Exploit kits: summer 2018 review
Just like the beach, the EK landscape got a little crowded this summer. Find out what we discovered in our exploit kits summer review. Categories: Exploits Threat analysis Tags: drive-by downloadsdrive-bysEKEKsexploit kitsgrandsoftGreenFlash SundownKaiXinMagnitudeRIGUnderminer (Read more...) The post Exploit kits: summer 2018 review appeared first on Malwarebytes Labs ... Read More
Obfuscated Coinhive shortlink reveals larger mining operation
A web miner injected into compromised sites is just the tip of the iceberg for an infrastructure hosting malicious Windows and Linux coin miners. Categories: Cryptomining Threat analysis Tags: cnhvcoinhiveminingmoneroshortlinks (Read more...) The post Obfuscated Coinhive shortlink reveals larger mining operation appeared first on Malwarebytes Labs ... Read More
New macro-less technique to distribute malware
The latest macro-less technique to distribute malware via Office documents does not involve exploits. Just a little bit of social engineering. Categories: Threat analysis Tags: deeplinkmacro-lessmalwareOfficesettingcontent-ms (Read more...) The post New macro-less technique to distribute malware appeared first on Malwarebytes Labs ... Read More
Exploit kits: Spring 2018 review
In this Spring 2018 snapshot, we review the top exploit kits observed in the wild. Categories: Cybercrime Exploits Tags: EKEKsexploit kitsgrandsoftGreenFlash SundownMagnitudeRIG (Read more...) The post Exploit kits: Spring 2018 review appeared first on Malwarebytes Labs ... Read More
Two major Canadian banks hacked and blackmailed
The information of close to 90,000 customers from Simplii Financial and Bank of Montreal has reportedly been stolen by a group of hackers. Categories: Cybercrime Hacking Tags: BMOhackransomSimplii (Read more...) The post Two major Canadian banks hacked and blackmailed appeared first on Malwarebytes Labs ... Read More
A look into the Drupalgeddon client-side attacks
Back-to-back Drupal zero-day vulnerabilities are being monetized with malicious web cryptominers. Categories: Cryptomining Threat analysis Tags: CMScontent management systemsdrupaldrupalgeddonmalicious cryptomining (Read more...) The post A look into the Drupalgeddon client-side attacks appeared first on Malwarebytes Labs ... Read More
Adobe Reader zero-day discovered alongside Windows vulnerability
A new Adobe Reader zero-day exploit has been discovered, including a full sandbox escape. Categories: Exploits Threat analysis Tags: 0dayadobeAdobe ReaderCVE-2018-4990CVE-2018-8120zero day (Read more...) The post Adobe Reader zero-day discovered alongside Windows vulnerability appeared first on Malwarebytes Labs ... Read More
Internet Explorer zero-day: browser is once again under attack
Internet Explorer is yet again leveraged for a zero-day exploit delivered via Office document—the first zero-day observed for IE in over two years. Categories: Exploits Threat analysis Tags: 0dayCVE-2018-8174zero day (Read more...) The post Internet Explorer zero-day: browser is once again under attack appeared first on Malwarebytes Labs ... Read More
Shoppers Stop tech scam draws from thousands of forced ad injections
The same group behind the Shoppers Stop tech scam campaign is at it again, injecting malicious ad code into thousands of sites and redirecting to a templated warning page. Categories: Social engineering Threat analysis Tags: malvertisingtech support scamsTSSWP-VCD (Read more...) The post Shoppers Stop tech scam draws from thousands of ... Read More
Magnitude exploit kit switches to GandCrab ransomware
After being faithful to its own Magniber ransomware for several months, Magnitude EK joins others to adopt GandCrab. Categories: Exploits Threat analysis Tags: EKexploit kitgandcrabMagnituderansomware (Read more...) The post Magnitude exploit kit switches to GandCrab ransomware appeared first on Malwarebytes Labs ... Read More