A week in security (March 28 – April 3)

Last week on Malwarebytes Labs: New UAC-0056 activity: There’s a Go Elephant in the room Globant suffers network breach due to LAPSUS$ compromise Update now! Apple patches two zero-day vulnerabilities that may have been actively exploited Hive ransomware impacts California non-profit health...

MITRE ATT&CK® Evaluation results: Malwarebytes’ efficiency, delivered simply, earns high marks

Cybersecurity can be complex work, as security teams need to regularly decipher and prioritize alerts, protect against daily threats, and possibly implement product configuration changes, all while staying abreast of the latest intelligence on new and evolving threats. For organizations that lack...

MSHTML Flaw Exploited to Attack Russian Dissidents

A spearphishing campaign targeting Russian citizens and government entities that are not aligned with the actions of the Russian government is the latest in numerous threats that have emerged since Russia invaded the Ukraine in February. Researchers from MalwareBytes identified a campaign last we...

Tech support fraud is still very much alive, says latest FBI report

The FBI’s Internet Crime Complaint Center IC3 has released its annual report. In 2021, IC3 continued to receive a record number of complaints from the American public: 847,376 reported complaints, which was a 7% increase from 2020, with potential losses exceeding $6.9 billion. Among the complaint...

Just-Released Dark Souls Game, Elden Ring, Includes Killer Bug

The latest installment of the Dark Souls gaming franchise, Elden Ring, contains a security vulnerability that allows bad actors to throw players on PCs into an endless loop of losing their characters’ lives, rendering it essentially unplayable. Malwarebytes Labs researcher Christopher Boyd said...

Escobar is the new Android banking Trojan we’ve met before

Aberebot, a known Android banking Trojan, has changed its name and returned loaded with new features. First spotted by @MalwareHunterTeam in early March, this mobile variant was renamed "Escobar"—a homage to the Colombian drug baron—and disguised itself as a McAfee app. It went by the package nam...

Blunting RDP brute-force attacks with rate limiting

Thanks to the Malwarebytes Threat Intelligence Team for the information they provided for this article. Not long ago, guessing a Windows Remote Desktop Protocol RDP password successfully was widely regarded as ransomware operators number one choice for breaching a target. It attracted a lot of...

Ransomware: February 2022 review

The Malwarebytes Threat Intelligence team continuously monitors the threat landscape to stay on top of existing and emerging attacks. In this February 2022 ransomware review, we go over some the most successful ransomware incidents based on both open source and dark web intelligence. BlackByte...

A week in security (February 28 – March 6)

Last week on Malwarebytes Labs: Beware of malware offering “Warm greetings from Saudi Aramco” Update now! Cisco fixes several vulnerabilities HermeticWiper: A detailed analysis of the destructive malware that targeted Ukraine Tips to protect your data, security, and privacy from a hands-on expert...

Malwarebytes 4.5 Unquoted Service Path

Exploit Title: Malwarebytes 4.5 - Unquoted Service Path Date: 05/03/2022 Exploit Author: Hejap Zairy Vendor Homepage: https://www.malwarebytes.com/ Software Link: https://www.malwarebytes.com/mwb-download/ Version: 4.5.0 Tested: Windows 10 Pro x64 es C:\Users\Hejapsc qc MBAMService SC...

Malwarebytes 4.5 - Unquoted Service Path Vulnerability

Exploit Title: Malwarebytes 4.5 - Unquoted Service Path Exploit Author: Hejap Zairy Vendor Homepage: https://www.malwarebytes.com/ Software Link: https://www.malwarebytes.com/mwb-download/ Version: 4.5.0 Tested: Windows 10 Pro x64 es C:\Users\Hejapsc qc MBAMService SC QueryServiceConfig SUCCESS...

Malwarebytes 4.5 - Unquoted Service Path

Exploit Title: Malwarebytes 4.5 - Unquoted Service Path Date: 05/03/2022 Exploit Author: Hejap Zairy Vendor Homepage: https://www.malwarebytes.com/ Software Link: https://www.malwarebytes.com/mwb-download/ Version: 4.5.0 Tested: Windows 10 Pro x64 es C:\Users\Hejapsc qc MBAMService SC...

Beware of malware offering “Warm greetings from Saudi Aramco”

Recently, the Malwarebytes Threat Intelligence Team found a Formbook campaign targeting oil and gas companies. The campaign they discovered was delivered by a targeted email that contained two attachments, one is a pdf file and the other an Excel document. Formbook The Formbook malware is an...

The Conti ransomware leaks

On February 27, an individual with insights into the Conti ransomware group started leaking a treasure trove of data beginning with internal chat messages. Conti is responsible for a number of high profile attacks, including one against the Irish Healthcare system which has cost more than $48...

CVE-2022-25150

In Malwarebytes Binisoft Windows Firewall Control before 6.8.1.0, programs executed from the Tools tab can be used to escalate privileges...

CVE-2022-25150

In Malwarebytes Binisoft Windows Firewall Control before 6.8.1.0, programs executed from the Tools tab can be used to escalate privileges...

Design/Logic Flaw

In Malwarebytes Binisoft Windows Firewall Control before 6.8.1.0, programs executed from the Tools tab can be used to escalate privileges...

CVE-2022-25150

CVE-2022-25150 affects Malwarebytes Binisoft Windows Firewall Control prior to version 6.8.1.0. The vulnerability allows programs executed from the Tools tab to escalate privileges locally. The connected records confirm the affected product and the local privilege escalation impact; no explicit r...

CVE-2022-25150

In Malwarebytes Binisoft Windows Firewall Control before 6.8.1.0, programs executed from the Tools tab can be used to escalate privileges...

Ransomware gang hits 49ers’ network before Super Bowl kick off

The San Francisco 49ers has confirmed that it has been hit by a ransomware attack. The announcement came just hours before the biggest football game of the year, Sundays Super Bowl between the Cincinnati Bengals and the Los Angeles Rams. In a boilerplate statement to BleepingComputer, the 49ers...