Update now! Apple confirms vulnerabilities are already being exploited

Apple has released security patches for most of its operating systems, including iOS, Mac, iPadOS, Safari, and visionOS. The updates for iOS and Intel-based Mac systems are especially important, as they tackle vulnerabilities that are being actively exploited by cybercriminals. You should make su...

Free AI editor lures in victims, installs information stealer instead on Windows and Mac

A large social media campaign was launched to promote a free Artificial Intelligence AI video editor. If the "free" part of that campaign sounds too good to be true, then that's because it was. Instead of the video editor, users got information stealing malware. Lumma Stealer was installed on...

A week in security (November 4 – November 10)

Last week on Malwarebytes Labs: Hello again, FakeBat: popular loader returns after months-long hiatus TikTok ordered to close Canada offices following "national security review" Air fryers are the latest surveillance threat you didn’t consider Malwarebytes acquires AzireVPN to fuel additional VPN...

TikTok ordered to close Canada offices following “national security review”

The Government of Canada ordered the TikTok Technology Canada Inc. to close its offices in the country following a national security review. This decision was made in accordance with the Investment Canada Act, which allows for the review of foreign investments that may be injurious to Canada’s...

Malwarebytes acquires AzireVPN to fuel additional VPN features and functionalities

Today I have great news to share: We've acquired AzireVPN, a privacy-focused VPN provider based in Sweden. I wanted to share with you our intentions behind this exciting step, and what this means for our existing users and the family of solutions they rely on to keep them private and secure...

Update your Android: Google patches two zero-day vulnerabilities

Google has announced patches for several high severity vulnerabilities. In total, 51 vulnerabilities have been patched in November's updates, two of which are under limited, active exploitation by cybercriminals. If your Android phone shows patch level 2024-11-05 or later then the issues discusse...

1,000+ web shops infected by “Phish ‘n Ships” criminals who create fake product listings for in-demand products

Researchers at the Satori Threat Intelligence and Research team have published their findings about a group of cybercriminals that infect legitimate web shops to create and promote fake product listings. The threat, dubbed "Phish ‘n Ships" by the researchers, reportedly infected more than 1,000...

Android malware FakeCall intercepts your calls to the bank

An Android banking Trojan called FakeCall is capable of hijacking the phone calls you make to your bank. Instead of reaching your bank, your call will be redirected to the cybercriminals. The Trojan accomplishes this by installing itself as the default call handler on the infected device. The...

Unauthorized data access vulnerability in macOS is detailed by Microsoft

The Microsoft Threat Intelligence team disclosed details about a macOS vulnerability, dubbed "HM Surf," that could allow an attacker to gain access to the user’s data in Safari. The data the attacker could access without users’ consent includes browsed pages, along with the device’s camera,...

Android users targeted on Facebook and porn sites, served adware

Android users, be on your guard against adware trying to infect your device. The adware—known as MobiDash—is spreading via several channels, according to ThreatDown research. One of the characteristics that makes MobiDash stand out is that it can be added to legitimate apps without changing how t...

CVE-2024-44744

An issue in Malwarebytes Premium Security v5.0.0.883 allows attackers to execute arbitrary code via placing crafted binaries into unspecified directories. NOTE: Malwarebytes argues that this issue requires admin privileges and that the contents cannot be altered by non-admin users...

Malwarebytes Premium Security 安全漏洞

Malwarebytes Premium Security is a network security antivirus from Malwarebytes. A security vulnerability exists in Malwarebytes Premium Security version v5.0.0.883. An attacker can exploit the vulnerability to execute arbitrary code by placing specially crafted binaries into an unspecified...

CVE-2024-44744

An issue in Malwarebytes Premium Security v5.0.0.883 allows attackers to execute arbitrary code via placing crafted binaries into unspecified directories. NOTE: Malwarebytes argues that this issue requires admin privileges and that the contents cannot be altered by non-admin users...

CVE-2024-44744

Malwarebytes Premium Security v5.0.0.883 is affected by CVE-2024-44744. The issue allows arbitrary code execution when crafted binaries are placed into unspecified directories. Malwarebytes notes that admin privileges are required and that contents cannot be altered by non-admin users, per the de...

Privacy watchdog files complaint over Firefox quietly enabling its Privacy Preserving Attribution

A European privacy watchdog has filed a complaint against Mozilla for quietly enabling Privacy Preserving Attribution PPA in its Firefox browser. Noyb none of your business argues that despite its reassuring name, the feature allows the browser to track your online behavior. By design, Privacy...

A week in security (September 16 – September 22)

Last week on Malwarebytes Labs: "Simply staggering" surveillance conducted by social media and streaming services, FTC finds Tor anonymity compromised by law enforcement. Is it still safe to use? Walmart customers scammed via fake shopping lists, threatened with arrest Snapchat wants to put your...

A week in security (September 9 – September 15)

Last week on Malwarebytes Labs: Ford seeks patent for conversation-based advertising Scammers advertise fake AppleCare+ service via GitHub repos Facebook scrapes photos of kids from Australian user profiles to train its AI PartnerLeak scam site promises victims full access to "cheating" partner’s...

PartnerLeak scam site promises victims full access to “cheating” partner’s stolen data

Earlier this week, we reported on a new type of scam that tells you your partner is cheating on you. However, we hit a dead end because we were unable to get hold of an original copy of the email. That was until the scammers were “kind enough” to send one to one of our co-workers. your partner is...

PT-2024-37491 · Malwarebytes · Malwarebytes Antimalware

Name of the Vulnerable Software and Affected Versions: Malwarebytes Antimalware affected versions not specified Description: This issue allows local attackers to escalate privileges on affected installations of Malwarebytes Antimalware. An attacker must first obtain the ability to execute...

Malwarebytes Antimalware Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Malwarebytes Antimalware. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...