CISA wants you to patch these actively exploited vulnerabilities before September 8

On Thursday, CISA the US Cybersecurity and Infrastructure Security Agency updated its catalog of actively exploited vulnerabilities by adding seven new entries. These flaws were found in Apple, Google, Microsoft, Palo Alto Networks, and SAP products. CISA set the due date for everyone to patch th...

A week in security (August 15 - August 21)

Last week on Malwarebytes Labs: Donut breach: Lessons from pen-tester Mike Miller: Lock and Code S03E17 Introducing Malwarebytes Cloud Storage Scanning: How to scan for malware in cloud file storage repositories JSSLoader: the shellcode edition CISA and FBI issue alert about Zeppelin ransomware H...

How IT teams can prevent phishing attacks with Malwarebytes DNS filtering

Phishing attacks are a persistent threat to businesses globally. According to Verizon, 82 percent of data breaches in 2021 involved the human element--with phishing attacks making up over 60 precent of these. And if it aint broke, dont fix it: threat actors have only continued to use phishing to...

Introducing Malwarebytes Cloud Storage Scanning: How to scan for malware in cloud file storage repositories

Were excited to announce Malwarebytes Cloud Storage Scanning, a new service that extends Nebula malware scanning options to include files stored on cloud storage repositories that are part of your organizations digital ecosystem. Today, the service supports scanning of files under 100Mb in size...

A week in security (August 8 - August 14)

Last week on Malwarebytes Labs: KMSpico explained: No, KMS is not "kill Microsoft" Twitter data breach affects 5.4M users Can your EDR handle a ransomware attack? 6-point checklist for an anti-ransomware EDR Twilio breached after social engineering attack on employees Summer of exploitation leads...

Ransomware review: July 2022

Malwarebytes Threat Intelligence builds a monthly picture of ransomware activity by monitoring the information published by ransomware gangs on their Dark Web leak sites. This information represents victims who were successfully attacked but opted not to pay a ransom. In July, LockBit maintained...

Ransomware review: July 2022

Malwarebytes Threat Intelligence builds a monthly picture of ransomware activity by monitoring the information published by ransomware gangs on their Dark Web leak sites. This information represents victims who were successfully attacked but opted not to pay a ransom. In July, LockBit maintained...

Ransomware protection with Malwarebytes EDR: Your FAQs, answered!

We get a few questions about ransomware protection and how our Endpoint Detection and Response software can protect you from ransomware. In this post, our security experts answer some of your most frequently asked questions about ransomware and how our EDR can help—let’s get started. Q: When...

Ransomware protection with Malwarebytes EDR: Your FAQs, answered!

We get a few questions about ransomware protection and how our Endpoint Detection and Response software can protect you from ransomware. In this post, our security experts answer some of your most frequently asked questions about ransomware and how our EDR can help--lets get started. Q: When...

Woody RAT: A new feature-rich malware spotted in the wild

This blog post was authored by Ankur Saini and Hossein Jazi The Malwarebytes Threat Intelligence team has identified a new Remote Access Trojan we are calling Woody Rat that has been in the wild for at least one year. This advanced custom Rat is mainly the work of a threat actor that targets...

Demo: Your data has been encrypted! Stopping ransomware attacks with Malwarebytes EDR

It’s no secret that ransomware is one of the most pressing cyber threats of our day. What worse, ransomware gangs have increased their attacks on a range of vulnerable industries, with disruptions to business operations, million-dollar ransom demands, data exfiltration, and extortion. With...

A week in security (July 4 – July 10)

Last week on Malwarebytes Labs: My Body, My Data Act would lock down reproductive and sexual health data "Free UK visa" offers on WhatsApp are fakes HackerOne insider fired for trying to claim other people’s bounties Update now! Chrome patches ANOTHER zero-day vulnerability Cloud-based malware is...

Tech support scammers caught by their own cameras

A Youtuber has hacked into the CCTV cameras of an office used by tech support scammers and reported them to the police. The video feed of what is going on in that office ends with the arrest of the scammers. CCTV The Youtuber, acting under the handle Scambaiter, turned his attention to Punjab in...

Ransomware review: June 2022

Malwarebytes Threat Intelligence builds a monthly picture of ransomware activity by monitoring the information published by ransomware gangs on their Dark Web leak sites. This information represents victims who were successfully attacked but opted not to pay a ransom. In June, LockBit was the mos...

Forced Chrome extensions get removed, keep reappearing

In the continued saga of annoying search extensions we have a new end-of-level boss. Victims have been reporting browser extensions that were removed by Malwarebytes, but “magically” came back later. Since the victims also complained about the message saying their browser was "managed", we had a...

Cybersecurity agencies: You don’t have to delete PowerShell to secure it

Microsofts PowerShell is a useful, flexible tool that is as popular with criminals as it is with admins. Cybercrooks like it becasue PowerShell is powerful, available almost everywhere, and doesnt look out of place running on a company network. In most places it isnt practical to block PowerShell...

Russian Hackers Exploiting Microsoft Follina Vulnerability Against Ukraine

The Computer Emergency Response Team of Ukraine CERT-UA has cautioned of a new set of spear-phishing attacks exploiting the "Follina" flaw in the Windows operating system to deploy password-stealing malware. Attributing the intrusions to a Russian nation-state group tracked as APT28 aka Fancy Bea...

Watch out for the email that says “You have a new voicemail!”

A phishing campaign is using voicemail notification messages to go after victims Office 365 credentials. According to researchers at ZScaler, the campaign uses spoofed emails with an HTML attachment that contains encoded javascript. The email claims that you have a new voicemail and that you can...

A week in security (June 13 – June 19)

Last week on Malwarebytes Labs: Serious vulnerabilities found in ITarian software, patches available for SaaS products Update Chrome now: Four high risk vulnerabilities found Taking down the IP2Scam tech support campaign Don’t panic! “Unpatchable” Mac vulnerability discovered Introducing...

Instagram scam steals your selfies to trick your friends

What would you do if a friend of yours set up a NSFW account, and then used it to follow you on Instagram? Would you check it out? We recently learned of a group of friends who had to ask themselves exactly that. Fortunately, they realised that something was off. The account wasnt the real owners...