4660 matches found
Keeping ransomware cash away from your business
A ransomware gang has made headlines for donating a big chunk of stolen funds to two charities. Two separate donations given to Children International and The Water Project rang tills to the tune of $10,000 each. Their reason was that they’re targeting “only large profitable corporations, we thin...
A week in security (February 3 – 9)
Last week on Malwarebytes Labs, we looked at Washington state’s latest efforts in providing better data privacy rights for their residents, and we dove into some of the many questions regarding fintech: What is it? How secure is it? And what are some of the problems in the space? We also detailed...
Explained: juice jacking
When your battery is dying and you're nowhere near a power outlet, would you connect your phone to any old USB port? Joyce did, and her mobile phone got infected. How? Through a type of cyberattack called "juice jacking." Don’t be like Joyce. Although Joyce and her infected phone are hypothetical...
Enterprise incident response: getting ahead of the wave
Enterprise defenders have a tough job. In contrast to small businesses, large enterprise can have thousands of endpoints, legacy hardware from mergers and acquisitions, and legacy apps that are business critical and prevent timely patching. Add to that a deluge of indicators and metadata from the...
A week in security (April 8 – 14)
Last week on Labs, we said hello to Baldr, a new stealer on the market, we wondered who is managing the security of medical management apps, discussed the different perceptions of personal information, and we looked at fake Instagram assistance apps found on Google Play that are stealing password...
Was this really an attempt by the Chinese?
Last weekend, during President Trump’s visit to the Mar-a-Lago resort, a 23-year-old Chinese woman attempted to gain access to the Florida resort by lying and bluffing her way in. After some discussion at the gate, she was escorted to the reception of the resort where it was found out that she wa...
US Congress proposes comprehensive federal data privacy legislation—finally
The United States might be the only country of its size—both in economy and population—to lack a comprehensive data privacy law protecting its citizens’ online lives. That could change this year. Never-ending cybersecurity breaches, recently-enacted international privacy laws, public outrage, and...
Malwarebytes Labs Cybercrime Tactics and Techniques Report (CTNT) shows shift to business targets in Q3
Once again, it's that time of year: time for the quarterly Malwarebytes Labs Cybercrime Tactics and Techniques Report. Strap in your seat belts, folks, because the third quarter of 2018 was quite a wild ride. After a sleepy first two quarters, cybercriminals shook out the cobwebs and revved up...
A week in security (September 10 – 16)
Last week on Malwarebytes Labs, we assessed the security of a portable router, identified ways to waste a scammer's time, named the many faces of omnichannel fraud, questioned the security of 2FAs, profiled a massive tech support scam operation, and exposed a new HMRC phishing campaign. Other...
A week in security (July 16 – July 22)
Last week on Labs, we looked at a Magniber expansion, explored open source vulnerabilities, and checked out the boons and drawbacks of smart assistants. We also continued our ad blocking article extravaganza, gave a whistlestop tour of third-party problems, and published our Q2 Cybercrime tactics...
We block shady ad blockers
Some of you have reached out to us concerning Malwarebytes blocking of certain ad blocking extensions, or an influx in web blocking notifications. First things first, this is not a false positive. Recently in their blog, AdGuard has discovered that numerous malicious ad blocking extensions were...
How the EU intends to battle fake news
Last week the European Union issued a press release to announce their next steps against fake news. These steps will be the launch of a public consultation and the setup of a high-level expert group representing academics, online platforms, news media, and civil society organizations. The first...
Our computers, ourselves: digital vs. biological security
Though by night I fight malware alongside the rest of the Malwarebytes research team, by day I work as a doctoral student in Immunobiology at Yale University, where I study the development of the immune system in your bone marrow. This grants me a unique perspective, as I’ve studied both the...
A week in security (October 9 – October 15)
Last week on the Labs blog, we talked about GDPR as part of our series in the National Cyber Security Awareness Month NCSAM. We also discussed a new method for phishing Apple ID passwords and the possible ramifications. We analyzed the malvertising chain due to a script that was found on popular...
Mobile Menace Monday: Implications of Google Play Protect
Along with the recent release of Google’s new OS, Android 8.0 Oreo, they also released a new security suite known as Google Play Protect. As blogged about in July in Play Protect: Android’s new security system is now available, this new suite has been available since mid-May. To reiterate As note...
A week in security (August 21 – August 27)
In our blog posts, we announced the introduction of, and explained the necessity for, real-time protection for our Mac and Android users. Also explaining what you can expect them to do for you and answering the questions that we expect to be frequently asked. We looked at 4 key steps you can take...
WhatsApp cryptocurrency scam goes for the cash prize
This weekend a scammer tried his luck by reaching out to me on WhatsApp. It’s not that I don’t appreciate it, but trust me, it’s bad for your business. I received one message from a number hailing from the Togolese Republic. WhatsApp message from an unknow sender “Jay, your financial account has...
Ransomware review: December 2023
This article is based on research by Marcelo Rivero, Malwarebytes ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, "known attacks" are those where the victim did not pay a ransom. This provides the best overall picture of...
Patch now! BIG-IP Configuration utility is vulnerable for an authentication bypass
Tech company F5 has warned customers about a critical authentication bypass vulnerability impacting its BIG-IP product line that could result in unauthenticated remote code execution. F5 provides services focused on security, reliability, and performance. BIG-IP is a collection of hardware...
Patch now! Ivanti Endpoint Manager Mobile Authentication vulnerability used in the wild
The Cybersecurity and Infrastructure Security Agency CISA added one new vulnerability to its Known Exploited Vulnerabilities Catalog affecting Ivanti Endpoint Manager Mobile, based on evidence of active exploitation. All Federal Civilian Executive Branch FCEB agencies must remediate this...
Google fixes "Bad.Build" Cloud Build flaw, researchers say it's not enough
Researchers at Orca Security have found a design flaw in the Google Cloud Build service. Attackers would have been able to gain Privilege Escalation resulting in unauthorized access to code repositories in Googles Artifact Registry. The researchers dubbed the vulnerability Bad.Build and say it...
Update now! Apple issues patches for three actively used zero-days
Apple has rolled out security updates for Safari 16.5, watchOS 9.5, tvOS 16.5, iOS 16.5, iPadOS 16.5, iOS 15.7.6, iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Ventura 13.4, and macOS Monterey 12.6.6. Among the security updates were patches for three actively exploited zero-day vulnerabilities. All...
Clop ransomware is victimizing GoAnywhere MFT customers
According to information gathered by BleepingComputer, the Clop ransomware group has claimed responsibility for the ransomware attacks that are tied to a vulnerability in the Fortra GoAnywhere MFT secure file-sharing solution. As we reported on February 8, Fortra released an emergency patch 7.1.2...
5 facts about Vice Society, the ransomware group wreaking havoc on the education sector
Move over Lockbit, there's a new ransomware-as-a-service RaaS player in town attacking the education sector--and its name is Vice Society. Vice Society is believed to be a Russian-based intrusion, exfiltration, and extortion group. And their ideal prey? You guessed it: universities, colleges, and...
Update now! Google patches Android vulnerability that allows remote code execution over Bluetooth
In the Android security bulletin of December 5, 2022 you can find an overview of the security vulnerabilities affecting Android devices that are fixed in patch level 2022-12-05 or later. The most severe of these issues is a critical security vulnerability in the System component that could lead t...
A week in security (September 19 – 25)
Last week on Malwarebytes Labs: Hookup site targeted by typo-squatters American Airlines suffers data breach after phishing incident Grand Theft Auto 6 suffers grand theft EDR vs MDR vs XDR - Whats the Difference? Scammers send fake 'Energy Bills Support Scheme' texts Tax refund phish logs...
The Wren Eleanor story: Why you should keep your kids’ images off social media
TikTok moms have started a movement: Calling out potential creeps who follow child influencer accounts on the platform. The latest account in the spotlight is @wren.eleanor, a TikTok account with a massive 17.3 million followers. Its an impressive number and one that got the attention of armchair...
Extortionists target restaurants, demand money to take down bad reviews
Restaurants and other eating establishments are being targeted by extortionists who post fake reviews online and then offer to remove them in exchange for a gift card. The possibility has always existed to leave poor reviews on Google Maps and elsewhere. However, seeing fraudsters get organised a...
MakeMoney malvertising campaign adds fake update template
Malware authors and distributors are following the ebbs and flow of the threat landscape. One campaign we have tracked for a numbers of years recently introduced a new scheme to possibly completely move away from drive-by downloads via exploit kit. In this quick blog post, we will look at this ne...
Gamers beware: The risks of Real Money Trading (RMT) explained
Any game with an online component can be at risk from a practice known as Real Money Trading RMT, where in-game items, artefacts, characters and the like are sold for real money. It’s a big problem for developers, especially in competitive and / or massively multiplayer online role-playing game...
Bitcoin scammers phish for wallet recovery codes on Twitter
Were no strangers to the Twitter customer support DM slide scam. This is where someone watches an organisation perform customer support on Twitter, and injects themselves into the conversation at opportune moments hoping potential victims don’t notice. This is aided by imitation accounts modelled...
Ransomware group threatens to leak information about police informants
UPDATE 12:12 PM Pacific Time, April 28: As of at least 9:40 AM Pacific Time, the Babuk ransomware gang removed any reference to the allegedly stolen DC Police Department data from its data leak website. This does not indicate with any certainty that the DC Police Department paid Babuk, but it is...
Zoom deepfaker fools politicians…twice
We recently said deepfakes “remain the weapon of choice for malign interference campaigns, troll farms, revenge porn, and occasionally humorous celebrity face-swaps”. Skepticism that these techniques would work on a grand scale such as an election, remains in place. In the realm of malign...
PYSA, the ransomware attacking schools
The education sector’s cybersecurity problem has compounded in the last few months. A recent warning from the FBI, in mid-March, put schools in the US and UK on notice of increased attacks from the threat actors behind the PYSA ransomware. If this is the first time you’ve heard of this family, re...
Perkiler malware turns to SMB brute force to spread
Researchers at Guardicore have identified a new infection vector being used by the Perkiler malware where internet-facing Windows machines are breached through SMB password brute force. Perkiler is a complex Windows malware with rootkit components that is dropped by the Purple Fox exploit kit EK...
HelloKitty: When Cyberpunk met cy-purr-crime
On February 9, after discovering a compromise, CD Projekt Red CDPR announced to its 1+ million followers on Twitter that it was the victim of a ransomware attack against its systems and made it clear they would not yield to the demands of the threat actors, nor negotiate. Cyberpunk 2077, the late...
$12m Grindr fine shows GDPR’s got teeth
As thoughts turn to Data Privacy this week in a big way, GDPR illustrates it isnt an afterthought. Grindr, the popular social network and dating platform, will likely suffer a $12 million USD fine due to privacy related complaints. What happened here, and what are the implications for future case...
SearchDimension search hijackers: An overview of developments
Background information on SearchDimension SearchDimension is the name of a family of browser hijackers that makes money from ad clicks and search engine revenues. The family was named after the domain searchdimension.com that popped up in 2017, and they still sometimes use the letter combo SD in...
Explained: cloud-delivered security
As a counterpart to security for your assets in the cloud, you may also run into solutions that offer security from the cloud. These solutions are generally referred to as cloud-delivered security. Cloud-delivered security is sometimes called security-as-a-service which we will avoid here as it...
The little-known ways mobile device sensors can be exploited by cybercriminals
The bevy of mobile device sensors in modern smartphones and tablets make them more akin to pocket-sized laboratories and media studios than mere communication devices. Cameras, microphones, accelerometers, and gyroscopes give incredible flexibility to app developers and utility to mobile device...
Here are the most popular robocall scams and how to avoid them
We recently examined how robocall scams are a serious threat to privacy, alongside the astonishing rate at which their volume continues to increase. Forty-three billion calls in 2019 with an average of 131 calls per person in the US alone is not something to be sniffed at. No matter how careful y...
Why all organizations must better protect sensitive data
About two weeks ago, National Cybersecurity Awareness Month NCSAM kicked off with a new message stressing personal responsibility for users keeping themselves safe online: “Own IT. Secure IT. Protect IT.” NCSAM asked users to consider best practices for both securing their own devices and...
Holes found in Mojave’s privacy protection
macOS Mojave was released on Monday, September 24, with much promise of increased privacy protections. In particular, apps are now required to get permission from users before they can access data in certain locations, such as Mail data, contacts, calendar events, Safari user data, and more...
A week in security (September 17 – 23)
Last week, we took a look at a low level spam campaign on Twitter, explored the signs of falling victim to phishing, and examined a massive WordPress compromise. We also explained some SASL vulnerabilities and covered a breaking Emotet spam campaign. Other cybersecurity news: NewEgg attacked by...
How to secure your content management system
Suppose you want to start your own blog or set up a website where you can easily manage its content, the way it looks, and how often it changes. What you need is a content management system CMS. WordPress, Drupal, and Joomla are some of the most popular content management systems used by both...
A week in security (July 30 – August 5)
Last week, we posted a roundup of spam that may have landed in your mailbox, talked about what makes us susceptible to social engineering tactics, and took a deep dive into big data. Other news: Facebook claimed to have removed accounts that display behavior consistent with possible Russian actor...
Block all or nothing to prevent ICO fraud?
At Malwarebytes, we feel we have reached a point where we need to ask our customers how to proceed on the subject of ICO scams. Asking for your opinion may seem strange to some of you, but Malwarebytes comes from a community of mutual help and trust. If you were unaware of this, reading how our C...
Malwarebytes CrackMe 2: contest summary
About three weeks ago, we published our second CrackMe. It triggered a lot of interest, and we got many high-quality write-ups. Choosing the winner was really difficult! In this post, I am going to summarize the contest and comment on the received submissions. CrackMe 2 challenge The topic of the...
Mobile Menace Monday: re-emergence of a fake Android AV
Back in early 2013, a new mobile antivirus AV company called Armor for Android emerged into the mobile security software industry that had everyone perplexed. It seemed eerily like malware known as a Fake AV, and some even gave it that label. As a younger mobile researcher, I was one of those who...
Keeping your business and personal instant messages secure
Most people want to know their instant messages are securely wrapped up—whether that's for personal privacy or making sure online scammers can't grab the message content. If you're sending text on a sensitive topic, or perhaps some photo attachments intended for one person only, you definitely...