direct) | Read more...) | |||
|
2018-09-25 16:00:00 | Safari users: Where did your extensions go? (lien direct) |
Safari has begun blocking legacy extensions installed from outside the Extensions Gallery. Unfortunately, implementation of this policy has been abrupt, with little explanation for users on why their extensions are being yanked. Let's look at how Apple's new policy and how its application impacts security.
Categories:
Security world
Technology
Tags: Appleextensionshow tomacmacOSsafarisafari 12WWDC
(Read more...)
|
|||
|
2018-09-25 09:00:00 | 100 channels and nothing on, except TV Licensing phishes (lien direct) |
A recent bout of TV Licensing phishing emails promise British users a refund once they log in to a phony TV License website and provide payment details. Read on to see if you've been impacted.
Categories:
Cybercrime
Social engineering
Tags: emailfakefraudphishphishingscamSocial Engineeringtv license
(Read more...)
|
|||
|
2018-09-24 17:45:05 | Mobile Menace Monday: SMS phishing attacks target the job market (lien direct) |
Could it be that our dream job awaits via a random SMS message? On the contrary, this SMS phishing attack could cause nightmares for unsuspecting job hunters.
Categories:
Cybercrime
Mobile
Tags: AndroidASPXPPZUPSMobilemobile menace mondayscamsmssms phishingsms scamtriple m
(Read more...)
|
|||
|
2018-09-24 17:03:02 | A week in security (September 17 – 23) (lien direct) |
A roundup of the security news from September 17–23, including Android scams, massive WordPress compromises, and high fines for Equifax.
Categories:
Security world
Week in security
Tags: AndroidemotetEquifaxEquifax breachfineMagaCartmalwarephishingplayransomwareround up. ukgovsaslvulnerabilityweek in security
(Read more...)
|
Equifax | ||
|
2018-09-21 22:55:01 | Emotet on the rise with heavy spam campaign (lien direct) |
Over the last few days, we've noticed a large increase in malicious spam spreading Emotet, as well as a higher number of detections from our customers. Looks like we're in the middle of an active Emotet campaign.
Categories:
Cybercrime
Malware
Tags: campaignemotetEternalBluemalicious documentsmalicious spamthreat statisticstrickbotWannaCry
(Read more...)
|
Spam | Wannacry | |
|
2018-09-21 15:00:00 | Simple Authentication and Security Layer (SASL) vulnerabilities (lien direct) |
The Simple Authentication and Security Layer (SASL) is an essential element of online authentication. But are you aware of all the known vulnerabilities? And, more importantly, have you patched them?
Categories:
Cybercrime
Exploits
Tags: authenticationbrute forcedenial of serviceexploitsmailserversaslSimple Authentication and Security Layervulnerabilities
(Read more...)
|
|||
|
2018-09-20 17:42:04 | Mass WordPress compromises redirect to tech support scams (lien direct) |
Thousands of WordPress sites have been injected with the same malicious redirection. We review the infection details and the malicious traffic leading to browser lockers.
Categories:
Social engineering
Threat analysis
Tags: bitcoinBitcoin CodebrowlockIndicators of compromiseinjectionsJavaScripttech support scamsTSSwordpressZues
(Read more...)
|
Guideline | ||
|
2018-09-20 16:00:00 | 6 sure signs someone is phishing you-besides email (lien direct) |
Beyond the medium used to reach you (which is most often email), what are some of the common signs and behaviors of phishing? Conversations that focus on the inbox only leave users with an inadequate understanding of how to protect against this ubiquitous threat.
Categories:
101
FYI
Tags: iOS phishingphishingphishing scamsmishingsms phishingSocial Engineeringvishing
(Read more...)
|
|||
|
2018-09-19 15:00:04 | A month of giveaway spam on Twitter (lien direct) |
We've observed a low level spam campaign working its way through Twitter, with just under 2,000 posts visible on public search since September 1. What're they trying to sell this time? Some CBD oil!
Categories:
Cybercrime
Privacy
Tags: free CBD oilgiveaway spaminvitespamtweetstwitter
(Read more...)
|
Spam | ||
|
2018-09-17 15:56:01 | A week in security (September 10 – 16) (lien direct) |
A roundup of the security news from September 10–16, including omnichannel fraud, ways to get back at scammers, the security of 2FA, and partnerstrokas.
Categories:
Security world
Week in security
Tags: 2faa week in securityAndroidandroid browserbanking Trojanbanking Trojansbotnetshmrc phishmicrosoftomnichannel fraudphishingportable routerproject verifyram nitRamnit Trojanransomwarerecaprecon malwarescammersecurity of portable routertech support scamtech support scamstortrojantwo-factor authenticationweekly blog roundup
(Read more...)
|
|||
|
2018-09-14 16:00:00 | HMRC phish swipes email login, payment details (lien direct) |
It isn't tax season for UK (or US) residents, but that hasn't deterred scammers from sending out an HMRC phish double whammy with a tight deadline attached.
Categories:
Cybercrime
Social engineering
Tags: fraudfraud siteHMRChmrc fraudOutlookphishphishingscamSocial Engineeringtaxtax fraudtax seasonUK fraud
(Read more...)
|
|||
|
2018-09-14 15:00:00 | Is two-factor authentication (2FA) as secure as it seems? (lien direct) |
Two factor authentication (2fa) was introduced to enhance login security, but does it always work as advertised? Or can it be bypassed?
Categories:
101
FYI
Tags: 2fabiometricsbrute forcefacebookfake loginmfamulti-factor authenticationpassword resetphishingSocial Engineeringthird-party logintotptwo-factor authentication
(Read more...)
|
|||
|
2018-09-13 15:00:00 | Partnerstroka: Large tech support scam operation features latest browser locker (lien direct) |
Tech support scammers belonging to the Partnerstroka group are once again abusing browsers, this time with a new browlock feature to reel in more victims, in one of the biggest campaigns we've ever tracked.
Categories:
Cybercrime
Social engineering
Tags: Blogger redirectsbrowlockbrowlocksbrowser lockerbrowser lockersDecoy sitesGoDaddyHTTP authenticationIndicators of compromiseIOCIOCsmalicious pop-upsmalvertisingMalwarebytes Browser ExtensionMalwarebytes Browser ExtensionsPartnerstrokarogue tech support adsstrokatech supporttech support scamsTSS
(Read more...)
|
|||
|
2018-09-12 15:00:00 | The many faces of omnichannel fraud (lien direct) |
There's a new kind of fraud out there, and it's after organizations that have embraced omnichannel, a strategy that focuses on improved user experience. We take a look at what omnichannel is, the kinds of fraud that can affect businesses using this approach, and how they can protect themselves-and their clients.
Categories:
101
Business
Tags: auth methodscard not present fraudcard testing fraudclick and collect fraudcnp fraudcybersecurity softwareencryptionfraudfraud preventionmfamobile payment fraudmulti-factor authenticationomnichannelomnichannel fraudreturn fraudsecuritySMS fraudtrack fraud
(Read more...)
|
|||
|
2018-09-11 15:00:00 | 5 safe ways to get back at spammers: a guide to wasting time (lien direct) |
We take a look at some of the safe ways to waste a spammer's time, whether by email or telephone.
Categories:
101
How-tos
Tags: chatbot appemailmailphoneRobokillerscammerspamspammertelemarketerstelephone call
(Read more...)
|
|||
|
2018-09-10 16:44:05 | A week in security (September 3 – 9) (lien direct) |
A roundup of the security news from September 3 – 9, including spyware going mainstream, Mac App Store apps stealing and abusing customer data, and Fortnite install concerns.
Categories:
Security world
Week in security
Tags: a week in securityAndroidBrighton PolicefakeFire Eyefive eyesfortniteMac App StoremastercardMega.nzprotonmailsecurity camerasspywareTalosTechCrunchteslaWannaCry
(Read more...)
|
Wannacry Tesla | ||
|
2018-09-10 15:00:00 | Assessing the security of a portable router: a look inside its hardware (lien direct) |
In this post, we acquire the necessary equipment to analyze the security of an inexpensive portable router, which we access through its diagnostic interface, and poke around inside.
Categories:
Technology
Tags: COM Cable Adapter ModulecybersecurityEnd Of LifeEOLfirmwareGNDhardwarePL-2303HXAPL-2303Xportable routerPxrouterRS232TxU-bootUART pinsUSBVCCwifi
(Read more...)
|
|||
|
2018-09-07 17:08:02 | Mac App Store apps are stealing user data (lien direct) |
There are several apps in the Mac App Store that are collecting data about users that they should not be collecting. Here's what you need to know.
Categories:
Mac
Threat analysis
Tags: Adware DoctorAdware MedicApp StoreAppleDr. AntivirusmacMac App StoremacOSMalwarebytes for MacMobilePUPRAR file
(Read more...)
|
|||
|
2018-09-06 15:00:00 | Fortnite\'s Google Play rebuff sparks security concerns for Android users (lien direct) | Read more...) | |||
|
2018-09-05 15:00:00 | When spyware goes mainstream (lien direct) |
Considering using spyware to surveil a cheating partner or keep an eye on the kiddos? Think again. Not only is it an invasion of privacy, but it's illegal. Learn the telltale signs of spyware and why this suddenly mainstream malware needs to go back underground.
Categories:
101
Cybercrime
FYI
Malware
Tags: android spyingAndroid spywarecfaacomputer fraud and abuse adctconsumer spywarecydia appfind my friendsinternet spy prevention actios spyingmspyspywarestalkerwarestealwaresurveillancewarethe i-spy acttrusted contacts
(Read more...)
|
Malware | ||
|
2018-09-03 15:00:03 | (Déjà vu) A week in security (August 27 – September 2) (lien direct) |
A round-up of the security news from August 27 – September 2, including ransomware, interesting talks during BlackHat, botnets, and the evils of JavaScript.
Categories:
Security world
Week in security
Tags: emaileu telecomsfake newsHackermalwareMobileprivacy
(Read more...)
|
To see everything:
Our RSS (filtrered)
