Reading Time: ~ 4 min. Prior to the outbreak of the novel coronavirus, Webroot’s annual Threat Report highlighted a 640% increase in active phishing sites on the web. However difficult it may be to believe (or easy, depending on your outlook), things have gotten even worse since.   From fake anti-malware sites named for the virus (Really. See below.)

Last week on Malwarebytes Labs, we took an in-depth look at card skimmers targeting ASP sites, we released another episode of Lock and Code exploring the Internet of Things, and we dug into a Mac mystery. We also examined some pre-installed malware, and put out a threat spotlight on some customized ransomware. Other cybersecurity news Social media went

For the past two years, a threat group tracked as Evilnum has been observed targeting financial technology companies, mainly ones located in the European Union and the U.K., ESET reports.The adversary became known for the use of Evilnum malware, which was initially identified in 2018, but has expanded its toolset with malicious programs purchased from a malw

More than 15 billion username and password pairs have been offered on cybercrime marketplaces, including over 5 billion unique credentials, according to a report published on Wednesday by San Francisco-based risk protection solutions provider Digital Shadows.Over the past few years, Digital Shadows added to its breach repository more than 15 billion credenti

Over the past three years, one of the groups operating under the Magecart umbrella has targeted over 570 e-commerce websites and likely made more than $7 million, threat intelligence company Gemini Advisory reports.Referred to as Keeper, the group operates 64 attacker and 73 exfiltration domains and has hit targets in 55 countries since April 1, 2017. All do

Over the past year, a Russian cybercrime group has launched over 200 business email compromise (BEC) campaigns targeting multinational organizations.Referred to as Cosmic Lynx, the threat actor has targeted individuals in 46 countries on six continents, nearly all of whom were employees of Fortune 500 or Global 2000 companies.“Even employees in countries not

We’ve already looked at links under old YouTube videos or in Wikipedia articles which at some point turned bad and began pointing to partner program pages, phishing sites, or even malware. It was as if the attackers were purposely buying up domains, but such a scenario always seemed to us too complicated. Recently, while examining the behavior of one n

A harmless-looking currency converter application downloaded by more than 10,000 users from Google Play was designed to deliver the Cerberus banking Trojan.A Malware-as-a-Service (Maas), Cerberus is known for its mobile remote access Trojan (mRAT) capabilities, as well as functionality through which it logs keystrokes and steals credentials, information from

IBM X-Force Incident Response and Intelligence Services (IRIS) has been tracking cybercrime capitalizing on the coronavirus pandemic since January, and has observed the geographical areas of this activity shift over time. In February, cybercriminals were focusing on Asia, and we observed threat actors targeting potential victims in Japan with coronavirus-rel

Cybersecurity training is one of the best defenses against cyber attacks targeting organizations and individuals alike. Although security training is a tried-and-true defense against cyber attacks and data breaches, security training is not one-size-fits all. Every organization faces unique threats based on their industry, cybersecurity tools and secur

Phishing is easy. Let’s just get that out of the way. It’s easy for an attacker, and, if you have the right tools (such as InfoSec Institute’s PhishSim), it is easy for a cybersecurity professional who wants to test the company employees using simulated phishing campaigns. With an average of 90 messages being delivered to a business email address per d

Hackers linked to the North Korean government appear to be behind the Magecart attacks on fashion retailer Claire’s and other online stores, Netherlands-based e-commerce security company Sansec reported on Monday.Threat actors linked to North Korea have been known to launch — in addition to espionage and destructive campaigns — financially-motivated attacks,

Reading Time: ~ 4 min. After surveying more than 10,000 people in 50 states about their cybersecurity habits, we wound up with some pretty surprising results. Like the fact that tech experts demonstrate riskier behaviors than average Americans. But the most significant result of all was the fact that most Americans are more confident than they should be when

When we think about the most public cyber attacks and data breaches, we generally associate them with large enterprises. The truth is cyber attacks are not limited by company size. A significant cyber attack can happen to any company, in any industry and of any size. According to the 2019 Cost of a Data Breach report by the Ponemon Institute, “small business

Redwood, California-based anti-phishing firm Area 1 Security has raised $25 million in a Series D funding round led by ForgePoint Capital and supported by existing investors Kleiner Perkins, Icon Ventures and Top Tier Capital. Area 1 describes itself as pre-emptive solution, able to detect attack attempts up to 24 days before the attack.Area 1 Security claim