Skimmer acts as payment service provider via rogue iframe

Even e-commerce sites that do not take payment information themselves can be abused by crooks. In this post, we show how a web skimmer is able to inject an artificial iframe into the checkout page to prompt users for their credit card information. Victims will only realize something’s not right when they are redirected to the real (and external) payment form.

Categories:

Tags:

(Read more…)

The post Skimmer acts as payment service provider via rogue iframe appeared first on Malwarebytes Labs.

A week in security (May 13 – 19)

A roundup of security news from May 13–19, including ransomware attacks on the upswing, website hacking, pseudo-VPNs, bloatware, and more.

Categories:

Tags:

(Read more…)

The post A week in security (May 13 – 19) appeared first on Malwarebytes Labs.

Hackers snab emails and more in Microsoft Outlook, Hotmail, and MSN compromise

Hackers made use of a compromised Microsoft support agent’s credentials to sneak a peek at its users’ Hotmail, MSN, and Outlook emails. How bad is it, and what has Microsoft done to correct it?

Categories:

Tags:

(Read more…)

The post Hackers snab emails and more in Microsoft Outlook, Hotmail, and MSN compromise appeared first on Malwarebytes Labs.

A week in security (March 25 – 31)

A roundup of news stories from March 25 – 31, including phishing, hacking, Government studies, mobile dangers on official stores and more.

Categories:

Tags:

(Read more…)

The post A week in security (March 25 – 31) appeared first on Malwarebytes Labs.

Are hackers gonna hack anymore? Not if we keep reusing passwords

A look at the not-so-hacking hacker techniques attackers are using to compromise user accounts via weak passwords and gain access to enterprise networks.

Categories:

Tags:

(Read more…)

The post Are hackers gonna hack anymore? Not if we keep reusing passwords appeared first on Malwarebytes Labs.

Spectre, Google, and the Universal Read Gadget

A recently released paper by Google has resurrected the spirit of Spectre, a seemingly never-ending threat to most makes of processor. We take a look at what this means, and what the Universal Read Gadget means for most technology users.

Categories:

Tags:

(Read more…)

The post Spectre, Google, and the Universal Read Gadget appeared first on Malwarebytes Labs.

Collection 1 data breach: what you need to know

In what’s being dubbed one of the largest data dumps in history, Collection 1 contains the data of over 770 million people. But is it really as bad as it sounds? We take a closer look and let users know what to do if their info is caught up in the mix.

Categories:

Tags:

(Read more…)

The post Collection 1 data breach: what you need to know appeared first on Malwarebytes Labs.

The Advanced Persistent Threat files: APT10

While security companies are getting good at analyzing the tactics of nation-state threat actors, they still struggle with placing these actions in context and making solid risk assessments. So in this series, we’re going to take a look at a few APT groups, and see how they fit into the larger threat landscape—starting with APT10.

Categories:

Tags:

(Read more…)

The post The Advanced Persistent Threat files: APT10 appeared first on Malwarebytes Labs.