Virus / Malware

Retour à Sécurité

Malwarebytes

    • The lazy person’s guide to cybersecurity: minimum effort for maximum protection 21 février 2019
      Are you tired of that acquaintance who keeps bugging you with computer questions? Do you avoid visiting certain people because you know you will spend most of the evening cleaning up their machine? My uncle Bob is one of those people. He’s a nice guy, but with computers, he’s not just an accident waiting to happen—he’s an accident waiting to become a catastrophe. To keep Uncle Bob’s co …

    • How does macOS protect against malware? 21 février 2019
      Mac users often are told that “Macs don’t get viruses.” This is not really true, of course. Macs can and do get infected. However, it is true that macOS provides some basic protection against malware. This protection can be quite effective in some ways, but, unfortunately, quite ineffective in others. Let’s take a look at how macOS features protect you from malware, and how …

    • Sophisticated phishing: a roundup of noteworthy campaigns 20 février 2019
      Phishing is a problem nearly as old as the Internet. Yet, criminals continue to reach into their bag of phishing tricks in 2019 because, in a nutshell, it just works. Dialing into the human psyche and capitalizing on emotions such as fear, anxiety, or plain laziness, phishing attacks are successful because they take aim at our weaknesses and exploit them—in much the same way an exploit kit takes a …

    • Good bots, bad bots: friend or foe? 20 février 2019
      One of the most talked about technologies online today is the ubiquitous bot. Simultaneously elusive yet also responsible for all of civilisation’s woes, bots are a hot topic of contention. If we went purely by news reports, we’d assume all bots everywhere are evil, and out to get us (or just spreading memes). We’d also assume every single person we ever disagreed with online is a bot.  It might s …

    • A week in security (February 11 – 17) 18 février 2019
      Last week on Malwarebytes Labs we discussed the return of the Sextortion Bitcoin scams, we gave you an early overview of the exploit kits in the winter of 2019, we talked about the destruction of VFEmail service, for consumers we discussed whether you should remove yourself from social media, for businesses we discussed the implementation of an anti-phishing plan, and the concept of whole team sec …

    • Crack hunting: not all it’s cracked up to be 18 février 2019
      People sometimes ask us in the forums if a keygen or software crack is safe to use. Sometimes, these programs do what they say on the tin. Other times, they’re not what they say they are. In this post, I’ll describe what happened when I went crack hunting, and why it is often unsafe to carry out this activity. Researchers like myself often browse crack and keygen sites because they are known to ho …

    • Tackling the shortage in skilled IT staff: whole team security 15 février 2019
      Is your IT department understaffed, overworked, and are you looking for reinforcements in vain? Maybe these hard-to-hire reinforcements can be hired from within, rather than having to outsource or hire expensive, short-term extra help. While this was usually only done if your own staff was falling too far behind, the burden of the shortage of skilled IT staff in the workforce is starting to take i …

    • Should you delete yourself from social media? 14 février 2019
      You’re feeling like you’ve had enough. All the recent news—from Facebook’s Cambridge Analytica snafu to various abuses of Twitter vulnerabilities—has you wondering: Should I delete myself from social media? Social networking does have its positive aspects. You can stay in touch with distant (or not) relatives, be included in the planning of social events within your circle of fri …

    • Hacker destroys VFEmail service, wipes backups 14 février 2019
      An email service called VFEmail was essentially put out of business after a hack intended to delete everything in (and out of) sight. “Yes, @VFEmail is effectively gone. It will likely not return. I never thought anyone would care about my labor of love so much that they’d want to completely and thoroughly destroy it.” This wasn’t “just” a simple webpage compromise, o …

    • Businesses: It’s time to implement an anti-phishing plan 13 février 2019
      Businesses: phishers aren’t just coming for you. They’re coming for your employees and your customers, too. Phishing attacks are on the rise this year, thanks in part to massive Emotet and TrickBot campaigns, which make use of phishing emails to deliver their payloads. If you don’t already have one in place, then it’s time to implement an anti-phishing plan. Where phishes are concerned …

    • Exploit kits: winter 2019 review 12 février 2019
      Active malvertising campaigns in December and the new year have kept exploit kit activity from hibernating in winter 2019. We mostly observed Fallout and RIG with the occasional, limited GrandSoft appearance for wider geo-targeting. In addition, narrowly-focused exploit kits such as Magnitude, Underminer, and GreenFlash Sundown stayed on the same track: delivering ransomware to mostly Asian countr …

    • Sextortion Bitcoin scam makes unwelcome return 11 février 2019
      Heads up: a particularly nasty sextortion Bitcoin scam from at least the middle of 2018 is making the rounds once again. The scam involves making use of old breach dumps, then emailing someone from the list and reminding them of their old password. When something lands in your mailbox with “Hey, remember this?” it’s a surefire way to focus the reader’s attention. Pressure is then applied to …

    • A week in security (February 4 – 8) 11 février 2019
      Last week on Malwarebytes Labs, we took a closer look at the technical and reputational challenges for Facebook as it tries to integrate secure messaging across Messenger, WhatsApp, and Instagram. We explored Google’s latest attempts to change how the public sees—literally—web browser URLs, gave some of our best tips on how to safely browse the Internet at work, and detailed a unique spam campaign …

    • Compromising vital infrastructure: communication 8 février 2019
      Have you ever been witness to a Wi-Fi failure in a household with school-aged children? If so, I don’t have to convince you that communication qualifies as vital infrastructure. For the doubters: when you see people risking their lives in traffic just to check their phone, you’ll understand why most adults consider instant communication to be vital as well. Forms of communication Humanity ha …

    • Merging Facebook Messenger, WhatsApp, and Instagram: a technical, reputational hurdle 7 février 2019
      Secure messaging is supposed to be just that—secure. That means no backdoors, strong encryption, private messages staying private, and, for some users, the ability to securely communicate without giving up tons of personal data. So, when news broke that scandal-ridden, online privacy pariah Facebook would expand secure messaging across its Messenger, WhatsApp, and Instagram apps, a broad community …

    • Google Chrome announces plans to improve URL display, website identity 6 février 2019
      “Unreadable gobbledygook” is one way to describe URLs today as we know them, and Google has been attempting to redo their look for years. In their latest move to improve how Chrome—and of course, how the company hopes other browsers would follow suit—displays the URL in its omnibox (the address bar), Google’s Chrome team has made public two projects that usher them in this direction. First, they l …

    • New critical vulnerability discovered in open-source office suites 6 février 2019
      A great number of attack techniques these days are using Microsoft Office documents to distribute malware. In recent years, there has been serious development on document exploit kit builders, not to mention the myriad of tricks that red-teamers have come up with to bypass security solutions. In contrast to drive-by downloads that require no user interaction, document-based attacks usually incorpo …

    • How to browse the Internet safely at work 5 février 2019
      This Safer Internet Day, we teamed up with ethical hacking and web application security company Detectify to provide security tips for both workplace Internet users and web developers. This article is aimed at employees of all levels. If you’re a programmer looking to create secure websites, visit Detectify’s blog to read their guide to HTTP security headers for web developers. More and more …

    • Movie stream ebooks gun for John Wick 3 on Kindle store 4 février 2019
      We discovered a novel spam campaign over the weekend, targeting fans of John Wick on the Amazon Kindle store. The scam itself involves paying for what appears to be the upcoming third movie, turns into a bogus ebook, and goes on to hyperlink potential victims to a collection of third-party websites. How does this begin? With a dog, a grieving assassin, and a pencil. Actually, it begins with me hun …

    • A week in security (January 28 – February 3) 4 février 2019
      Last week, we ran another in our interview with a malware hunter series, explained a FaceTime vulnerability, and took a deep dive into a new stealer. We also threw some light  on a Houzz data breach, and what exactly happened between Apple and Facebook. Other cybersecurity news Kwik Fit hit by malware: Car service specialist runs into trouble when systems go offline. (Source: BBC) Mozilla publishe …

ESET

    • Week in security with Tony Anscombe 22 février 2019
      Head of the AI/ML Team at ESET, Juraj Jánošík, looks at machine learning and cybersecurity and considers whether it is a step toward a safer world or a step closer to the brink of chaos The post Week in security with Tony Anscombe appeared first on WeLiveSecurity …

    • How costly are sweetheart swindles? 21 février 2019
      And that’s on top of the heartache experienced by the tens of thousands of people who fall for romance scams each year The post How costly are sweetheart swindles? appeared first on WeLiveSecurity …

    • Siegeware: When criminals take over your smart building 20 février 2019
      Siegeware is what you get when cybercriminals mix the concept of ransomware with building automation systems: abuse of equipment control software to threaten access to physical facilities The post Siegeware: When criminals take over your smart building appeared first on WeLiveSecurity …

    • Criminal hacking hits Managed Service Providers: Reasons and responses 19 février 2019
      Recent news articles show that MSPs are now being targeted by criminals, and for a variety of nefarious reasons. Why is this happening, and what should MSPs do about it? The post Criminal hacking hits Managed Service Providers: Reasons and responses appeared first on WeLiveSecurity …

    • Smoke damage and hard drives 18 février 2019
      A closer look at the damage caused by smoke particles and some steps you can take to aid recovery The post Smoke damage and hard drives appeared first on WeLiveSecurity …

    • Week in security with Tony Anscombe 15 février 2019
      ESET malware researcher Lukáš Štefanko sits down with us to discuss Android banking malware, the topic of his latest white paper. An attack on an email provider wipes out almost two decades’ worth of data. Plus an interesting article from Jake Moore on the possible dangers that may come from providing your name at your local coffee shop. The post Week in security with Tony Anscombe appeared first …

    • Navigating the murky waters of Android banking malware 15 février 2019
      An interview with ESET malware researcher Lukáš Štefanko about Android banking malware, the topic of his latest white paper The post Navigating the murky waters of Android banking malware appeared first on WeLiveSecurity …

    • Why you should choose a pseudonym at Starbucks 13 février 2019
      Innocently providing your name at your local coffee shop is just an example of how easy it can be for miscreants to cut through the ‘privacy’ of social media accounts The post Why you should choose a pseudonym at Starbucks appeared first on WeLiveSecurity …

    • Apple to pay teenager who uncovered FaceTime bug 12 février 2019
      The decision to award the bug has been welcomed but one security researcher has said that they need to do more to compensate those who find bugs The post Apple to pay teenager who uncovered FaceTime bug appeared first on WeLiveSecurity …

    • Week in security with Tony Anscombe 8 février 2019
      ESET researchers publish their latest findings on a modular Trojan called DanaBot and on a cryptocurrency stealer that takes the form of clipper malware on Google Play. The post Week in security with Tony Anscombe appeared first on WeLiveSecurity …

    • First clipper malware discovered on Google Play 8 février 2019
      Cryptocurrency stealers that replace a wallet address in the clipboard are no longer limited to Windows or shady Android app stores The post First clipper malware discovered on Google Play appeared first on WeLiveSecurity …

    • DanaBot updated with new C&C communication 7 février 2019
      ESET researchers have discovered new versions of the DanaBot Trojan, updated with a more complicated protocol for C&C communication and slight modifications to architecture and campaign IDs The post DanaBot updated with new C&C communication appeared first on WeLiveSecurity …

ESET Support