4706 matches found
A week in security (September 3 – 9)
Last week on Malwarebytes Labs, we looked at spyware going mainstream, how the popular game Fortnite sparks security concerns for Android users, and how certain Mac App Store apps are stealing user data. Other cybersecurity news: Microsoft announced Windows 7 Extended Security Updates in a blog...
SamSam ransomware: controlled distribution for an elusive malware
SamSam ransomware has been involved in some high profile attacks recently, and remains a somewhat elusive malware. In its time being active, SamSam has gone through a slight evolution, adding more features and alterations into the mix. These changes do not necessarily make the ransomware more...
Please don’t buy this: smart toys
Smart toys attempt to offer what a lot of us imagined as kids—a toy that we can not only play with, but one that plays back. Many models offer voice recognition, facial expressions, hundreds of words and phrases, reaction to touch and impact, and even the ability to learn and retain new...
Update now! Chrome fixes more security issues
For the third time in a month Google has issued an update to patch for several security issues. This time the update patches 19 vulnerabilities, of which 5 are classified as “high” risk vulnerabilities. In an update announcement for Chrome 95.0.4638.54, Google specifies the 16 vulnerabilities tha...
Lazarus APT conceals malicious code within BMP image to drop its RAT
This blog was authored by Hossein Jazi Lazarus APT is one of the most sophisticated North Korean Threat Actors that has been active since at least 2009. This actor is known to target the U.S., South Korea, Japan and several other countries. In one of their most recent campaigns Lazarus used a...
Malvertising campaigns come back in full swing
Malvertising campaigns leading to exploit kits are nowhere near as common these days. Indeed, a number of threat actors have moved on to other delivery methods instead of relying on drive-by downloads. However, occasionally we see spikes in activity that are noticeable enough that they highlight ...
The best test for an EDR solution is one that works for you
Since its inception, the endpoint detection and response EDR market has evolved rapidly with new innovations to better address the cyber landscape and meet customers’ needs for an effective and simple solution that just works. But finding something that just works means something quite different...
A week in security (July 22 – 28)
Last week on Malwarebytes Labs, we offered an extensive analysis into the Malaysian Airlines Flight 17 investigation, updated users on the newest feature set to AdwCleaner 7.4.0 it now detects pre-installed software, and provided a deep dive into Phobos ransomware. We also broke down the latest...
Hyperlink auditing: where has my option to disable it gone?
There is a relatively old method that might be gaining traction to follow users around on the world wide web. Most Internet users are aware of the fact that they are being tracked in several ways. And awareness is a good start. In a state of awareness, you can adjust your behavior accordingly, an...
New research finds hospitals are easy targets for phishing attacks
New research from Brigham and Women’s Hospital in Boston finds hospital employees are extremely vulnerable to phishing attacks. The study highlights just how effective phishing remains as a tactic—the need for defense against and awareness of email scams is more critical than ever. The research w...
A week in security (December 31, 2018 – January 6, 2019)
Last week on Labs, we looked back at 2018 as the year of data breaches, homed in on pre-installed malware on mobile devices, and profiled a malicious duo, Vidar and GandCrab. Other cybersecurity news 2019's first data breach: It took less than 24 hours. An unauthorized third-party downloaded 30,0...
2018: The year of the data breach tsunami
It’s tough to remember all of the data breaches that happened in 2018. But when you look at the largest and most impactful ones that were reported throughout the year, it paints a grim picture about the state of data security today. The consequences of major companies leaking sensitive data are...
Liar, liar, pants on fire! Barclays phish claims cards explode
We feel compelled to relay the dire warning from this Barclays snail-mail letter, which we acquired through social media, therefore it must be true. Warning: Barclays debit cards may catch fire! The letter reads as follows: Dear costumer, Many of our bank costumers have reported that their debit...
Apache ActiveMQ vulnerability used in ransomware attacks
On the 27 October, the Apache Software Foundation ASF announced a very serious vulnerability in Apache ActiveMQ that can be used to achieve remote code execution RCE. The Cybersecurity and Infrastructure Security Agency has now added this vulnerability to its Known Exploited Vulnerabilities...
Update now! Chrome patches critical RCE vulnerability in Safe Browsing
Google has issued an update for the Chrome browser which includes 26 security fixes. What stands out is that one of these fixes is rated as "critical". The critical vulnerability is a use after free bug in the Safe Browsing feature. The Stable channel has been updated to 97.0.4692.99 for Windows,...
CISA sets two week window for patching serious vulnerabilities
The Cybersecurity and Infrastructure Security Agency CISA has issued binding directive 22-01 titled Reducing the Significant Risk of Known Exploited Vulnerabilities. This directive applies to all software and hardware found on federal information systems managed on agency premises or hosted by...
Credit card skimmer targets ASP.NET sites
Update: 2020-07-09 A reader contacted us with information about this series of attacks on .NET sites. There is a known vulnerability CVE-2017-9248 for Telerik UI for ASP.NET that is being exploited. An attacker can upload .aspx web shells and get remote code execution. This Telerik page offers...
What to do when you receive an extortion email
In the last few weeks, there has been an upswing in people receiving threatening, extortion email messages, demanding payment to avoid release of sensitive information. Most of the time, these emails are what we call "sextortion" emails, as they claim that malware on your computer has captured...
Social Security Number scammers are at it again
The Federal Trade Commission FTC once again sounded the alarm in mid-December about the latest Social Security Number SSN scam that continues to affect thousands of Americans. While most of us were only able to read about this type of scam in the past, the FTC now has an audio recording of an SSN...
Encryption 101: decryption tool code walkthrough
We have reached the final installment of our Encryption 101 series. In the prior post, we walked through, in detail, the thought process while looking at the Princess Locker ransomware. We talked about the specific ways to narrow down the analysis toward the encryption portions, the weaknesses in...
How 5G could impact cybersecurity strategy
With the recent news that South Korea has rolled out the world’s first 5G network, it’s clear that we’re on the precipice of the wireless technology’s widespread launch. Offering speeds anywhere from 20 to 100 times faster than 4G long-term evolution LTE, the next generation of wireless networks...
Are Deepfakes coming to a scam near you?
Your boss contacts you over Skype. You see her face and hear her voice, asking you to transfer a considerable amount of money to a firm you've never ever heard of. Would you ask for written confirmation of her orders? Or would you simply follow through on her instructions? I would certainly be...
Citrix Bleed widely exploited, warn government agencies
In a joint cybersecurity advisory, the Cybersecurity and Infrastructure Security Agency CISA and the Federal Bureau of Investigation FBI, along with other international agencies, warn that ransomware gangs are actively exploiting the Citrix Bleed vulnerability. Affiliates of at least two ransomwa...
Critical OpenSSL fix due Nov 1—what you need to know
A fix for a critical issue in OpenSSL is on the way, announced in advance of its release on November 1, 2022, in a four hour window between 13:00 UTC and 17:00 UTC. The release, version 3.0.7, will address a critical vulnerability for all versions of the software starting with a 3. Versions...
The Advanced Persistent Threat files: Lazarus Group
We've heard a lot about Advanced Persistent Threats APTs over the past few years. As a refresher, APTs are prolonged, aimed attacks on specific targets with the intention to compromise their systems and gain information from or about that target. While the targets may be anyone or anything—a...
The 25th anniversary of the webcam: What did it bring us?
How did the webcam progress from a simple convenience to a worldwide security concern in 25 years? November 2018 can be marked as the 25th anniversary of the webcam. This is a bit of an arbitrary choice, but if we consider a webcam that was installed at the University of Cambridge to keep an eye ...
Huge breach affects 9 million Cathay Pacific customers
Airlines aren’t having a good time of things at the moment. Even if you managed to dodge the recent British Airways fallout, you may well be caught up in the latest breach affecting no fewer than 9 million customers of Cathay Pacific. So what was taken? The impact this time around isn’t so much...
Can we trust our online project management tools?
How would you feel about sharing confidential information about your company on Twitter or Facebook? That doesn’t sound right, does it? So, in a corporate life where we keep our work calendars online, and where we work together on projects using online flow-planners and online project management...
Fake Spectre and Meltdown patch pushes Smoke Loader malware
The Meltdown and Spectre bugs have generated a lot of media attention, and users have been urged to update their machines with fixes made available by various vendors. While some patches have created more issues than they fixed, we came across a particular one targeted at German users that actual...
A WhatsApp bug lets malicious media files spread through group chats
WhatsApp is going through a rough patch. Some users would argue it has been ever since Meta acquired the once widely trusted messaging platform. User sentiment has shifted from “trusted default messenger” to a grudgingly necessary Meta product. Privacy-aware users still see WhatsApp as one of the...
Adobe ColdFusion vulnerability exploited in the wild
The Cybersecurity and Infrastructure Security Agency CISA has added a critical Adobe ColdFusion vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This means that Federal Civilian Executive Branch FCEB agencies need to remediate this...
Act now! In-the-wild Zimbra vulnerability needs a workaround
Security experts are warning Zimbra users that a vulnerability for which there is no patch is being actively exploited in the wild. In a security update about the vulnerability, the company offered a temporary workaround which users can apply while waiting for a patch to be created. Zimbra is an...
Update now! Netgear vulnerability patched
Netgear has released a fix for a vulnerability on several of their product models. The affected product models include extenders, routers, air cards, and modems. The vulnerability was discovered by researchers at GRIMM, but prior to the planned disclosure date, Netgear released a patch that fixed...
A week in security (Sept 20 – Sept 26)
Last week on Malwarebytes Labs Freedom Hosting operator gets 27 years for hosting dark web abuse sites Microsoft makes a bold move towards a password-less future New Mac malware masquerades as iTerm2, remote desktop and other apps Internet safety tips for kids and teens: a comprehensive guide for...
Update now! Chrome needs patching against two in-the-wild exploits
A day late and a dollar short is a well-known expression that comes in a few variations. But this version has a movie and a book to its name, so I’m going with this one. Why? Google has published an update for the Chrome browser that patches two newly discovered vulnerabilities. The browsers Stab...
The many ways you can be scammed on Facebook, part I
Scams can be found anywhere, and Facebook is no exception. And, with the holiday season just around the corner, and the world still weathering a pandemic, it pays to know what Facebook scams you, those close to you, and those you have professional relationships with could potentially encounter...
Government shutdown impacts .gov websites, puts Americans in danger
If you are in the United States, then you likely already know that we are on our 24th day of a government shutdown. While it is considered a "partial" shutdown, there are still plenty of government workers who are furloughed, which impacts the services they run—both online and off. Last week,...
How to create a sticky cybersecurity training program
Organizations know that training employees on cybersecurity and privacy are not only expensive but time-consuming. However, given that current threats are targeting businesses more than consumers, introducing and teaching cybersecurity and privacy best practices in the workplace has undoubtedly...
The Internet of Everything and digital privacy: what you need to know
If you don’t already own Internet of Things IoT devices, you likely will soon. IoT-enabled devices are physical gadgets with built-in Internet connectivity that allow data transmission; often this happens in the background with no indication to the user that anything is happening. The IoT is more...
Critical Android vulnerabilities patched—update as soon as you can
Google has patched six vulnerabilities in Android, including two critical vulnerabilities in its August 2025 Android Security Bulletin. It also covers a critical vulnerability which could have allowed an attacker to execute code on a victim's device without the victim needing to do anything at al...
Nigerian Tesla: 419 scammer gone malware distributor unmasked
Agent Tesla is a well-known data stealer written in .NET that has been active since 2014 and is perhaps one of the most popular payloads observed in malspam campaigns. While looking for threats targeting Ukraine, we identified a group we call "Nigerian Tesla" that has been dabbling into phishing...
Capcom Arcade Stadium’s record player numbers blamed on card mining
Some of my favourite retro video games are making waves on Steam, but not in the way you might think. Classics such as Strider, Ghosts n’ Goblins, and more are all available as content for Capcom Arcade Stadium. This is an emulator which lets you play 31 arcade games from the 80s/90s. The games...
Apple releases emergency update: Patch, but don’t panic
Spyware developed by the company NSO Group is back in the news today after Apple released an emergency fix for iPhones, iPads, Macs, and Apple Watches. The update fixes a vulnerability silently exploited by software called Pegasus, which is often used in high-level surveillance campaigns by...
Spear-phishing now targets employees outside the finance and executive teams, report says
Social engineering attacks have been a longstanding concern for both individuals and organizations alike. The trend, as we know it, is that fraudsters conducting spear phishing attacks—specifically, business email compromise BEC—are likely to target employees either in the finance or executive...
Threat spotlight: RobbinHood ransomware takes the driver’s seat
Despite their name, the RobbinHood cybercriminal gang is not stealing from the rich to give to the poor. Instead, these ransomware developers are more like big game hunters—attacking enterprise organizations and critical infrastructure and keeping all the spoils for themselves. In 2019, the...
Changing California’s privacy law: A snapshot at the support and opposition
This month, the corporate-backed, legislative battle against California privacy met a blockade, as one Senate committee voted down and negotiated changes to several bills that, as originally written, could have weakened the state’s data privacy law, the California Consumer Privacy Act. Though the...
A week in security (March 25 – 31)
Last week, we looked at plugin vulnerabilities, location tracking app problems, and talked about plain text password woes. We also looked at federal data privacy regulation and took a deep dive into BatMobi Adware. Other cybersecurity news Poisoned software update headache for ASUS Source: The...
5 safe ways to get back at spammers: a guide to wasting time
Everyone hates spam apart from the people who send it. While many people simply report spam and delete, a few look for ways to get back at the spammers wasting their time. In fact, a common question we’re asked is, “How can we waste their time?” My own opinion on this is a little loaded with...
High school student rickrolls entire school district, and gets praised
A student at a high school in Cook County successfully hacked into the Internet-of-Things IoT devices of one of the largest school districts in Illinois, and gave everyone a surprise. Minh aka @WhiteHoodHacker on Twitter who attends Elk Grove—a name that curiously resembles the home town of...
Threat spotlight: Conti, the ransomware used in the HSE healthcare attack
On the 14th of May, the Health Service Executive HSE, Ireland’s publicly funded healthcare system, fell victim to a Conti ransomware attack, forcing the organization to shut down more than 80,000 affected endpoints and plunging them back to the age of pen and paper. This happened a week after...