The vulnerability of the MBAMChameleon.sys driver of the Malwarebytes anti-virus protection software allows a hacker to trigger a service failure.

The vulnerability of the MBAMChameleon.sys driver in the Malwarebytes antivirus protection software exists due to insufficient validation of input data. Exploiting this vulnerability can allow a hacker to cause a service failure by sending specially crafted data...

Instagram scam steals your selfies to trick your friends

What would you do if a friend of yours set up a NSFW account, and then used it to follow you on Instagram? Would you check it out? We recently learned of a group of friends who had to ask themselves exactly that. Fortunately, they realised that something was off. The account wasnt the real owners...

Introducing Malwarebytes Vulnerability Assessment for OneView: How to check for Common Vulnerabilities and Exposures (CVEs)

Malwarebytes is happy to announce our Vulnerability Assessment module for OneView, our multi-tenant console where you can manage Malwarebytes Nebula accounts, subscriptions, invoicing, and integrations. This module enables our MSPs to scan, identify, and assess vulnerabilities in customers’ digit...

ASyncRat surpasses Dridex, TrickBot and Emotet to become dominant email threat

Earlier this year Malwarebytes released its 2022 Threat Review, a review of the most important threats and cybersecurity trends of 2021, and what they could mean for 2022. Among other things it covers the years alarming rebound in malware detections, and a significant shift in the balance of emai...

Tor’s (security) role in the future of the Internet, with Alec Muffett

Tor has a storied reputation in the world of online privacy. The open-source project lets people browse the Internet more anonymously by routing their traffic across different nodes before making a final connection between their device and a desired website. Its something weve discussed previousl...

Ransomware: May 2022 review

The Malwarebytes Threat Intelligence team monitors the threat landscape continuously and produces monthly ransomware reports based on a mixture of proprietary and open-source intelligence. Conti sleight of hand? Although LockBit remained the most widely-deployed ransomware in May 2022, it was,...

Introducing EDR for Linux: Remediating and isolating threats on Linux servers

We’re excited to announce our new EDR for Linux offering, which extends our advanced protection and response capabilities to Linux devices via Nebula and OneView. In this post, we show you what remediating and isolating threats on Linux servers looks like with Malwarebytes EDR for Linux. Let’s ge...

Introducing Malwarebytes DNS Filtering module: How to block sites and create policy rules

We’re happy to announce Malwarebytes DNS Filtering, a new module for the Nebula platform which helps block access to malicious websites and limit threats introduced by suspicious content. But how exactly does it work, you ask? In this post, we give a basic walkthrough of the module, starting off...

FAQ: Mitigating Microsoft Office’s ‘Follina’ zero-day

On Monday May 30, 2022, Microsoft issued CVE-2022-30190 for a zero-day remote code vulnerability, Follina, already being exploited in the wild via malicious Word documents. Q: What exactly is Follina? A: Follina is the nickname given to a new vulnerability discovered as a zero-day and identified ...

Chinese Hackers Begin Exploiting Latest Microsoft Office Zero-Day Vulnerability

An advanced persistent threat APT actor aligned with Chinese state interests has been observed weaponizing the new zero-day flaw in Microsoft Office to achieve code execution on affected systems. "TA413 CN APT spotted in-the-wild exploiting the Follina zero-day using URLs to deliver ZIP archives...

How the Saitama backdoor uses DNS tunnelling

Thanks to the Malwarebytes Threat Intelligence Team for the information they provided for this article. Understandably, a lot of cybersecurity research and commentary focuses on the act of breaking into computers undetected. But threat actors are often just as concerned with the act of breaking o...

Update now! Apple patches zero-day vulnerability affecting Macs, Apple Watch, and Apple TV

Apple has released security updates for a zero-day vulnerability that affects multiple products, including Mac, Apple Watch, and Apple TV. The flaw is an out-of-bounds write issue—tracked as CVE-2022-22675—in AppleAVD, a decoder that handles specific media files. An out-of-bounds write or read fl...

Recovering from romance scams with Cindy Liebes: Lock and Code S03E10

Earlier this year, many members of the public were introduced to the facets of a long-ignored crime in cyberspace: The romance scam. A flashy documentary called The Tinder Swindler had premiered on Netflix, and in it, filmmakers documented the efforts of one man to manipulate several women into...

Ransomware: April 2022 review

The Malwarebytes Threat Intelligence team monitors the threat landscape continuously and produces monthly ransomware reports based on a mixture of proprietary and open-source intelligence. April 2022 was most notable for the emergence of three new ransomware-as-a-service RaaS groups—Onyx, Mindwar...

“Reject All” cookie consent button is coming to European Google Search and YouTube

Google will soon be giving European countries a "Reject All" button in the Search and YouTube cookie consent banner. This change, which was revealed by Googles Product Manager for Privacy, Safety & Security Sammit Adhya in a blog post, has already been rolled out in France and will be cascaded to...

Why software has so many vulnerabilities, with Tanya Janca: Lock and Code S03E09

Less than one year ago, the worst ransomware attack in history struck dozens of organizations. Threat actors had exploited a serious flaw in the remote monitoring and management tool Kaseya VSA that, when discussed on the Lock and Code podcast, was revealed to be "not advanced at all." This was f...

Stalkerware-type detections hit record high in 2021, but fell in second half

After having tracked stalkerware for years, Malwarebytes can reveal that in 2021, detections for apps that can non-consensually monitor another persons activity reached their highest peak ever, but that, amidst the record-setting numbers, the volume of detections actually began to significantly...

Malwarebytes Evaluation of the MITRE ENGENUITY ATT&CK Round 4 Emulations

The results of the MITRE Engenuity ATT&CK Evaluation of the Wizard Spider and Sandworm adversaries were officially released1 last week. We are very proud of the Malwarebytes EDR results in the MITRE Engenuity test, which are the direct reflection of a relentless core EDR team and the learnings fr...

Ransomware: March 2022 review

The Malwarebytes Threat Intelligence team continuously monitors the threat landscape to stay on top of existing and emerging attacks. In this March 2022 ransomware review, we go over some of the most successful ransomware incidents based on both open source and dark web intelligence. The March da...

Why data protection and privacy are not the same, and why that matters: Lock and Code S03E09

Theres a mistake commonly made in the United States that a law that was passed to help people move their healthcare information to a new doctor or provider was actually passed to originally implement universal, wide-ranging privacy controls on that same type of information. This is the mixup with...