Malwarebytes
- Labs report: Malicious AI is coming—is the security world ready? 19 juin 2019
Imagine a world in which artificial intelligence has gone rogue—the robots have revolted against their masters and have now enslaved all of humanity. There’s no more natural beauty in the world and everything is awful. Get that out of your system? Good. The reality of malicious AI, at least in the near future, is far less dystopian. However, it is a reality, and it’ll be here sooner th … - Smart cities, difficult choices: privacy and security on the grid 18 juin 2019
All is not well in the land of smart city planning, as the latest major planned development from Google’s sister company Sidewalk Labs continues to run into problems in Toronto, Canada. A groundswell of support? Building a city “From the ground up” is apparently no longer a thing: at least some folk with a hand in digital urban design are saying it’s “From the Internet up” now. The plan was … - A week in security (June 10 – 16) 17 juin 2019
Last week on Malwarebytes Labs, we revealed to readers the mindset of security pros as to why they lack confidence in their ability to prevent their organizations getting breached. We also reported on Maine Governor Janet Mills implementing the state’s own privacy protections, how Apple can better protect its users’ privacy, the continuous trending of the MegaCortex ransomware, how cyberbullies an … - Trolls abuse Twitter Lists to collate their targets 14 juin 2019
I’ve been using Twitter for more than a decade. And one of its features that I find valuable is Lists. Turns out I’m not the only one. Lists allow Twitter users to group profiles or feeds based on certain criteria, such as sports, tech news, celebrities, fashion—you get the idea. Having Lists makes it a lot easier to find content or catch up on posts I’d otherwise miss without having to scro … - Adware and PUPs families add push notifications as an attack vector 13 juin 2019
Some existing families of potentially unwanted programs and adware have added browser push notifications to their weapons arsenal. Offering themselves up as browser extensions on Chrome and Firefox, these threats pose as useful plugins then haggle users with notifications. A family of search hijackers The first I would like to discuss is a large family of Chrome extensions that were already active … - Apple iOS 13 will better protect user privacy, but more could be done 12 juin 2019
Last week, Apple introduced several new privacy features to its latest mobile operating system, iOS 13. The Internet, predictably, expressed doubt, questioning Apple’s oversized influence, its exclusive pricing model that puts privacy out of reach for anyone who can’t drop hundreds of dollars on a mobile phone, and its continued, near-dictatorial control of the App store, which can, at a moment’s … - MegaCortex continues trend of targeted ransomware attacks 12 juin 2019
MegaCortex is a relatively new ransomware family that continues the 2019 trend of threat actors developing ransomware specifically for targeted attacks on enterprises. While GandCrab apparently shut its doors, several other bespoke, artisanal ransomware families have taken its place, including RobinHood, which shut down the city of Baltimore, Troldesh, and CrySIS/Dharma. Detected by Malwarebytes a … - Maine governor signs ISP privacy bill 11 juin 2019
Less than one week after Maine Governor Janet Mills received one of the nation’s most privacy-protective state bills on her desk, she signed it into law. The move makes Maine the latest US state to implement its own online privacy protections. The law, which will go into effect July 1, 2020, blocks Internet service providers (ISPs) from selling, sharing, or granting third parties access to their c … - Cybersecurity pros think the enemy is winning 11 juin 2019
There is a saying in security that the bad guys are always one step ahead of defense. Two new sets of research reveal that the constant cat-and-a-mouse game is wearing on security professionals, and many feel they are losing in the war against cybercriminals. The first figures are from the Information Systems Security Association (ISSA) and industry analyst firm Enterprise Strategy Group (ESG). Th … - A week in security (June 3 – 9) 10 juin 2019
Last week on Malwarebytes Labs, we rounded up some leaks and breaches, reported about Magecart skimmers found on Amazon CloudFront CDN, proudly announced we were awarded as Best Cybersecurity Vendor Blog at the annual EU Security Blogger Awards, discussed how Maine inches closer to shutting down ISP pay-for-privacy schemes, asked where our options to disable hyperlink auditing had gone, and presen … - Video game portrayals of hacking: NITE Team 4 7 juin 2019
Note: The developers of NITE Team 4 granted the blog author access to the game plus DLC content. A little while ago, an online acquaintance of mine asked if a new video game based on hacking called NITE Team 4 was in any way realistic, or “doable” in terms of the types of hacking it portrayed (accounting for the necessary divergences from how things would work outside of a scripted, plot-goes-here … - Hyperlink auditing: where has my option to disable it gone? 6 juin 2019
There is a relatively old method that might be gaining traction to follow users around on the world wide web. Most Internet users are aware of the fact that they are being tracked in several ways. (And awareness is a good start.) In a state of awareness, you can adjust your behavior accordingly, and if you feel it’s necessary, you can take countermeasures. Which is why we want to bring the practic … - Malwarebytes Labs wins best cybersecurity vendor blog at InfoSec’s European Security Blogger Awards 5 juin 2019
Infosec Europe is now well underway, and last night was the annual EU Security Blogger Awards, where InfoSecurity Magazine: …recognise[s] the best blogs in the industry as first nominated by peers and then judged by a panel of (mostly) respected industry experts. Malwarebytes Labs was announced as winner of the Best Cybersecurity Vendor Blog. We previously won best corporate security blog in … - Maine inches closer to shutting down ISP pay-for-privacy schemes 5 juin 2019
Maine residents are one step closer to being protected from the unapproved use, sharing, and sale of their data by Internet service providers (ISPs). A new state bill, already approved by the state House of Representatives and Senate, awaits the governor’s signature. If signed, the bill would provide some of the strongest data privacy protections in the United States, putting a latch on emails, on … - Magecart skimmers found on Amazon CloudFront CDN 4 juin 2019
Update (06-08-2019): The compromises of Amazon S3 buckets continue and some large sites are being affected. Our crawler spotted a malicious injection that loads a skimmer for the Washington Wizards page on the official NBA.com website. The skimmer was inserted in this JavaScript library: hxxps://s3[.]amazonaws[.]com/wsaimages/js/wizards[.]js Interestingly, this same library had already been altere … - A week in security (May 27 – June 2) 3 juin 2019
Last week on Malwarebytes Labs, we took readers through a deep dive—way down the rabbit hole—into the novel malware called “Hidden Bee.” We also looked at the potential impact of a government agency’s privacy framework, and delivered to readers everything they needed to know about ATM attacks and fraud. Lastly, amidst continuing news about the City of Baltimore suffering a ransomware attack, we to … - Leaks and breaches: a roundup 3 juin 2019
It’s time for one of our semi-regular breach/data exposure roundup blogs, as the last few days have brought us a few monsters. If you use any of the below sites, or if you think some of your data has been sitting around exposed, we’ll hopefully give you a better idea of what the issue is. Seeing so many services be compromised or simply exposed for all to see without being secured is rather fatigu … - Hidden Bee: Let’s go down the rabbit hole 31 mai 2019
Some time ago, we discussed the interesting malware, Hidden Bee. It is a Chinese miner, composed of userland components, as well as of a bootkit part. One of its unique features is a custom format used for some of the high-level elements (this format was featured in my recent presentation at SAS). Recently, we stumbled upon a new sample of Hidden Bee. As it turns out, its authors decided to redesi … - Ransomware isn’t just a big city problem 31 mai 2019
This month, one ransomware story has been making a lot of waves: the attack on Baltimore city networks. This attack has been receiving more press than normal, which could be due to the actions taken (or not taken) by the city government, as well as rumors about the ransomware infection mechanism. Regardless, the Baltimore story inspired us to investigate other cities in the United States, identify … - NIST’s privacy framework lets privacy tell its own story 29 mai 2019
Online privacy remains unsolved. Congress prods at it, some companies fumble with it (while a small handful excel), and the public demands it. But one government agency is trying to bring everyone together to fix it. As the Senate sits on no fewer than four data privacy bills that their own members wrote—with no plans to vote on any—and as the world’s largest social media company braces for an ant …
ESET
- You’d better change your birthday – hackers may know your PIN 19 juin 2019
Are you in the 26% of people who use one of these PIN codes to unlock their phones? The post You’d better change your birthday – hackers may know your PIN appeared first on WeLiveSecurity … - Instagram tests new ways to recover hacked accounts 18 juin 2019
Locked out and out of luck? The photo-sharing platform is trialing new methods to reunite you with your lost account The post Instagram tests new ways to recover hacked accounts appeared first on WeLiveSecurity … - Malware sidesteps Google permissions policy with new 2FA bypass technique 17 juin 2019
ESET analysis uncovers a novel technique bypassing SMS-based two-factor authentication while circumventing Google’s recent SMS permissions restrictions The post Malware sidesteps Google permissions policy with new 2FA bypass technique appeared first on WeLiveSecurity … - Week in security with Tony Anscombe 14 juin 2019
What are the main security concerns associated with smart buildings and why are they in the crosshairs of cybercriminals? The post Week in security with Tony Anscombe appeared first on WeLiveSecurity … - GDPR one year on: Most Europeans know at least some of their rights 14 juin 2019
On the other hand, a surprisingly high number of Europeans haven’t even heard of the landmark legislation The post GDPR one year on: Most Europeans know at least some of their rights appeared first on WeLiveSecurity … - Spain’s top soccer league fined over its app’s ‘tactics’ 12 juin 2019
La Liga has taken substantial flak for tapping into microphones and geolocation services in fans‘ phones in a bid to root out piracy The post Spain’s top soccer league fined over its app’s ‘tactics’ appeared first on WeLiveSecurity … - Why cybercriminals are eyeing smart buildings 12 juin 2019
A recent talk by ESET’s Global Security Evangelist Tony Anscombe looks at the key security challenges facing intelligent buildings The post Why cybercriminals are eyeing smart buildings appeared first on WeLiveSecurity … - Cyberattack exposes travelers’ photos, says US border agency 11 juin 2019
The images, collected over one and a half months, were taken as the travelers crossed an unspecified border point The post Cyberattack exposes travelers’ photos, says US border agency appeared first on WeLiveSecurity … - Week in security with Tony Anscombe 7 juin 2019
ESET research shows how Wajam has evolved into an adware operation that keeps coming up with new tricks in order to evade detection The post Week in security with Tony Anscombe appeared first on WeLiveSecurity … - Critical bug found in popular mail server software 7 juin 2019
If exploited, the security hole in Exim could allow attackers to run arbitrary commands on vulnerable mail servers The post Critical bug found in popular mail server software appeared first on WeLiveSecurity … - NSA joins chorus urging Windows users to patch ‘BlueKeep’ 6 juin 2019
The alert comes on the heels of Microsoft’s second advisory calling on people to take action before it’s too late The post NSA joins chorus urging Windows users to patch ‘BlueKeep’ appeared first on WeLiveSecurity … - Wajam: From start-up to massively-spread adware 5 juin 2019
How a Montreal-made « social search engine » application has managed to become widely-spread adware, while escaping consequences The post Wajam: From start-up to massively-spread adware appeared first on WeLiveSecurity … - Hackers steal 19 years’ worth of data from a top Australian university 4 juin 2019
It is the second major breach that the Australian National University suffered in 2018 The post Hackers steal 19 years’ worth of data from a top Australian university appeared first on WeLiveSecurity … - Over 2.3 billion files exposed online 31 mai 2019
Millions of files that are sitting out in the open across various file storage technologies are actually encrypted by ransomware The post Over 2.3 billion files exposed online appeared first on WeLiveSecurity … - Week in security with Tony Anscombe 31 mai 2019
ESET researchers show how Turla has refreshed its malicious toolkit and how, in an effort to evade detection, the group uses PowerShell to inject malware directly into memory The post Week in security with Tony Anscombe appeared first on WeLiveSecurity … - The aftermath of a data breach: A personal story 30 mai 2019
Criminals used my account to launder credit card transactions into cash, at least where the company transacted with was willing to refund The post The aftermath of a data breach: A personal story appeared first on WeLiveSecurity … - A dive into Turla PowerShell usage 29 mai 2019
ESET researchers analyze new TTPs attributed to the Turla group that leverage PowerShell to run malware in-memory only The post A dive into Turla PowerShell usage appeared first on WeLiveSecurity … - Equifax stripped of ‘stable’ outlook over 2017 breach 28 mai 2019
Add that to the US$1.4 billion that the massive security incident two years ago has cost the company so far The post Equifax stripped of ‘stable’ outlook over 2017 breach appeared first on WeLiveSecurity … - Week in security with Tony Anscombe 24 mai 2019
ESET researchers zero in on commands executed by Zebrocy, a piece of malware from the extensive toolkit of the Sednit APT group The post Week in security with Tony Anscombe appeared first on WeLiveSecurity … - Fake cryptocurrency apps crop up on Google Play as bitcoin price rises 23 mai 2019
ESET researchers have analyzed fake cryptocurrency wallets emerging on Google Play at the time of bitcoin’s renewed growth The post Fake cryptocurrency apps crop up on Google Play as bitcoin price rises appeared first on WeLiveSecurity …
ESET Support
- Boot issues on full disk encrypted Windows 10 after upgrade to build 1903 11 juin 2019
On June 11th, 2019, ESET identified a problem with ESET Endpoint Encryption when upgrading a full disk encrypted Windows 10 system to the 1903 build. Installing the update can cause the system to crash when booting.
- ESET Dynamic Threat Defense is adding a new data center in the United States 21 mai 2019
Release Date: May 17, 2019 ESET Dynamic Threat Defense is adding a new data center in the United States.
- ESET Mail Security for Microsoft Exchange Server version 7.0.10026.0 hotfix has been released 7 mai 2019
Release Date: May 2, 2019 ESET Mail Security for Microsoft Exchange Server version 7.0.10026.0 hotfix has been released and is available to download. Changelog, Known Issues
- ESET NOD32 Antivirus Business Edition for Linux Desktop version 4.0.93.0 has been released 2 mai 2019
Release Date: May 2, 2019 ESET NOD32 Antivirus Business Edition for Linux Desktop version 4.0.93.0 has been released and is available to download. Changelog
- ESET NOD32 Antivirus for Linux Desktop version 4.0.93.0 has been released 2 mai 2019
Release Date: May 2, 2019 ESET NOD32 for Linux Desktop version 4.0.93.0 has been released and is available to download. Changelog
- ESET File/Mail/Gateway Security for Linux/FreeBSD version 4.5.15.0 have been released 2 mai 2019
Release Date: May 2, 2019 ESET File/Mail/Gateway Security for Linux/FreeBSD version 4.5.15.0 have been released and are available to download. Changelog
- ESET Endpoint Security and ESET Endpoint Antivirus for macOS version 6.7.876.0 have been released 2 mai 2019
Release Date: May 2, 2019 ESET Endpoint Security and ESET Endpoint Antivirus for macOS version 6.7.876.0 have been released and are available for download. Changelog, Upgrade, Support Resources
- ESET Cyber Security Pro and ESET Cyber Security hotfix version 6.7.876.0 have been released 2 mai 2019
Release Date: May 2, 2019 ESET Cyber Security Pro and ESET Cyber Security hotfix version 6.7.876.0 have been released and are available to download. Changelog, Upgrade
- ESET Secure Authentication version 2.8.22.0 has been released 25 avril 2019
Release Date: April 25, 2019 ESET Secure Authentication version 2.8.22.0 hotfix has been released and is available to download. Changelog, Support Resources
- ESET Endpoint Security and ESET Endpoint Antivirus version 7.1.2045.5 have been released 12 avril 2019
Release Date: April 11, 2019 ESET Endpoint Antivirus and ESET Endpoint Security version 7.1.2045.5 have been released and are available for download.
- ESET Windows home products version 12.1.34.0 have been released 12 avril 2019
Release Date: April 11, 2019 ESET NOD32 Antivirus, ESET Internet Security and ESET Smart Security Premium version 12.1.34.0 have been released and are available to download.
- ESET Secure Authentication version 2.8.20.0 has been released 28 mars 2019
Release Date: March 28, 2019 ESET Secure Authentication service release version 2.8.20.0 has been released and is available to download. Changelog, Support Resources
- ESET Enterprise Inspector version 1.2.894.0 has been released 26 mars 2019
Release Date: March 26, 2019 ESET Enterprise Inspector version 1.2.894.0 has been released. Changelog, Known Issues, Support Resources
- ESET Mail Security for IBM Domino version 7.0.14013.0 has been released 19 mars 2019
Release Date: March 19, 2019 ESET Mail Security for IBM Domino version 7.0.14013.0 has been released and is available to download.
- ESET Windows home products version 12.1.31.0 have been released 7 mars 2019
Release Date: March 7, 2019 ESET NOD32 Antivirus, ESET Internet Security and ESET Smart Security Premium version 12.1.31.0 have been released and are available to download.
- ESET Endpoint Encryption Client version 5 and Server version 3 have been released 28 février 2019
Release Date: February 28, 2019 ESET Endpoint Encryption Client version 5 and Server version 3 have been released and are available to download.
- ESET Security Management Center 7 All-in-one installer version 7.0.72.2 has been released 21 février 2019
Release Date: February 21, 2019 ESET Security Management Center 7 All-in-one installer version 7.0.72.2 for Windows has been released.
- ESET Cyber Security Pro and ESET Cyber Security hotfix version 6.7.555.0 have been released 14 février 2019
Release Date: February 14, 2019 ESET Cyber Security Pro and ESET Cyber Security hotfix version 6.7.555.0 have been released and are available to download.
- ESET Enterprise Inspector version 1.2.892.0 has been released 7 février 2019
Release Date: February 7, 2019 ESET Enterprise Inspector version 1.2.892.0 has been released.
- ESET Endpoint Security and ESET Endpoint Antivirus for macOS version 6.7.654.0 have been released 7 février 2019
Release Date: February 7, 2019 ESET Endpoint Security and ESET Endpoint Antivirus for macOS version 6.7.654.0 have been released and are available for download.