4706 matches found
[updated] Important update! iPhones, Macs, and more vulnerable to zero-day bug
On Monday, Apple released a long list of patched vulnerabilities to its software, including a new zero-day flaw affecting Macs and iPhones. The company revealed it's aware that threat actors may have been actively exploiting this vulnerability, which is tracked as CVE-2022-32917. As it's a...
How to protect RDP
You didn’t really think that the ransomware wave was coming to an end, did you? You may be tempted to think so, given the decline in reports about massive ransomware campaigns. Dont be fooled. Over the last five years, one of the primary attack vectors for ransomware attacks has been the Remote...
Compromising vital infrastructure: transport and logistics
Back when I was a dispatcher for a courier and trucking company, we used to joke that it only took a few strategically-placed accidents to cause a traffic jam that could completely stop circulation around the city of Rotterdam. Rotterdam is one of the major ports in the world and consequently,...
Smart lights vulnerable to "blink and you'll miss it" attack
Over the last couple of years, key parts of our daily lives have been sliding into some form of Internet connectivity. Smartphones and other devices have become necessities. Paying bills? Those systems have moved online. Tax? Online. Wage slips and bank statements? Its paperless time. Welfare...
QNAP customers urged to disable AFP to protect against severe vulnerabilities
MacOS users that have a network-attached storage NAS device made by QNAP are being advised to disable the Apple Filing Protocol AFP on their devices until some severe vulnerabilities have been fixed. But QNAP is not the only vendor that needed to fix these vulnerabilities. Others have already don...
Magecart criminals caught stealing with their poker face on
Earlier in June, we documented how Magecart credit card skimmers were found on Amazon S3. This was an interesting development, since threat actors weren't actively targeting specific e-commerce shops, but rather were indiscriminately injecting any exposed S3 bucket. Ever since then, we've monitor...
How much personalization is too much?
This story originally ran in The Parallax on January 25, 2019, and was written by Dan Tynan. In 2012, when Target used data analytics to identify customers who were expecting a baby, then mailed them coupons for maternity clothing and nursery furniture, it inadvertently revealed a teenage girl’s...
Business email compromise scam costs Pathé $21.5 million
Recently released court documents show that European-based cinema chain Pathé lost a small fortune to a business email compromise BEC scam in March 2018. How much? An astonishing US$21.5 million roughly 19 million euros. The attack, which ran for about a month, cost the company 10 percent of its...
Obfuscated Coinhive shortlink reveals larger mining operation
During the past several months, in-browser mining has continued to affect a large number of websites, predominantly relying on Coinhive's infamous API. We documented several campaigns on this blog, in particular Drupalgeddon, where attackers are taking advantage of vulnerabilities in popular...
Update now! Atlassian Confluence vulnerability is being actively exploited
Microsoft Threat Intelligence has revealed that it has been tracking the active exploitation of a vulnerability in Atlassian Confluence software since September 14, 2023. At the time the attacks were first observed the vulnerability was a zero-day, meaning that no update was available, so defende...
Update now! Google Chrome fixes two in-the-wild zero-days
Google announced on Monday that it will be issuing patches for 11 high severity vulnerabilities found in Chrome, including two that are currently being exploited in the wild. The patch, which is part of the Stable Channel Update for Chrome 93 93.0.4577.82, will be released for Windows, Mac, and...
Sodinokibi ransomware gang auctions off stolen data
Is it legal to buy stolen data from criminals? In most countries the answer would be no. But will it lead to a penalty or a fine? That is a different question and I’m afraid some companies and organizations will be inclined to seriously consider the last question even when they know the answer to...
Going dark: encryption and law enforcement
UPDATE, 05/22/2020: In the advent of the EARN IT Act, the debate on government subversion of encryption has reignited. Given that the material conditions of the technology have not changed, and the arguments given in favor of the bill are not novel, we've decided to republish the following blog...
6 security concerns to consider when automating your business
Automation is an increasingly-enticing option for businesses, especially when those in operations are in a perpetual cycle of "too much to do and not enough time to do it." When considering an automation strategy, business representatives must be aware of any security risks involved. Here are six...
Google logins: JavaScript now required
Google users: In news that may sound alarming, it is now a requirement for you to enable JavaScript. Why? When your username and password are entered on Google’s sign-in page, Google runs a risk assessment and only allows the sign-in if nothing looks suspicious. Recently, Google went about...
Partnerstroka: Large tech support scam operation features latest browser locker
Tech support scams continue to be one of the top consumer threats in 2018, despite actions from security vendors and law enforcement. Scammers are constantly looking for new ways to reel in more victims, going beyond cold calls impersonating Microsoft to rogue tech support ads using the good name...
Update Android now! Google patches three actively exploited zero-days
In Julys update for the Android operating system OS, Google has patched 43 vulnerabilities, three of which are actively exploited zero-day vulnerabilities. The security bulletin notes that there are indications that these three vulnerabilities may be under limited, targeted exploitation. If your...
Critical WhatsApp vulnerabilities patched: Check you've updated!
WhatsApp has fixed two remote code execution vulnerabilities in its September update, according to its security advisory. These could have allowed an attacker to remotely access a device and execute commands from afar. These versions of WhatsApp are affected by at least one of the vulnerabilities...
2K games helpdesk abused to spread RedLine malware
On September 20, 2022, the official Twitter account for 2K Support tweeted an important message from the Customer Support team. The tweet said an unauthorized party illegally accessed the credentials of one of the vendors of the helpdesk platform. The attacker then used that access to send out...
Hacker destroys VFEmail service, wipes backups
An email service called VFEmail was essentially put out of business after a hack intended to delete everything in and out of sight. "Yes, @VFEmail is effectively gone. It will likely not return. I never thought anyone would care about my labor of love so much that they’d want to completely and...
Merging Facebook Messenger, WhatsApp, and Instagram: a technical, reputational hurdle
Secure messaging is supposed to be just that—secure. That means no backdoors, strong encryption, private messages staying private, and, for some users, the ability to securely communicate without giving up tons of personal data. So, when news broke that scandal-ridden, online privacy pariah...
The enemy is us: a look at insider threats
They can go undetected for years. They do their questionable deeds in the background. And, at times, one wonders if they're doing more harm than good. Although this sounds like we're describing some sophisticated PUP you haven’t heard of, we're not. These are the known attributes of insider...
Update now! Microsoft patches a whopping 130 vulnerabilities
Its that time of the month again. For the July 2023 Patch Tuesday, Microsoft has issued security updates for 130 vulnerabilities. Nine of the vulnerabilities are rated as critical and four of them are known to be actively exploited. The Cybersecurity & Infrastructure Security Agency CISA has...
Update now! Nvidia released fixes for 10 flaws in Windows GPU drivers
Multiple NVIDIA graphic card models have been found to have flaws in their GPU drivers, with six medium-and four high-severity ratings. Last Monday, the company released a software security update for NVIDIA GPU Display Driver to address the vulnerabilities. If exploited, they could lead to denia...
Another one bites the dust: Avaddon ransomware group shuts down operation
Are you seeing some pattern here? In what could be a called "shocking news" on Friday, BleepingComputer revealed that the gang behind the Avaddon ransomware shut down its operations after releasing more than 2,000 decryption keys to the technology news site. BleepingComputer claimed they received...
A week in security (September 30 – October 6)
Last week on Malwarebytes Labs, Malwarebytes renewed its pledge to fight stalkerware for National Cybersecurity Awareness NCSA and Domestic Violence Awareness Month. We also looked into what security orchestration is and reported about partnering with security firm, HYAS, to determine the...
Malwarebytes CrackMe 2: try another challenge
Last November, we released the first edition of the Malwarebytes CrackMe. Encouraged by the positive response we received from the security community, we decided to repeat the game, hopefully making it even more interesting and entertaining. As before, the CrackMe is dedicated to malware analysts...
Nigerian scams without the Nigerians
Users in English speaking countries are quite familiar with the Nigerian scam: an important guy in Nigeria needs your help getting his money out of the country and if you assist with some transaction fees, a chunk of his fortune could be yours. But what about non-English speaking countries? What...
Update now! Zyxel patches critical firewall bypass vulnerability
In a security advisory Zyxel has urged customers to update because a security flaw can lead to the circumvention of firewall protection in several Zyxel products. Zyxel is a Taiwanese producer of modems and other networking equipment and its products are sold in over 150 countries. The...
WebNavigator Chromium browser published by search hijackers
A mystery Chromium browser recently made a sudden appearance, and is certainly proving popular. But what is it, and where did it come from? Malwarebytes detects the browser as PUP.Optional.WebNavigator, and we found several clues that this browser was brought to you by a notorious family of searc...
Hat trick for Google as it patches two more zero-days in Chrome
Slightly over a week ago we advised you to update your Chrome browser. That warning came only a week or so after we advised you to update your Chrome browser. Things are getting a bit repetitive round here. Today, we are compelled to repeat that statement as Google has issued patches for two new...
Please don’t buy this: smart doorbells
Though Black Friday and Cyber Monday are over, the two shopping holidays were just precursors to the larger Christmas season—a time of year when online packages pile high on doorsteps and front porches around the world. According to some companies, it's only logical to want to protect these...
A week in security (November 25 – December 1)
Last week on Malwarebytes Labs, we discussed why the notion of "data as property" may potentially hurt more than help, homed in on sextortion scammers getting more creative, and explored the possible security risks Americans might face if the US changed to universal healthcare coverage. Other...
What K–12 schools need to shore up cybersecurity
Crumbling infrastructure. Gaps in curriculum. Antiquated devices. Difficult COPPA laws. Lack of funding. Those are just a few of the obstacles facing K–12 schools looking to adopt technology into their 21st century learning initiatives. Now add security concerns to the list, and you can see why...
Sophisticated phishing: a roundup of noteworthy campaigns
Phishing is a problem nearly as old as the Internet. Yet, criminals continue to reach into their bag of phishing tricks in 2019 because, in a nutshell, it just works. Dialing into the human psyche and capitalizing on emotions such as fear, anxiety, or plain laziness, phishing attacks are successf...
Browlock flies under the radar with complete obfuscation
Browlocks are the main driving force behind tech support scams, using a combination of malvertising and clever browser locker tricks to fool users. In fact, the effects can be so convincing that people call the rogue Microsoft support number for help because they believe their computer has been...
How to tighten security and increase privacy on your browser
Is my browser making an effort to keep my system safe and my online behavior private? This is usually not the first question we ask ourselves when we choose our default browser. But maybe it should be. These days, threats to your privacy and security come at your from all angles, but browser-base...
Learning PowerShell: basic programs
In the previous posts we have looked at some elementary PowerShell concepts and we have constructed some basic commands to export and compare data. We did this by using an example of certificates being dumped in the “Untrusted” category by some malware. This time we will try to write a program th...
New ESXiArgs encryption routine outmaneuvers recovery methods
In what seems to be a typical arms race where one side responds to counter the progress the other side has made, the ransomware group behind the massive attack on ESXi Virtual Machines VMs has come up with a new variant that can no longer be decrypted with the recovery script released by the...
ProxyToken: Another nail-biter from Microsoft Exchange
Had I known this season of Microsoft Exchange was going to be so long Id have binge watched. Does anyone know how many episodes there are? Sarcasm aside, while ProxyToken may seem like yet another episode of 2021s longest running show, that doesn’t make it any less serious, or any less...
SMBs lack resources to defend against cyberattacks, plus pay more in the aftermath
Cyberattacks, many have noted, are the fastest growing economic crime not only in the United States, but also around the world. This upward trend has been observed since 2014, according to PricewaterhouseCoopers PwC, and won’t likely be slowing down anytime soon. Cyberattacks—much like the...
How to get your Equifax money and stay safe doing it
UPDATE August 2, 2019: The US Federal Trade Commission has warned consumers that, due to the high number of claims made for a cash payout regarding the Equifax data breach, the actual value that will be paid out might be "far less" than the originally-stated $125. You can read the FTC's full...
What should a US federal data privacy law ideally include?
In the constant David-and-Goliath struggle between digital privacy advocates and corporate privacy invaders, the question of how to legally protect Americans with a comprehensive, federal data privacy law provides conflicting answers. Advocates want protections, which Big Tech interprets as...
Mobile stalkerware: a long history of detection
Recently, we have received an alarming question from many Malwarebytes users, asking, “Do you detect stalkerware?” The answer is an overwhelming, “Absolutely, and for good reason!” Moreover, we have been doing so for a long time, and are expanding our efforts in the months to come. Going back mor...
All the reasons why cybercriminals want to hack your phone
When people think of hacking, most imagine desktop computers, laptops, or perhaps even security cameras. However, in recent years, cybercriminals have expanded their repertoire to include smartphones, too. Here are 10 reasons why they may be looking to hack your phone. 1. To infect it with malwar...
Facebook spammers making things worse
Facebook's having a bad couple of weeks. Between Congressional testimony and new information coming forward about Cambridge Analytica's use of user data, the tech giant is having problems keeping its users aboard. Unfortunately, misery loves company. We noticed a few Facebook spam campaigns this...
New Kritec Magecart skimmer found on Magento stores
Threat actors often compete for the same resources, and this couldn't be further from the truth when it comes to website compromises. After all, if a vulnerability exists one can expect that it will be exploited more than once. In the past, we have seen such occurrences with Magecart threat actor...
Zero-day puts a dent in Chrome's mojo
On Friday, Google announced the release of a new version of its Chrome browser that includes a security fix for a zero-day tracked as CVE-2022-3075. As with previous announcements, technical details about the vulnerability won't be released until a certain number of Chrome users have already...
Update now! Apple patches another actively used zero-day
Apple has released patches for iOS 15.3, iPadOS 15.3, and macOS Monterey 12.2 and is urging users to update. The most significant reasons are two actively exploited zero-day vulnerabilities, one of which has a publicly disclosed Proof-of-Concept PoC. Using this vulnerability, designated...
Maine inches closer to shutting down ISP pay-for-privacy schemes
Maine residents are one step closer to being protected from the unapproved use, sharing, and sale of their data by Internet service providers ISPs. A new state bill, already approved by the state House of Representatives and Senate, awaits the governor’s signature. If signed, the bill would provi...