Rocket Loader skimmer impersonates CloudFlare library in clever scheme

URLs can be deceiving, but the one used to mimic CloudFlare’s Rocket Loader in the latest Magecart attack takes it to a whole new level.

Read more

Domen toolkit gets back to work with new malvertising campaign

We describe the latest malvertising campaign that uses Domen, an advanced social engineering toolkit.

Read more

Magecart Group 4: A link with Cobalt Group?

Malwarebytes threat intel partnered with security firm HYAS to connect the dots between Magecart Group 4 and the advanced threat group Cobalt.

Read more

Magecart criminals caught stealing with their poker face on

This blog post details the curious case of a web skimmer encountered in a poker application.

Read more

A week in security (June 24 – 30)

A roundup of cybersecurity news from June 24–30, including top malicious web campaigns, updates on the GreenFlash Sundown exploit, a Malwarebytes initiative to double down on stalkerware detection and awareness, and more.

Read more

Google logins: JavaScript now required

Google now requires users to enable JavaScript before logging in for extra security measures. But wait, hasn’t JavaScript been used in cyberattacks? We take a look at the impact of Google’s decision.

Read more

Mass WordPress compromises redirect to tech support scams

Thousands of WordPress sites have been injected with the same malicious redirection. We review the infection details and the malicious traffic leading to browser lockers.

Read more

Explained: regular expression (regex)

What is regular expression (regex) and what makes it vulnerable to attack? Learn how to use regex safely and avoid ReDoS attacks in the process.

Read more

USPS-themed malspam now delivering 1-2-3 knock-out

We’ve detected an uptick in USPS-themed malspam walloping users with a 1-2-3 knock-out of nasty malware designed to infiltrate your system and steal all your most valuable information. This malware-laced email is actively being distributed with various Subject and Body messages containing references to missing and/or late USPS parcels.

Read more

Fake pharma sites are getting even more obnoxious

Recently, we have noticed that pharma sites seem to have discovered the use of JavaScript to change the “Stay or Leave” messages that you see, when you try to close or leave their sites.

Read more

Select your language