Accidental VirusTotal upload is a valuable reminder to double check what you share

Categories: Business

Tags: upload

Tags: download

Tags: share

Tags: data

Tags: intelligence

Tags: google

Tags: virustotal

Tags: social media

Tags: sharing

Tags: document

Tags: file

Tags: files

We take a look at reports of a document being accidentally shared to the VirusTotal service and potentially exposing names and email addresses in the security and intelligence community.

(Read more…)

The post Accidental VirusTotal upload is a valuable reminder to double check what you share appeared first on Malwarebytes Labs.

Read more

Fake Proof-of-Concepts used to lure security professionals

Categories: Exploits and vulnerabilities

Categories: News

Tags: PoC

Tags: PoCs

Tags: Leiden

Tags: GitHub

Tags: VirusTotal

Tags: AbuseIPDB

Researchers from Leiden University analyzed many thousands of Proof-of-Concepts and found that 10 percent of those they found on GitHub are malicious

(Read more…)

The post Fake Proof-of-Concepts used to lure security professionals appeared first on Malwarebytes Labs.

Read more

Why you shouldn’t automate your VirusTotal uploads

Credit to Author: Pieter Arntz| Date: Mon, 18 Apr 2022 15:33:35 +0000

Security teams use VirusTotal as a second opinion scanner, but it’s not advisable to upload documents to VirusTotal as that may result in a breach of confidence and exposure of confidential data.

The post Why you shouldn’t automate your VirusTotal uploads appeared first on Malwarebytes Labs.

Read more

Caution: Misuse of security tools can turn against you

Credit to Author: Vasilios Hioureas| Date: Thu, 11 Jul 2019 17:34:57 +0000

If not implemented correctly, the very security tools we use to keep our information private may actually cause data leaks themselves. We outline a few cases and provide suggestions for researchers and security admins.

Categories:

Tags:

(Read more…)

The post Caution: Misuse of security tools can turn against you appeared first on Malwarebytes Labs.

Read more

Buggy implementation of CVE-2018-8373 vulnerability used to deliver Quasar RAT

Credit to Author: Jérôme Segura| Date: Wed, 26 Sep 2018 17:13:26 +0000

A threat actor implements a newer vulnerability exploited in Internet Explorer to serve up the Quasar RAT and diversify the portfolio of attacks.

Categories:

Tags:

(Read more…)

The post Buggy implementation of CVE-2018-8373 vulnerability used to deliver Quasar RAT appeared first on Malwarebytes Labs.

Read more

Chronicle: A Meteor Aimed At Planet Threat Intel?

Credit to Author: BrianKrebs| Date: Wed, 24 Jan 2018 22:56:52 +0000

Alphabet Inc., the parent company of Google, said today it is in the process of rolling out a new service designed to help companies more quickly make sense of and act on the mountains of threat data produced each day by cybersecurity tools. Countless organizations rely on a hodgepodge of security software, hardware and services to find and detect cybersecurity intrusions before an incursion by malicious software or hackers has the chance to metastasize into a full-blown data breach.

Read more

Carbon Emissions: Oversharing Bug Puts Security Vendor Back in Spotlight

Credit to Author: BrianKrebs| Date: Fri, 18 Aug 2017 17:38:57 +0000

Last week, security firm DirectDefense came under fire for over-hyping claims that Cb Response, a cybersecurity product sold by competitor Carbon Black, was leaking proprietary from customers who use it. Carbon Black responded that the bug identified by its competitor was a feature, and that customers were amply cautioned in advance about the potential privacy risks of using the feature. Now Carbon Black is warning that an internal review has revealed a wholly separate bug in Cb Response that could in fact result in certain customers unintentionally sharing sensitive files.

Read more