Uncovering RedStinger - Undetected APT cyber operations in Eastern Europe since 2020

This blog post was authored by Malwarebytes' Roberto Santos and Fortinet's Hossein Jazi While the official conflict between Russia and Ukraine began in February 2022, there is a long history of physical conflict between the two nations, including the 2014 annexation of Crimea by Russia and when t...

Fake Flipper Zero sellers are after your money

Thanks to Malwarebytes' Stefan Dasic who provided the research and screenshots for this article. Flipper Zero, a "multi-tool device for hackers", is frequently out of stock due to its popularity in hardware circles. Flipper Zero combines research and penetration hardware tools into a single unit...

A week in security (April 17 - 23)

Last week on Malwarebytes Labs: Fake Chrome updates spread malware Woman tracks down and turns table on Airbnb scammer Update Chrome now! Google patches actively exploited flaw Beware: Fake IRS tax email wants your Microsoft account Ransomware in Germany, April 2022 - March 2023 Living Off the La...

Update now, there's a Chrome zero-day in the wild

Google has announced an important update for Chrome to help fend off a zero-day. The update fixes several issues, and readers are advised to ensure they're using the latest version of the browser. Mitigation If youre using Chrome on Mac, Windows, or Linux, you need to update as soon as you possib...

Fortra Sheds Light on GoAnywhere MFT Zero-Day Exploit Used in Ransomware Attacks

Fortra, the company behind Cobalt Strike, shed light on a zero-day remote code execution RCE vulnerability in its GoAnywhere MFT tool that has come under active exploitation by ransomware actors to steal sensitive data. The high-severity flaw, tracked as CVE-2023-0669 CVSS score: 7.2, concerns a...

What your peers said: G2 comparison of top Endpoint Security vendors

Navigating the world of endpoint security is challenging, with numerous vendors stoking FUD and making bold claims that are difficult to verify. In times like these, the honest opinions of real users are invaluable for busy IT teams. Enter G2, an industry-leading peer-to-peer review site. Each...

Malware authors join forces and target organisations with Domino Backdoor

Theres a new ransomware gang in town, stitched together from members of well known threat creators to push a new kind of malware focused on punishing unwary organisations. The malware family, called "Domino", is the brainchild of FIN7 and ex-Conti ransomware members. Domino has been seen in attac...

LockBit ransomware on Mac: Should we worry?

One of the big headlines over the weekend is LockBit, the high-profile Russian ransomware gang, decided to expand its portfolio of potential victims by creating and releasing its first macOS payload, potentially triggering members of the Apple community to panic. But have no fear: Apple security...

Update Chrome now! Google patches actively exploited flaw

In a recent security advisory, Google says it patched a high-severity zero-day security flaw in its Chrome browser--the first in 2023--currently being exploited in the wild by threat actors. The company urges all its Windows, Mac, and Linux users to update to version 112.0.5615.121 immediately, a...

Woman tracks down and turns table on Airbnb scammer

The internet is full of Airbnb scams and accounts told by victims. But there is a twist in this latest story-gone-viral that is usually lacking in most narratives: The victim evens the score. Airbnb host and scammer "Mr. Tyler" met his match when his would-be guest, TikTok user Olivia @livvoogus,...

Port scan attacks: Protecting your business from RDP attacks and Mirai botnets

Compromised IP addresses and domains--otherwise legitimate sites that are exploited by hackers without the owner's knowledge--are frequently utilized to conduct port scanning attacks. Port scanning involves systematically scanning a computer network for open ports, which can then be exploited by...

Google Pay accidentally handed out free money, bug now fixed

Days ago, several Google Pay users in the US received some unexpected cashback from Google, congratulating them "for dogfooding the Google Pay Remittance experience". Confused and a tad happy, some looked to Twitter for answers, while others aired their experiences on the /r/googlepay/ Reddit pag...

A whirlwind adventure: Malwarebytes' 15-year journey in business cybersecurity

As we raise a glass to toast Malwarebytes' 15th anniversary of boldly venturing into the realm of business cybersecurity, we're feeling nostalgic. It's time to buckle up and embark on a whimsical journey through the twists and turns of Malwarebytes' evolution. From modest beginnings to becoming a...

9 vital criteria for effective endpoint security: Insights from the 'Endpoint Security Evaluation Guide' eBook

Endpoint security has never been more important, and with the increasing complexity of the security stack, choosing the right solution can be confusing. The good news is that there is a guide available to help organizations navigate this complex landscape: the "Endpoint Security Evaluation Guide"...

Update Android now! Google patches three important vulnerabilities

In the April 2023 Android security bulletin, Google announced security updates which include fixes for two critical remote code execution RCE vulnerabilities and one vulnerability that has been exploited in the wild. The vulnerabilities are impacting Android systems running versions 11, 12, 12L,...

A week in security (March 27 - April 2)

Last week on Malwarebytes Labs: Solving the passwords hardest problem with passkeys, featuring Anna Pobletts Food giant Dole reveals more about ransomware attack Bogus Chat GPT extension takes over Facebook accounts Ransomware gunning for transport sector's OT systems next GitHub accidentally...

Smart home assistants at risk from "NUIT" ultrasound attack

A new form of attack named "Near Ultrasound Inaudible Trojan" NUIT has been unveiled by researchers from the University of Texas. NUIT is designed to attack voice assistants with malicious commands remotely via the internet. Impacted assistants include Siri, Alexa, Cortana, and Google Assistant...

CVE-2023-28892

Malwarebytes AdwCleaner 8.4.0 runs as Administrator and performs an insecure file delete operation on C:\AdwCleaner\Logs\AdwCleanerDebug.log in which the target location is user-controllable, allowing a non-admin user to escalate privileges to SYSTEM via a symbolic link...

Design/Logic Flaw

Malwarebytes AdwCleaner 8.4.0 runs as Administrator and performs an insecure file delete operation on C:\AdwCleaner\Logs\AdwCleanerDebug.log in which the target location is user-controllable, allowing a non-admin user to escalate privileges to SYSTEM via a symbolic link...

CVE-2023-28892

Malwarebytes AdwCleaner 8.4.0 runs as Administrator and performs an insecure file delete operation on C:\AdwCleaner\Logs\AdwCleanerDebug.log in which the target location is user-controllable, allowing a non-admin user to escalate privileges to SYSTEM via a symbolic link...