Malwarebytes
Latest
SolarWinds hackers also targeted security specialist Malwarebytes
American security company Malwarebytes has revealed that it was targeted by the same “nation state actor implicated in SolarWinds breach.” The firm says it doesn’t use SolarWinds’ IT software, which served as the hackers’ entryway into the systems of all the companies and federal agencies they breached, and that it was infiltrated using another intrusion vector. In particular, the bad actors got in through a dormant email protection product within its Office 365 tenant.
Hackers are hiding virtual credit card skimmers in image file metadata
Sites using WooCommerce are being targeted by hackers as a way to steal credit card information.
Multiple antivirus apps are vulnerable to common security flaws
At least 28 well-known antivirus apps could be exploited by shared security flaws, and a few are still vulnerable now.
Eero's expanded router subscriptions focus on security (updated)
Amazon-owned Eero is introducing two new subscription plans in the US to complement its popular mesh WiFi routers. The first, Eero Secure, replaces the company's previous Eero Plus add-on. It features added parental controls and promises to protect you while browsing with a warning when you're about to navigate to a website that is known for phishing or installing malware. Eero Secure costs $2.99 per month or $29.99 annually.
Local governments are still woefully unprepared to fight ransomware
Our state and local governments found themselves under siege in 2019 from William Plunketts for the internet age. But rather than pistols and roadblocks, this new generation of bandits come armed with encryption algorithms and demands for bitcoin. Can today's American cities and counties, long hamstrung by both a lack of interest and funding for cybersecurity efforts ever hope to withstand these digital muggings? Just ask Lake City, Florida.
The best antivirus is not traditional antivirus
By Kevin Purdy This post was done in partnership with Wirecutter. When readers choose to buy Wirecutter's independently chosen editorial picks, Wirecutter and Engadget may earn affiliate commission. Read the full blog here. We set out to do a standard Wirecutter guide to the best antivirus app, so we spent months researching products, reading reports from independent testing labs and institutions, and consulting experts on safe computing. And after all that, we learned that most people should neither pay for a traditional antivirus suite, such as McAfee, Norton, or Kaspersky, nor use free programs like Avira, Avast, or AVG. The "best antivirus" for most people to buy, it turns out, is not a traditional antivirus package. Information security experts told us that the built-in Windows Defender is good-enough antivirus for most Windows PC owners, and that both Mac and Windows users should consider using Malwarebytes Premium, an anti-malware program that augments both operating systems' built-in protections. These options provide reliable protection without slowing your computer significantly, installing unwanted add-ons, or harassing you about upgrades. Malwarebytes is not an all-in-one option for protecting your system against exploits, malware, and other bad stuff. But information security experts repeatedly recommended it as a useful anti-malware layer, one of multiple layers of security you need for your devices, coupled with good habits. Relying on any one app to protect your system, data, and privacy is a bad bet, especially when almost every security app—including Malwarebytes and Windows Defender—has proven vulnerable on occasion. You should have good virus and malware protection, yes, but you also need secure passwords, two-factor logins, data encryption, and smart privacy tools added to your browser. Check out our guide to setting up those layers here.
Cryptocurrency mining site hijacked millions of Android phones
Smartphone users are just as vulnerable to cryptocurrency mining hijacks as their PC counterparts, and sometimes on a dramatic scale. Malwarebytes has detailed a "drive-by" mining campaign that redirected millions of Android users to a website that hijacked their phone processors for mining Monero. While the exact trigger wasn't clear, researchers believed that infected apps with malicious ads would steer people toward the pages. And it wasn't subtle -- the site would claim that you were showing "suspicious" web activity and tell you that it was mining until you entered a captcha code to make it stop.
Ransomware attacks hit small businesses the hardest
If it seems like reports of ransomware attacks -- malicious software that holds data hostage unless a ransom is paid to the person or organization behind it -- are increasing, Malwarebytes agrees with you. The company released its Second Annual State of Ransomware Report recently. Among the findings is that 22 percent of small business that were hit with ransomware attacks were crippled to the point they had to cease operations immediately.
Google engineer finds holes in three 'secure' browsers
It appears no anti-virus or security software is safe from Google Project Zero researcher Tavis Ormandy. After recently exposing holes in products from Trend Micro and AVG, the bug hunter has recently gone public with three issues found in software offered by security firms Avast, Comodo and Malwarebytes that allow attackers to access unsuspecting users' PCs.
PSA: Fake EA Sports Instagram account phishing for Xbox, Origin logins
It's World Cup season; reigning champions Spain lost in spectacular fashion and FIFA soccer fans may be interested in rectifying that loss to Chile in FIFA 14's Ultimate Team World Cup mode. Unfortunately, Instagram accounts posing as official EA Sports channels are popping up during this period of piqued interest, posting tempting offers for free in-game currency in order to obtain players' Xbox Live and Origin account details.
