Data scraping treasure trove found in the wild

We bring word of yet more data exposure, in the form of “nonsensitive” data scraping to the tune of 66m records across 3 large databases. The information was apparently scraped from various sources and left to gather dust, for anyone lucky enough to stumble upon it. What is data scraping? The...

A week in security (October 15 – 21)

Last week on Malwarebytes Labs, we went over how to build your own motion-activated security camera, wondered whether FIDO is the future instrument to replace passwords and usernames, informed you about information operations on Twitter, and released our Q3 Malwarebytes Labs Cybercrime Tactics an...

Explained: What is big data?

If the pile of manure is big enough, you will find a gold coin in it eventually. This saying is used often to explain why anyone would use big data. Needless to say, in this day and age, the piles of data are so big, you might end up finding a pirate’s treasure. How big is the pile? But when is t...

A week in security (June 25 – July 1)

Last week on Labs, we looked at comment moderation duties, Viagra spam on a news-making restaurant's website, and how to manage your child's online presence for Internet safety month. We also looked at a set of big breaches and leaks, as well as malware threats with a World Cup vibe. Other news...

Fake Fortnite for Android links found on YouTube

The extremely popular video game Fortnite is coming to Android sometime this summer, and the fanbase is going wild. Not surprisingly, mobile malware developers are taking advantage. Already, there are several videos on YouTube with links claiming to be versions of Fortnite for Android, despite th...

Tips for safe summer travels: your cybersecurity checklist

Summer is just around the corner in the Northern Hemisphere, and with it comes vacation plans for many. Those looking to take some time away from work and home are likely making plans to secure their home, have their pets taken care of, and tie up loose ends at work. But how about securing your...

Social media: A treasure trove of spam and scams

There are two kinds of spam associated with social media. There are spam ads that actually live on social media, and there is spam that comes in your inbox, courtesy of social media. Both thrive by using data from your social media accounts. But how do spammers know how to target you and send you...

A week in security (May 7 – May 13)

Last week on Labs, we looked at the case of a fake Android AV, an annoying adware that goes by the name of Kuik, the return of threat actors behind the Shopper Stop tech scam, a new Netflix phishing scam, the recent zero-day vulnerability in Internet Explorer, and the insufficiency of merely...

Netflix phish claims your membership is on hold

The days of ugly-looking phish pages hosted on something akin to a Geocities page are slowly receding into the distance. For quite some time now, phish attacks have made attempts to look fairly sophisticated and stand a decent chance of fooling anyone not keeping their guard up. Today, we have a...

A week in security (April 02 – April 08)

Last week, we took a look at fake Whatsapp antics, dubious gaming extensions, and a huge Panera bread breach. There was also LockCrypt ransomware to contend with, we had a poke around Linkedin, and we published another Physician, protect thyself blog. Other news Compromised cash register systems...

How to protect your computer from malicious cryptomining

Noticing that your computer is running slow? While sometimes a telltale sign of infection, these days that seems doubly true. And the reason is: malicious cryptomining. So, what, exactly, is it? We'll tell you how bad this latest malware phenomenon is for you and your computer, plus what you can ...

Patch now! Citrix Sharefile joins the list of actively exploited file sharing software

The Cybersecurity and Infrastructure Security Agency CISA has added a vulnerability to its catalog of know exploited vulnerabilities, based on evidence of active exploitation. This means that Federal Civilian Executive Branch FCEB agencies need to remediate this vulnerability by September 6, 2023...

Business Services industry targeted across the country for backdoor access

The presence of so many hacking tools in the detections for the Business Services industry tells a story about these organizations being targeted for not only infection, but to establish backdoors and likely gain access to customers of the organizations through the victims network. Just like...

Google ads lead to major malvertising campaign

Fraudsters have long been leveraging the shady corners of the internet to place malicious adverts, leading users to various scams. However, every now and again we see a campaign that goes mainstream and targets some of the worlds top brands. Case in point, we recently uncovered a malvertising cha...

Does using a VPN slow down your Internet?

A Virtual Private Network VPN can stop others from snooping on or tampering with your Internet traffic. It does this by concealing your traffic inside an encrypted tunnel between you and your VPN provider. And because your traffic appears to join the the Internet from your VPN providers computer...

Brave takes aim at Google with privacy-first search engine

The privacy-forward web browser Brave launched its new search engine in beta on Wednesday, promising a more private experience that does not track user searches, build user profiles, or require the use of an external, pre-existing search index to deliver results. Clear from the company’s early...

“Huge upsurge” in DDoS attacks during pandemic

Researchers at Netscout have released a report analyzing the malicious internet traffic of 2020 and comparing it to the years before. Some of the results were as expected: Brute-forcing credentials and more targeting towards internet-connected devices were foreseeable and have been discussed at...

Royal Mail scam says your parcel is waiting for delivery

Expecting a delivery? Watch out for phishing attempts warning of held packages and bogus shipping fees. This Royal Mail delivery scam begins with a text message out of the blue, claiming: Your Royal Mail parcel is waiting for delivery. Please confirm the settlement amount of 2.99 GBP via:...

North Korean hackers charged with $1.3 billion of cyberheists

The US Department of Justice recently unsealed indictments detailing North Koreas involvement in several global cyberattack campaigns against institutions in the financial and entertainment sectors, and money laundering schemes in certain US states. The first unsealed indictment is for hacking...

Cybersecurity in Cyberpunk 2077: the good, the bad, and the cringeworthy

What game caused some players to experience seizures, allows you to have unauthorized sex with Keanu Reeves, features a lead character who can’t keep the contents of his pants contained, was pulled from the PlayStation Store weeks after release, and still managed to shatter sales and streaming...

ParetoLogic facing complaint of alleged wrongdoing

A short while ago we reported on the FTC ruling against payment provider RevenueWire. Now, another Canadian company is under scrutiny, and the cases are very much related. Not only are these companies hailing from the same city, they also share some founders. The company ParetoLogic is involved i...

Explained: data enrichment

How do your favorite brands know to use your first name in the subject line of their emails? Why do you seem to get discounts and special offers on products you've recently purchased? Businesses are able to personalize their marketing messages thanks to data enrichment. Data enrichment applies to...

A week in security (September 16 -22)

Last week on Labs, we sounded the alarm about the relaunch of Emotet, one of the year's most dangerous forms of malware, with a new spam campaign. We also reported on how international students in UK are targeted by visa scammers, what CEOs think about a potential US data privacy law, and...

GitHub hosted Magecart skimmer used against hundreds of e-commerce sites

Every day, new e-commerce websites fall into the hands of one of the many Magecart skimmers. Unbeknownst to shoppers, criminals are harvesting their personal information, including payment details in the online equivalent of ATM card skimming. Most often the skimming code—written in JavaScript an...

Information operations on Twitter: new data released on election tampering

Back in April, we talked about the wealth of options available to Russian hackers and others launching social engineering campaigns, whether on social networks or through clever attacks launched via Advanced Persistent Threats. Some of that was information published by Twitter at the time in...

A week in security (July 9 – July 15)

Last week, we talked about domestic abuse fuelled by IoT, doing threat intel programs right, blocking ICO fraud, and man-in-the-middle attacks. We also explained why we block shady ad blockers and provided tips to online shoppers for Prime Day. Other news: Reports revealed that low-end Android...

A conversation with America Geeks

Thanks to NeeP for contributing significant research. You can check out NeeP's YouTube channel here. Malwarebytes has written quite a bit about tech support scammers, typically focusing on new scam techniques as they arise with new threat actor groups. But sometimes our research discovers scammer...

Securing financial data of the future: behavioral biometrics explained

Some of us would be pretty excited about a brave, new passwordless world. Gone would be the days of having to write down 27 passwords and post them beside monitor screens. Or having to yell them out loud to a colleague on the other side of the room. For banks and other financial institutions, a...

Cloudflare’s new DNS service

Are you looking for a free way to speed up your internet and gain some extra privacy in the process? Keep reading, because Cloudflare the Web Performance & Security Company is offering a free new DNS service. And it helped me improve the speed of my DNS lookups. What is DNS? DNS is short for Doma...

A week in security (March 12 – March 18)

Last week on Malwarebytes Labs, we took a look at the inner workings of a fileless attack, explored what happened in a zero day ransomware attack aimed at South Koreans, gave you hints and tips for avoiding cold calls, and took a deep dive into the secretive world of GrayKey. Other news The Equif...

Report: Second quarter dominated by ransomware outbreaks

The second quarter of 2017 brought ransomware to unprecedented levels with worldwide outbreaks that went almost out of control. In scenarios reminiscent of yesteryears worms, WannaCry created global panic as it used a critical vulnerability in the SMBv1 protocol to propagate like wildfire. Within...

Android phones can be taken over remotely – update when you can

Android phones are vulnerable to attacks that could allow someone to takeover a device remotely without the device owner needing to do anything. Updates for these vulnerabilities and more are included in Googles Android security bulletin for December. In total, there are patches for 94...

Patch now! September Microsoft Patch Tuesday includes two actively exploited zero-days

Microsoft's September 2023 Patch Tuesday is another important one. Not because it's a busy one, but because we have some special cases. Patch Tuesday includes security updates for 59 bugs, two of which are known to be actively exploited. The Cybersecurity & Infrastructure Security Agency CISA has...

Exchange Server security updates updated

Microsoft has re-released the August 2023 Security Updates SUs for Exchange Server. The original release of the SUs, from August 8 2023, had a localization issue with Exchange Server running on a non-English Operating Systems OSes that caused Setup to stop unexpectedly, leaving Exchange services ...

A week in security (May 15-21)

Last week on Malwarebytes Labs: Why we should be more open about ransomware attacks Windows 11 is showing its first signs of Rust Update now! Ruckus vulnerability added to CISAs list of actively exploited bugs 3 reasons to use a VPN PharMerica breach impacts almost 6 million people Leaked Babuk...

Update now: Critical flaw in VMWare Fusion and VMWare Workstation

Four vulnerabilities in virtualisation software have been fixed by VMware, including two which were exploited at the 20223 Pwn2Own contest. Three have been given the severity rating "Important", with the last CVE-2023-20869 is classed as "Critical". Success! @starlabssg used an uninitialized...

Update your PaperCut application servers now: Exploits in the wild

PaperCut, maker of print management solutions, has urged product users to update as soon as possible. A security vulnerability which exploits unpatched servers has been seen in the wild, with serious ramifications for any organisation impacted. Two specific vulnerabilities are at the heart of thi...

A week in security (July 5 – July 11)

Last week on Malwarebytes Labs: Racing against a real-life ransomware attack. Podcast with Ski Kacoroski. Kaseya CEO: “The impact of this incredibly sophisticated attack is very minimal” Patch now! Emergency fix for PrintNightmare released by Microsoft. Game over: Apex Legends players locked out ...

Cryptomining containers caught coining cryptocurrency covertly

In traditional software development, programmers code an application in one computing environment before deploying it to a similar, but often slightly different environment. This leads to bugs or errors that only show up when the software is deployed—exactly when you need them least. To solve for...

Bluetooth beacons: one free privacy debate with your next order

Apps and their permissions have been in the news recently, particularly in relation to tracking/privacy issues and Bluetooth. Why Bluetooth, though? What is it, and what is it doing to raise concerns in some security quarters? Bluetooth: your cool, then uncool, but mostly cool again cousin...

Cybersecurity and the economy: when recession strikes

Cybercrime and the economy have always been intertwined, but with COVID-19 on the road to causing a seemingly inevitable global recession, many are asking what, exactly, will the impact be on cybercrime. Will criminals step up and increase malware production, ramp up phishing attacks, do whatever...

United States government-funded phones come pre-installed with unremovable malware

UPDATE: January 10, 2020 At time of original publication, we were not yet able to replicate the malware Android./Trojan.HiddenAds being dropped on our test device, though multiple users had reported that a variant of HiddenAds suddenly installed on their UMX mobile phone. As of today, we are now...

A week in security (July 29 – August 4)

Last week on Malwarebytes Labs we discussed the security and privacy changes in Android Q, how to get your Equifax money and stay safe doing it, and we looked at the strategy of getting a board of directors to invest in government cybersecurity. We also reviewed how a Capital One breach exposed...

Maine governor signs ISP privacy bill

Less than one week after Maine Governor Janet Mills received one of the nation’s most privacy-protective state bills on her desk, she signed it into law. The move makes Maine the latest US state to implement its own online privacy protections. The law, which will go into effect July 1, 2020, bloc...

New ‘Under the Radar’ report examines modern threats and future technologies

As if you haven't heard it enough from us, the threat landscape is changing. It's always changing, and usually not for the better. The new malware we see being developed and deployed in the wild have features and techniques that allow them to go beyond what they were originally able to do, either...

8 everyday technologies that can make you vulnerable to cyberattacks

The technological advances of the modern world make for an exciting and convenient lifestyle. With each new development, from artificial intelligence to the Internet of Things, we make the mundane and tedious more manageable. The security vulnerabilities of the latest tech have been well...

Tech support scam uses fake Shoppers Stop site to lure thousands

Update 2018-05-17: Shoppers Stop is a legitimate company based out of India and their brand was abused by scammers. These days, there are a lot of browser locker campaigns fueled by malvertising or redirection from hacked sites. But the Shoppers Stop tech scam campaign is actually a bit of both,...

Apple phish: Summary report statement

If the following message lands in your mailbox, you may wish to throw on your "This is highly suspicious" cap before proceeding further: The email is titled RE: Summary Report Statement login and update account 08/05/2017 Note the old spammer trick of placing "RE:" at the start to make you think...

Ivanti urges customers to patch yet another critical vulnerability

In a new blog post, Ivanti says that it has found another vulnerability and urges customers to “immediately take action to ensure you are fully protected”. This vulnerability only affects a limited number of supported versions–Ivanti Connect Secure version 9.1R14.4, 9.1R17.2, 9.1R18.3, 22.4R2.2 a...

Zero-day deploys remote code execution vulnerability via Word documents

An unpatched zero-day vulnerability is currently being abused in the wild, targeting those with an interest in Ukraine. Microsoft reports that CVE-2023-36884 is tied to reports of: …a series of remote code execution vulnerabilities impacting Windows and Office products. Microsoft is aware of...