HackDig : Dig high-quality web security articles for hackers

A week in security (January 18 – January 24)

Last week on Malwarebytes Labs, we looked at changes to WhatsApp’s privacy policy, we provided information about Malwarebytes being targeted by the same threat actor that was implicated in the SolarWinds breach, we told the story of ZeroLogon, looked at the pros and cons of Zoom watermarking, studied the vulnerabilities in dnsmasq called DNSpooq, asked if Ti
Publish At:2021-01-25 12:06 | Read:124 | Comments:0 | Tags:A week in security Malwarebytes news bec Brave chrome Cisco

Malwarebytes targeted by Nation State Actor implicated in SolarWinds breach. Evidence suggests abuse of privileged acces

A nation state attack leveraging software from SolarWinds has caused a ripple effect throughout the security industry, impacting multiple organizations. We first reported on the event in our December 14 blog and notified our business customers using SolarWinds asking them to take precautionary measures. While Malwarebytes does not use SolarWinds, we, like
Publish At:2021-01-19 15:42 | Read:116 | Comments:0 | Tags:Malwarebytes news privilege

VPN usage is increasing, says survey

I won’t reveal my mom’s exact age, but she’s in her late 60s. Other than her phone, my mom doesn’t own or use a computer—but she knows what Zoom is. Not since “Kleenex” has a brand become so pervasive that people use the brand name as a generic term for the product. For my mom, any kind of video call is now a “Zoom.” A FaceTime call, for example, is Zoom. I’
Publish At:2021-01-05 16:18 | Read:202 | Comments:0 | Tags:Malwarebytes news remote schooling remote working vpn

I played the free online games your kids are playing and here’s what happened

“Throat kill! Throat kill!” “I need a dad.” These are just some of the things I heard a six-year-old boy shout at his iPad while I was babysitting one evening. I was disturbed, yet compelled to learn more. Babysitting is always a puzzling experience for me. Why are their hands always sticky? Who eats a dry hamburger (literally just meat and bun)? Mo
Publish At:2020-12-23 12:24 | Read:218 | Comments:0 | Tags:Malwarebytes news Adopt Me! Among Us fortnite jailbreak onli

Malwarebytes detects leaked tools from FireEye breach

Hello folks! If you have not heard yet, the security firm FireEye has had a breach of many red team assessment tools used for identification of vulnerabilities to help protect customers. While it is not known exactly who was behind this attack, a big concern is the sharing and use of these stolen red team tools by both sophisticated and non-sophisticated
Publish At:2020-12-10 20:12 | Read:205 | Comments:0 | Tags:Malwarebytes news breach detection FireEye red team rules

The many ways you can be scammed on Facebook, part I

Scams can be found anywhere, and Facebook is no exception. And, with the holiday season just around the corner, and the world still weathering a pandemic, it pays to know what Facebook scams you, those close to you, and those you have professional relationships with could potentially encounter. We’ll look at those that pose a notable risk to either your b
Publish At:2020-12-02 21:06 | Read:196 | Comments:0 | Tags:Malwarebytes news concert ticket scam Facebook ad campaign f

Looks like we’re stuck with Zoom: Is it any safer?

Earlier this month, Zoom’s stock price took a dive on news of two promising COVID vaccines offering over 90 percent effectiveness against the virus (a third vaccine was just announced). That’s nice. Glad to know some people think this nightmare is ending soon and we’ll all go back to the office and the classroom. But our ability to walk into a clinic and
Publish At:2020-11-24 10:18 | Read:134 | Comments:0 | Tags:Malwarebytes news e2e encryption remote working zoom zoombom

IoT forecast: Running antivirus on your smart device?

In 2016, threat actors pulled off a basic but devastating botnet attack that harnessed the power of the Internet of Things (IoT). After gathering a list of 61 default username and password combinations for IoT devices, threat actors scanned the Internet for open Telnet ports and, when they found a vulnerable device, gained entry, eventually amassing an ar
Publish At:2020-11-19 17:12 | Read:322 | Comments:0 | Tags:Malwarebytes news antivirus DDos attack Internet of Things I

Chris Krebs, director of Cybersecurity and Infrastructure Security Agency, fired by President

On Tuesday evening, President Donald Trump fired Chris Krebs, director of the Cybersecurity and Infrastructure Security Agency (CISA), just days after CISA called the recent presidential election the “most secure in American history.” In a tweet posted the same day, the President justified his removal of Krebs: “The recent statement by Chris Kre
Publish At:2020-11-18 13:54 | Read:413 | Comments:0 | Tags:Malwarebytes news 2020 presidential election Attorney Genera

A week in security (October 26 – November 1)

We had a very busy week at Malwarebytes Labs. We offered advice on Google’s patch for an actively exploited zero-day bug that affects Chrome users, our podcast talked about finding consumer value in Cybersecurity Awareness Month with Jamie Court, we provided guidance about keeping ransomware cash away from your business, pointed out how scammers ar
Publish At:2020-11-02 15:41 | Read:399 | Comments:0 | Tags:Malwarebytes news covid-19 survey CVE-2020-14882 cybersecuri

California’s Prop 24 splits data privacy supporters

California’s data privacy house is divided. On the Golden State’s November ballot this year is the question as to whether to amend California’s barely-two-year-old data privacy law, the California Consumer Privacy Act. Far from the first attempt to change the fledgling law, Proposition 24 sets itself apart because its primary backer is the same man who us
Publish At:2020-10-30 13:35 | Read:316 | Comments:0 | Tags:Malwarebytes news "sensitive personal information" ACLU of N

HP printer issue on Mac: What happened?

Apple holds the keys to nearly all recent Mac software. This is a story of those keys, and how a Hewlett Packard (HP) error caused problems for a lot of people. Code signing and certificates First, it’s important to understand that when I say “keys,” what I really mean is “certificates.” These certificates are similar to t
Publish At:2020-10-29 14:11 | Read:517 | Comments:0 | Tags:Malwarebytes news Apple certificates macOS

New Emotet delivery method spotted during downward detection trend

Emotet, one of cybersecurity’s most-feared malware threats, got a superficial facelift this week, hiding itself within a fake Microsoft Office request that asks users to update Microsoft Word so that they can take advantage of new features. This revamped presentation could point to internal efforts by threat actors to increase Emotet’s hit rate—a possibil
Publish At:2020-10-28 18:41 | Read:407 | Comments:0 | Tags:Malwarebytes news botnet Edward Snowden emotet Microsoft Off

The value of cybersecurity integration for MSPs

For modern Managed Service Providers (MSPs), gone are the days of disparate workflows, and that’s really for the best. Imagine trying to run a successful MSP business today—finding potential customers, procuring new clients, developing purchase orders, managing endpoints, and sending invoices—all without the help of Remote Monitoring and Management (RMM)
Publish At:2020-10-22 14:29 | Read:398 | Comments:0 | Tags:Malwarebytes news cybersecurity cybersecurity integration ma

Silent Librarian APT right on schedule for 20/21 academic year

A threat actor known as Silent Librarian/TA407/COBALT DICKENS has been actively targeting universities via spear phishing campaigns since schools and universities went back. We were initially tipped off by one of our customers, and were able to identify a new active campaign from this APT group. Based off a number of intended victims, we can tell that Sil
Publish At:2020-10-14 11:29 | Read:406 | Comments:0 | Tags:Malwarebytes news APT cobalt dickens phish phishing silent l

Tools

Tag Cloud