4706 matches found
The key to old Petya versions has been published by the malware author
As research concluded, the original author of Petya, Janus, was not involved in the latest attacks on Ukraine. His original malware was pirated and extended by an unknown actor read more here. As a result of the recent events, Janus probably decided to shut down the Petya project. Similarly to th...
Your HP Support Assistant needs an update!
HP has issued a new version of its HP Support Assistant tool. Users of HP Support Assistant versions earlier than 9.11 and Fusion versions earlier than 1.38.2601.0 are affected by a high severity vulnerability. According to HP it is possible for an attacker to exploit a dynamic-link library DLL...
Update now! Apple patches zero-day vulnerability affecting Macs, Apple Watch, and Apple TV
Apple has released security updates for a zero-day vulnerability that affects multiple products, including Mac, Apple Watch, and Apple TV. The flaw is an out-of-bounds write issue—tracked as CVE-2022-22675—in AppleAVD, a decoder that handles specific media files. An out-of-bounds write or read fl...
Google Maps: online interventions with offline ramifications
The places where online life directly intersection with that lived offline will be forever fascinating, illustrated perfectly through a recent performance piece involving Google Maps, a cart, and an awful lot of mobile phones. Simon Weckert, an artist based in Berlin, Germany, showed how a little...
Vital infrastructure: securing our food and agriculture
I don’t expect to hear any arguments on whether the production of our food is important or not. So why do we hardly ever hear anything about the cybersecurity in the food and agriculture sector? Depending on the country, agriculture makes up about 5 percent of the gross domestic product. That...
Workplace violence: the forgotten insider threat
Organizations are no stranger to insider threats. In fact, for those who have been around long before the Internet, workplace violence, alongside spying is a problem many businesses have seen before and sought to address. However, the adoption and use of the Internet completely changed the way...
Why tech companies wanted Senate Bill 315 vetoed
When Georgia Senate Bill 315 SB-315 was introduced, people in the tech world anxiously awaited its fate, regardless of their geographic location. They knew that some laws initially restricted to single states become more widespread after politicians set precedents. And they knew that this law cou...
‘FakeUpdates’ campaign leverages multiple website platforms
A malware campaign which seems to have started at least since December 2017 has been gaining steam by enrolling a growing number of legitimate but compromised websites. Its modus operandi relies on social engineering users with fake but convincing update notifications. Similar techniques were use...
Avzhan DDoS bot dropped by Chinese drive-by attack
The Avzhan DDoS bot has been known since 2010, but recently we saw it in wild again, being dropped by a Chinese drive-by attack. In this post, we'll take a deep dive into its functionality and compare the sample we captured with the one described in the past. Analyzed sample...
Update now! Microsoft fixes two zero-days on February Patch Tuesday
Microsoft has issued patches for 73 security vulnerabilities in its February 2024 Patch Tuesday. Among these vulnerabilities are two zero-days that are reportedly being used in the wild. The two zero-day vulnerabilities have already been added to the Cybersecurity & Infrastructure Security Agency...
Ransomware review: November 2023
This article is based on research by Marcelo Rivero, Malwarebytes ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, "known attacks" are those where the victim did not pay a ransom. This provides the best overall picture of...
Update now! Ruckus vulnerability added to CISA’s list of actively exploited bugs
Along with six older vulnerabilities, the Cybersecurity and Infrastructure Agency CISA has added a vulnerability in multiple Ruckus wireless products to the Known Exploited Vulnerabilities Catalog. This means that Federal Civilian Executive Branch FCEB agencies need to remediate these...
StopRansomware.gov brings together information on stopping and surviving ransomware attacks
The US Department of Homeland Security DHS and the US Department of Justice DOJ—along with other federal partners—have launched a new website as part of the US governments fight against ransomware: StopRansomware.gov. StopRansomware.gov is said to be a one-stop hub for ransomware resources for...
A week in security (December 21- December 27)
Last week on Malwarebytes Labs we warned our readers about not so festive social media scams, how Emotet returned just in time for Christmas, we tried out some free online games your kids are playing and here’s what happened, and our VideoBytes episode talked about what penetration testing tools...
A week in security (October 26 – November 1)
We had a very busy week at Malwarebytes Labs. We offered advice on Googles patch for an actively exploited zero-day bug that affects Chrome users, our podcast talked about finding consumer value in Cybersecurity Awareness Month with Jamie Court, we provided guidance about keeping ransomware cash...
QR code scams are making a comeback
Just when we thought the QR code was on its way out, the pandemic has led to a return of the scannable shortcut. COVID-19 has meant finding a digital equivalent to things normally handed out physically, like menus, tour guides, and other paperwork, and many organizations have adopted the QR code ...
Stalkerware’s legal enforcement problem
Content warning: This piece contains brief descriptions of domestic violence and assault against women and children. In the past five years, only two stalkerware developers, both of whom designed, marketed, and sold tools favored by domestic abusers to pry into victims’ private lives, have faced...
Securing the managed service provider (MSP)
Managed service providers MSPs have been a boon to midsize enterprise. They allow for offloading technical debt to an agent with the skills and resources to manage it, thereby giving an organization room to focus on growing a business, rather than the particulars of infrastructure. For a long...
Insurance data security laws skirt political turmoil
Across the United States, a unique approach to lawmaking has proved radically successful in making data security stronger for one industry—insurance providers. The singular approach has entirely sidestepped the prolonged, political arguments that have become commonplace when trying to pass federa...
A week in security (June 3 – 9)
Last week on Malwarebytes Labs, we rounded up some leaks and breaches, reported about Magecart skimmers found on Amazon CloudFront CDN, proudly announced we were awarded as Best Cybersecurity Vendor Blog at the annual EU Security Blogger Awards, discussed how Maine inches closer to shutting down...
A week in security (March 18 – 24)
Last week on Malwarebytes Labs, we touched on the susceptibility of hospitals against phishing attacks, password reuse, the risk of interactive TV shows to side-channel attacks, and Facebook's new and out-of-character plan to promote privacy in the platform. Other cybersecurity news A study...
Bloomberg blunder highlights supply chain risks
Ooh boy! Talk about a back-and-forth, he said, she said story! No, we’re not talking about that Supreme Court nomination. Rather, we’re talking about Supermicro. Supermicro manufacturers the type of computer hardware that is used by technology behemoths like Amazon and Apple, as well as governmen...
New Chrome and Firefox extensions block their removal to hijack browsers
What you don't see won't hurt you, must have been the reasoning of the threat actors who created the latest batch of extensions that make these browser hijackers even more difficult to remove. The extensions redirect users away from pages where they can disable or delete them in order to drive...
Know your threats: the nine scariest malware monsters
It's been a particularly ghoulish year in cybersecurity, from Russian hacks to ransomware outbreaks. The bad boogey man in the black hoodie has been pulling one over the collective public. It's dark and creepy, but users refuse to stop peeking behind the door. It's enough to make even the most...
Microsoft Exchange vulnerability actively exploited
As it turns out, there was another actively exploited vulnerability included in Microsoft’s patch Tuesday updates for February. When Microsoft said in its update guide for CVE-2024-21410 that the vulnerability was likely to be exploited by attackers, they weren’t kidding. Soon after they changed...
Microsoft gives Apple a migraine
On May 18, 2023, Apple published security content for macOS Ventura 13.4, macOS Monterey 12.6.6, and macOS Big Sur 11.7.7 that addressed a logic issue in libxpc. The Common Vulnerabilities and Exposures CVE database lists publicly disclosed computer security flaws. The CVE we are going to discuss...
Google reveals 18 chip vulnerabilities threatening mobile, wearables, vehicles
Googles Project Zero is warning of multiple significant vulnerabilities found across many models of mobile devices including Samsung Galaxy, Google Pixel, Vivo, and several forms of wearable and vehicles using certain types of components. Between late 2022 and early 2023, Project Zero reported 18...
Timely patching is good, but sometimes it's not enough
Ransomware gangs have shown that they can play a long game, so it shouldnt come as a surprise to learn of one prepared to wait months to make use of a compromised system. S-RMs Incident Response team shared details of a campaign attributed to the Lorenz ransomware group that exploited a specific...
PrestaShop warns of vulnerability: Update your stores now!
A vulnerability affecting open source e-commerce platform PrestaShop could spell trouble for servers running PrestaShop websites. The 15-year-old organisations platform is currently used by around 300,000 shops worldwide. The exploit is very dependent on specific versions in use, so one PrestaSho...
General Motors suffers credential stuffing attack
American car manufacturer General Motors GM says it experienced a credential stuffing attack last month. During the attack customer information and reward points were stolen. The subject of the attack was an online platform, run by GM, to help owners of Chevrolet, Buick, GMC, and Cadillac vehicle...
The Clubhouse database “breach” is likely a non-breach. Here’s why.
Before the work week ended last week Friday, a security researcher found a leak of what is claimed to be full phone numbers of users of Clubhouse, the new social media app everyone is talking about and just recently came out of beta. Clubhouse is an audio-only social media platform where, unlike...
Search hijackers change Chrome policy to remote administration
The latest type of installer in the saga of search hijacking changes a Chrome policy which tells users it can’t be removed because the browser is managed from the outside. As you can imagine, that has freaked out quite a few Chrome users. We have talked about the search hijacker’s business model ...
Rocket Loader skimmer impersonates CloudFlare library in clever scheme
Update: The digital certificate issued for https.ps has been revoked by GlobalSign. Fraudsters are known for using social engineering tricks to dupe their victims, often times by impersonating authority figures to instill trust. In a recent blog post, we noted how criminals behind Magecart skimme...
Explained: the strengths and weaknesses of the Zero Trust model
In a US court of law, the accused are deemed to be innocent until proven guilty. In a Zero Trust security model, the opposite is true. Everything and everyone must be considered suspect—questioned, investigated, and cross-checked—until we can be absolutely sure it is safe to be allowed. Zero Trus...
CEOs offer their own view of a US data privacy law
Last week, the chief executives of more than 50 mid- and large-sized companies urged Congress to pass a national data privacy law to regulate how companies collect, use, and share Americans’ data. Buried deep within the chief executives’ recommendations for such a law, presented as a policy...
Caution: Misuse of security tools can turn against you
We have a saying in Greece: "They assigned the wolf to watch over the sheep." In a security context, this is a word of caution about making sure the tools we use to keep our information private don't actually cause the data leaks themselves. In this article, I will be talking about some cases tha...
Vulnerabilities in financial mobile apps put consumers and businesses at risk
Security hubris. It’s the phrase we use to refer to our feeling of confidence grounded on assumptions we all have but may not be aware of or care to admit about cybersecurity—and, at times, privacy. It rears its ugly head when 1 we share the common notion that programmers know how to code securel...
Yes, Chromebooks can and do get infected
As a Mac malware specialist, I've seen more than my share of folks saying "Macs don't get viruses" over the years. I've seen and experienced first-hand that this isn't true—even on iOS, where despite having tight, built-in security, iPhones are still capable of getting infected by rare malware. I...
What’s causing the cybersecurity skills gap?
The proliferation of next-gen technology into mainstream society has been a boon for consumers, entrepreneurs, and business owners alike. Between the rise of mobile computing, the Internet of Things IoT, and modern social media, our society is more connected than ever before. But all of this...
A week in security (July 24 – July 30)
Last week, we recognized one of the unsung heroes of our times, explained what the Dark Web is, revealed challenges one of our experienced when putting together his conference presentation for SteelCon, revealed the potential dangers of smart toys to kids, and made a prediction following the...
FBI: Smart toys could harm children’s privacy and physical safety
The Federal Bureau of Investigation has recently issued a Public Service Announcement PSA, encouraging consumers—parents, in particular—to think twice before purchasing internet-connected toys. Smart toys and entertainment devices for kids are part of the Internet of Things, and as such, they hav...
Something’s phishy: How to detect phishing attempts
Dear you, It appears you need to update your information. Click here to tell us all your secrets. No really, it's totally safe. We're not going to steal your identity, we swear. If only phishing attempts were that obvious. Instead, these days it's hard to tell a phish apart from a foul, if you...
A week in security (May 15-21)
Last week on Malwarebytes Labs: Why we should be more open about ransomware attacks Windows 11 is showing its first signs of Rust Update now! Ruckus vulnerability added to CISAs list of actively exploited bugs 3 reasons to use a VPN PharMerica breach impacts almost 6 million people Leaked Babuk...
Task Force delivers strategic plan to address global ransomware problem
The Ransomware Task Force RTF, a think tank composed of more than 60 volunteer experts who represent organizations encompassing industries and governments, has recently pushed out a comprehensive and strategic plan for tackling the increasing threat and evolution of ransomware. The report, entitl...
Why Data Privacy Day matters: A Lock and Code special with Mozilla, DuckDuckGo, and EFF
You can read our full-length blog here about the importance of Data Privacy Day and data privacy in general Today is a special day, not just because January 28 marks Data Privacy Day in the United States and in several countries across the world, but because it also marks the return of our hit...
Coalition Against Stalkerware bulks up global membership
Today, the Coalition Against Stalkerware brought aboard 11 new organizations to address the potentially dangerous capabilities of stalkerware, an invasive, digital threat that can rob individuals of their expectation of, and right to, privacy. These types of apps can provide domestic abusers with...
Emotet revisited: pervasive threat still a danger to businesses
One of the most common and pervasive threats for businesses today is Emotet, a banking Trojan turned downloader that has been on our list of top 10 detections for many months in a row. Emotet, which Malwarebytes detects as Trojan.Emotet, has been leveled at consumers and organizations across the...
A week in security (November 19 – 25)
Last week on Malwarebytes Labs, we took a look at a devastating business email compromise attack, web skimming antics, and the fresh perils of Deepfakes. We also checked out some Chrome bug issues, and took the deepest of deep dives into DNA testing. Other cybersecurity news Adobe Flash bug—get...
HMRC phish swipes email login, payment details
It's not tax season in the UK, but that hasn't deterred scammers from sending out mail looking to swipe both card details and email logins in one fell swoop. The email, which claims UKGOV has issued a tax refund to the tune of 542.94 GBP, arrives under the following title, which is spectacularly...
Badgelife: A Defcon 26 retrospective
One more year gone, one more Defcon completed. Defcon is the longest-running security conference in existence and one that I have been attending since Defcon 18. It is an opportunity to see and interact in real life with industry peers that would forever remain a digital persona otherwise. It is...