4707 matches found
A week in security (July 8 – 14)
Last week on Malwarebytes Labs, we looked at ways to send your sensitive information in a secure fashion, examined some tactics in incident response land, and explored federal data privacy law. We also looked at how security tools can turn against you, and took a deep dive into the rather fiendis...
Wall Street Market reported to have exit scammed
Around April 20, many users reported that Wall Street Market, a broadly known dark net market, had executed an exit scam, and that any pending orders were unlikely to be completed. Scamming with enterprises involving Bitcoin is not unheard of, and dark net markets with centralized escrow are...
So you’ve been asked to start a threat intel program
Ever since the Mandiant APT1 report landed like a bomb in private sector security reporting, threat intelligence has been a hot buzzword many companies have been chasing over. But what is threat intelligence? What do you need to execute it well? And how many new tools do you need to buy? The...
Fake Fortnite for Android links found on YouTube
The extremely popular video game Fortnite is coming to Android sometime this summer, and the fanbase is going wild. Not surprisingly, mobile malware developers are taking advantage. Already, there are several videos on YouTube with links claiming to be versions of Fortnite for Android, despite th...
Social media: A treasure trove of spam and scams
There are two kinds of spam associated with social media. There are spam ads that actually live on social media, and there is spam that comes in your inbox, courtesy of social media. Both thrive by using data from your social media accounts. But how do spammers know how to target you and send you...
A week in security (April 02 – April 08)
Last week, we took a look at fake Whatsapp antics, dubious gaming extensions, and a huge Panera bread breach. There was also LockCrypt ransomware to contend with, we had a poke around Linkedin, and we published another Physician, protect thyself blog. Other news Compromised cash register systems...
International Women’s Day: Women in tech share their stories
From the metoo movement to Oprah's Time's Up speech to the women's marches on cities throughout the world—it's been a banner year for women's rights. And on this International Women's Day, we wanted to do more than pay lip service to the changes in feminist dialogue. After all, tech is an industr...
IMPORTANT: Web blocking / RAM usage announcement
On January 27, we published a protection update that caused connection issues for many of our customers. As a side effect of the web protection blocks, the product also spiked memory usage and possibly caused a crash. We have triaged this issue and pushed a protection update that resolves it. For...
Exosrv.com, an ad server for adult sites, tops Malwarebytes detections
Update 12/18/2017: Upon review, we have decided to lift the block on those two ad servers. You can read ExoClick's comments below: At Exoclick we use large resources to ensure that the ads that we serve are clear, clean and issue free. Where malwares and other forms of malvertising are detected...
Our computers, ourselves: digital vs. biological security
Though by night I fight malware alongside the rest of the Malwarebytes research team, by day I work as a doctoral student in Immunobiology at Yale University, where I study the development of the immune system in your bone marrow. This grants me a unique perspective, as I’ve studied both the...
Patch now! VMWare escape flaws are so serious even end-of-life software gets a fix
VMWare has issued secuity fixes for its VMware ESXi, Workstation, Fusion, and Cloud Foundation products. It has even taken the unusual step of issuing updates for versions of the affected software that have reached thier end-of-life, meaning they would normally no longer be supported. This flaws...
Microsoft patches 34 vulnerabilities, including one zero-day
December’s Patch Tuesday is a relatively quiet one on the Microsoft front. Redmond has patched 34 vulnerabilities with only four rated as critical. One vulnerability, a previously disclosed unpatched vulnerability in AMD central processing units CPUs, was shifted by AMD to software developers. Th...
Extortionists target restaurants, demand money to take down bad reviews
Restaurants and other eating establishments are being targeted by extortionists who post fake reviews online and then offer to remove them in exchange for a gift card. The possibility has always existed to leave poor reviews on Google Maps and elsewhere. However, seeing fraudsters get organised a...
How to delete your Instagram account
Although sharing your day’s highlights in snapshots and videos on Instagram can be entertaining, some people claim to feel happier after deleting their accounts. Consuming media tailor-made to make other peoples lifestyles appear alluring can be addictive for some and induce anxiety in others. No...
How to choose the best VPN for you
If you’ve been shopping for a VPN service in 2021, you’ve probably noticed how many providers are available. Using a personal VPN has grown in popularity in recent years, and for good reason. You may no longer be asking, “Should I use one,” but rather, “Which one should I choose?” The answer migh...
Credit card skimmer piggybacks on Magento 1 hacking spree
Back in the fall of 2020 threat actors started to massively exploit a vulnerability in the no-longer maintained Magento 1 software branch. As a result, thousands of e-commerce shops were compromised and many of them injected with credit card skimming code. While monitoring activities tied to this...
10 best practices for MSPs to secure their clients and themselves from ransomware
Lock-downs and social distancing may be on, but when it comes to addressing the need for IT support—whether by current of potential clients—it’s business as usual for MSPs. And, boy, is it a struggle. On the one hand, they keep an eye on their remote workers to ensure they’re still doing their jo...
There’s an app for that: web skimmers found on PaaS Heroku
Criminals love to abuse legitimate services—especially platform-as-a-service Paas cloud providers—as they are a popular and reliable hosting commodity used to support both business and consumer ventures. Case in point, in April 2019 we documented a web skimmer served on code repository GitHub...
Cybersecurity pros think the enemy is winning
There is a saying in security that the bad guys are always one step ahead of defense. Two new sets of research reveal that the constant cat-and-mouse game is wearing on security professionals, and many feel they are losing in the war against cybercriminals. The first figures are from the...
Spotlight on Troldesh ransomware, aka ‘Shade’
Despite the decline in the number of ransomware infections over the last year, there are several ransomware families that are still active. Ransom.Troldesh, aka Shade, is one of them. According to our product telemetry, Shade has experienced a sharp increase in detections from Q4 2018 to Q1 2019...
Removing the jam in your printer security
Printers are an important, invisible—albeit sometimes loud—component of the office. But all too often they’re filled with mystery meat icons, peculiar blinking lights, or error messages with no instruction manual to hand. No problem, you can just print at the next station! Wrong. Printers also...
Information operations on Twitter: new data released on election tampering
Back in April, we talked about the wealth of options available to Russian hackers and others launching social engineering campaigns, whether on social networks or through clever attacks launched via Advanced Persistent Threats. Some of that was information published by Twitter at the time in...
A week in security (August 6 – August 12)
Last week, we published a review of exploit kits, talked about everyday tech that can give you a headache, and showed how to protect RDP access from ransomware. We also published a study on the true cost of cybercrime. Other news: Discovered at Black Hat: WhatsApp "message manipulation" Source: T...
A week in security (July 16 – July 22)
Last week on Labs, we looked at a Magniber expansion, explored open source vulnerabilities, and checked out the boons and drawbacks of smart assistants. We also continued our ad blocking article extravaganza, gave a whistlestop tour of third-party problems, and published our Q2 Cybercrime tactics...
IoT domestic abuse: What can we do to stop it?
Some 40 years ago, the sci-fi/horror film Demon Seed told the tale of a woman slowly imprisoned by a sentient AI, which invaded the smart home system her husband had designed to manage it. The AI locked doors, windows, turned off communications, and even put a synthesised version of her onscreen ...
Tips for safe summer travels: your cybersecurity checklist
Summer is just around the corner in the Northern Hemisphere, and with it comes vacation plans for many. Those looking to take some time away from work and home are likely making plans to secure their home, have their pets taken care of, and tie up loose ends at work. But how about securing your...
Mobile Menace Monday: re-emergence of a fake Android AV
Back in early 2013, a new mobile antivirus AV company called Armor for Android emerged into the mobile security software industry that had everyone perplexed. It seemed eerily like malware known as a Fake AV, and some even gave it that label. As a younger mobile researcher, I was one of those who...
Stop telephoning me-eh-eh-eh-eh: robocalls explained
If you've ever answered a call from anyone outside your contact list only to hear a recorded message playing back at you, you have just been robocalled. Unfortunately for American consumers, this happens several times a day, seven days a week. Suffice to say, this is beyond annoying—and it's...
Text messages and the Bitcoin Code: follow the money trail
I was a bit surprised to receive lots of messages similar to the one below this past week: I mean, we've all done it—managed a bulk text spam campaign offering free Bitcoins in your spare time, while completely forgetting said business exists. Maybe I did it in my sleep? It's all gone a bit Fight...
A week in security (October 23 – October 29)
Welcome back to "A week in security." Last week, we took a look at how deleted files can be recovered, explored the BadRabbit ransomware plague attacking Eastern Europe including a deep dive into the code, and talked about what it takes to work in security. One of our researchers, who is a PhD...
419 spam: 10 million US dollars, courtesy of “Rev. Goodluck Ebola”
I'm not saying an email claiming to be from the "Central Bank of Nigeria" with a contact handler named "Rev. Goodluck Ebola" will raise too many red flags, but… Click to Enlarge CENTRAL BANK OF NIGERIA OFFICE OF THE GOVERNOR Zaria Street, Off Samuel Akintola Street,Garki 11, Garki-Abuja. Our Ref:...
Report: Second quarter dominated by ransomware outbreaks
The second quarter of 2017 brought ransomware to unprecedented levels with worldwide outbreaks that went almost out of control. In scenarios reminiscent of yesteryears worms, WannaCry created global panic as it used a critical vulnerability in the SMBv1 protocol to propagate like wildfire. Within...
TheTruthSpy stalkerware, still insecure, still leaking data
In 2022, we published an article about how photographs of children taken by a stalkerware-type app were found exposed on the internet because of poor cybersecurity practices by the app vendor. The stalkerware-type app involved, TheTruthSpy, has shown once again that the way in which it handles...
Joomla! vulnerability is being actively exploited
The Cybersecurity and Infrastructure Security Agency CISA has added a vulnerability for the Joomla! Content Management System CMS to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This means that Federal Civilian Executive Branch FCEB agencies need to...
Patch now! September Microsoft Patch Tuesday includes two actively exploited zero-days
Microsoft's September 2023 Patch Tuesday is another important one. Not because it's a busy one, but because we have some special cases. Patch Tuesday includes security updates for 59 bugs, two of which are known to be actively exploited. The Cybersecurity & Infrastructure Security Agency CISA has...
Patch now! Citrix Sharefile joins the list of actively exploited file sharing software
The Cybersecurity and Infrastructure Security Agency CISA has added a vulnerability to its catalog of know exploited vulnerabilities, based on evidence of active exploitation. This means that Federal Civilian Executive Branch FCEB agencies need to remediate this vulnerability by September 6, 2023...
Update now! Apple fixes several serious vulnerabilities
Apple has released security updates for several products to address several serious vulnerabilities including some actively exploited zero-days. Updates are available for these products: Safari 16.6 | macOS Big Sur and macOS Monterey ---|--- iOS 16.6 and iPadOS 16.6 | iPhone 8 and later, iPad Pro...
Update your PaperCut application servers now: Exploits in the wild
PaperCut, maker of print management solutions, has urged product users to update as soon as possible. A security vulnerability which exploits unpatched servers has been seen in the wild, with serious ramifications for any organisation impacted. Two specific vulnerabilities are at the heart of thi...
Business Services industry targeted across the country for backdoor access
The presence of so many hacking tools in the detections for the Business Services industry tells a story about these organizations being targeted for not only infection, but to establish backdoors and likely gain access to customers of the organizations through the victims network. Just like...
Why data protection and privacy are not the same, and why that matters: Lock and Code S03E09
Theres a mistake commonly made in the United States that a law that was passed to help people move their healthcare information to a new doctor or provider was actually passed to originally implement universal, wide-ranging privacy controls on that same type of information. This is the mixup with...
Escobar is the new Android banking Trojan we’ve met before
Aberebot, a known Android banking Trojan, has changed its name and returned loaded with new features. First spotted by @MalwareHunterTeam in early March, this mobile variant was renamed "Escobar"—a homage to the Colombian drug baron—and disguised itself as a McAfee app. It went by the package nam...
A week in security (June 28 – July 4)
Last week on Malwarebytes Labs: Is it Game Over for VR Advergaming? Lil’ skimmer, the Magecart impersonator What is the WireGuard VPN protocol? Binance receives the ban hammer from UK’s FCA Fired by algorithm: The future’s here and it’s a robot wearing a white collar Second colossal Linkedin...
Brave takes aim at Google with privacy-first search engine
The privacy-forward web browser Brave launched its new search engine in beta on Wednesday, promising a more private experience that does not track user searches, build user profiles, or require the use of an external, pre-existing search index to deliver results. Clear from the company’s early...
How a Resident Evil image leaked in a ransomware attack ended up in the middle of $12m copyright claim
Back in November, gaming giant Capcom suffered a ransomware attack. In its press notification, it mentioned the various types of data potentially grabbed by their attackers. Things took an ominous turn when they refused to pay the ransom, and the group behind the attack said that was the wrong...
Gang arrested for SIM-swapping celebrities, stealing $100 million
The UKs National Crime Agency NCA—working alongside the US Secret Service, Homeland Security, the FBI, Europol, and the District Attorneys Office of Santa Clara California—spearheaded the arrest of eight British citizens in the UK and Scotland, aged between 18 to 26, for a string of SIM swapping...
Explained: data enrichment
How do your favorite brands know to use your first name in the subject line of their emails? Why do you seem to get discounts and special offers on products you've recently purchased? Businesses are able to personalize their marketing messages thanks to data enrichment. Data enrichment applies to...
Would ‘Medicare for All’ help secure health data?
DISCLAIMER: This post is not partisan, but rather focuses on risk assessment based on history and what threats we are facing in the future. We do not endorse any healthcare plan style in any way, outside of examining its data security risk. For many folks, the term ‘Healthcare for All’ brings up ...
GitHub hosted Magecart skimmer used against hundreds of e-commerce sites
Every day, new e-commerce websites fall into the hands of one of the many Magecart skimmers. Unbeknownst to shoppers, criminals are harvesting their personal information, including payment details in the online equivalent of ATM card skimming. Most often the skimming code—written in JavaScript an...
Interview with a malware hunter: Jérôme Segura
In our series "Interview with a malware hunter," our feature role today goes to Jérôme Segura, Malwarebytes’ Head of Threat Intelligence and world-renowned exploit kits researcher. The goal of this series is to introduce our readers to our malware intelligence crew by involving them in these Q&A...
A week in security (December 10 – 16)
Last week on Labs, we took a look at some new Mac malware, a collection of various scraped data dumps, the protection of power grids, and how bad actors are using SMB vulnerabilities. Other cybersecurity news Millions affected by Facebook photo API bug: An issue granted third-party apps more acce...