Virus / Malware

Retour à Sécurité

Malwarebytes

    • DEF CON 27 retrospective: badge life redux 20 août 2019
      Kickstarter or DEF CON attendee? Be forewarned, this light overview contains some mild spoilers. If you want the purest “Da Bomb” experience with no web-based OSINT hints, read no further. I’m not revealing any earth-shattering secrets here, but figured it was worth mentioning. Also DEF CON is over so… Defcon is what you make it Two years ago at DEF CON 25, I acquired the Ides of DEF CON third-par …

    • Magecart criminals caught stealing with their poker face on 20 août 2019
      Earlier in June, we documented how Magecart credit card skimmers were found on Amazon S3. This was an interesting development, since threat actors weren’t actively targeting specific e-commerce shops, but rather were indiscriminately injecting any exposed S3 bucket. Ever since then, we’ve monitored other places where we believe a skimmer might be found next. However, we were somewhat i …

    • A week in security (August 12 – 18) 19 août 2019
      Last week on Malwarebytes Labs, we took a look at the potential pitfalls of facial recognition technology, looked at ways domestic abuse survivors can secure their data, and explored the education threat landscape. We also kicked off a series looking at the Hidden Bee infection chain, and put QxSearch installs under the spotlight. Other cybersecurity news Android malware plays hide and seek: warni …

    • How much personalization is too much? 19 août 2019
      This story originally ran in The Parallax on January 25, 2019, and was written by Dan Tynan. In 2012, when Target used data analytics to identify customers who were expecting a baby, then mailed them coupons for maternity clothing and nursery furniture, it inadvertently revealed a teenage girl’s pregnancy to her parents. Back then, the revelation caused an uproar. Today, that kind of artifici …

    • QxSearch hijacker fakes failed installs 16 août 2019
      Recently, one of the more dominant search hijacker families on our radar has started to display some curious behavior. The family in question is delivered by various Chrome extensions and classified as PUP.Optional.QxSearch because of its description in listings of installed extensions, which tells us that “QxSearch configures your default search settings.” This branch of the search hijacker famil …

    • The Hidden Bee infection chain, part 1: the stegano pack 15 août 2019
      About a year ago, we described the Hidden Bee miner delivered by the Underminer Exploit Kit. Hidden Bee has a complex and multi-layered internal structure that is unusual among cybercrime toolkits, making it an interesting phenomenon on the threat landscape. That’s why we’re dedicating a series of posts to exploring particular elements and updates made during one year of its evolution. …

    • Trojans, ransomware dominate 2018–2019 education threat landscape 14 août 2019
      Heading into the new school year, we know educational institutions have a lot to worry about. Teacher assignments. Syllabus development. Gathering supplies. Readying classrooms. But one issue should be worrying school administrators and boards of education more than most: securing their networks against cybercrime. In the 2018–2019 school year, education was the top target for Trojanmalware, the n …

    • Data and device security for domestic abuse survivors 13 août 2019
      For more than a month, Malwarebytes has worked with advocacy groups, law enforcement, and cybersecurity researchers to deliver helpful information in fighting stalkerware—the disturbing cyber threat that enables domestic abusers to spy on their partners’ digital and physical lives. While we’ve ramped up our detections, written a safety guide for those who might have stalkerware on their devices, a …

    • A week in security (August 5 – 11) 12 août 2019
      Last week on Malwarebytes Labs, we explained how brain-machine interface (BMI) technology could usher in a world of Internet of Thoughts, why having backdoors is problematic, and how we can improve the security of our smart homes. To cap off Hacker Summer Camp week, the Labs team released a special ransomware edition of its quarterly cybercrime tactics and techniques report, which you can download …

    • Facial recognition technology: force for good or privacy threat? 12 août 2019
      All across the world, governments and corporations are looking to invest in or develop facial recognition technology. From law enforcement to marketing campaigns, facial recognition is poised to make a splashy entrance into the mainstream. Biometrics are big business, and third party contracts generate significant profits for all. However, those profits often come at the expense of users. There’s …

    • Backdoors are a security vulnerability 9 août 2019
      Last month, US Attorney General William Barr resurrected a government appeal to technology companies: Provide law enforcement with an infallible, “secure” method to access, unscramble, and read encrypted data stored on devices and sent across secure messaging services. Barr asked, in more accurate, yet unspoken terms, for technology companies to develop encryption backdoors to their own services a …

    • Labs quarterly report finds ransomware’s gone rampant against businesses 8 août 2019
      Ransomware’s back—so much so that we created an entire report on it. For 10 quarters, we’ve covered cybercrime tactics and techniques, covering a wide range of threats we saw lodged against consumers and businesses through our product telemetry, honeypots, and threat intelligence. We’ve looked at dangerous Trojans such as Emotet and TrickBot, the explosion and subsequent downfall …

    • 8 ways to improve security on smart home devices 7 août 2019
      Every so often, a news story breaks that hackers have made their way into a smart home device and stolen personal data. Or that vulnerabilities in smart tech have been discovered that allow their producers (or other cybercriminals) to spy on customers. We’ve seen it play out over and over with smart home assistants and other Internet of Things (IoT) devices, yet sales numbers for these items …

    • A week in security (July 29 – August 4) 5 août 2019
      Last week on Malwarebytes Labs we discussed the security and privacy changes in Android Q, how to get your Equifax money and stay safe doing it, and we looked at the strategy of getting a board of directors to invest in government cybersecurity. We also reviewed how a Capital One breach exposed over 100 million credit card applications, analyzed the exploit kit activity in the summer of 2019, and …

    • How brain-machine interface (BMI) technology could create an Internet of Thoughts 5 août 2019
      She plugged the extension for car transportation in the brain-machine interface connectors at the right side of her head, and off she went. The traffic was relatively slow, so there was no need to stop working. She answered a few more emails, then unplugged her work extension. Weekend mode could now be initiated. How about we play a game? her AI BrainPal companion, Phoenix, suggested. Or would you …

    • Say hello to Lord Exploit Kit 2 août 2019
      Just as we had wrapped up our summer review of exploit kits, a new player entered the scene. Lord EK, as it is calling itself, was caught by Virus Bulletin‘s Adrian Luca while replaying malvertising chains. In this blog post, we do a quick review of this exploit kit based on what we have collected so far. Malwarebytes users were already protected against this attack. Exploit kit or not? Late …

    • Capital One breach exposes over 100 million credit card applications 2 août 2019
      Just as we were wrapping up the aftermath of the Equifax breach—how was that already two years ago?—we are confronted with yet another breach of about the same order of magnitude. Capital One was affected by a data breach in March. The hacker gained access to information related to credit card applications from 2005 to early 2019 for consumers and small businesses. According to the bank the breach …

    • Everything you need to know about ATM attacks and fraud: part 2 2 août 2019
      This is the second and final installment of our two-part series on automated teller machine (ATM) attacks and fraud. In part 1, we identified the reasons why ATMs are vulnerable—from inherent weaknesses of its frame to its software—and delved deep into two of the four kinds of attacks against them: terminal tampering and physical attacks. Terminal tampering has many types, but it involves either p …

    • Making the case: How to get the board to invest in government cybersecurity 1 août 2019
      Security leaders are no longer simply expected to design and implement a security strategy for their organization. As a key member of the business—and one that often sits in the C-suite—CISOs and security managers must demonstrate business acumen. In fact, Gartner estimates by 2020, 100 percent of large enterprise CISOs will be asked to report to their board of directors on cybersecurity and techn …

    • No summer break for Magecart as web skimming intensifies 1 août 2019
      This summer, you are more likely to find the cybercriminal groups Magecart client-side rather than poolside. Web skimming, which consists of stealing payment information directly from within the browser, is one of today’s top web threats. Magecart, the group behind many of these attacks, gained worldwide attention with the British Airways and TicketMaster breaches, costing the former £183 mi …

ESET

    • Ransomware wave hits 23 towns in Texas 20 août 2019
      The attack, which has victimized mostly smaller local governments, is thought to have been unleashed by a single threat actor The post Ransomware wave hits 23 towns in Texas appeared first on WeLiveSecurity …

    • Week in security with Tony Anscombe 16 août 2019
      This week, ESET researchers described an ongoing campaign that targets accountants in the Balkans and spreads both a backdoor and a remote access trojan The post Week in security with Tony Anscombe appeared first on WeLiveSecurity …

    • AI: Artificial Ignorance 16 août 2019
      Does true Artificial Intelligence even exist yet? Will it ever exist or will it end the world before we reach its full capacity? The post AI: Artificial Ignorance appeared first on WeLiveSecurity …

    • Microsoft warns of new BlueKeep‑like flaws 15 août 2019
      Unlike BlueKeep, however, these vulnerabilities affect more recent Windows versions, including Windows 10 The post Microsoft warns of new BlueKeep‑like flaws appeared first on WeLiveSecurity …

    • In the Balkans, businesses are under fire from a double‑barreled weapon 14 août 2019
      ESET researchers discovered a campaign that uses two malicious tools with similar capabilities to ensure both resilience and broader potential for the attackers The post In the Balkans, businesses are under fire from a double‑barreled weapon appeared first on WeLiveSecurity …

    • Hacking my airplane – BlackHat edition 13 août 2019
      After welcoming hacking research, automobile technology started to get better at defending against hacks. So why has the airline industry not been as welcoming? The post Hacking my airplane – BlackHat edition appeared first on WeLiveSecurity …

    • Week in security with Tony Anscombe 9 août 2019
      This week, ESET researchers described a cyberespionage campaign against government targets in Latin America and the ins and out of a spambot targeting French internet users The post Week in security with Tony Anscombe appeared first on WeLiveSecurity …

    • Facebook hits two app developers with lawsuit 8 août 2019
      The legal action, brought over alleged click injection fraud, is said to be among the first of its kind The post Facebook hits two app developers with lawsuit appeared first on WeLiveSecurity …

    • Varenyky: Spambot à la Française 8 août 2019
      ESET researchers document malware-distributing spam campaigns targeting people in France The post Varenyky: Spambot à la Française appeared first on WeLiveSecurity …

    • Sharpening the Machete 5 août 2019
      ESET research uncovers a cyberespionage operation targeting Venezuelan government institutions The post Sharpening the Machete appeared first on WeLiveSecurity …

    • Week in security with Tony Anscombe 2 août 2019
      This week, ESET researchers put the spotlight on two threats – new Android ransomware that spreads to victims’ contacts via SMS messages, and a banking trojan that targets Latin America The post Week in security with Tony Anscombe appeared first on WeLiveSecurity …

    • Smart TVs: Yet another way for attackers to break into your home? 2 août 2019
      A primer on why internet-enabled TVs make for attractive and potentially soft targets, and how cybercriminals can ruin more than your TV viewing experience The post Smart TVs: Yet another way for attackers to break into your home? appeared first on WeLiveSecurity …

    • Android ransomware is back 29 juillet 2019
      ESET researchers discover a new Android ransomware family that attempts to spread to victims’ contacts and deploys some unusual tricks The post Android ransomware is back appeared first on WeLiveSecurity …

    • Scam impersonates WhatsApp, offers ‘free internet’ 29 juillet 2019
      The fraudulent campaign is hosted by a domain that is home to yet more bogus offers pretending to come from other well-known brands The post Scam impersonates WhatsApp, offers ‘free internet’ appeared first on WeLiveSecurity …

    • Week in security with Tony Anscombe 26 juillet 2019
      A critical vulnerability that was thought to affect VLC media player was later downgraded to medium severity, and the player’s maker slammed the bug disclosure process The post Week in security with Tony Anscombe appeared first on WeLiveSecurity …

    • South African power company battles ransomware attack 26 juillet 2019
      The power utility appears to be well on track to a swift recovery following an attack that ultimately left some people without electricity The post South African power company battles ransomware attack appeared first on WeLiveSecurity …

    • Streaming service withstands 13‑day DDoS siege 25 juillet 2019
      The attack, unleashed by a 400,000-strong Mirai-style botnet, may be the largest of its kind on record The post Streaming service withstands 13‑day DDoS siege appeared first on WeLiveSecurity …

    • Data breaches can haunt firms for years 24 juillet 2019
      The compromised company may bear the financial brunt of the breach within the first year after the incident occurs, but the price tag is still far from final The post Data breaches can haunt firms for years appeared first on WeLiveSecurity …

ESET Support