XSS to TSS: tech support scam campaign abuses cross-site scripting vulnerability

Malwarebytes Labs-- Tech support browser lockers continue to be one of the most common web threats. Not only are they a problem for end users who might end up on the phone with scammers defrauding them of hundreds of dollars, they’ve also caused quite the headache for browser vendors to fix. Browser lockers are only … Continue reading XSS to TSS: tech support scam campaign abuses cross-site scripting vulnerability

Brute force attacks increase due to more open RDP ports

Malwarebytes Labs-- While leaving your back door open while you are working from home may be something you do without giving it a second thought, having unnecessary ports open on your computer is a security risk that is sometimes underestimated. That’s because an open port can be subject to brute force attacks. What are brute … Continue reading Brute force attacks increase due to more open RDP ports

A week in security (September 12 – September 18)

Malwarebytes Labs-- Last week on Malwarebytes Labs, we looked at journalism’s role in cybersecurity on our Lock and Code podcast, gave tips for safer shopping on Amazon Prime day, and discussed an APT attack springing into life as Academia returned to the real and virtual campus environment. We also dug into potential FIFA 21 scams, … Continue reading A week in security (September 12 – September 18)

Deepfakes and the 2020 United States election: missing in action?

Malwarebytes Labs-- If you believe reports in the news, impending deepfake disaster is headed our way in time for the 2020 United States election. Political intrigue, dubious clips, mischief and mayhem were all promised. We’ll need to be careful around clips of the President issuing statements about being at war, or politicians making defamatory statements. … Continue reading Deepfakes and the 2020 United States election: missing in action?

How Covid fatigue puts your physical and digital health in jeopardy

Malwarebytes Labs-- After six months of social distancing, sheltering in place, working from home, distance learning, mask-wearing, hand-washing, and plenty of hand-wringing, people are pretty damn tired of COVID-19. And with no magic bullet (yet) and no end in sight, annoyance has turned into exasperation and even desperation. Doctors and mental health professionals call this … Continue reading How Covid fatigue puts your physical and digital health in jeopardy

FIFA 21 game scams: watch out for unsporting conduct

Malwarebytes Labs-- Despite COVID-19, soccer season is slowly ebbing its way back into daily life around the world. It’s also sneaking back onto TV screens in the form of huge-budget video games. Step up to the plate, FIFA 21. FIFA games: the football juggernaut The FIFA series is an absolute monster in terms of sales, … Continue reading FIFA 21 game scams: watch out for unsporting conduct

Silent Librarian APT right on schedule for 20/21 academic year

Malwarebytes Labs-- A threat actor known as Silent Librarian/TA407/COBALT DICKENS has been actively targeting universities via spear phishing campaigns since schools and universities went back. We were initially tipped off by one of our customers, and were able to identify a new active campaign from this APT group. Based off a number of intended victims, … Continue reading Silent Librarian APT right on schedule for 20/21 academic year

Amazon Prime Day—8 tips for safer shopping

Malwarebytes Labs-- Avid Amazon Prime Day shoppers may have been worried they’d missed it this year—thanks coronavirus. Fear not, last month Amazon announced Prime Day will take place three months after its original annual date, beginning today. And this year, it’ll take place over two days, rather than one. This could mark the beginning of … Continue reading Amazon Prime Day—8 tips for safer shopping

Lock and Code S1Ep17: Journalism’s role in cybersecurity with Alfred Ng and Seth Rosenblatt

Malwarebytes Labs-- Most everything about cybersecurity—the threats, the vulnerabilities, the breaches and the blunders—doesn’t happen in a vacuum. And the public doesn’t learn about those things because threat actors advertise their exploits, or because companies trumpet their lackluster data security practices. No, we often learn about cybersecurity issues because of reporting. And as the years … Continue reading Lock and Code S1Ep17: Journalism’s role in cybersecurity with Alfred Ng and Seth Rosenblatt