4658 matches found
Social Security Number scammers are at it again
The Federal Trade Commission FTC once again sounded the alarm in mid-December about the latest Social Security Number SSN scam that continues to affect thousands of Americans. While most of us were only able to read about this type of scam in the past, the FTC now has an audio recording of an SSN...
Please don’t buy this: smart toys
Smart toys attempt to offer what a lot of us imagined as kids—a toy that we can not only play with, but one that plays back. Many models offer voice recognition, facial expressions, hundreds of words and phrases, reaction to touch and impact, and even the ability to learn and retain new...
Apache ActiveMQ vulnerability used in ransomware attacks
On the 27 October, the Apache Software Foundation ASF announced a very serious vulnerability in Apache ActiveMQ that can be used to achieve remote code execution RCE. The Cybersecurity and Infrastructure Security Agency has now added this vulnerability to its Known Exploited Vulnerabilities...
Update now! Chrome patches critical RCE vulnerability in Safe Browsing
Google has issued an update for the Chrome browser which includes 26 security fixes. What stands out is that one of these fixes is rated as "critical". The critical vulnerability is a use after free bug in the Safe Browsing feature. The Stable channel has been updated to 97.0.4692.99 for Windows,...
Lazarus APT conceals malicious code within BMP image to drop its RAT
This blog was authored by Hossein Jazi Lazarus APT is one of the most sophisticated North Korean Threat Actors that has been active since at least 2009. This actor is known to target the U.S., South Korea, Japan and several other countries. In one of their most recent campaigns Lazarus used a...
SAP warns of malicious activity targeting unpatched systems
A timely warning to keep systems patched has appeared, via a jointly-released report from Onapsis and SAP. The report details how threat actors are “targeting and potentially exploiting unprotected mission-critical SAP applications”. Some of the vulnerabilities used were weaponised fewer than 72...
The informed voter’s guide to election cyberthreats
Singapore held its most recent general election on July 10 2020, and although they used the electoral system called first-past-the-post FPTP, a scheme favored by the US, UK, and most English-speaking countries, the road leading to Election Day was not without challenges and obstacles. While all...
How 5G could impact cybersecurity strategy
With the recent news that South Korea has rolled out the world’s first 5G network, it’s clear that we’re on the precipice of the wireless technology’s widespread launch. Offering speeds anywhere from 20 to 100 times faster than 4G long-term evolution LTE, the next generation of wireless networks...
Labs survey finds privacy concerns, distrust of social media rampant with all age groups
Before Cambridge Analytica made Facebook an unwilling accomplice to a scandal by appropriating and misusing more than 50 million users’ data, the public was already living in relative unease over the privacy of their information online. The Cambridge Analytica incident, along with other, seemingl...
A week in security (December 31, 2018 – January 6, 2019)
Last week on Labs, we looked back at 2018 as the year of data breaches, homed in on pre-installed malware on mobile devices, and profiled a malicious duo, Vidar and GandCrab. Other cybersecurity news 2019's first data breach: It took less than 24 hours. An unauthorized third-party downloaded 30,0...
Huge breach affects 9 million Cathay Pacific customers
Airlines aren’t having a good time of things at the moment. Even if you managed to dodge the recent British Airways fallout, you may well be caught up in the latest breach affecting no fewer than 9 million customers of Cathay Pacific. So what was taken? The impact this time around isn’t so much...
Fake Spectre and Meltdown patch pushes Smoke Loader malware
The Meltdown and Spectre bugs have generated a lot of media attention, and users have been urged to update their machines with fixes made available by various vendors. While some patches have created more issues than they fixed, we came across a particular one targeted at German users that actual...
Arris router vulnerability could lead to complete takeover
Security researcher Yerodin Richards has found an authenticated remote code execution RCE vulnerability in Arris routers. This is the type of router that ISPs typically provide in loan for customers telephony and internet access. After responsible disclosure Richards has published a...
Critical OpenSSL fix due Nov 1—what you need to know
A fix for a critical issue in OpenSSL is on the way, announced in advance of its release on November 1, 2022, in a four hour window between 13:00 UTC and 17:00 UTC. The release, version 3.0.7, will address a critical vulnerability for all versions of the software starting with a 3. Versions...
The many ways you can be scammed on Facebook, part I
Scams can be found anywhere, and Facebook is no exception. And, with the holiday season just around the corner, and the world still weathering a pandemic, it pays to know what Facebook scams you, those close to you, and those you have professional relationships with could potentially encounter...
Credit card skimmer targets ASP.NET sites
Update: 2020-07-09 A reader contacted us with information about this series of attacks on .NET sites. There is a known vulnerability CVE-2017-9248 for Telerik UI for ASP.NET that is being exploited. An attacker can upload .aspx web shells and get remote code execution. This Telerik page offers...
Changing California’s privacy law: A snapshot at the support and opposition
This month, the corporate-backed, legislative battle against California privacy met a blockade, as one Senate committee voted down and negotiated changes to several bills that, as originally written, could have weakened the state’s data privacy law, the California Consumer Privacy Act. Though the...
The Advanced Persistent Threat files: Lazarus Group
We've heard a lot about Advanced Persistent Threats APTs over the past few years. As a refresher, APTs are prolonged, aimed attacks on specific targets with the intention to compromise their systems and gain information from or about that target. While the targets may be anyone or anything—a...
Google Chrome announces plans to improve URL display, website identity
“Unreadable gobbledygook” is one way to describe URLs today as we know them, and Google has been attempting to redo their look for years. In their latest move to improve how Chrome—and of course, how the company hopes other browsers would follow suit—displays the URL in its omnibox the address ba...
Are Deepfakes coming to a scam near you?
Your boss contacts you over Skype. You see her face and hear her voice, asking you to transfer a considerable amount of money to a firm you've never ever heard of. Would you ask for written confirmation of her orders? Or would you simply follow through on her instructions? I would certainly be...
How to create a sticky cybersecurity training program
Organizations know that training employees on cybersecurity and privacy are not only expensive but time-consuming. However, given that current threats are targeting businesses more than consumers, introducing and teaching cybersecurity and privacy best practices in the workplace has undoubtedly...
Can we trust our online project management tools?
How would you feel about sharing confidential information about your company on Twitter or Facebook? That doesn’t sound right, does it? So, in a corporate life where we keep our work calendars online, and where we work together on projects using online flow-planners and online project management...
RIG malvertising campaign uses cryptocurrency theme as decoy
For a couple of weeks, we have been observing a malvertising campaign that uses decoy websites to redirect users to the RIG exploit kit. Those sites, whose theme is about cryptocurrencies, were all registered recently and are swapped after a few days of use. The initial redirection starts off fro...
New Kritec Magecart skimmer found on Magento stores
Threat actors often compete for the same resources, and this couldn't be further from the truth when it comes to website compromises. After all, if a vulnerability exists one can expect that it will be exploited more than once. In the past, we have seen such occurrences with Magecart threat actor...
Apple releases emergency update: Patch, but don’t panic
Spyware developed by the company NSO Group is back in the news today after Apple released an emergency fix for iPhones, iPads, Macs, and Apple Watches. The update fixes a vulnerability silently exploited by software called Pegasus, which is often used in high-level surveillance campaigns by...
Update now! Chrome needs patching against two in-the-wild exploits
A day late and a dollar short is a well-known expression that comes in a few variations. But this version has a movie and a book to its name, so I’m going with this one. Why? Google has published an update for the Chrome browser that patches two newly discovered vulnerabilities. The browsers Stab...
Ellen DeGeneres giveaway scam spreading on social media
Scammers are pushing multiple fake Facebook profiles of Ellen DeGeneres, popular US TV show host and producer, with the goal of tricking people into jumping through a few money-making hoops. This isn’t a sophisticated scam. It isn’t hacking the Gibson. It won’t be the focus of a cutting edge...
Government shutdown impacts .gov websites, puts Americans in danger
If you are in the United States, then you likely already know that we are on our 24th day of a government shutdown. While it is considered a "partial" shutdown, there are still plenty of government workers who are furloughed, which impacts the services they run—both online and off. Last week,...
The 25th anniversary of the webcam: What did it bring us?
How did the webcam progress from a simple convenience to a worldwide security concern in 25 years? November 2018 can be marked as the 25th anniversary of the webcam. This is a bit of an arbitrary choice, but if we consider a webcam that was installed at the University of Cambridge to keep an eye ...
Encryption 101: decryption tool code walkthrough
We have reached the final installment of our Encryption 101 series. In the prior post, we walked through, in detail, the thought process while looking at the Princess Locker ransomware. We talked about the specific ways to narrow down the analysis toward the encryption portions, the weaknesses in...
Update now! Microsoft patches 3 actively exploited zero-days
Another important update round for this months Patch Tuesday. Microsoft has patched a total of 63 vulnerabilities in its operating systems. Five of these vulnerabilities qualify as zero-days, with three listed as being actively exploited. Microsoft considers a vulnerability to be a zero-day if it...
Update now! Chrome fixes more security issues
For the third time in a month Google has issued an update to patch for several security issues. This time the update patches 19 vulnerabilities, of which 5 are classified as “high” risk vulnerabilities. In an update announcement for Chrome 95.0.4638.54, Google specifies the 16 vulnerabilities tha...
YouTube ordered to cough up $170M settlement over COPPA infraction
Last week, the Federal Trade Commission FTC announced that it has required Google and YouTube to pay a settlement fee totaling $170 million after its video-sharing platform was found violating the Children’s Online Privacy Protection Act COPPA. The complaint was filed by the FTC and the New York...
A week in security (March 25 – 31)
Last week, we looked at plugin vulnerabilities, location tracking app problems, and talked about plain text password woes. We also looked at federal data privacy regulation and took a deep dive into BatMobi Adware. Other cybersecurity news Poisoned software update headache for ASUS Source: The...
Google patches 60 vulnerabilities in first Android update of 2023
Google has published its first security bulletin of 2023 with details of security vulnerabilities affecting Android devices. Patch level 2023-01-01 includes 20 issues and patch level 2023-01-05 includes fixes for another 40 issues. The Android security patch level refers to a monthly manifest of...
Update now! Apple fixes several serious vulnerabilities in iOS and macOS
Apple has released patches for macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4. In these security updates, released on March 14, 2022, Apple tackles 39 vulnerabilities, several of which could allow an attacker to execute arbitrary code on an affected device. One of the vulnerabilities can be...
CISA sets two week window for patching serious vulnerabilities
The Cybersecurity and Infrastructure Security Agency CISA has issued binding directive 22-01 titled Reducing the Significant Risk of Known Exploited Vulnerabilities. This directive applies to all software and hardware found on federal information systems managed on agency premises or hosted by...
Threat spotlight: Conti, the ransomware used in the HSE healthcare attack
On the 14th of May, the Health Service Executive HSE, Ireland’s publicly funded healthcare system, fell victim to a Conti ransomware attack, forcing the organization to shut down more than 80,000 affected endpoints and plunging them back to the age of pen and paper. This happened a week after...
Important tips for safe online shopping post COVID-19
As more and more countries order their citizens inside in response to COVID-19, online shopping—already a widespread practice—has surged in popularity, especially for practical items like hand sanitizer, groceries, and cleaning products. When people don’t feel safe outside, it’s only natural they...
Facebook scams: Bad ads, bogus grants, and fake tickets lurk on social media giant
We recently highlighted new steps Instagram is taking to try and clamp down on scammers sending fake messages on their platform. It turns out, other social media giants are walking a similar path for a variety of bogus ads and other attacks. Facebook scams in particular have taken off, despite th...
Cooperating apps and automatic permissions are setting you up for failure
“Hey you. Someone from HR has invited you to a meeting on Thursday. Would you like me to add the appointment to the calendar?” Receiving an email notification when someone has invited you to a meeting is a feature that many professionals would not like to miss. Being able to log in at certain sit...
A week in security (May 27 – June 2)
Last week on Malwarebytes Labs, we took readers through a deep dive—way down the rabbit hole—into the novel malware called “Hidden Bee.” We also looked at the potential impact of a government agency’s privacy framework, and delivered to readers everything they needed to know about ATM attacks and...
Employee education strategies that work to change behavior
When people make the decision to get in shape, they have to commit the time and energy to do so. Going to the gym once isn’t going to cut it. The same is true when it comes to changing the culture of an organization. In order to be effective in changing employee behavior, training needs to be...
Explained: SQL injection
Even though SQL injection is a type of attack that is relatively easy to prevent, it is one of the most common web hacking techniques. So, what’s it all about? The basics SQL is short for Structured Query Language and usually pronounced as “sequel.” SQL is a standard language used to query and...
Gartner recognizes Malwarebytes as a “Visionary” in the Magic Quadrant
I’m proud to announce that Gartner has recognized Malwarebytes as a “visionary” in the 2018 Gartner Magic Quadrant for Endpoint Protection Platforms. Malwarebytes was selected for its completeness of vision and ability to execute. Our goal is to give every user a malware-free experience and empow...
Act now! In-the-wild Zimbra vulnerability needs a workaround
Security experts are warning Zimbra users that a vulnerability for which there is no patch is being actively exploited in the wild. In a security update about the vulnerability, the company offered a temporary workaround which users can apply while waiting for a patch to be created. Zimbra is an...
Zyxel patches two critical vulnerabilities
Zyxell has released a security advisory for multiple buffer overflow vulnerabilities. Exploitation of these vulnerabilities could allow an unauthenticated attacker to cause denial-of-service DoS conditions and even a remote code execution on the affected Zyxell firewalls. Affected users should...
High school student rickrolls entire school district, and gets praised
A student at a high school in Cook County successfully hacked into the Internet-of-Things IoT devices of one of the largest school districts in Illinois, and gave everyone a surprise. Minh aka @WhiteHoodHacker on Twitter who attends Elk Grove—a name that curiously resembles the home town of...
Spear-phishing now targets employees outside the finance and executive teams, report says
Social engineering attacks have been a longstanding concern for both individuals and organizations alike. The trend, as we know it, is that fraudsters conducting spear phishing attacks—specifically, business email compromise BEC—are likely to target employees either in the finance or executive...
To pay, or not to pay? That is the VPN question
VPNs have been a subject of deliberation for a long time. Is it even important to use one? I think the pandemic has made it clear that, yes, using a VPN is useful, even necessary, most especially for those working remotely. But should you pay for it? Or would you rather settle for free? Were goin...