Here we have great news for all iPhone Jailbreak lovers and concerning one for the rest of iPhone users.
A Chinese cybersecurity researcher has today revealed technical details of critical vulnerabilities in Apple Safari web browser and iOS that could…
On Jan. 22, FireEye participated in a panel focused on
cryptocurrencies and blockchain technology during the World Economic
Forum. The panel addressed issues raised in a report
developed by FireEye, together with our partner Marsh & McLennan
…
Beware! If you have downloaded PHP PEAR package manager from its official website in past 6 months, we are sorry to say that your server might have been compromised.
Last week, the maintainers at PEAR took down the official website of the PEAR (pear-p…
 |
|
| The 2019 State of Malware report is here. Learn what Malwarebytes Labs researchers discovered about the top global threats for businesses and consumers in 2018, and predictions for 2019.
Categories: Tags: 2019 State of Malware reportAIbyoscryptominersemotetinformation stealersIoTlabs reportransomwarestate of malware reporttrickbotTrojans |
The post 2019 State of Malware report: Trojans and cryptominers dominate threat landscape appeared first on Malwarebytes Labs.
The U.S. Department of Homeland Security (DHS) has today issued an “emergency directive” to all federal agencies ordering IT staff to audit DNS records for their respective website domains, or other agency-managed domains, within next 10 business days….
 |
|
| Whoever invented browser push notifications must have been able to guess they would be abused for advertising. This post explains what they are and how to disable them.
Categories: Tags: Androidapiappsbrowser alertchromeChrome ExtensionEdgeEdge browserfirefoxmacnotificationsoperaopera browserpushsafariSafari browserwebwindows |
The post Browser push notifications: a feature asking to be abused appeared first on Malwarebytes Labs.
Just in time…
Some cybersecurity experts this week arguing over Twitter in favor of not using HTTPS and suggesting software developers to only rely on signature-based package verification, just because APT on Linux also does the same.
Ironically, a s…
The French data protection watchdog CNIL has issued its first fine of €50 million (around $57 million) under the European Union’s new General Data Protection Regulation (GDPR) law that came into force in May last year.
The fine has been levied on Goog…
 |
|
| A roundup of last week’s security news from January 14 to 20, including APT10, Fallout EK, Colllection 1 data, Youtube challenges, hosting malicious sites and a Fortnite security flaw.
Categories: Tags: APT10ArsTechnicaBleepingComputerCoinDeskcollection 1cryptopiacve-2019-0543DASFallout EKfortnitegarminGarmin watchhostingHTTPSoregonpowershellPowerShell Team BlogSC Mediashutdowntelegramthreadxyoutube |
The post A week in security (January 14 – 20) appeared first on Malwarebytes Labs.
 |
|
| While many tech-savvy folks are familiar with two-factor authentication (2FA), more are unaware that there are several ways around it. A tactic called Modlishka, the English pronunciation for the Polish word for “mantis,” is the latest in this list.
Categories: Tags: 2fa2FA modlishkaAmnesty InternationalCERTFAdefeat 2FAmantismodlishkapassword managerPGPSocial Engineeringthe return of charming kittentotptwo-factor authentication |
The post Has two-factor authentication been defeated? A spotlight on 2FA’s latest challenge appeared first on Malwarebytes Labs.
Since most security tools also keep an eye on the network traffic to detect malicious IP addresses, attackers are increasingly adopting infrastructure of legitimate services in their attacks to hide their malicious activities.
Cybersecurity researcher…
A Russian hacker indicted by a United States court for his involvement in online ad fraud schemes that defrauded multiple American companies out of tens of millions of dollars pleaded not guilty on Friday in a courtroom in Brooklyn, New York.
Aleksand…
 |
|
| In what’s being dubbed one of the largest data dumps in history, Collection 1 contains the data of over 770 million people. But is it really as bad as it sounds? We take a closer look and let users know what to do if their info is caught up in the mix.
Categories: Tags: breachesBrian Krebscollection 1data breachdata dumpextortionhackhackinghaveibeenpwnedMEGApasswordsPPITroy Huntuser awareness |
The post Collection 1 data breach: what you need to know appeared first on Malwarebytes Labs.
 |
|
| Is money all hosting providers care about when it comes to allowing malicious sites on their servers? Or is there more at play? We embark on an investigation to discover their motives.
Categories: Tags: hostingmalicious sitesmalwaretakedownsweb security |
The post Hosting malicious sites on legitimate servers: How do threat actors get away with it? appeared first on Malwarebytes Labs.
Even after so many efforts by Google for preventing its Play Store from malware, shady apps somehow managed to fool its anti-malware protections and get into its service to infect Android users with malware.
Two such Android apps have recently been sp…
Twitter just admitted that the social network accidentally revealed some Android users’ protected tweets to the public for more than 4 years — a kind of privacy blunder that you’d typically expect from Facebook.
When you sign up for Twitter, all your …
