What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2018-08-31 15:00:05 | Explained: regular expression (regex) (lien direct) |
What is regular expression (regex) and what makes it vulnerable to attack? Learn how to use regex safely and avoid ReDoS attacks in the process.
Categories:
Business
Technology
Tags: ddosJavaScriptnode.jsredosregexsearchservervulnerability
(Read more...)
|
|||
|
2018-08-30 15:41:03 | Reversing malware in a custom format: Hidden Bee elements (lien direct) |
When we recently analyzed payloads related to Hidden Bee (dropped by the Underminer EK), we noticed something unusual. After reversing the malware, we discovered that its authors actually created their own executable format. Follow our step-by-step analysis for a closer look.
Categories:
Malware
Threat analysis
Tags: custom malwarehidden beehidden bee minerpayloadreverse engineeringreversing malware
(Read more...)
|
Malware | ||
|
2018-08-29 16:48:03 | Fileless malware: getting the lowdown on this insidious threat (lien direct) |
In this series of articles, we provide an in-depth discussion of fileless malware and their related attacks. In part one, we cover a brief overview of the problems with and general features of fileless malware, laying the groundwork for technical analysis of various samples employing fileless and semi-fileless methods.
Categories:
Malware
Threat analysis
Tags: file historyfileless infectionsfileless malwarefileless malware attackskovtermagnitude EKpowelikspowershellRAMsamsamsamsam ransomwaresemi-filelessSOC teamwindows
(Read more...)
|
Malware Threat | ★★★★ | |
|
2018-08-28 15:00:00 | Official Cardi B website plagued by spammers (lien direct) |
Over the past few days, fans of singer Cardi B noticed her website was slowly filling up with spam. We take a look at what happened.
Categories:
Cybercrime
Privacy
Tags: blog commentscardi bcardibdevelopersgdprmoderationonline privacyprivacyspamspammersvideoswebsite. spamyoutube
(Read more...)
|
|||
|
2018-08-27 20:29:00 | Mobile Menace Monday: FakeGift is the gift that keeps on frustrating (lien direct) |
Last spring, we found yet another piece of riskware on Google Play we call Android/PUP.Riskware.FakeGift. FakeGift does exactly what its name implies: gives its users fake gifts that can be redeemed for...absolutely nothing.
Categories:
Cybercrime
Mobile
Tags: AndroidfakegiftGoogle Playmobile menace mondaymobile riskwarePUPtriple m
(Read more...)
|
|||
|
2018-08-27 17:06:01 | A week in security (August 20 – 26) (lien direct) |
A roundup of the security news from August 20 – 26, including a look at insider threats, several breaches, and what tech giants Google and Facebook are doing about their privacy issues.
Categories:
Security world
Week in security
Tags: a week in securitybadgelifecobalt dickenscybersecuritycybersecurity awarenessdigital entropy of deathelectionsfacebookGooglegreen card scamprivacyproject insecurityransomwarerecapryuksearch browser extensionssuperdrugthe lazarus grouptwitchvulnerabilitiesweekly blog roundup
(Read more...)
|
Medical | APT 38 | |
|
2018-08-24 15:00:00 | Green card scams: preying on the desperate (lien direct) |
Most online scams depend on two things: a legitimate entity that has a complicated or broken process, and a desperate target population. With immigration, you get both, which results in an environment ripe for green card scams.
Categories:
Cybercrime
Social engineering
Tags: fraudgreen card scamimmigrantscams
(Read more...)
|
|||
|
2018-08-23 15:00:00 | Can search extensions keep your searches private? (lien direct) |
A lot of search extensions have been marketed over the year claiming to protect online privacy. Are they worth installing? We take a look at what these plugins actually have to offer.
Categories:
PUP
Tags: chromeextensionsprivacysearchsearchalgowowmovix
(Read more...)
|
|||
|
2018-08-22 16:03:01 | Badgelife: A Defcon 26 retrospective (lien direct) |
Another year, another Defcon. In this retrospective, we take a look at the crown jewel of Defcon swag: badges. Reminisce with us about the coolest badges ever made and traded.
Categories:
Conferences
Security world
Tags: badgelifedefconDefcon badgesSAO
(Read more...)
|
|||
|
2018-08-21 15:58:01 | The digital entropy of death: BSides Manchester (lien direct) |
What happens to online accounts when we die? Not a cheerful subject by any stretch of the imagination, but one we covered at BSides Manchester.
Categories:
101
Tags: after we diebsidesBSides Manchesterdeathdigital entropy of deathdigital real estatelink rotsocial media
(Read more...)
|
|||
|
2018-08-20 17:33:01 | A week in security (August 13 – 19) (lien direct) |
A round up of the security news from August 13 – 19, including an in-depth discussion of what drives the average cybercriminal to crime.
Categories:
Security world
Week in security
Tags: a week in securityInstagramIntelweb cache poisoningweek in security
(Read more...)
|
|||
|
2018-08-20 16:42:05 | The enemy is us: a look at insider threats (lien direct) |
It could be the engineer in the IT department, the janitor mopping the lobby, one of the many managers two floors up, or the contractor who's been in and out the office for weeks now. Or, maybe it could be you. It could be the engineer in the IT department, the janitor mopping the lobby, one of the many managers two floors up, or the contractor who's been in and out the office for weeks now. Or, maybe it could be you. Who are the insider threats to organizations? And how can they be stopped?
Categories:
101
Business
Tags: accidental insidercert insider threat centerdr. park dietzinsider threatsintentional insidermalicious insidernegligent insidersprofessional insidertrue cost of cybercrimeunintentional insiderworkplace violence
(Read more...)
|
Threat | ||
|
2018-08-17 16:00:00 | Liar, liar, pants on fire! Barclays phish claims cards explode (lien direct) |
We feel compelled to relay the dire warning from this Barclays snail-mail letter, which we acquired through social media, therefore it must be true.
Categories:
Cybercrime
Social engineering
Tags: barclayscredit cardfailfakeLOLphishquality controlscamsnail mailsnail mail phish
(Read more...)
|
|||
|
2018-08-16 15:00:00 | How to secure your content management system (lien direct) |
Popular content management systems are easy to install and use. But how easy is it to keep them secure?
Categories:
Security world
Technology
Tags: CMSCMS securitycontent management systemsdrupalJoomlawordpress
(Read more...)
|
|||
|
2018-08-15 16:00:00 | Black Hat USA 2018: ransomware is still the star (lien direct) |
A recap of the Malwarebytes' team experience at the Black Hat conference in Las Vegas, including top trends, topics, and interesting discussions.
Categories:
Malwarebytes news
Tags: black hatblackhatconferenceVegas
(Read more...)
|
Ransomware | ||
|
2018-08-15 14:00:00 | Under the hoodie: why money, power, and ego drive hackers to cybercrime (lien direct) |
We know what cybercriminals do. We know how they do it. Now we ask: why? This in-depth profile examines what makes hackers turn to cybercrime, and what could change their minds.
Categories:
Cybercrime
Social engineering
Tags: criminal profilecybercrimecybercriminalshackerspsychological profile
(Read more...)
|
|||
|
2018-08-14 15:00:00 | Back to school cybersecurity: hints, tips, and links for a safer school year (lien direct) |
Term time is upon us once more, and soon the summer holidays will be a thing of the past. We offer up some handy hints and tips for better back to school cybersecurity, and link to numerous resources of our own to help parents and kids have a safer online experience this year.
Categories:
101
FYI
Tags: childrenkidsreturnschoolschool cybersecurityschoolkidssemestersummerterm
(Read more...)
|
|||
|
2018-08-13 18:29:05 | (Déjà vu) Process Doppelgänging meets Process Hollowing in Osiris dropper (lien direct) |
Process doppleganging, a rare technique of impersonating a process, was discovered last year, but hasn't been seen much in the wild since. It was an interesting surprise, then, to discover its use mixed in with Process Hollowing, yet another technique, in a dropper for the Osiris banking Trojan.
Categories:
Malware
Threat analysis
Tags: dropperkronososirisOsiris dropperprocess dopplegangingtrojan
(Read more...)
|
|||
|
2018-08-13 16:37:01 | A week in security (August 6 – August 12) (lien direct) |
A round-up of the security news from August 6 – August 12, including ransomware, interesting talks during BlackHat, botnets, and the evils of JavaScript.
Categories:
Security world
Week in security
Tags: botnetCTNT reportcybercrimeexploit kitsMeltdownransomwarerdprecaptrue cost of cybercrimetwitter botsweek in securityweekly blog roundupwhatsapp. javascript
(Read more...)
|
|||
|
2018-08-10 16:13:01 | How to protect your RDP access from ransomware attacks (lien direct) |
Ransomware distributors have started using RDP to gain access to business networks. Do you have your remote desktops under control?
Categories:
Business
Security world
Tags: businessransomwarerdpremote accessremote desktop protocol
(Read more...)
|
Ransomware | ||
|
2018-08-09 18:52:05 | Osiris dropper found using process doppelgänging (lien direct) |
Process doppleganging, a rare technique of impersonating a process, was discovered last year, but hasn't been seen much in the wild since. It was an interesting surprise, then, to discover its use in a dropper of the Osiris banking Trojan. We unpack the code to show how malware authors used this process.
Categories:
Malwarebytes news
Tags: dropperkronososirisOsiris dropperprocess dopplegangingtrojan
(Read more...)
|
Malware | ||
|
2018-08-09 15:00:00 | 8 everyday technologies that can make you vulnerable to cyberattacks (lien direct) |
The security vulnerabilities of the latest developments in tech have been well documented. But what about everyday technologies that have been around for a while or are widely adopted? Here are eight commonly-used tech conveniences that are not as ironclad as you might hope.
Categories:
101
FYI
Tags: cyberattackcyberattackseveryday technologiessmart phonessmart speakersvulnerabilitiesvulnerable
(Read more...)
|
|||
|
2018-08-08 14:00:00 | White hat, black hat, and the emergence of the gray hat: the true costs of cybercrime (lien direct) |
Osterman Research recently completed a major survey on behalf of Malwarebytes to determine the actual cost of cybercrime to businesses. Here's what we discovered.
Categories:
Business
Security world
Tags: black hatbusinesscosts of cybercrimecybercrimedata breachesgray hatMicahel OstermanOsterman reportwhite hat
(Read more...)
|
|||
|
2018-08-07 15:00:00 | Exploit kits: summer 2018 review (lien direct) |
Just like the beach, the EK landscape got a little crowded this summer. Find out what we discovered in our exploit kits summer review.
Categories:
Exploits
Threat analysis
Tags: drive-by downloadsdrive-bysEKEKsexploit kitsgrandsoftGreenFlash SundownKaiXinMagnitudeRIGUnderminer
(Read more...)
|
|||
|
2018-08-06 16:07:03 | A week in security (July 30 – August 5) (lien direct) |
A roundup of the security news from July 30 – August 5, including cryptomining, big data, social engineering, and more.
Categories:
Security world
Week in security
Tags: big databreachcryptominingfacebookmalwarerecapredditSocial Engineeringspamsteam cryptominerweekly blog roundup
(Read more...)
|
|||
|
2018-08-03 15:00:00 | Explained: What is big data? (lien direct) |
In our explained series, we talk about the impact of big data on our society. What is it, who uses it, and for what purposes?
Categories:
Security world
Technology
Tags: apopheniabig breachesbig dataInternet of ThingsIoTpersonally identifiable informationPII
(Read more...)
|
|||
|
2018-08-02 15:00:00 | Social engineering attacks: What makes you susceptible? (lien direct) |
Cybercriminals will do what it takes to get what they want, whether that's breaching a corporate network or stealing credentials with malware. But what do we do if hackers are hacking us instead of our computers? Here's how to tell if you're susceptible to social engineering attacks, and what to do to combat them.
Categories:
Cybercrime
Social engineering
Tags: 419 scamblackmailcatfishingcold call scamscrytocurrency scamfraudphishingransomwarerogue softwareseo poisoningsextortionSocial Engineeringsocial engineering attacks
(Read more...)
|
|||
|
2018-07-31 15:00:02 | What\'s in the spam mailbox this week? (lien direct) | Read more...) | Spam | ||
|
2018-07-30 15:57:01 | A week in security (July 23 – July 29) (lien direct) |
A round up of the security news from July 23 – July 29, including the introduction of Malwarebytes Browser Extensions, and new malware HiddenBee, Proton, and MobiDash.
Categories:
Security world
Week in security
Tags: Android Phidden beeMalwarebytes Browser ExtensionsmobidashprotonTrojansweek in security
(Read more...)
|
Malware | ||
|
2018-07-27 19:12:02 | New Android P includes several security improvements (lien direct) |
With its release around the corner, we take a close look at the Android P security improvements and how the newest version of Android will better protect the privacy and data of its users.
Categories:
Cybercrime
Mobile
Tags: AndroidAndroid PGoogleMobileprivacysecurity
(Read more...)
|
|||
|
2018-07-26 21:00:02 | \'Hidden Bee\' miner delivered via improved drive-by download toolkit (lien direct) |
Threat actors switch to the Hidden Bee miner as a payload for this unusual and complex drive-by download campaign.
Categories:
Exploits
Threat analysis
Tags: bootkitcryptominerdrive-by attackexploithidden beehidden bee minerMBR
(Read more...)
|
|||
|
2018-07-26 17:21:02 | Introducing: Malwarebytes Browser Extension (lien direct) |
Malwarebytes Browser Extensions (BETA) are available in the official web stores for Chrome and Firefox. Read what they can do for you, and try one, if you haven't already..
Categories:
Betas
Malwarebytes news
Tags: ad blockersad blockingblockchromeclickbaitfirefoxMalwarebytes Browser Extensionsspeed up browsertech support scams
(Read more...)
|
|||
|
2018-07-25 15:40:04 | Trojans: What\'s the real deal? (lien direct) | Read more...) | |||
|
2018-07-24 15:00:00 | New strain of Mac malware Proton found after two years (lien direct) |
A new variant of the Mac malware Proton, which was rampant on macOS last year, has been found dating back to at least two years ago. Learn how this could still affect your Mac today.
Categories:
Mac
Threat analysis
Tags: AppleCalistomacProton malware
(Read more...)
|
Malware | ||
|
2018-07-23 17:30:00 | A week in security (July 16 – July 22) (lien direct) |
A round up of the security news from July 16 – July 22, including the release of our quarterly Cybercrime tactics and techniques report, breaches, airport security, bug bounties, and more.
Categories:
Security world
Week in security
Tags: becbountybreachdatamalwareransomware
(Read more...)
|
|||
|
2018-07-23 15:00:05 | Mobile Menace Monday: Adware MobiDash gets stealthy (lien direct) |
Adware MobiDash, an ad-displaying nuisance, now comes with some additional stealth features. As a result, these features hide the existence of Adware MobiDash-even when it's in plain sight.
Categories:
Cybercrime
Mobile
Tags: adwareAndroidmobidashMobilemobile menace mondaystealthytriple m
(Read more...)
|
|||
|
2018-07-20 15:00:00 | The danger of third parties: ads, pipelines, and plugins (lien direct) |
We take a look at the perils of the tools and services embedded into the websites you use on a daily basis, thanks to the development help of third parties.
Categories:
101
FYI
Tags: ad networksadsbreachphonespipelinesupply chainthird party
(Read more...)
|
|||
|
2018-07-19 17:24:03 | How to block ads like a pro (lien direct) |
In part one of this series, we had a look at a few reasons why you should block ads on your network and devices. In the second part, we'll cover a few of the common ad blocking utilities and how to best configure those tools for maximum effectiveness.
Categories:
Privacy
Security world
Tags: ad blockingblock adshow-tosmalvertising
(Read more...)
|
|||
|
2018-07-18 20:24:04 | What\'s the real value-and danger-of smart assistants? (lien direct) | Read more...) | |||
|
2018-07-17 15:00:00 | 5 ways to find and fix open source vulnerabilities (lien direct) |
A recent discovery of surreptitious execution of cryptomining code by a sandboxed app, riding piggyback on the open source software (OSS) ecosystem, raises pertinent questions about open source vulnerabilities. Here are five ways developers can find and fix vulnerabilities and their dependencies.
Categories:
Business
Security world
Tags: open sourceopen source codevulnerabilities
(Read more...)
|
|||
|
2018-07-17 12:05:00 | Cybercrime tactics & techniques Q2 2018 (lien direct) |
The last quarter is likely the last hurrah of the campaigns and attacks we've been seeing over the last 6 months. What comes next may completely change the game. Check out our latest Cybercrime Tactics & Techniques report to find out more about what you may encounter next quarter.
Categories:
CTNT report
Tags: adam kujawaAdam McNeiladwareChris BoydcryptominingcybercrimeexploitsgandcrabJerome SeguraMalwarebytesMarcelo RiveroPieter Artnzransomwarescammersvpnfilterwendy zamoraWilliam Tsing
(Read more...)
|
VPNFilter | ||
|
2018-07-16 17:00:01 | Magniber ransomware improves, expands within Asia (lien direct) |
After a controlled delivery focused on South Korea, an upgraded Magniber ransomware is now affecting other Asian countries.
Categories:
Exploits
Threat analysis
Tags: asiaEKmagniberMagnigateMagnitudeMalaysiaSouth KoreaTaiwan
(Read more...)
|
Ransomware | ||
|
2018-07-16 15:00:00 | A week in security (July 9 – July 15) (lien direct) |
A roundup of the security news from July 9 - July 15, including sextortion, Spectre, cryptomining, mobile malware, ICO scams and more.
Categories:
Security world
Week in security
Tags: ad blockersandroid malwarecrypto miningdata breachdomestic abusefacebookico fraudmitmmulti-factor authenticationprime day 2018SpectreThreat Intel
(Read more...)
|
|||
|
2018-07-15 17:34:05 | A primer: How to stay safe on Amazon\'s Prime Day Sale (lien direct) | ||||
|
2018-07-12 17:00:04 | Block all or nothing to prevent ICO fraud? (lien direct) |
Unfortunately, most ICOs (Initial Coin Offerings) turn out to be scams. So we feel compelled to ask our customers: would you like us to protect you from aal of them?
Categories:
Security world
Technology
Tags: ico fraudInitial Coin Offeringprotectionscams
(Read more...)
|
|||
|
2018-07-11 18:15:02 | We block shady ad blockers (lien direct) |
Some of you have reached out to us concerning Malwarebytes blocking of certain Ad blocking extensions, or an influx in web blocking notifications. First things first, this is not a False Positive.
Categories:
Cybercrime
Tags: adblock proadguardadremover for google chromeadremover.orgblockextensionGoogle ChromeHD for YouTubeMalwarebytesservices.adremover.orgublock plusweb blockWebutation
(Read more...)
|
|||
|
2018-07-11 15:00:00 | IoT domestic abuse: What can we do to stop it? (lien direct) |
A disturbing new use of technology against loved ones has come to light: Internet of Things (IoT) domestic abuse cases are being reported, and security experts are wondering how best to tackle this new problem. What is it? And more importantly, what can we do to fight it?
Categories:
Cybercrime
Privacy
Tags: domestic abuseInternet of ThingsIoTprivacysafetysecuritytracking
(Read more...)
|
|||
|
2018-07-10 15:00:00 | So you\'ve been asked to start a threat intel program (lien direct) | Read more...) | Threat | ||
|
2018-07-09 17:00:00 | A week in security (July 2 – July 8) (lien direct) |
A roundup of the security news from July 2 - July 8, including a macro-less infection tecnique, online project management tools and crypto-mining malware campaigns.
Categories:
Security world
Week in security
Tags: crypto miningmacro-lessproject managementroundupweek in security
(Read more...)
|
Malware | ||
|
2018-07-09 15:00:00 | Everybody and their mother is blocking ads, so why aren\'t you? (lien direct) |
To see everything:
Our RSS (filtrered)
