Categories

Posts by Jérôme Segura

I'm Senior Security Researcher at Malwarebytes where I investigate and uncover various threats and scams. In my spare time, I enjoy tasting some good wines and cheeses. Follow me @jeromesegura.

Localized malvertising affects some OpenDNS users

Popular DNS resolution service OpenDNS was targeted for a malvertising attack affecting a certain percentage of its user base.

Tech support scammers target smartphone and tablet users

Fake tech support scammers are now targeting smartphone and tablet users using traditional cold calling and online advertising.

Hard times on The Moscow Times

A reported malware alert for The Moscow Times turned out to be just that after the newspaper told readers to bypass the “fake warning”.

A Tumblr of trouble

Tumblr is a hot spot for malware infections, spam and other security issues. But this one disguises itself as a legitimate JavaScript.

Updated browser-based ransomware uses more advance payment process and also now abuses CloudFlare.

Malvertising and the joys of online advertising

Holiday shopping is stressful enough, now we need to worry about the rise of malvertising?

Tech support scammers spam YouTube with robot-like warnings for antivirus/antimalware users.

Bad Timing: French Gov’t and Online Surveillance

Google caught several fake digital certificates spoofing its domains tracing back to the ANSSI, a French cyber-division.

“Buy $500 antivirus from us,” say cyber-criminals

You’ve paid the ransom. Then you paid them to purge your ‘criminal records’, but cyber crooks are now bullying you to buy a $500 antivirus.

Malwarebytes finds an exploit in the Brazilian forum for TeamSpeak, a popular software among avid video game players.

Stuxnet: new light through old windows

A lesser known (and almost bypassed) version of Stuxnet shines new light on its attackers intentions and cyber arm capabilities.

Hackers tampered with the popular forum software vBulletin and access customers data, like passwords. Rumours of zero day within the vBulletin software emerges.

An in-the-wild exploit targets Silverlight, a web plugin used by popular sites such as Netflix.

Back in July 2013, we had discovered a new method of spreading the infamous FBI ransomware by using JavaScript code and iframes to create an illusion that the victim’s browser was locked. After several months, the threat is still very much alive hopping from one domain name to the next. The message is still the same and […]

A lesser known aspect of the popular cloud storage Google Drive is its built-in site publishing feature that allows you to upload an entire directory containing static web files (HTML, JavaScript, CSS, etc.) and to publish your own website. Bad guys are uploading malicious scripts and using them as part of a well thought chain […]

[Update]: Microsoft has announced it will issue a patch for the newly discovered IE zero day tomorrow as part of the November Patch Tuesday. The vulnerability, now labeled CVE-2013-3918 affects an ActiveX control in Internet Explorer. More details can be found on Microsoft’s website. Last week we heard about a Windows zero day that allows attackers […]

The criminals behind CryptoLocker that encrypts all your personal files are now offering a late payment option, albeit at a higher cost.

If you’re still looking for that last-minute costume, careful where you shop as drive-by download can happen while browsing a Halloween online store.

World’s first Bitcoin ATM comes to Canada

Bitcoin, the famous digital currency which has sparked much controversy over the years, is now heading to an ATM near you. The world’s first Bitcoin ATM is set to open today in Vancouver.

Google to provide website protection services against Distributed Denial of Service attacks mitigation and other types of attacks aimed at blocking politically sensitive websites.

« Previous PageNext Page »

Subscribe to our YouTube Channel