4658 matches found
ESTA registration websites still lurk in paid ads on Google
Google has taken direct action against adverts promoting ESTA registration services, often offered by third parties at highly inflated prices. Ads displayed on the Google network shouldn’t display fees higher than what a public source or government charges for products or services. This tightenin...
TrickBot takes over as top business threat
Last quarter brought with it a maddening number of political ads, shocking and divisive news stories on climate change and gun laws, and mosquitoes. We hate mosquitoes. In related unpleasant news, it also apparently ushered in an era of banking Trojans that, as of this moment, shows no signs of...
Sextortion emails: They’re probably not watching you
Back in July, Krebs on Security reported on a rather novel scam, where the threat actor would use credentials from old data dumps to suggest that they had directly hacked the victim and obtained the victim's presumably sensitive browser history. Stolen credentials aside, sex-based extortion scams...
How to build your own motion-activated security camera
Attention makers! Are you looking for a challenging project that not only gets your gears grinding but helps to keep you secure while traveling? Welcome to the build-your-own security camera tutorial. The impetus for this project originated from events that took place at Defcon 26, where hotel...
The Internet of Everything and digital privacy: what you need to know
If you don’t already own Internet of Things IoT devices, you likely will soon. IoT-enabled devices are physical gadgets with built-in Internet connectivity that allow data transmission; often this happens in the background with no indication to the user that anything is happening. The IoT is more...
A cure for the common cold call: freeze them out
The phone rings and it's a number I don’t recognize. That’s enough to bring my mood down a few degrees. It shouldn’t, but unfortunately experience has taught me that at least 95 percent of the calls from numbers that are “private” or that I don’t have an account name stored for on my phone are...
Encryption 101: ShiOne ransomware case study
In part one of this series, Encryption 101: a malware analyst's primer, we introduced some of the basic encryption concepts used in malware. If you haven't read it, we suggest going back for a review, as it's necessary in order to be able to fully follow part two, our case study. In this study, w...
Avzhan DDoS bot dropped by Chinese drive-by attack
The Avzhan DDoS bot has been known since 2010, but recently we saw it in wild again, being dropped by a Chinese drive-by attack. In this post, we'll take a deep dive into its functionality and compare the sample we captured with the one described in the past. Analyzed sample...
Citrix Bleed widely exploited, warn government agencies
In a joint cybersecurity advisory, the Cybersecurity and Infrastructure Security Agency CISA and the Federal Bureau of Investigation FBI, along with other international agencies, warn that ransomware gangs are actively exploiting the Citrix Bleed vulnerability. Affiliates of at least two ransomwa...
Ransomware review: November 2023
This article is based on research by Marcelo Rivero, Malwarebytes ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, "known attacks" are those where the victim did not pay a ransom. This provides the best overall picture of...
Microsoft fixes six critical vulnerabilities in June Patch Tuesday
Its that time of the month again: We're looking at June's Patch Tuesday roundup. Microsoft has released its monthly update, and compared to previous months, its actually not so bad. No actively exploited zero-days and only six critical vulnerabilities. So, well have the luxury of going over those...
Flaw in some ManageEngine apps is being actively exploited, says CISA
CISA the Cybersecurity and Infrastructure Security Agency recently added CVE-2022-35405--a remote code executionRCE vulnerability affecting Zoho ManageEngine PAM360 versions 5500 and earlier, Password Manager Pro versions 12100 and earlier, and Access Manager Plus versions 4302 and earlier--to it...
Update now! VMWare patches critical vulnerabilities in several products
In a new critical security advisory, VMSA-2022-0021, VMWare describes multiple vulnerabilities in several of its products, one of which has a CVSS score of 9.8. Exploiting these vulnerabilities would enable a threat actor with network access to bypass authentication and execute code remotely...
Update now! Chrome patches ANOTHER zero-day vulnerability
Google has released version 103.0.5060.114 for Chrome, now available in the Stable Desktop channel worldwide. The main goal of this new version is to patch CVE-2022-2294. CVE-2022-2294 is a high severity heap-based buffer overflow weakness in the Web Real-Time Communications WebRTC component whic...
FoggyWeb, analysis of a Nobelium backdoor
Microsofts Threat Intelligence Center has been analyzing a custom-built backdoor that has been used by the Nobelium group since April 2021. Nobelium is the name given to the threat actor behind the attacks against SolarWinds, the Sunburst backdoor, TEARDROP malware, GoldMax malware, and other...
Polazert Trojan using poisoned Google Search results to spread
Trojan.Polazert aka SolarMarker has gone back and fine-tuned an old tactic known as SEO-poisoning to plant their Remote Access Trojan RAT on as many systems as possible. This RAT runs in memory and is used by attackers to install additional malware on affected systems. Trojan.Polazert...
A week in security (May 24 -30)
Last week on Malwarebytes Labs we discussed VPN Android apps, how even the FBI has to deal with insider threats, Chromes Incognito mode, new rules for critical infrastructure spurred by the Colonial Pipeline attack, how to delete your Twitter account, what encryption is, how healthcare service...
Likely lead generation scam targets potential Malwarebytes MSP partners
Recently, Malwarebytes discovered a potential lead generation scam targeting companies that are interested in our Malwarebtyes Managed Service Provider MSP Program. In the scam, an individual who used the name “Jenny” aggressively contacted potential MSP partners claiming to represent Malwarebyte...
Google Maps: online interventions with offline ramifications
The places where online life directly intersection with that lived offline will be forever fascinating, illustrated perfectly through a recent performance piece involving Google Maps, a cart, and an awful lot of mobile phones. Simon Weckert, an artist based in Berlin, Germany, showed how a little...
Mobile Menace Monday: Dark Android Q rises
Android Q, the upcoming 10th major release of the Android mobile operating system, was developed by Google with three major themes in mind: innovation, security, and privacy. Today, we are going to focus mostly on security and privacy, although there are still many potential changes and updates o...
A week in security (July 15 – 21)
Last week on Malwarebytes Labs, we took an extensive look at Sodinokibi, one of the new ransomware strains found in the wild that many believe picked up where GandCrab left off. We also profiled Extenbro, a Trojan that protects adware; reported on the UK's new Facebook reporting tool, homed in on...
A week in security (February 25 – March 3)
Last week, we delved into the realm of K-12 schools and security, explored the world of compromised websites and Golang bruteforcers, and examined the possible realms of pay for privacy. We also looked at identity management solutions, Google’s Universal Read Gadget, and did the deepest of dives...
Why Malwarebytes decided to participate in AV testing
Starting this month, Malwarebytes began participating in the antivirus software for Windows comparison test performed by AV-test.org. This is uncharted territory for us, as we have refrained from participating in these types of tests since our inception. Although recent testing results show...
Workplace violence: the forgotten insider threat
Organizations are no stranger to insider threats. In fact, for those who have been around long before the Internet, workplace violence, alongside spying is a problem many businesses have seen before and sought to address. However, the adoption and use of the Internet completely changed the way...
Avoid these Doctor Who Series 11 scams
The new season of Doctor Who has finally landed on television screens around the world, and we’ve started to see the first few signs of spam and other assorted nonsense lumbering online. A rash of YouTube accounts claiming to offer up the new series are making the rounds, all of which generally...
A primer: How to stay safe on Amazon Prime Day
Bank card—check! Shopping list—check! Lumbar back support pillow—check! Noise canceling headphones—check! And, of course, coffee—check! If you’re an Amazon shopper, then you know by now that Prime Day is nigh! And if you’re one of the many who dreads bidding the weekend goodbye, this is probably...
Encryption 101: How to break encryption
Continuing on in our Encryption 101 series, where we gave a malware analyst's primer on encryption and demonstrated encryption techniques using ShiOne ransomware, we now look at what it takes to break an encryption. In order for something as powerful as encryption to break, there needs to be some...
Analyzing malware by API calls
Over the last quarter, we've seen an increase in malware using packers, crypters, and protectors—all methods used to obfuscate malicious code from systems or programs attempting to identify it. These packers make it very hard, or next to impossible to perform static analysis. The growing number o...
Inside the Kronos malware – part 2
In the previous part of the Kronos analysis, we took a look at the installation process of Kronos and explained the technical details of the tricks that this malware uses in order to remain more stealthy. Now we will move on to look at the malicious actions that Kronos can perform. Analyzed sampl...
Apple releases security update for iPhones and iPads to address vulnerability
Apple has released a security update for iOS 12.5.6 to patch a remotely exploitable WebKit vulnerability that allows attackers to execute arbitrary code on unpatched devices. The WebKit zero-day that is known as CVE-2022-32893 was fixed for iOS 15.6.1, iPadOS 15.6, and macOS Monterey 12.5.1 on...
PrestaShop warns of vulnerability: Update your stores now!
A vulnerability affecting open source e-commerce platform PrestaShop could spell trouble for servers running PrestaShop websites. The 15-year-old organisations platform is currently used by around 300,000 shops worldwide. The exploit is very dependent on specific versions in use, so one PrestaSho...
Update now! Google releases emergency patch for Chrome zero-day used in the wild
Google has urged its 3 billion+ users to update to Chrome version 99.0.4844.84 for Mac, Windows, and Linux to mitigate a zero-day that is currently being exploited in the wild. This is in response to a bug reported by an anonymous security researcher last week. The flaw, which is tracked as...
QR code scams are making a comeback
Just when we thought the QR code was on its way out, the pandemic has led to a return of the scannable shortcut. COVID-19 has meant finding a digital equivalent to things normally handed out physically, like menus, tour guides, and other paperwork, and many organizations have adopted the QR code ...
Search hijackers change Chrome policy to remote administration
The latest type of installer in the saga of search hijacking changes a Chrome policy which tells users it can’t be removed because the browser is managed from the outside. As you can imagine, that has freaked out quite a few Chrome users. We have talked about the search hijacker’s business model ...
Vital infrastructure: securing our food and agriculture
I don’t expect to hear any arguments on whether the production of our food is important or not. So why do we hardly ever hear anything about the cybersecurity in the food and agriculture sector? Depending on the country, agriculture makes up about 5 percent of the gross domestic product. That...
The lucrative business of Bitcoin sextortion scams (updated)
Update 2019-09-04: A new wave of sextortion emails purporting to have originated from a group of hackers called ChaosCC—a play on the legitimate European white hat hacking community, Chaos Computer Club CCC—has recently caught the attention of the security world. Below is a sample email we captur...
Caution: Misuse of security tools can turn against you
We have a saying in Greece: "They assigned the wolf to watch over the sheep." In a security context, this is a word of caution about making sure the tools we use to keep our information private don't actually cause the data leaks themselves. In this article, I will be talking about some cases tha...
Malware targeting industrial plants: a threat to physical security
We live in a world where more and more manufacturing processes are controlled by computers that send instructions to robots. This might sound like a safe and efficient way of work, as it rules out human error, but what happens when a threat actor decides to target production servers? Consider the...
A week in security (January 28 – February 3)
Last week, we ran another in our interview with a malware hunter series, explained a FaceTime vulnerability, and took a deep dive into a new stealer. We also threw some light on a Houzz data breach, and what exactly happened between Apple and Facebook. Other cybersecurity news Kwik Fit hit by...
A week in security (November 26 – December 2)
Last week on Malwarebytes Labs, we took a look at our cybersecurity predictions for 2019, we explained why Malwarebytes participated in AV testing and how we took part in an joint take down of massive ad fraud botnets, warned that ESTA registration websites still lurk in paid ads on Google,...
‘FakeUpdates’ campaign leverages multiple website platforms
A malware campaign which seems to have started at least since December 2017 has been gaining steam by enrolling a growing number of legitimate but compromised websites. Its modus operandi relies on social engineering users with fake but convincing update notifications. Similar techniques were use...
Disdain exploit kit and a side of social engineering deliver Neutrino Bot
Today we picked up new activity from an exploit kit that was first discovered back in August of this year. The Disdain exploit kit, simply identified by a string of the same name found in its source code, is being distributed again after a short interruption via malvertising chains. Disdain EK...
Update now: 9 vulnerabilities impact Cisco Small Business Series
Vulnerabilities have been found and fixed in the web-based user interface of various Cisco products in the Small Business Series. These nine issues are tied to the web-based user interface of the products, and in a worst case scenario could lead to denial of service DoS conditions or arbitrary co...
APC warns about critical vulnerabilities in online UPS monitoring software
In a security notification, APC has warned home and corporate users about critical vulnerabilities in the software used to monitor and control their UPS systems online. APC, which started as the American Power Conversion in 1981, today is a part of Schneider Electric™. APC is an industry leader i...
Update now! Patch against vulnerabilities in Meeting Owl Pro and Whiteboard Owl devices
After a decent amount of pressure, Owl Labs has finally released updates for vulnerabilities in Meeting Owl, and Whiteboard Owl cameras. The vulnerabilities were reported to Owl Labs in January, One of the vulnerabilities, CVE-2022-31460 has been added to the Known exploited vulnerabilities catal...
[updated]Unpatched Atlassian Confluence vulnerability is actively exploited
Researchers found a vulnerability in Atlassian Confluence by conducting an incident response investigation. Atlassian rates the severity level of this vulnerability as critical. Atlassian has issued a security advisory and is working on a fix for the affected products. This qualifies the...
After Log4j, December’s Patch Tuesday has snuck up on us
For anyone about to sit back after checking their environment for the Log4j vulnerabilities and applying patches where needed, here are some more things that need patching. Microsoft In 2021’s final Patch Tuesday, Microsoft included a total of 67 fixes for security vulnerabilities. The total set ...
Securing the managed service provider (MSP)
Managed service providers MSPs have been a boon to midsize enterprise. They allow for offloading technical debt to an agent with the skills and resources to manage it, thereby giving an organization room to focus on growing a business, rather than the particulars of infrastructure. For a long...
A week in security (March 18 – 24)
Last week on Malwarebytes Labs, we touched on the susceptibility of hospitals against phishing attacks, password reuse, the risk of interactive TV shows to side-channel attacks, and Facebook's new and out-of-character plan to promote privacy in the platform. Other cybersecurity news A study...
Yes, Chromebooks can and do get infected
As a Mac malware specialist, I've seen more than my share of folks saying "Macs don't get viruses" over the years. I've seen and experienced first-hand that this isn't true—even on iOS, where despite having tight, built-in security, iPhones are still capable of getting infected by rare malware. I...