Virus / Malware

Retour à Sécurité

Malwarebytes

    • Compromising vital infrastructure: problems in education security continue 17 juillet 2019
      The educational system and many of its elements are targets for cybercriminals on a regular basis. While education is a fundamental human right recognized by the United Nations, the financial means of many schools and other entities in the global educational system are often limited. These limited budgets often result in weak or less-than-adequate protection against cyberthreats. Unfortunately, or …

    • Hi, honey. It’s mom. My phone is acting funny again. 16 juillet 2019
      Whether it’s setting up access to a Netflix account on a smart TV or enabling personal email on an iPhone, some people—of all ages—have a hard time figuring out user-friendly technology. However, often times it’s older generations that have to turn to their progenitors for everything from uploading pictures to the cloud to deciding whether it’s safe to open an attachment. Despite results fro …

    • Meet Extenbro, a new DNS-changer Trojan protecting adware 15 juillet 2019
      Recently, we uncovered a new DNS-changer called Extenbro that comes with an adware bundler. These DNS-changers block access to security-related sites, so the adware victims can’t download and install security software to get rid of the pests. From our viewpoint, this might be like sending in an elephant to save the mosquito, but the threat actors behind this attack have been known to use aggressiv …

    • A week in security (July 8 – 14) 15 juillet 2019
      Last week on Malwarebytes Labs, we looked at ways to send your sensitive information in a secure fashion, examined some tactics in incident response land, and explored federal data privacy law. We also looked at how security tools can turn against you, and took a deep dive into the rather fiendish Soft Cell attack. Other cybersecurity news The UK government backs facial recognition tech: The contr …

    • Cellular networks under fire from Soft Cell attacks 12 juillet 2019
      We place a lot of trust in our mobile experience, given they’re one of the most constant companions we have. Huge reams of data, tied to a device we always carry with us, with said device frequently offering additional built-in app functionality. An astonishing wealth of information, for anyone bold enough to try and take it. Security firm Cybereason uncovered an astonishing attack dubbed “Operati …

    • Caution: Misuse of security tools can turn against you 11 juillet 2019
      We have a saying in Greece: “They assigned the wolf to watch over the sheep.” In a security context, this is a word of caution about making sure the tools we use to keep our information private don’t actually cause the data leaks themselves. In this article, I will be talking about some cases that I have come across in which security tools have leaked data they were intended to s …

    • What should a US federal data privacy law ideally include? 10 juillet 2019
      In the constant David-and-Goliath struggle between digital privacy advocates and corporate privacy invaders, the question of how to legally protect Americans with a comprehensive, federal data privacy law provides conflicting answers. Advocates want protections, which Big Tech interprets as restrictions. As of today, there is no one digital privacy law to rule them all. While a few state laws exis …

    • Enterprise incident response: getting ahead of the wave 10 juillet 2019
      Enterprise defenders have a tough job. In contrast to small businesses, large enterprise can have thousands of endpoints, legacy hardware from mergers and acquisitions, and legacy apps that are business critical and prevent timely patching. Add to that a deluge of indicators and metadata from the perimeter that may represent the early stages of a devastating attack—or may be nothing at all. So how …

    • How to securely send your personal information 8 juillet 2019
      This story originally ran on The Parallax and was updated on July 3, 2019. A few months ago, my parents asked a great security question: How could they securely send their passport numbers to a travel agent? They knew email wasn’t safe on its own. Standard email indeed isn’t safe for sending high-value personal information such as credit card or passport numbers, according to security experts such …

    • A week in security (July 1 – 7) 8 juillet 2019
      Last week on Malwarebytes Labs, we explained what to do when you find stalkerware, how cooperating apps and automatic permissions are setting you up for failure, and why you should steer clear of Bitcoin Cash generators. Other cybersecurity news: A former Chief Information Officer (CIO) of Equifax has been issued a prison sentence for insider trading on the firm’s disastrous data breach befo …

    • Steer clear of Bitcoin Cash generators 3 juillet 2019
      Here’s an interesting evolution on a well-worn scam, taking one profit generating fakeout and turning it into something else entirely. For years, gamers have been stuck navigating the treacherous waters of fake video game giveaways. With so many actual genuine gaming giveaways around, you’re never quite sure if a site offering free Xbox points, or Steam credits, or downloadable content, is going t …

    • Cooperating apps and automatic permissions are setting you up for failure 2 juillet 2019
      “Hey you. Someone from HR has invited you to a meeting on Thursday. Would you like me to add the appointment to the calendar?” Receiving an email notification when someone has invited you to a meeting is a feature that many professionals would not like to miss. Being able to log in at certain sites with your Facebook profile might be less indispensable, but nevertheless, it’s a heavily-used functi …

    • A week in security (June 24 – 30) 1 juillet 2019
      Last week on Malwarebytes Labs, we peeled back the mystery on an elusive malware campaign that relied on blank JavaScript injections, detailed for readers our latest telemetry on the tricky GreenFlash Sundown exploit, and looked at one of the top campaigns directing traffic toward scareware pages for Microsoft’s Azure Cloud Services. We also doubled down on our commitment—and significantly increas …

    • Helping survivors of domestic abuse: What to do when you find stalkerware 1 juillet 2019
      We’re going to talk about something different today. We’re going to talk about domestic abuse. Earlier this year, cybersecurity company Kaspersky Lab announced that the latest upgrade to its Android app would inform users about whether their devices were running stealthy, behind-the-scenes monitoring apps sometimes referred to as stalkerware. This type of software can track unsuspecting victims’ l …

    • Fake jquery campaign leads to malvertising and ad fraud schemes 27 juin 2019
      Recently we became aware of new domains used by an old malware campaign known as ‘fake jquery’, previously documented by web security firm Sucuri. Thousands of compromised websites are injected with a reference to an external JavaScript called jquery.js. However, there is something quite elusive about this campaign with regards to its payload. Indeed, to many researchers the supposedly …

    • GreenFlash Sundown exploit kit expands via large malvertising campaign 26 juin 2019
      Exploit kit activity has been relatively quiet for some time, with the occasional malvertising campaign reminding us that drive-by downloads are still a threat. However, during the past few days we noticed a spike in our telemetry for what appeared to be a new exploit kit. Upon closer inspection we realized it was actually the very elusive GreenFlash Sundown EK. The threat actors behind it have a …

    • Recipe for success: tech support scammers zero in via paid search 25 juin 2019
      Tech support scammers are known for engaging in a game of whack-a-mole with defenders. Case in point, last month there were reports that crooks had invaded Microsoft Azure Cloud Services to host fake warning pages, also known as browser lockers. In this blog, we take a look at one of the top campaigns that is responsible for driving traffic to those Azure-hosted scareware pages. We discovered that …

    • A week in security (June 17 – 23) 24 juin 2019
      Last week on the Malwarebytes Labs blog, we took a look at the growing pains of smart cities, took a deep dive into AI, jammed along to Radiohead, and looked at the lessons learned from Chernobyl in relation to critical infrastructure. We also explored a new Steam phish attack, and pulled apart a Mac cryptominer. Other cybersecurity news Florida City falls to ransomware: Riviera Beach City Council …

    • Mobile stalkerware: a long history of detection 24 juin 2019
      Recently, we have received an alarming question from many Malwarebytes users, asking, “Do you detect stalkerware?” The answer is an overwhelming, “Absolutely, and for good reason!” Moreover, we have been doing so for a long time, and are expanding our efforts in the months to come. Going back more than five years, Malwarebytes researchers have detected applications and software that monitor other …

    • Fresh “video games” site welcomes new users with Steam phish 21 juin 2019
      Over the weekend, I received this unsolicited message from an acquaintance on Steam: 1 free game for new users!Take the game you want https://t.co/{redacted} Fortunately, other friends on Steam were quick to publicly warn others about potentially hacked accounts spamming dubious messages to anyone (if not all) in their network. I was reading these warnings hours before receiving a sample of the sp …

ESET

    • BlueKeep patching isn’t progressing fast enough 17 juillet 2019
      Keeping up with BlueKeep; or how many internet-facing systems, and in which countries and industries, remain ripe for exploitation? The post BlueKeep patching isn’t progressing fast enough appeared first on WeLiveSecurity …

    • How your Instagram account could have been hijacked 16 juillet 2019
      A researcher found that it was possible to subvert the platform’s password recovery mechanism and take control of user accounts The post How your Instagram account could have been hijacked appeared first on WeLiveSecurity …

    • Week in security with Tony Anscombe 12 juillet 2019
      ESET researchers describe the ins and outs of a zero-day exploit that has been used for a highly targeted attack and reveal the name of the threat actor that deployed it The post Week in security with Tony Anscombe appeared first on WeLiveSecurity …

    • Cybercrime seen to be getting worse: The time to act is now 12 juillet 2019
      What mounting public concern about falling victim to cybercrime says about government and corporate efforts at cybercrime deterrence The post Cybercrime seen to be getting worse: The time to act is now appeared first on WeLiveSecurity …

    • Week in security with Tony Anscombe 5 juillet 2019
      Chinese smart home solutions provider Orvibo has leaked two billion logs from devices managed via its cloud platform, exposing sensitive information about their users The post Week in security with Tony Anscombe appeared first on WeLiveSecurity …

    • NHS warned to act now to keep hackers at bay 3 juillet 2019
      A trifecta of issues impact the organization’s cyber-resilience and conspire to put it in the firing line of cyberattacks The post NHS warned to act now to keep hackers at bay appeared first on WeLiveSecurity …

    • Two billion user logs leaked by smart home vendor 2 juillet 2019
      The leak, which has since been plugged, exposed a range of highly specific and sensitive information about users The post Two billion user logs leaked by smart home vendor appeared first on WeLiveSecurity …

    • Ex‑Equifax executive sent to jail for insider trading after breach 1 juillet 2019
      “Sounds bad”, the former Equifax CIO wrote in a text after learning of the breach that ended up affecting almost half the US population The post Ex‑Equifax executive sent to jail for insider trading after breach appeared first on WeLiveSecurity …

    • Week in security with Tony Anscombe 28 juin 2019
      With partner abuse increasingly going digital, we took an in-depth look this week at what needs to be done to stop the scourge of stalkerware The post Week in security with Tony Anscombe appeared first on WeLiveSecurity …

    • Two US cities opt to pay $1m to ransomware operators 26 juin 2019
      A few days apart, two cities in Florida cave in to extortionists’ demands in hopes of restoring access to municipal computer systems The post Two US cities opt to pay $1m to ransomware operators appeared first on WeLiveSecurity …

    • Stopping stalkerware: What needs to change? 25 juin 2019
      What technology makers and others can – and should – do to counter the kind of surveillance that starts at home The post Stopping stalkerware: What needs to change? appeared first on WeLiveSecurity …

    • Hackers breach NASA, steal Mars mission data 24 juin 2019
      The infiltration was only spotted and stopped after the hackers roamed the network undetected for almost a year The post Hackers breach NASA, steal Mars mission data appeared first on WeLiveSecurity …

    • Week in security with Tony Anscombe 21 juin 2019
      ESET researchers throw light on an unusual cryptocurrency miner and on Android apps that can get around 2FA protections The post Week in security with Tony Anscombe appeared first on WeLiveSecurity …

    • LoudMiner: Cross‑platform mining in cracked VST software 20 juin 2019
      The story of a Linux miner bundled with pirated copies of VST (Virtual Studio Technology) software for Windows and macOS The post LoudMiner: Cross‑platform mining in cracked VST software appeared first on WeLiveSecurity …

ESET Support