4659 matches found
Explained: False positives
What are false positives? False positive, which is sometimes written as f/p, is an expression commonly used in cybersecurity to denote that a file or setting has been flagged as malicious when it’s not. In statistics, false positives are called Type I errors, because they check for a particular...
Compromised Barracuda appliances equipped with persistent backdoors by attackers
The Cybersecurity and Infrastructure Security Agency CISA has published three malware analysis reports based on malware variants associated with the exploitation of a known vulnerability in Barracuda ESG appliances. The Common Vulnerabilities and Exposures CVE database lists publicly disclosed...
Why data protection and privacy are not the same, and why that matters: Lock and Code S03E09
Theres a mistake commonly made in the United States that a law that was passed to help people move their healthcare information to a new doctor or provider was actually passed to originally implement universal, wide-ranging privacy controls on that same type of information. This is the mixup with...
Has your WordPress site been backdoored by a skimmer?
Skimmers and other threat actors are backdooring websites, and WordPress instances in particular, according to a recently released report. Researchers at Sucuri say attackers have developed methods to make sure that their grip on the infected site is not easily removed by applying the next update...
Update now! Netgear vulnerability patched
Netgear has released a fix for a vulnerability on several of their product models. The affected product models include extenders, routers, air cards, and modems. The vulnerability was discovered by researchers at GRIMM, but prior to the planned disclosure date, Netgear released a patch that fixed...
How to delete your Instagram account
Although sharing your day’s highlights in snapshots and videos on Instagram can be entertaining, some people claim to feel happier after deleting their accounts. Consuming media tailor-made to make other peoples lifestyles appear alluring can be addictive for some and induce anxiety in others. No...
The npm netmask vulnerability explained so you can actually understand it
The popular npm netmask library recently encountered a serious problem, explained as follows: The npm netmask package incorrectly evaluates individual ipv4 octets that contain octal strings as left-stripped integers, leading to an inordinate attack surface on hundreds of thousands of projects tha...
Gang arrested for SIM-swapping celebrities, stealing $100 million
The UKs National Crime Agency NCA—working alongside the US Secret Service, Homeland Security, the FBI, Europol, and the District Attorneys Office of Santa Clara California—spearheaded the arrest of eight British citizens in the UK and Scotland, aged between 18 to 26, for a string of SIM swapping...
Switching from a “Just in Time” delivery system should include planning ahead
As it becomes clear that some things will never again be the same after the global coronavirus pandemic, it is time to prepare for the future. The cybersecurity implications of upcoming changes will be most noticeable in organizations that rely on security models like the software defined...
Would ‘Medicare for All’ help secure health data?
DISCLAIMER: This post is not partisan, but rather focuses on risk assessment based on history and what threats we are facing in the future. We do not endorse any healthcare plan style in any way, outside of examining its data security risk. For many folks, the term ‘Healthcare for All’ brings up ...
A week in security (October 8 – 14)
Last week, we warned you away from some dubious Doctor Who streams, explained how Endpoint Detection and Response may not be enough, and explored what happens during a confusing supply chain story. We also showed you how to keep up with security, explained the risks of fake browser updates, and...
A week in security (August 6 – August 12)
Last week, we published a review of exploit kits, talked about everyday tech that can give you a headache, and showed how to protect RDP access from ransomware. We also published a study on the true cost of cybercrime. Other news: Discovered at Black Hat: WhatsApp "message manipulation" Source: T...
IoT domestic abuse: What can we do to stop it?
Some 40 years ago, the sci-fi/horror film Demon Seed told the tale of a woman slowly imprisoned by a sentient AI, which invaded the smart home system her husband had designed to manage it. The AI locked doors, windows, turned off communications, and even put a synthesised version of her onscreen ...
Building an incident response program: creating the framework
In part one of our series, our overview of Building an incident response plan, we discussed what regulations organizations will need to meet in order to address incident/breach response protocols laid out in the EU’s General Data Protection Regulation GDPR. This week, we’ll talk to you about step...
419 spam: 10 million US dollars, courtesy of “Rev. Goodluck Ebola”
I'm not saying an email claiming to be from the "Central Bank of Nigeria" with a contact handler named "Rev. Goodluck Ebola" will raise too many red flags, but… Click to Enlarge CENTRAL BANK OF NIGERIA OFFICE OF THE GOVERNOR Zaria Street, Off Samuel Akintola Street,Garki 11, Garki-Abuja. Our Ref:...
Roundup: your malware infection stories
You hear the cautionary tales all the time. So-and-so didn’t have an antivirus in place and was infected with malware. Such-and-such business had limited cybersecurity infrastructure and was hit with a ransomware attack. You think: Sure, but it probably won’t happen to me. I’m a safe surfer. I’ve...
Microsoft Exchange vulnerability actively exploited
As it turns out, there was another actively exploited vulnerability included in Microsoft’s patch Tuesday updates for February. When Microsoft said in its update guide for CVE-2024-21410 that the vulnerability was likely to be exploited by attackers, they weren’t kidding. Soon after they changed...
Joomla! vulnerability is being actively exploited
The Cybersecurity and Infrastructure Security Agency CISA has added a vulnerability for the Joomla! Content Management System CMS to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This means that Federal Civilian Executive Branch FCEB agencies need to...
Update now! Microsoft patches a whopping 130 vulnerabilities
Its that time of the month again. For the July 2023 Patch Tuesday, Microsoft has issued security updates for 130 vulnerabilities. Nine of the vulnerabilities are rated as critical and four of them are known to be actively exploited. The Cybersecurity & Infrastructure Security Agency CISA has...
Fake Hogwarts Legacy cracks lead to adware, scams
Hogwarts Legacy, the much-anticipated Harry Potter video game, has finally landed on major gaming platforms. But, as with all games like this, it comes with a steep price tag, so it's no surprise to suddenly see websites peddling "cracked" versions of the game for free. These sites are easily...
Update now! Zyxel patches critical firewall bypass vulnerability
In a security advisory Zyxel has urged customers to update because a security flaw can lead to the circumvention of firewall protection in several Zyxel products. Zyxel is a Taiwanese producer of modems and other networking equipment and its products are sold in over 150 countries. The...
Update your OptinMonster WordPress plugin immediately
WordPress, the incredibly popular content management platform, is currently dealing with a nasty plugin bug which allows redirects. What is a WordPress plugin? Like most blogging platforms, WordPress allows you to change up its default functionality. This is done by adding bits of kit called...
10 best practices for MSPs to secure their clients and themselves from ransomware
Lock-downs and social distancing may be on, but when it comes to addressing the need for IT support—whether by current of potential clients—it’s business as usual for MSPs. And, boy, is it a struggle. On the one hand, they keep an eye on their remote workers to ensure they’re still doing their jo...
TrickBot adds new trick to its arsenal: tampering with trusted texts
Researchers from Dell Secureworks saw a new feature in TrickBot that allows it to tamper with the web sessions of users who have certain mobile carriers. According to a blog post that they published early last week, TrickBot can do this by "intercepting network traffic before it is rendered by a...
Cybersecurity pros think the enemy is winning
There is a saying in security that the bad guys are always one step ahead of defense. Two new sets of research reveal that the constant cat-and-mouse game is wearing on security professionals, and many feel they are losing in the war against cybercriminals. The first figures are from the...
Interview with a malware hunter: Jérôme Segura
In our series "Interview with a malware hunter," our feature role today goes to Jérôme Segura, Malwarebytes’ Head of Threat Intelligence and world-renowned exploit kits researcher. The goal of this series is to introduce our readers to our malware intelligence crew by involving them in these Q&A...
A week in security (December 10 – 16)
Last week on Labs, we took a look at some new Mac malware, a collection of various scraped data dumps, the protection of power grids, and how bad actors are using SMB vulnerabilities. Other cybersecurity news Millions affected by Facebook photo API bug: An issue granted third-party apps more acce...
Removing the jam in your printer security
Printers are an important, invisible—albeit sometimes loud—component of the office. But all too often they’re filled with mystery meat icons, peculiar blinking lights, or error messages with no instruction manual to hand. No problem, you can just print at the next station! Wrong. Printers also...
Introducing: Malwarebytes Browser Extension
Are you tired of all the unwanted content the world wide web offers up, whether you like it or not? It is our privilege to introduce you to the Malwarebytes Browser Extension BETA. Or, better said, the Malwarebytes Browser Extensions, because we have one for Firefox and one for Chrome. Introducti...
So you’ve been asked to start a threat intel program
Ever since the Mandiant APT1 report landed like a bomb in private sector security reporting, threat intelligence has been a hot buzzword many companies have been chasing over. But what is threat intelligence? What do you need to execute it well? And how many new tools do you need to buy? The...
New Mac cryptominer uses XMRig
A new Mac cryptominer was discovered this week, after affected users saw their fans whirring out of control and a process named "mshelper" gobbling up CPU time like Cookie Monster. Fortunately, this malware is not very sophisticated and is easy to remove. The malware became public knowledge in a...
Physician, protect thyself: An ounce of prevention is worth a pound of cure
In part one of our Physician, protect thyself series, we recognized significant security problems within the healthcare industry that need addressing. Health organizations moving from the paper to the 'puter—a shift meant to improve care and overall patient experience—inadvertently introduced...
How artificial intelligence and machine learning will impact cybersecurity
Artificial intelligence AI and machine learning ML are hot topics in technology. New use cases and applications are discussed daily—from search results recommendations to smart cars. But what are cybersecurity organizations doing with this tech? What does it take to render additional security out...
Stop telephoning me-eh-eh-eh-eh: robocalls explained
If you've ever answered a call from anyone outside your contact list only to hear a recorded message playing back at you, you have just been robocalled. Unfortunately for American consumers, this happens several times a day, seven days a week. Suffice to say, this is beyond annoying—and it's...
Exosrv.com, an ad server for adult sites, tops Malwarebytes detections
Update 12/18/2017: Upon review, we have decided to lift the block on those two ad servers. You can read ExoClick's comments below: At Exoclick we use large resources to ensure that the ads that we serve are clear, clean and issue free. Where malwares and other forms of malvertising are detected...
A week in security (October 23 – October 29)
Welcome back to "A week in security." Last week, we took a look at how deleted files can be recovered, explored the BadRabbit ransomware plague attacking Eastern Europe including a deep dive into the code, and talked about what it takes to work in security. One of our researchers, who is a PhD...
When cybersecurity isn’t all cyber: What does it really take to work in cybersecurity?
With the multitude of breaches and outbreaks already witnessed in 2017, it's become clear that industries across all verticals are challenged by cybersecurity. This is a serious business problem that needs to be addressed ASAP. As much talk as there is about organizations getting hacked, scores o...
The mystery of the CVEs that are not vulnerabilities
A researcher specializing in Software Supply Chain security named Dan Lorenc recently raised an interesting topic on LinkedIn. 138 new vulnerabilities in open-source projects were all entered the same day to the CVE database. To understand what the problem is there are a few things youll need to...
Attackers waited until holidays to hit US government
The government industry in the United States dealt with heavy hitting breaches against local, federal, and state government networks, primarily during the first quarter of 2021. Our telemetry revealed a small spike in a generic backdoor detection, known as Backdoor.Agent, during March of 2021,...
ProtonMail hands user’s IP address and device info to police, showing the limits of private email
They say there’s two sides to every story. Depending on your point of view, you may have heard a recent story thats either about overreaching law enforcement and protestors exposed by organisations happy to hand over revealing data despite saying they wont. Or: BREAKING: legitimate business...
“Seven or eight” zero-days: The failed race to fix Kaseya VSA, with Victor Gevers, Lock and Code S02E13
Kaseya VSA included at least “seven or eight” privately known zero-day vulnerabilities before it suffered a widespread ransomware attack that impacted hundreds of businesses, said Victor Gevers, chair of the Dutch Institute for Vulnerability Disclosure, or DIVD, a volunteer-run organization that...
Malspam banks on Kaseya ransomware attack
The Malwarebytes Threat Intelligence Team recently found a malicious spam campaign making the rounds and banking on the ransomware attack that forced Kaseya to shut down its VSA service. This is a classic example of an opportunistic attack conducted by potentially another threat actor/group off t...
A week in security (June 28 – July 4)
Last week on Malwarebytes Labs: Is it Game Over for VR Advergaming? Lil’ skimmer, the Magecart impersonator What is the WireGuard VPN protocol? Binance receives the ban hammer from UK’s FCA Fired by algorithm: The future’s here and it’s a robot wearing a white collar Second colossal Linkedin...
Cloud vs on premises: 3 reasons the Cloud is winning
Thanks to the vast rollout of COVID-19 vaccines to millions of people in the US and Europe, some of us are finally seeing some semblance of a return to normalcy. And organizations, who have experienced first-hand the struggle to stay afloat during months of struggle, are expecting to transition...
Watch out! Android Flubot spyware is spreading fast
Using a proven method of text messages about missed deliveries, an old player on the Android malware stage has returned for an encore. This time it seems to be very active, especially in the UK where Android users are being targeted by text messages containing a link to a particularly nasty piece...
A week in security (January 11 – January 17)
Last week on Malwarebytes Labs, we looked at IoT problems, Microsoft’s Patch Tuesday, and how cybercriminals want access to your cloud services. We also explored how VPNs can protect your privacy, and asked if MSPs have picked the right PSA. Other cybersecurity news Hot phishing targets: Some...
Biotech health care innovations meet security challenges
The level and speed of innovations taking place in the biotech industry are baffling. On the one hand, it makes us hopeful we can quickly reduce the number of illnesses and their consequences through technological advancement—saving thousands of lives. On the other, concerns about the application...
WOOF locker: Unmasking the browser locker behind a stealthy tech support scam operation
Update 01-27-2020: Shortly after this blog was published we noticed that a large part of the infrastructure behind this browlock was taken down. The malicious server responsible for redirections is no longer responding and we have not observed any new live browlock from this 2 year old campaign. ...
Backdoors are a security vulnerability
Last month, US Attorney General William Barr resurrected a government appeal to technology companies: Provide law enforcement with an infallible, “secure” method to access, unscramble, and read encrypted data stored on devices and sent across secure messaging services. Barr asked, in more accurat...
Spotlight on Troldesh ransomware, aka ‘Shade’
Despite the decline in the number of ransomware infections over the last year, there are several ransomware families that are still active. Ransom.Troldesh, aka Shade, is one of them. According to our product telemetry, Shade has experienced a sharp increase in detections from Q4 2018 to Q1 2019...