4706 matches found
A week in security (July 23 – July 29)
Last week on Labs, we looked at an adware called MobiDash getting stealthy, a new strain of Mac malware called Proton that was found after two years, and the ‘Hidden Bee’ miner that was delivered via an improved drive-by download toolkit. We also delved into the security improvements expected in...
Mobile Menace Monday: Adware MobiDash gets stealthy
The Adware known as MobiDash, detected by Malwarebytes for Android as Android/Adware.MobiDash, is far from a new. However, this ad-displaying nuisance now comes with some additional stealth features. First appearing last spring, these new features are not limited to a single variant of MobiDash...
A week in security (May 21 – May 27)
Last week we told you about a Mac cryptominer using XMRig, an overview of Dreamcast related scams, part 1 of decoding Emotet, and what to do about bad coding habits that die hard. We also published the results of our second CrackMe contest. Other news How a pioneer of machine learning became one ...
Myspace vs. Facebook: the good old days?
Many people have fond memories of ye olde Myspace dotte comme, and those rose-splashed spectacles seem to have grown ever larger in light of the recent Facebook happenings. In recent days, I've seen many declaring their love for all things Tom, and how everything was just one huge barrel of laugh...
AdGholas malvertising thrives in the shadows of ransomware outbreaks
The latest wave of ransomware following the WannaCry outbreak has kept everyone very busy and been the topic of many conversations. In the meantime, other threat actors have been quite active and perhaps even enjoyed this complimentary diversion. This is certainly true for the most prolific...
How Outlook notification sounds can lead to zero-click exploits
An Akamai researcher has found two vulnerabilities in Windows that can be combined to achieve a full, zero-click remote code execution RCE in Outlook. Both vulnerabilities were responsibly disclosed to Microsoft and addressed in the August 2023 and October 2023 patch Tuesdays, so the researcher...
Oracle WebLogic Server vulnerability added to CISA list as “known to be exploited”
On May 1, 2023 the Cybersecurity and Infrastructure Security Agency CISA added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This means that Federal Civilian Executive Branch FCEB agencies are obliged to remediate the...
Update now! Microsoft patches two zero-days
The Microsoft September 2022 Patch Tuesday includes fixes for two publicly disclosed zero-day vulnerabilities, one of which is known to be actively exploited. Five of the 60+ security vulnerabilities were rated as "Critical", and 57 as important. Two vulnerabilities qualify as zero-days, with one...
Attackers waited until holidays to hit US government
The government industry in the United States dealt with heavy hitting breaches against local, federal, and state government networks, primarily during the first quarter of 2021. Our telemetry revealed a small spike in a generic backdoor detection, known as Backdoor.Agent, during March of 2021,...
BlackMatter, a new ransomware group, claims link to DarkSide, REvil
Theres a new ransomware gang in town—and, frankly, were not at all surprised. After DarkSide disappeared—coincidentally, immediately after Colonial Pipeline gave in to the groups ransom demand of roughly $5M USD worth in Bitcoin—a new ransomware group who calls themselves BlackMatter surfaced on...
Kaseya Unitrends has unpatched vulnerabilities that could help attackers expand a breach
It must not be easy to work at Kaseya right now. While they are working as hard as they can to help customers, and customers of their customers, recover from the REvil ransomware attack at the beginning of July, a new vulnerability in their software has been disclosed. As a sidenote, Kaseya...
Deep learning: An explanation and a peek into the future
Deep learning is one of the most advanced forms of machine learning, and is showing new developments in many industries. In this article, well explain the concept and give some examples of the latest and greatest ways its being used. What is deep learning? There have been many attempts at creatin...
The passwordless present: Will biometrics replace passwords forever?
When it comes to securing your sensitive, personally identifiable information against criminals who can engineer countless ways to snatch it from under your nose, experts have long recommended the use of strong, complex passwords. Using long passphrases with combinations of numbers, letters, and...
Child identity theft, part 1: On familiar fraud
In 2013, 30-year-old Axton Betz-Hamilton received an angry phone call from her father two weeks after her mother, Pam, died. "What the hell were you thinking?" he screamed. He had just unearthed a credit card statement in her name that had run over its limit from a box of her mother’s paperwork...
A week in security (May 6 – 12)
Last week on Labs, we discussed what to do when you discover a data breach, how 5G could impact cybersecurity strategy, the top six takeaways for user privacy, vulnerabilities in financial mobile apps that put consumers and businesses at risk, and in our series about vital infrastructure, we...
The top six takeaways for corporate data privacy compliance
For nearly two months, Malwarebytes Labs has led readers on a journey through data privacy laws around the world, exploring the nuances between “personal information” and “personal data,” as well as between data breach notification laws in Florida, Utah, California, and Iowa. We explored the risk...
VPNFilter malware still making waves
Last month, a piece of malware called VPNFilter caused chaos for owners of MikroTik, Lynksys, TP-Link, and Netgear equipment. Roughly 500,000 devices worldwide fell victim, with the unwanted parasite able to listen to traffic, steal credentials, damage devices, and more. Until patches started to...
The digital entropy of death: link rot
Hot on the heels of a grim blog about digital death comes…another blog about digital death. Except in this case, the recently deceased would be the links that tie the web together, otherwise known as link rot. Link rot is a weird thing. Say I blog for Puppy Chow and I write an article about the...
Mobile Menace Monday: Olympics app has more ads than games
An app claiming to live stream the 2018 Winter Olympics but really serving up a blizzard of ads had a short run on Google Play. It was uploaded to the Play store on February 8, 2018. Since then, it's been removed. The last known existence of it on the store was a cached snapshot from February 10...
How to remove adware from your PC
“Close. Close. Close. Close,” my mother mumbles as she aggressively clicks her mouse over and over. “What’s wrong, Ma?” I’m home for the holidays, and cozy, cold evenings are often spent in front of the fireplace. This night, however, my mom is stuck at her computer. “This stupid thing won’t stop...
SteelCon: Mahkra ni Orroz
I recently gave a talk at Sheffield's SteelCon, a huge security event spread over a few days with no end of interesting activities taking place. My presentation, called Makhra ni Orroz, is a good 45 minutes of non stop talking and pictures and things. It's also a bit different in terms of what I...
Ford says it’s safe to drive its cars with a WiFi vulnerability
Ford has released information about a buffer overflow vulnerability in its SYNC 3 infotainment system. Ford learned from a supplier that a security researcher had discovered a vulnerability in the Wi-Fi software driver supplied for use in the SYNC 3 infotainment system available on some Ford and...
Update Chrome now! Google fixes critical vulnerability in Autofill payments
Google has released a Chrome update which includes five security fixes. One of these security fixes is for a critical vulnerability in Autofill payments. Google labels vulnerabilities as critical if they allow an attacker to run arbitrary code on the underlying platform with the user's privileges...
Malware on the Google Play store leads to harmful phishing sites
A family of malicious apps from developer Mobile apps Group are listed on Google Play and infected with Android/Trojan.HiddenAds.BTGTHB. In total, four apps are listed, and together they have amassed at least one million downloads. Older versions of these apps have been detected in the past as...
Urgent update for macOS and iOS! Two actively exploited zero-days fixed
Apple has released emergency security updates to fix two zero-day vulnerabilities previously exploited by attackers to hack iPhones, iPads, or Macs. Publicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures CVE database. Its goal is to make it easier to sha...
Wanted! US offers $10m bounty for ransomware kingpins
The US State Department is offering a massive $10 million reward if you can help bring DarkSide to justice. The U.S. Department of State announces a reward offer of up to $10,000,000 for information leading to the identification or location of any individuals who holds a key leadership position i...
What special needs kids need to stay safe online
Online safety is hard enough for most adults. We reuse weak passwords, we click on suspicious links, and we love to share sensitive information that should be kept private and secure. Just go back a few months to watch adults gleefully sharing photos of their vaccine cards. The consequences of...
Fintech security: the challenges and fails of a new era
"I have no idea how this app from my bank works, and I don't trust what I don't understand." Josh is not an old curmudgeon or luddite. He's 42 with a decent understanding of technology. Nevertheless, the changes in fintech have come too fast for him. It's not that he doesn't trust his bank. He...
Can search extensions keep your searches private?
One of the most common things most of us do on the Internet is search, whether we are looking up the price of the latest gadget or we need to find the address of that great restaurant recommended by a friend. The dizzying number of Google search queries per second more than 40,000, on average tel...
Internet Safety Month: How to protect your child’s privacy online
June marks the beginning of summer. It is also National Internet Safety Month. This is the perfect time to remind vacationers that while it is essential to check that everything you need is packed and ready for a trip, it is equally vital for the family to take steps in securing their devices and...
Far Cry 5 download offers: embrace the power of “no”
The recently released Far Cry 5 is a video game where you reclaim Montana from a cult obsessed with the "power of yes" by hitting members over the head with a shovel. It's also one of the biggest sellers for publisher Ubisoft to date, and it stands to reason that many people would like to grab a...
A week in security (April 09 – April 15)
Last week, we took a look at a malware-campaign called FakeUpdates, methods to use secure instant messaging, the inner workings of a decryption tool, and some Facebook spam campaigns. We also published our first quarterly Malwarebytes Labs CTNT report of 2018. Other news A security researcher...
Human Factor Podcast: Jenny Radcliffe and Chris Boyd
A little while ago, I was invited to take part in Jenny Radcliffe's Human Factor Podcast. With 44 episodes strong and counting!, Jenny spends an hour or so talking at length with her guests who are professional investigators, security advocates, all-round educators, tireless consultant/conference...
Using ILSpy to analyze a small adware file
My curiosity was triggered when the telemetry of our heuristic scanner started showing a multitude of reports about a small file called grandfather.exe, so I went out to grab a copy and have a look at it. As you can probably tell from some of the detection names at Virustotal, this is a MSIL...
Patch Ivanti Standalone Sentry and Ivanti Neurons for ITSM now
Ivanti has issued patches for two vulnerabilities. One was discovered in the Ivanti Standalone Sentry, which impacts all supported versions 9.17.0, 9.18.0, and 9.19.0. Older versions are also at risk. The other vulnerability impacts all supported versions of Ivanti Neurons for ITSM—2023.3, 2023.2...
Update now! Chrome patches actively exploited zero-day vulnerability
Google has released an update for its Chrome browser that includes eleven security fixes, one of which has been reportedly exploited in the wild. The vulnerability that is reported as being exploited in the wild has been assigned CVE-2022-0609. CVE-2022-0609 The vulnerability is described as a...
HP OMEN users, update your driver now!
HP has released a patch to fix a flaw in the HP OMEN driver. As far as we know the flaw isnt being actively exploited, but its worth applying the patch as soon as you can. The flaw, the fix The driver vulnerability, which is tracked as CVE-2021-3437, was found by Kasif Dekel, a senior security...
Discord users tempted by bots offering “free Nitro games”
The last few weeks have seen multiple instances of problematic bots appearing in Discord channels. They bring tidings of gifts, but the reality is quite a bit different. Given so many more young kids and teens are at home during the current global lockdown, they may well see this scam bouncing...
How to protect against stalkerware, a murky but dangerous mobile threat
Last week, we pledged that—in honor of National Cybersecurity Awareness and Domestic Violence Awareness months—we would continue the fight against the online scourge known as stalkerware, or applications used to track and spy on victims without their knowing consent. We told readers that, despite...
Explained: Payment Service Directive 2 (PSD2)
Payment Service Directive 2 PSD2 is the implementation of a European guideline designed to further harmonize money transfers inside the EU. The ultimate goal of this directive is to simplify payments across borders so that it's as easy as transferring money within the same country. Since the EU w...
A week in security (June 25 – July 1)
Last week on Labs, we looked at comment moderation duties, Viagra spam on a news-making restaurant's website, and how to manage your child's online presence for Internet safety month. We also looked at a set of big breaches and leaks, as well as malware threats with a World Cup vibe. Other news...
A week in security (June 18 – June 24)
Last week, we took a deep dive into SamSam ransomware, looked at ways how to identify and delete malicious emails, recognized that there are now risks affecting job recruitment portals, analyzed a malicious Android app banking on the popularity of Fortnite, and identified causes and solutions for...
Malicious cryptomining and the blacklist conundrum
When Coinhive first came out in September of 2017, it was fairly easy to identify websites using browser miners by looking for a few lines referencing the Coinhive API within the HTML source code. Because this was a new phenomenon, even bad actors didn't have to hide their intentions, and...
How artificial intelligence and machine learning will impact cybersecurity
Artificial intelligence AI and machine learning ML are hot topics in technology. New use cases and applications are discussed daily—from search results recommendations to smart cars. But what are cybersecurity organizations doing with this tech? What does it take to render additional security out...
Expired domain names and malvertising
In Q1 and Q2 of 2017, we noticed a sharp decline in drive-by downloads coming from compromised websites. The campaigns of the past are either gone Pseudo Darkleech or have changed focus EITest using social engineering techniques. Malvertising - which has remained steady and is currently the main...
Bye, bye Petya! Decryptor for old versions released.
Following the outbreak of the Petya-based malware in Ukraine, the author of the original version, Janus, decided to release his master key, probably closing the project. You can read the full story here. Based on the released key, we prepared a decryptor that is capable of unlocking all the...
A .NET malware abusing legitimate ffmpeg
There is a growing trend among malware authors to incorporate legitimate applications in their malicious package. This time, we analyzed a malware downloading a legitimate ffmpeg. Using this application, this simple spyware written in .NET got a powerful feature. Most of the malware is sufficient...
Reducing your attack surface is more effective than playing patch-a-mole
On June 13, 2023 the Cybersecurity and Infrastructure Security Agency CISA issued Binding Operational Directive BOD 23-02. BOD 23-02 is titled Mitigating the Risk from Internet-Exposed Management Interfaces, and requires federal civilian agencies to remove specific networked management interfaces...
Update now! Google patches vulnerabilities for Pixel mobile phones
Googles Pixel Update Bulletin for September included two security patches that are Pixel specific. Both underlying vulnerabilities are rated critical and could lead to privilege escalation and device takeover. The vulnerabilities Publicly disclosed computer security flaws are listed in the Common...
TikTok vulnerability could have allowed hijackers to take over accounts
Microsoft has released a detailed rundown of an issue, now fixed, which was potentially dangerous for users of TikTok. The problem, flagged as a "high-severity vulnerability" by Microsoft, required several steps chained together in order to function. Attackers making use of it could have...