Virus / Malware

Retour à Sécurité

Malwarebytes

    • Skimmer acts as payment service provider via rogue iframe 21 mai 2019
      Criminals continue to target online stores to steal payment details from unaware customers at a rapid pace. There are many different ways to go about it, from hacking the shopping site itself, to compromising its supply-chain. A number of online merchants externalize the payment process to a payment service provider (PSP) for various reasons, including peace of mind that transactions will be handl …

    • A week in security (May 13 – 19) 20 mai 2019
      Last week, Malwarebytes Labs reviewed active and unique exploit kits targeting consumers and businesses alike, reported about a flaw in WhatsApp used to target a human rights lawyer, and wrote about an important Microsoft patch that aimed to prevent a “WannaCry level” attack. We also profiled the Dharma ransomware—aka CrySIS—and imparted four lessons from the DDoS attack against the US …

    • 4 Lessons to be learned from the DOE’s DDoS attack 17 mai 2019
      Analysts, researchers, industry professionals, and pundits alike have all posited the dangers of the next-generation “smart grid,” particularly when it comes to cybersecurity. They warn that without the right measures in place, unscrupulous parties could essentially wreak havoc on the bulk of society by causing severe outages or worse. It is a real possibility, but up until now, it’s been somethin …

    • Microsoft pushes patch to prevent ‘WannaCry’ level vulnerability 15 mai 2019
      This month marks the two-year anniversary since the infamous WannaCry attack. As an anniversary present to the world, Microsoft has pushed out patches to secure a newly-identified Remote Desktop Protocol (RDP) vulnerability found in certain Windows operating systems. The potential damage of the newly-discovered RDP vulnerability matches the same dangers we experienced with the WannaCry ransomware, …

    • Threat spotlight: CrySIS, aka Dharma ransomware, causing a crisis for businesses 15 mai 2019
      CrySIS, aka Dharma, is a family of ransomware that has been evolving since 2006. We have noticed that this ransomware has become increasingly active lately, increasing by a margin of 148 percent from February until April 2019. The uptick in detections may be due to CrySIS’ effective use of multiple attack vectors. Profile of the CrySIS ransomware CrySIS/Dharma, which Malwarebytes detects as …

    • WhatsApp fix goes live after targeted attack on human rights lawyer 14 mai 2019
      If you use WhatsApp, you’ll want to update both app and device as soon as possible due to a freshly-discovered exploit. The vulnerability was found in Google Android, Apple iOS, and Microsoft Windows Phone builds of the app. Unlike many mobile attacks, potential victims aren’t required to install or click on anything—they may not even be aware something malicious has taken place. This attack came …

    • Exploit kits: spring 2019 review 14 mai 2019
      Exploit kit activity remains fairly unchanged since our last winter review in terms of active distribution campaigns. But this spring edition will feature a new exploit kit and another atypical EK, in that it specifically goes after routers. The main driver behind these drive-by download attacks are various malvertising chains with strong geolocation filtering. This explains why some exploit kits …

    • A week in security (May 6 – 12) 13 mai 2019
      Last week on Labs, we discussed what to do when you discover a data breach, how 5G could impact cybersecurity strategy, the top six takeaways for user privacy, vulnerabilities in financial mobile apps that put consumers and businesses at risk, and in our series about vital infrastructure, we highlighted threats that target financial institutions, fintech, and cryptocurrencies. Other cybersecurity …

    • Vital infrastructure: Threats target financial institutions, fintech, and cryptocurrencies 10 mai 2019
      With news of a malware attack on accounting firm Wolters Kluwer causing a “quiet panic” in the accounting world this week, our assertion that financial institutions—from banks to brokers—are part of the vital infrastructure of society has been solidified. According to its website, Wolters Kluwer provides software and services to all of the top 100 accounting firms in the United States, …

    • How 5G could impact cybersecurity strategy 9 mai 2019
      With the recent news that South Korea has rolled out the world’s first 5G network, it’s clear that we’re on the precipice of the wireless technology’s widespread launch. Offering speeds anywhere from 20 to 100 times faster than 4G long-term evolution (LTE), the next generation of wireless networks will also support higher capacities of wireless devices. That’s a huge deal considering the rise of I …

    • Vulnerabilities in financial mobile apps put consumers and businesses at risk 8 mai 2019
      Security hubris. It’s the phrase we use to refer to our feeling of confidence grounded on assumptions we all have (but may not be aware of or care to admit) about cybersecurity—and, at times, privacy. It rears its ugly head when (1) we share the common notion that programmers know how to code securely; (2) we cherry-pick perceived-as-easier security and privacy practices over difficult and cumbers …

    • The top six takeaways for user privacy 8 mai 2019
      Last week, Malwarebytes Labs began closing out our data privacy and cybersecurity law blog series, a two-month long exploration spanning five continents, 50 states, just as many data breach notification laws, three non-universal definitions of personal information and personal data, five pending US data protection laws, and one hypothetical startup’s efforts to just make sense of it all. We publis …

    • What to do when you discover a data breach? 7 mai 2019
      Your cell phone goes off in the middle of your well-deserved sleep and you try to find it before your partner wakes up as well. “What could be wrong? Why would they page me in the middle of the night?” More asleep than awake, you stumble down the stairs and call the number on the screen, which you already recognize as the one in use by the chief of the night shift. When you ask why you were called …

    • A week in security (April 29 – May 5) 6 mai 2019
      Last week on Labs we discussed the possible exit scam of dark net market Wall Street Market, how the Electrum DDoS botnet reaches 152,000 infected hosts, we looked at the sophisticated threats plague ailing healthcare industry, a mysterious database that exposed personal information of 80 million US households, how Mozilla urges Apple to make privacy a team sport, the state of cryptojacking in the …

    • The top six takeaways for corporate data privacy compliance 3 mai 2019
      For nearly two months, Malwarebytes Labs has led readers on a journey through data privacy laws around the world, exploring the nuances between “personal information” and “personal data,” as well as between data breach notification laws in Florida, Utah, California, and Iowa. We explored the risks of jumping into the global data privacy game, comparing the European Union’s laws with the laws in Ch …

    • Cryptojacking in the post-Coinhive era 2 mai 2019
      September 2017 is widely recognized as the month in which the phenomenon that became cryptojacking began. The idea that website owners could monetize their traffic by having visitors mine for cryptocurrencies in their browser was not new, but this time around it became mainstream, thanks to an entity known as Coinhive. The mining service became a household name overnight, and quickly drew ire for …

    • Mozilla urges Apple to make privacy a team sport 1 mai 2019
      We often say cybersecurity is a team sport, but, pending a public advocacy campaign from one major tech developer to another, the same might be true for online privacy. Mozilla is currently getting people around the world to lend their voices toward Apple, asking that the company place some extra barriers between iPhone users and online advertisers. Though cybersecurity researchers disagree about …

    • Mysterious database exposed personal information of 80 million US households 1 mai 2019
      Word has broken of yet another massive data trove exposed for anyone to see. A research team from vpnMentor discovered an exposed 24GB database hosted on a Microsoft cloud server containing the addresses, income levels, and marital statuses of users within 80 million US households. As we’ve seen recently, many organisations aren’t taking steps to secure their customer data and every so often one m …

    • Sophisticated threats plague ailing healthcare industry 30 avril 2019
      The healthcare industry is no longer circling the drain, but it’s still in critical condition. While many organizations in healthcare have aimed at or made positive strides toward a more robust cybersecurity and privacy posture, they still have a long way to go. In 2018, healthcare had the highest number of breaches recorded compared to other industries. This is according to BakerHostetler’s …

    • Electrum DDoS botnet reaches 152,000 infected hosts 29 avril 2019
      By Jérôme Segura, Adam Thomas, and S!Ri We have been closely monitoring the situation involving the continued attacks against users of the popular Electrum Bitcoin wallet. Initially, victims were being tricked to download a fraudulent update that stole their cryptocurrencies. Later on, the threat actors launched a series of Distributed Denial of Service (DDoS) attacks in response to Electrum devel …

ESET

    • What the ban on facial recognition tech will – and will not – do 20 mai 2019
      As San Francisco moves to regulate the use of facial recognition systems, we reflect on some of the many ‘faces’ of the fast-growing technology The post What the ban on facial recognition tech will – and will not – do appeared first on WeLiveSecurity …

    • Week in security with Tony Anscombe 17 mai 2019
      ESET researchers detail how ASUS’s cloud service has been abused to distribute the Plead malware; in other news, ESET’s telemetry shows that the use of the EternalBlue exploit is reaching new highs The post Week in security with Tony Anscombe appeared first on WeLiveSecurity …

    • Survey: What should companies do to restore trust post-breach? 16 mai 2019
      The ESET survey of thousands of people in Asia-Pacific (APAC) provides valuable insight into their perceptions of cyber-threats and various common aspects of online security The post Survey: What should companies do to restore trust post-breach? appeared first on WeLiveSecurity …

    • Ice Hockey World Championship: The risks of free live streaming 15 mai 2019
      You think you’re watching the games for free, but are you sure that’s the case? Let’s review some of the risks that may come with free live streaming websites The post Ice Hockey World Championship: The risks of free live streaming appeared first on WeLiveSecurity …

    • Plead malware distributed via MitM attacks at router level, misusing ASUS WebStorage 14 mai 2019
      ESET researchers have discovered that the attackers have been distributing the Plead malware via compromised routers and man-in-the-middle attacks against the legitimate ASUS WebStorage software The post Plead malware distributed via MitM attacks at router level, misusing ASUS WebStorage appeared first on WeLiveSecurity …

    • Verizon’s data breach report: What the numbers say 13 mai 2019
      What are some of the most interesting takeaways from Verizon’s latest annual security report? The post Verizon’s data breach report: What the numbers say appeared first on WeLiveSecurity …

    • Week in security with Tony Anscombe 10 mai 2019
      ESET researchers detail the modus operandi of LightNeuron, a Microsoft Exchange backdoor that leverages a previously unseen persistence mechanism The post Week in security with Tony Anscombe appeared first on WeLiveSecurity …

    • Types of backup and five backup mistakes to avoid 10 mai 2019
      What are the main types of backup operations and how can you avoid the sinking feeling that comes with the realization that you may not get your data back? The post Types of backup and five backup mistakes to avoid appeared first on WeLiveSecurity …

    • Turla LightNeuron: An email too far 7 mai 2019
      ESET research uncovers Microsoft Exchange malware remotely controlled via steganographic PDF and JPG email attachments The post Turla LightNeuron: An email too far appeared first on WeLiveSecurity …

    • Week in security with Tony Anscombe 3 mai 2019
      ESET researchers document how cybercriminals abused the advertising network of Russia’s leading search engine for malicious campaigns targeting accountants The post Week in security with Tony Anscombe appeared first on WeLiveSecurity …

    • World Password Day: A day to review your defenses 2 mai 2019
      So, do you think you’ve been ‘pwned’? That’s the question to ask yourself today The post World Password Day: A day to review your defenses appeared first on WeLiveSecurity …

    • Week in security with Tony Anscombe 26 avril 2019
      An analysis finds that ‘123456’ is by far the most-commonly re-occurring password on breached accounts The post Week in security with Tony Anscombe appeared first on WeLiveSecurity …

    • BEC fraud losses almost doubled last year 25 avril 2019
      On the good news front, the FBI notes the success of its newly-established team in recovering some of the funds lost in BEC scams The post BEC fraud losses almost doubled last year appeared first on WeLiveSecurity …

ESET Support