Ransomware review: October 2023

This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, "known attacks" are those where the victim did not pay a ransom. This provides the best overall picture of...

2023 MITRE ATT&CK® Evaluation results: Malwarebytes earns high marks for detection, blocks initial malware executions

MITRE Engenuity released its 2023 ATT&CK Evaluation results, with Malwarebytes blocking initial malware executions and earning high marks for detection. The evaluation tested 30 vendor solutions against Turla, a sophisticated Russia-based advanced persistent threat APT group with victims in over ...

Update now! Apple patches vulnerabilities on iPhone and iPad

Apple has released iOS 17.0.3, an emergency update fixing two vulnerabilities, one of which has already been exploited by cybercriminals. The update is available for iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iP...

Meta and TikTok consider charging users for ad-free experience

According to a report from the Wall Street Journal, Meta is considering charging its European users around $14 a month if they don't agree to personalized ads on Facebook and Instagram. On mobile devices, the price for a single account would be higher because Meta would factor in commissions...

Gen Z fears physical violence from being online more than anyone else, Malwarebytes finds

The "version history" of the internet was split by what we could do online--simple browsing across Web 1.0s static web pages, instant connection throughout Web 2.0s social platforms, and, into the future, potential new forms of ownership within Web 3.0s dreams of decentralization. But, as...

A week in security (September 25 - October 1)

Last week on Malwarebytes Labs: Dependabot impersonators cause trouble on GitHub Update Chrome now! Google patches another actively exploited vulnerability Googles Bard conversations turn up in search results Malicious ad served inside Bing's AI chatbot Pegasus spyware and how it exploited a WebP...

Update Chrome now! Google patches another actively exploited vulnerability

Google has updated the Stable Channel for Chrome to 117.0.5938.132 for Windows, Mac and Linux. This update includes ten security fixes. According to Google there is an active exploit for one of the patched vulnerabilities, which means cybercriminals are aware of the vulnerability and are using it...

Malicious ad served inside Bing's AI chatbot

In February 2023, Microsoft disclosed its new AI-assisted search engine, Bing Chat, powered by OpenAI's GPT-4. Even though Google has been dominating the search industry for years, this event was significant enough to generate not only interest but also plant the seed for a possible change in the...

Malwarebytes MDR wins G2 awards for "Best ROI," "Easiest to Use," and more

Malwarebytes Managed Detection and Response MDR earned a placed in 12 new reports on G2s Fall 2023 reports, winning badges for "Easiest to do Business With," "Best Est. ROI," "Easiest to Use," and "Easiest Admin." Purpose-built for resource constrained teams, Malwarebytes MDR provides IT staff wi...

Malwarebytes Admin update: New Detection screens to manage threats!

We released version 1.2 of the Malwarebytes Admin app for iOS and Android last week, adding new Detection features make it easier to see and manage threats. Designed as a companion to the Nebula console, Malwarebytes Admin allows administrators to quickly review, investigate, and resolve security...

TikTok flooded with fake celebrity nude photo Temu referrals

Sites and apps frequently gamify their products and experiences to grow their user base. Its a relatively easy way to have their customers become more involved thanks to whatever incentives may be on offer. A game here, a rewards program there, and everyone is happy. Well, almost everyone. If...

Steer clear of cryptocurrency recovery phrase scams

The dangers of cryptocurrency phishing are back in the news, after tech investor Mark Cuban was reported to have lost around $870k via a phishing link. Cuban lost a combination of coin types as asset movement flagged up after months of inactivity from his wallet. Cuban discovered some of the...

Compromised Free Download Manager website was delivering malware for years

In a public announcement, Free Download Manager has acknowledged that a specific web page on its site was compromised by a Ukrainian cybercrime group, exploiting it to distribute malware. Free Download Manager is--unsurprisingly--a download manager for Windows, macOS, Android, and Linux that allo...

Malwarebytes named leader across six endpoint security categories, marking its ease of use, in G2 Fall 2023 results

The peer-to-peer review source G2 has released their Fall 2023 reports, ranking Malwarebytes as a leader across a number of endpoint protection categories. In the most recent results, Malwarebytes is the only vendor to earn the "Easiest to Use" and "Easiest Admin" recognition for its Endpoint...

Malwarebytes wins every Q2 MRG Effitas award & scores 100% on new phishing test

MRG Effitas, a world leader in independent IT research, published their anti-malware efficacy assessment results for Q2 2023. Malwarebytes Endpoint Protection EP achieved the highest possible score 100% and received certifications for Level 1, Exploit, Online Banking, and Ransomware. These result...

iPhone 15 launch: Wonderlust scammers rear their heads

Yesterday, Apple launched its latest iPhone and Watch models at its massive Wonderlust event. As with many high profile launches like this, it attracted not just a mountain of press, but a whole load of scammers too. One site uses the Apple brand to host a cryptocurrency scam. The hook is a...

Patch now! September Microsoft Patch Tuesday includes two actively exploited zero-days

Microsoft's September 2023 Patch Tuesday is another important one. Not because it's a busy one, but because we have some special cases. Patch Tuesday includes security updates for 59 bugs, two of which are known to be actively exploited. The Cybersecurity & Infrastructure Security Agency CISA has...

Ransomware review: September 2023

This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, "known attacks" are those where the victim did not pay a ransom. This provides the best overall picture of...

Microsoft Teams used to deliver DarkGate Loader malware

Researchers have found a new method by which cybercriminals are spreading the DarkGate Loader malware. Until now, DarkGate was typically distributed via phishing emails. The malspam campaign used stolen email threads to lure victims into clicking a hyperlink, which downloaded the malware. But...

How “EDR Extra Strength” simplifies traditional EDR complexity

Traditional Endpoint Detection and Response EDR today has a three-fold complexity problem--with big consequences. First, complexity in EDR deployment causes long delays, directly impacting ROI and leaving organizations vulnerable to breaches. In fact, almost 10 percent of small security teams cit...