4706 matches found
TrickBot takes over as top business threat
Last quarter brought with it a maddening number of political ads, shocking and divisive news stories on climate change and gun laws, and mosquitoes. We hate mosquitoes. In related unpleasant news, it also apparently ushered in an era of banking Trojans that, as of this moment, shows no signs of...
Compromising vital infrastructure: how voting machines and elections are vulnerable
In our first post in a series about vital infrastructure, we aim to explore how secure our voting machines—and our votes in general—are ahead of the upcoming midterm elections. Here, we ask ourselves: How can our infrastructure be compromised? What are the consequences, and how can we prevent...
A week in security (August 20 – August 26)
Last week on Labs, we took a look at insider threats, doubled back on the privacy of search browser extensions, profiled green card scams, revisited Defcon badgelife, and talked about what happens to a user's accounts when they die. Other cybersecurity news There was an archiving error in Twitch...
Encryption 101: ShiOne ransomware case study
In part one of this series, Encryption 101: a malware analyst's primer, we introduced some of the basic encryption concepts used in malware. If you haven't read it, we suggest going back for a review, as it's necessary in order to be able to fully follow part two, our case study. In this study, w...
Learning PowerShell: some basic commands
My first Powershell script The first PowerShell script I wrote see below was a quick fix to remove certificates from the “Untrusted” registry key after a Vonteera infection. After some initial commands, this script basically loops back for every certificate that doesn’t belong under a certain key...
Truist bank confirms data breach
On Wednesday June 12, 2024, a well-known dark web data broker and cybercriminal acting under the name "Sp1d3r" offered a significant amount of data allegedly stolen from Truist Bank for sale. Truist is a US bank holding company and operates 2,781 branches in 15 states and Washington DC. By assets...
QNAP warns about critical vulnerabilities in NAS systems
QNAP has published a security advisory about two critical vulnerabilities that could allow remote attackers to execute commands via a network. One of the vulnerabilities affects the QTS and QuTS operating systems OS for QNAP’s network attached storage systems NAS. The second one can be found in...
Fancy Bear known to be exploiting vulnerability in Cisco routers
In a joint advisory, the UK National Cyber Security Centre NCSC, the National Security Agency NSA, the Cybersecurity and Infrastructure Security Agency CISA and the Federal Bureau of Investigation FBI have released information about APT28s exploitation of Cisco routers in 2021. Now please dont st...
InfraGard infiltrated by cybercriminal
InfraGard, a partnership between the FBI and members of the private sector that was established to protect critical infrastructure in the US, has been infiltrated by a cybercriminal. As a result, its database of contact information is now for sale on an English-language cybercrime forum. InfraGar...
Silence is golden partner for Truebot and Clop ransomware
A recent rise in the number of Truebot infections has been attributed to a threat actor known as the Silence Group. The Silence Group is an initial access broker IAB that frequently changes tools and tactics to stay on top of the game. An IAB's primary task is to find a weakness or vulnerability,...
Apple releases security update for iPhones and iPads to address vulnerability
Apple has released a security update for iOS 12.5.6 to patch a remotely exploitable WebKit vulnerability that allows attackers to execute arbitrary code on unpatched devices. The WebKit zero-day that is known as CVE-2022-32893 was fixed for iOS 15.6.1, iPadOS 15.6, and macOS Monterey 12.5.1 on...
Update now! Chrome patches ANOTHER zero-day vulnerability
Google has released version 103.0.5060.114 for Chrome, now available in the Stable Desktop channel worldwide. The main goal of this new version is to patch CVE-2022-2294. CVE-2022-2294 is a high severity heap-based buffer overflow weakness in the Web Real-Time Communications WebRTC component whic...
F5 BIG-IP vulnerability is now being used to disable servers
As we reported a few days ago, a F5 BIG-IP vulnerability listed as CVE-2022-1388 is actively being exploited. But now researchers have noticed that attackers arent just taking control of the vulnerable servers but also making them unusable by destroying the device’s file system. F5 BIG-IP The...
Polazert Trojan using poisoned Google Search results to spread
Trojan.Polazert aka SolarMarker has gone back and fine-tuned an old tactic known as SEO-poisoning to plant their Remote Access Trojan RAT on as many systems as possible. This RAT runs in memory and is used by attackers to install additional malware on affected systems. Trojan.Polazert...
Hackers try to poison Florida City’s drinking water
The FBI, the Secret Service, and the Pinellas County Sheriffs Office are currently investigating an attempted poisoning of a city by an individual or group of hackers that occurred Friday last week. If it hadnt been caught in time, at least 15,000 people could have been affected. In a Monday pres...
Mozilla patches critical security issues in Firefox and Thunderbird
Mozilla has issued a critical patch for Firefox, Firefox ESR, and Thunderbird after a security issue was discovered at the Tianfu Cup 2020 International Cybersecurity Contest The security issue has been assigned CVE-2020-26950 which has the “reserved” status. Publicly disclosed computer security...
Lock and Code S1Ep1: On RSA, the human element, and the week in security
Last week, we told you we were launching a fortnightly podcast, called Lock and Code. This week, we made good on our promise, with lots of headlines generated right here on Labs, as well as other security news around the web. In addition, we talk with Britta Glade, Director of Content and Curatio...
A week in security (November 4 – November 10)
Last week on Malwarebytes Labs, we announced the launch of Malwarebytes 4.0, tackled data privacy legislation, and explored some of the ways robocalls come gunning for your data and your money. We also laid out the steps involved in popular vendor email compromise attacks. Other cybersecurity new...
Browser Guard combats privacy abuse, tracking, clickbait, and scammers
In July 2018, we introduced the Malwarebytes Browser Extension, a beta plugin for Firefox and Chrome aimed at delivering a safer, faster, and more private browsing experience. Our extension blocked tech support scams, hijackers, pop-up ads, trackers, and more to keep users secure and free from...
Mobile Menace Monday: Dark Android Q rises
Android Q, the upcoming 10th major release of the Android mobile operating system, was developed by Google with three major themes in mind: innovation, security, and privacy. Today, we are going to focus mostly on security and privacy, although there are still many potential changes and updates o...
A week in security (July 15 – 21)
Last week on Malwarebytes Labs, we took an extensive look at Sodinokibi, one of the new ransomware strains found in the wild that many believe picked up where GandCrab left off. We also profiled Extenbro, a Trojan that protects adware; reported on the UK's new Facebook reporting tool, homed in on...
Governments increasingly eye social media meltdown
These are trying times for social networks, with endless reports of harassment and abuse not being tackled and many users leaving platforms forever. The major sites such as Facebook and Twitter do what they can, but sheer userbase volume and erroneous automated feedback leave people cold. Bugs su...
A week in security (February 25 – March 3)
Last week, we delved into the realm of K-12 schools and security, explored the world of compromised websites and Golang bruteforcers, and examined the possible realms of pay for privacy. We also looked at identity management solutions, Google’s Universal Read Gadget, and did the deepest of dives...
Mobile Menace Monday: Is Fuchsia OS the end of Android?
It’s no secret that every year Google announces a new Android version. This time though, recent Google documents state that the next major Android version will be Android Q and not Android 9.1 Pie. In parallel, Google is also developing an operating system called Fuchsia that’s supposedly going t...
A week in security (December 3 – 9)
Last week on Malwarebytes Labs, we gave readers an FYI on multiple breaches that affected Humble Bundle, Quora, and Dunkin' Donuts, to name a few. This follows the announcement from Marriott about a four-year-long breach that impacted half a billion of its patrons. We also pushed out the report,...
How to build your own motion-activated security camera
Attention makers! Are you looking for a challenging project that not only gets your gears grinding but helps to keep you secure while traveling? Welcome to the build-your-own security camera tutorial. The impetus for this project originated from events that took place at Defcon 26, where hotel...
Major data breaches at Adidas, Ticketmaster pummel web users
There's been a number of data breaches and accidental data exposures coming to light in the last few days, and no matter where in the world you happen to be located, you'll want to do some due diligence and see if you've been affected. These aren't small fishes being preyed upon by black hats;...
Analyzing malware by API calls
Over the last quarter, we've seen an increase in malware using packers, crypters, and protectors—all methods used to obfuscate malicious code from systems or programs attempting to identify it. These packers make it very hard, or next to impossible to perform static analysis. The growing number o...
Ransomware in December 2022
Malwarebytes Threat Intelligence builds a monthly picture of ransomware activity by monitoring the information published by ransomware gangs on their dark web leak sites. This information represents victims who were successfully attacked but opted not to pay a ransom. Lockbit has rebounded from i...
Rackspace confirms it suffered a ransomware attack
It's not been a great week for cloud computing service provider Rackspace. On December 2, customers began experiencing problems connecting and logging into their Exchange environments. Rackspace started investigating and discovered an issue that affected its Hosted Exchange environments. Now...
Update now! Google releases emergency patch for Chrome zero-day used in the wild
Google has urged its 3 billion+ users to update to Chrome version 99.0.4844.84 for Mac, Windows, and Linux to mitigate a zero-day that is currently being exploited in the wild. This is in response to a bug reported by an anonymous security researcher last week. The flaw, which is tracked as...
FoggyWeb, analysis of a Nobelium backdoor
Microsofts Threat Intelligence Center has been analyzing a custom-built backdoor that has been used by the Nobelium group since April 2021. Nobelium is the name given to the threat actor behind the attacks against SolarWinds, the Sunburst backdoor, TEARDROP malware, GoldMax malware, and other...
Apple’s search for child abuse imagery raises serious privacy questions
The Internet has been on fire since the August 4 discovery disclosed publicly by Mathew Green that Apple will be monitoring photos uploaded to iCloud for child sexual abuse material CSAM. Some see this as a great move by Apple that will protect children. Others view this as a potentially dangerou...
Beating security fatigue with Troy Hunt, Chloé Messdaghi, and Tanya Janca: Lock and Code S02E06
This week on Lock and Code, we discuss the top security headlines generated right here on Labs. In addition, we speak to Point3 Security chief strategist Chloé Messdaghi, HaveIBeenPwned founder Troy Hunt, and We Hack Purple founder and CEO Tanya Janca about security fatigue. Security fatigue is...
Explosive technology and 3D printers: a history of deadly devices
Hackers: They’ll turn your computer into a BOMB! "Hackers turning computers into bombs" is a now legendary headline, taken from the Weekly World News. It has rather set the bar for "people will murder you with computers" anxiety. Even those familiar with the headline may not have dug into the sto...
Explained: edge computing
Edge computing may seem like a foreign and future-facing term. Yet its applications are widespread and diverse, with the ability to transform the way we store, use, and share data and programs online. The implications of edge computing are far-reaching, trickling down from software development an...
New iOS exploit checkm8 allows permanent compromise of iPhones
UPDATE 9/27, 11:00am: Updated for the misconception that the bootrom was actually being modified. Apparently, the "permanent" only refers to the fact that the bug is in the bootrom, where it cannot be patched. UPDATE 9/27, 12:15am: After speaking with @axi0m8, clarified a few other points,...
The lucrative business of Bitcoin sextortion scams (updated)
Update 2019-09-04: A new wave of sextortion emails purporting to have originated from a group of hackers called ChaosCC—a play on the legitimate European white hat hacking community, Chaos Computer Club CCC—has recently caught the attention of the security world. Below is a sample email we captur...
Malware targeting industrial plants: a threat to physical security
We live in a world where more and more manufacturing processes are controlled by computers that send instructions to robots. This might sound like a safe and efficient way of work, as it rules out human error, but what happens when a threat actor decides to target production servers? Consider the...
A week in security (January 28 – February 3)
Last week, we ran another in our interview with a malware hunter series, explained a FaceTime vulnerability, and took a deep dive into a new stealer. We also threw some light on a Houzz data breach, and what exactly happened between Apple and Facebook. Other cybersecurity news Kwik Fit hit by...
Flurry of new Mac malware drops in December
Last week, we wrote about a new piece of malware called DarthMiner. It turns out there was more to be seen, as not just one but two additional pieces of malware had been spotted. The first was identified by Microsoft's John Lambert and analyzed by Objective-See's Patrick Wardle, and the second wa...
Humble Bundle alerts customers to subscription reveal bug
You’ll want to check your mailbox if you have a Humble Bundle account, as they’re notifying some customers of a bug used to gather subscriber information. Click to enlarge The mail reads as follows: Hello, Last week, we discovered someone using a bug in our code to access limited non-personal...
A week in security (November 26 – December 2)
Last week on Malwarebytes Labs, we took a look at our cybersecurity predictions for 2019, we explained why Malwarebytes participated in AV testing and how we took part in an joint take down of massive ad fraud botnets, warned that ESTA registration websites still lurk in paid ads on Google,...
Sextortion emails: They’re probably not watching you
Back in July, Krebs on Security reported on a rather novel scam, where the threat actor would use credentials from old data dumps to suggest that they had directly hacked the victim and obtained the victim's presumably sensitive browser history. Stolen credentials aside, sex-based extortion scams...
Avoid these Doctor Who Series 11 scams
The new season of Doctor Who has finally landed on television screens around the world, and we’ve started to see the first few signs of spam and other assorted nonsense lumbering online. A rash of YouTube accounts claiming to offer up the new series are making the rounds, all of which generally...
Introducing: Malwarebytes Browser Extension
Are you tired of all the unwanted content the world wide web offers up, whether you like it or not? It is our privilege to introduce you to the Malwarebytes Browser Extension BETA. Or, better said, the Malwarebytes Browser Extensions, because we have one for Firefox and one for Chrome. Introducti...
A primer: How to stay safe on Amazon Prime Day
Bank card—check! Shopping list—check! Lumbar back support pillow—check! Noise canceling headphones—check! And, of course, coffee—check! If you’re an Amazon shopper, then you know by now that Prime Day is nigh! And if you’re one of the many who dreads bidding the weekend goodbye, this is probably...
The key to old Petya versions has been published by the malware author
As research concluded, the original author of Petya, Janus, was not involved in the latest attacks on Ukraine. His original malware was pirated and extended by an unknown actor read more here. As a result of the recent events, Janus probably decided to shut down the Petya project. Similarly to th...
Your HP Support Assistant needs an update!
HP has issued a new version of its HP Support Assistant tool. Users of HP Support Assistant versions earlier than 9.11 and Fusion versions earlier than 1.38.2601.0 are affected by a high severity vulnerability. According to HP it is possible for an attacker to exploit a dynamic-link library DLL...
Update now! Apple patches zero-day vulnerability affecting Macs, Apple Watch, and Apple TV
Apple has released security updates for a zero-day vulnerability that affects multiple products, including Mac, Apple Watch, and Apple TV. The flaw is an out-of-bounds write issue—tracked as CVE-2022-22675—in AppleAVD, a decoder that handles specific media files. An out-of-bounds write or read fl...