Virus / Malware

Retour à Sécurité

Malwarebytes

    • What role does data destruction play in cybersecurity? 20 septembre 2019
      When organization leaders think about cybersecurity, it’s usually about which tools and practices they need to add to their stack—email protection, firewalls, network and endpoint security, employee awareness training, AI and machine-learning technology—you get the idea. What’s not often considered is which items should be taken away. Nearly as important to an organization’s secu …

    • Browser Guard combats privacy abuse, tracking, clickbait, and scammers 19 septembre 2019
      In July 2018, we introduced the Malwarebytes Browser Extension, a beta plugin for Firefox and Chrome aimed at delivering a safer, faster, and more private browsing experience. Our extension blocked tech support scams, hijackers, pop-up ads, trackers, and more to keep users secure and free from online harassment. And thanks to our loyal Malwarebytes community, we’ve been able to test and impr …

    • CEOs offer their own view of a US data privacy law 19 septembre 2019
      Last week, the chief executives of more than 50 mid- and large-sized companies urged Congress to pass a national data privacy law to regulate how companies collect, use, and share Americans’ data. Buried deep within the chief executives’ recommendations for such a law, presented as a policy framework for guidance, was a convenient proposal: Private individuals should not be allowed to sue companie …

    • International students in UK targeted by visa scammers 18 septembre 2019
      A new visa scam has come to light targeting international students from China studying in the UK. At least, it’s being presented as new. In truth, it comes around every so often and has been on the radar for a few years. The scam works by presenting a threat to students’ immigration status and uses various techniques to extract sizable payments from the victims. In the worst cases, it also embroil …

    • Emotet is back: botnet springs back to life with new spam campaign 16 septembre 2019
      After a fairly long hiatus that lasted nearly four months, Emotet is back with an active spam distribution campaign. For a few weeks, there were signs that the botnet was setting its gears in motion again, as we observed command and control (C2) server activity. But this morning, the Trojan started pumping out spam, a clear indication it’s ready to jump back into action. The malicious emails …

    • A week in security (September 9 – 15) 16 septembre 2019
      Last week  on the Labs blog, we looked at free VPN offerings, how malware can hinder vital emergency services, and explored how the Heartbleed vulnerability is still causing problems. We also talked about a large FTC settlement involving Google, and how to keep an eye out for leaky AWS buckets. Other cybersecurity news The Cobalt Dickens group has returned to cause trouble. (Source: SecureWorks) T …

    • Hacking with AWS: incorporating leaky buckets into your OSINT workflow 13 septembre 2019
      Penetration testing is often conducted by security researchers to help organizations identify holes in their security and fix them, before cybercriminals have the chance. While there’s no malicious intent for the researcher, part of his job is to think and act like a cybercriminal would when hacking, or attempting to breach, an enterprise network. Therefore, in this article, I will review Am …

    • YouTube ordered to cough up $170M settlement over COPPA infraction 12 septembre 2019
      Last week, the Federal Trade Commission (FTC) announced that it has required Google and YouTube to pay a settlement fee totaling $170 million after its video-sharing platform was found violating the Children’s Online Privacy Protection Act (COPPA). The complaint was filed by the FTC and the New York Attorney General, with the former set to receive the penalty amounting to $136 million and the latt …

    • Five years later, Heartbleed vulnerability still unpatched 12 septembre 2019
      The Heartbleed vulnerability was introduced into the OpenSSL crypto library in 2012. It was discovered and fixed in 2014, yet today—five years later—there are still unpatched systems.  This article will provide IT teams with the necessary information to decide whether or not to apply the Heartbleed vulnerability fix. However, we caution: The latter could leave your users’ data exposed to futu …

    • Vital infrastructure: emergency services 11 septembre 2019
      Organizations in the emergency services sector are there for the public to provide help when situations get out of hand or are too much to handle. This can be because the problem requires special tools and skills to use them, and the organizations are set up to provide assistance at short notice. We are all familiar with the three main types of organizations that fall in this category: Police depa …

    • 300 shades of gray: a look into free mobile VPN apps 10 septembre 2019
      The times, they are a changin’. When users once felt free to browse the Internet anonymously, post about their innermost lives on social media, and download apps with frivolity, folks are playing things a little closer to the vest these days. Nowadays, users are paying more attention to privacy and how their personal information is transmitted, processed, stored, and shared. Nearly every day …

    • A week in security (September 2 – 8) 9 septembre 2019
      Last week on Malwarebytes Labs, we looked at a smart social engineering toolkit, delved into TrickBot tampering with trusted texts, and explained five ways to help keep remote workers safe. Other cybersecurity news A new Chinese Deepfake app is under fire for privacy concerns related to the use of uploaded images. (Source: CNN)Bucking the current trend for city councils and organizations paying th …

    • When corporate communications look like a phish 9 septembre 2019
      Many organizations will spend significant sums of money on phishing training for employees. Taking the form of regular awareness training, or even simulated phishes to test employee awareness, this is a common practice at larger companies. However, even after training, a consistent baseline of employees will still click a malicious link from an unknown sender. Today, we’ll look at a potentia …

    • 5 simple steps to securing your remote employees 4 septembre 2019
      As remote working has become standard practice, employees are working from anywhere and using any device they can to get the job done. That means repeated connections to unsecured public Wi-Fi networks—at a coffee shop or juice bar, for example—and higher risks for data leaks from lost, misplaced, or stolen devices. Think about it. Let’s say your remote employee uses his personal smart phone to ac …

    • A week in security (August 26 – September 1) 3 septembre 2019
      Last week on Malwarebytes Labs, we analysed the Android xHelper trojan, we wondered why the Nextdoor app would send out letters on behalf of their customers, reported about a study that explores the clickjacking problem across top Alexa-ranked websites, wondered how to get the board to invest in higher education cybersecurity, and shared our view on the discovery of unprecedented new iPhone malwar …

    • TrickBot adds new trick to its arsenal: tampering with trusted texts 3 septembre 2019
      Researchers from Dell Secureworks saw a new feature in TrickBot that allows it to tamper with the web sessions of users who have certain mobile carriers. According to a blog post that they published early last week, TrickBot can do this by “intercepting network traffic before it is rendered by a victim’s browser.” If you may recall, TrickBot, a well-known banking Trojan we detect as Tr …

    • New social engineering toolkit draws inspiration from previous web campaigns 3 septembre 2019
      Some of the most common web threats we track have a social engineering component. Perhaps the more popular ones are those encountered via malvertising, or hacked websites that push fraudulent updates. We recently identified a website compromise with a scheme we had not seen before; it’s part of a campaign using a social engineering toolkit that has drawn over 100,000 visits in the past few w …

    • Unprecedented new iPhone malware discovered 30 août 2019
      A post by Ian Beer of Google Project Zero released late yesterday evening sent the security community reeling. According to Beer, a small set of websites had been hacked in February and were being used to attack iPhones, infecting them with malware. These sites, which see thousands of visitors per week, were used to distribute iOS malware over a two-year period. History of iOS infections Historica …

    • Making the case: How to get the board to invest in higher education cybersecurity 28 août 2019
      Security leaders in institutions of higher education face unique challenges, as they are charged with keeping data and the network secure, while also allowing for a culture of openness, sharing, and communication—all cornerstones of the academic community. And depending on the college or university, concerns such as tight budgets and staffing shortages can also make running a successful security p …

    • Study explores clickjacking problem across top Alexa-ranked websites 27 août 2019
      Clickjacking has been around for a long time, working hand-in-hand with the unwitting person doing the clicking to send them to parts unknown—often at the expense of site owners. Scammers achieve this by hiding the page object the victim thinks they’re clicking on under a layer (or layers) of obfuscation. Invisible page elements like buttons, translucent boxes, invisible frames, and more are some …

ESET

    • Week in security with Tony Anscombe 20 septembre 2019
      A nationwide data leak is believed to affect almost all citizens of Ecuador, putting them at risk of identity theft The post Week in security with Tony Anscombe appeared first on WeLiveSecurity …

    • Universities warned to brace for cyberattacks 19 septembre 2019
      The UK’s cybersecurity agency also outlines precautions that academia should take to mitigate risks The post Universities warned to brace for cyberattacks appeared first on WeLiveSecurity …

    • Nearly all of Ecuador’s citizens caught up in data leak 17 septembre 2019
      The humongous collection of extensive personal details about millions of people could be a gold mine for scam artists The post Nearly all of Ecuador’s citizens caught up in data leak appeared first on WeLiveSecurity …

    • Week in security with Tony Anscombe 13 septembre 2019
      ESET researchers found an undocumented backdoor used by the infamous Stealth Falcon group, an operator of targeted spyware attacks against journalists, activists and dissidents in the Middle East. With the launch of the Safer Kids online initiative, a guide to help parents protect their kids when they take selfie. The discovery of a serious vulnerability The post Week in security with Tony Anscomb …

    • A vulnerability in Instagram exposes personal information of users 12 septembre 2019
      The bug, which has already been fixed by Facebook, allowed access to private user information that could be abused by malicious actors. The post A vulnerability in Instagram exposes personal information of users appeared first on WeLiveSecurity …

    • Selfies for kids – A guide for parents 11 septembre 2019
      Are you – and especially your children – aware of the risks that may come with sharing selfies? The post Selfies for kids – A guide for parents appeared first on WeLiveSecurity …

    • ESET discovered an undocumented backdoor used by the infamous Stealth Falcon group 9 septembre 2019
      ESET researchers discovered a backdoor linked to malware used by the Stealth Falcon group, an operator of targeted spyware attacks against journalists, activists and dissidents in the Middle East The post ESET discovered an undocumented backdoor used by the infamous Stealth Falcon group appeared first on WeLiveSecurity …

    • Week in security with Tony Anscombe 6 septembre 2019
      This week, we present an introduction to the MITRE ATT&CK framework, the review of the mobile threats and vulnerabilities detected for mobile during the first half of 2019, and Firefox 69 new features. The post Week in security with Tony Anscombe appeared first on WeLiveSecurity …

    • Semi‑annual balance of mobile security 2019 5 septembre 2019
      Malware detections for iOS increased, as did the number of vulnerabilities detected in this operating system, while in the case of Android, the number of reported vulnerabilities decreased, although the number of highly critical bugs reported increased. The post Semi‑annual balance of mobile security 2019 appeared first on WeLiveSecurity …

    • What is MITRE ATT&CK and how is it useful? 3 septembre 2019
      An introduction to the MITRE ATT&CK framework and how it can help organize and classify various types of threats and adversarial behaviors. The post What is MITRE ATT&CK and how is it useful? appeared first on WeLiveSecurity …

    • Week in security with Tony Anscombe 23 août 2019
      ESET research uncovers the first known instances of spyware that is based on the AhMyth Remote Access Tool and has snuck into Google Play The post Week in security with Tony Anscombe appeared first on WeLiveSecurity …

    • Cyberbullying: What schools and teachers can do 23 août 2019
      How schools and educators can address and help prevent abusive behavior on the internet The post Cyberbullying: What schools and teachers can do appeared first on WeLiveSecurity …

    • First‑of‑its‑kind spyware sneaks into Google Play 22 août 2019
      ESET analysis breaks down the first known spyware that is built on the AhMyth open-source espionage tool and has appeared on Google Play – twice The post First‑of‑its‑kind spyware sneaks into Google Play appeared first on WeLiveSecurity …

    • Education and privacy legislation at ChannelCon 21 août 2019
      As education is becoming an increasingly vital tool in companies’ security toolboxes, the question arises: How can they effectively implement security awareness training? The post Education and privacy legislation at ChannelCon appeared first on WeLiveSecurity …

    • Ransomware wave hits 23 towns in Texas 20 août 2019
      The attack, which has victimized mostly smaller local governments, is thought to have been unleashed by a single threat actor The post Ransomware wave hits 23 towns in Texas appeared first on WeLiveSecurity …

    • Week in security with Tony Anscombe 16 août 2019
      This week, ESET researchers described an ongoing campaign that targets accountants in the Balkans and spreads both a backdoor and a remote access trojan The post Week in security with Tony Anscombe appeared first on WeLiveSecurity …

    • AI: Artificial Ignorance 16 août 2019
      Does true Artificial Intelligence even exist yet? Will it ever exist or will it end the world before we reach its full capacity? The post AI: Artificial Ignorance appeared first on WeLiveSecurity …

    • Microsoft warns of new BlueKeep‑like flaws 15 août 2019
      Unlike BlueKeep, however, these vulnerabilities affect more recent Windows versions, including Windows 10 The post Microsoft warns of new BlueKeep‑like flaws appeared first on WeLiveSecurity …

ESET Support