4661 matches found
BadRabbit ransomware strikes Eastern Europe
A new strain of ransomware called BadRabbit is spreading through Eastern Europe. Likely created by the same authors as the Petya/Not Petya ransomware outbreak in June, BadRabbit ransomware uses a website to drop a fake Flash update and then drops its payload. Click to view slideshow. Countries we...
A week in security (July 17 – July 23)
Over the last week, we have covered Play Protect, android’s new security system and how the Dutch police ran Hansa Market after the take down of Alpha Bay, both major players on the Dark Web. We also provided some tips on how to stay cyber safe this summer. We also saw how the Terror exploit kit...
Learning PowerShell: The basics
I bet I went about learning PowerShell the wrong way, so I may need your help, readers of this blog. If only to organize my knowledge and use it for the fight against malware and not just to figure out how it was used in malware. The first serious look I had at PowerShell was when I was trying to...
Update Chrome now! Google releases emergency security patch
Google has released an emergency security update for its Chrome browser. The update includes a patch released four days earlier for a vulnerability which Google say is already being exploited. The easiest way to update Chrome is to allow it to update automatically, but you can end up lagging behi...
Update now! Microsoft fixes two zero-days on February Patch Tuesday
Microsoft has issued patches for 73 security vulnerabilities in its February 2024 Patch Tuesday. Among these vulnerabilities are two zero-days that are reportedly being used in the wild. The two zero-day vulnerabilities have already been added to the Cybersecurity & Infrastructure Security Agency...
Credit card skimming on the rise for the holiday shopping season
As we head into shopping season, customers arent the only ones getting excited. More online shopping means more opportunities for cybercriminals to grab their share using scams and data theft. One particular threat were following closely and expect to increase over the next several weeks is credi...
Discord.io confirms theft of 760,000 members' data
Discord.io was/is a third party service that enables owners of Discord servers to create customized, personal Discord invites. After a preview of Discord.io's users database was posted on BreachForums, the owners have decided to shut down all Discord.io services "for the foreseeable future."...
CISA: You've got two weeks to patch Citrix NetScaler vulnerability CVE-2023-3519
The Cybersecurity and Infrastructure Security Agency CISA has added a critical unauthenticated remote code execution RCE vulnerability in Citrix NetScaler ADC and Citrix NetScaler Gateway to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This means that...
DNA testing company failed to protect sensitive genetic and health data, says FTC
DNA testing has long been a hot-button issue for security and privacy. Concerns about everything from law enforcement and data retention to job offers and insurance have all been examined at great length. With millions of people signing up to use these services, it was only a matter of time befor...
Ransomware review: May 2023
This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, "known attacks" are those where the victim didn't pay a ransom. This provides the best overall picture of...
3 tips to raise your backup game
If there was an award for "most overlooked really important thing in computing", backups would win. Every year. So let's put that right and spend a minute or two thinking about backups. Backups are great! Having backups is like having a do-over for your mistakes, and who hasn't wished for that? A...
Update Android now! Two critical vulnerabilities patched
The March security updates for Android include fixes for two critical remote code execution RCE vulnerabilities impacting Android systems running versions 11, 12, 12L, and 13. Users should update as soon as they can. The March 2023 Android Security Bulletin contains the details of the security...
Patch now! Cisco VPN routers are vulnerable to remote control
Cisco has released a security advisory about several vulnerabilities in the Cisco Small Business RV series routers, covering the RV160, RV260, RV340, and RV345. There are no workarounds available that address these vulnerabilities, so you need to patch. Vulnerabilities The vulnerabilities are...
Anti-war open-source software developer targets Russians and Belarussians with “protestware”
Russia is in the midst of its fourth week of attack against Ukraine. People worldwide have been increasingly and passionately showing support for Ukrainians since day one while condemning the atrocities of Russian President Vladimir Putin, the Russian military, and Belarus, its allied country...
A week in security (Nov 22 – Nov 28)
Last week on Malwarebytes Labs How to defend your website against card skimmers Security researchers play peek-a-boo with Conti ransomware server Windows 10 chills out, gives sysadmins a break Please dont buy this! 3 gift card scams to watch out for this Black Friday Millions of GoDaddy customer...
How to delete your Snapchat account
Snapchat is an instant messaging app popular with youngsters that allows users to send pictures and videos that are only viewable for short periods. But while hundreds of millions of daily active users consume and create content with Snapchat, not everyone is pleased with the mobile app. One of t...
A week in security (August 2 – August 8)
Last week on Malwarebytes Labs: RDP brute force attacks explained The 3 biggest threats reaching for your antivirus software’s off switch Zoom and gloom? Video comms org agrees to settle for $85m COVID-19 vaccine appointment system attacked in Italy Chrome casts away the padlock - is it good...
NSA issues advice for securing wireless devices
By releasing an information sheet that provides guidance on securing wireless devices while in public pdf—for National Security System, Department of Defense, and Defense Industrial Base teleworkers—the NSA has provided useful information on malicious techniques used by cyber actors, and ways to...
Kaseya update delayed for security reasons
Software vendor Kaseya has been caught in the chaos of a supply-chain compromise by the REvil ransomware gang since Friday. Around 40 managed service providers MSPs that rely on Kaseya VSA software to administer customers IT—and up to 1,500 of their customers—have been stricken with the ransomwar...
Microsoft exec reveals “routine” secrecy orders from government investigators
Microsoft executive Tom Burt told Congressional lawmakers Wednesday that Federal law enforcement agencies send “routine” secret orders for customer information from the Seattle-based company, numbering anywhere from 2,400 to 3,500 such requests a year. “While the recent news about secret...
White hat, black hat, grey hat hackers: What’s the difference?
When you think of the world of ethical hackers white hat, malicious hackers black hat, and hackers that flirt with both sides grey hat, you may envision people in shiny trench coats and dark glasses, whose computer skills are only matched by their prowess in martial arts. The truth is that hacker...
Cybercrime, fraud, and insider threats increased in 2020 in the UK, report says
Since the initial lockdown, we have seen the rise of certain types of cybercrime, including scams and fraud campaigns that either bank on the global COVID-19 pandemic or take advantage of potential victims that adhere to work-from-home measures. In the UK, the National Crime Agency NCA has...
Malwarebytes releases SMB Cybersecurity Trust & Confidence Report 2021
What can we say about 2020 that hasn’t already been said? Beliefs were shaken. Values were questioned. Truths were tested. Then COVID happened and things really got crazy. The World Health Organization declared the coronavirus outbreak a global pandemic on March 12, 2020. That same day...
Apple shines and buffs Mac security—Is it enough to stop today’s malware?
There’s a lot going on in the Mac security world lately. Over the last few months, Apple has ramped up security efforts across its platforms. From an endpoint security framework overhaul of macOS Catalina to phasing out kernel extensions, the tech giant has been battening down the...
Clubhouse under scrutiny for sending data to Chinese servers
The audio-chat app Clubhouse is the latest rage in the social media landscape. What makes it so popular and, now its part of the social media landscape, can we trust it? The Clubhouse app Clubhouse was launched about a year ago and was initially only used by Silicon Valley’s rich and famous. It i...
How to prevent a rootkit attack
If you're ever at the receiving end of a rootkit attack, then you'll understand why they are considered one of the most dangerous cyberthreats today. Rootkits are a type of malware designed to stay undetected on your computer. Cybercriminals use rootkits to remotely access and control your machin...
Labs report finds cyberthreats against healthcare increasing while security circles the drain
The team at Malwarebytes Labs is at it again, this time with a special edition of our quarterly CTNT report—Cybercrime tactics and techniques: the 2019 state of healthcare. Over the last year, we gathered global data from our product telemetry, honeypots, threat intelligence, and research efforts...
Red Hen website suffers SEO spam compromise
If you're thinking about checking out the website owned by the restaurant that asked White House press secretary Sarah Huckabee Sanders to leave the premises, you might want to hold off. There's some site compromise action afoot. Although the homepage appears to be acting in a perfectly normal...
Five easy ways to recognize and dispose of malicious emails
I suppose we all get our share of spam. Some more than others. But how do we differentiate between simple commercial spam and the types of emails that want to get us in trouble? The unsolicited commercial spam email is generally easy to recognize, report, and discard, but what about more dangerou...
Mobile Menace Monday: A race to hidden ads
Who doesn’t love a good motorcycle racing game, right? How about one easily available on Google Play, a “safe” place for all your Android app desires? How about a bike racing game that sticks with you so much, you can’t easily uninstall it? And it displays hidden ads? Wait, what!? That’s right! I...
Two major Canadian banks blackmailed after alleged data breach
While the US was celebrating Memorial Day on Monday, Canada was dealing with an unusual data breach affecting two popular financial institutions: Simplii Financial and Bank of Montreal BMO. The CBC broke the story and updated it throughout the day to mention that some 90,000 customers were possib...
SEO poisoning: Is it worth it?
Search Engine Optimization SEO poisoning basically comes down to getting your web page high in the rankings for relevant search results without buying advertisements or using legitimate, but tedious, SEO best practices. Instead, threat actors use illegal means to push their page to the top...
LockCrypt ransomware: weakness in code can lead to recovery
At the start of the year, it seemed that 2018 was going to be all about cryptominers. They so overwhelmingly dominated the landscape that it looked like no other threat had a chance. However, ransomware is not giving up the field so fast. There have been new variants popping up every couple of...
A week in security (March 26 – April 01)
Last week, we looked at the thought process behind creating a ransomware decryptor, the inner workings of QuantLoader, the ways one can protect their Android devices, the exploit kits we have encountered this winter, the now-known epidemic of data breaches, the coming of TLS 1.3, and the ways one...
“Celebrating Stephen Hawking” with a 419 scam
The recently departed Stephen Hawking is apparently back from the dead, now a target for scammers wanting to extract some quick cash from the unwary in the form of a vaguely surreal 419 scam. The whole thing begins with an email from, er, Stephen Hawking titled "Celebrating Stephen Hawking." Clic...
A week in security (February 19 – February 25)
Last week on Malwarebytes Labs, we gave readers a primer on encryption, took a stab at that Deepfakes tool Internet users seem to be interested in, and started a new series that talks about GDPR. We also looked at a drive-by download campaign that starts in booby-trapped Chinese websites that dro...
Text messages and the Bitcoin Code: follow the money trail
I was a bit surprised to receive lots of messages similar to the one below this past week: I mean, we've all done it—managed a bulk text spam campaign offering free Bitcoins in your spare time, while completely forgetting said business exists. Maybe I did it in my sleep? It's all gone a bit Fight...
Augmented Reality games and real-world trolling
Augmented Reality games—where you wave a device around and the digital collides with reality— have been booming in popularity ever since Pokemon GO! rolled into mobile storefronts. However, many AR games haven't really been designed with the possible consequences of real-world safety in mind. Tak...
Malvertising on Equifax, TransUnion tied to third party script (updated)
Update 10-16-2017: More information regarding the third-party script fireclick.js and the domain it contacted netflame.cc was revealed by the Wall Street Journal. That domain once was used by Digital River Inc., an e-commerce and digital-marketing vendor, for a now-defunct web-analytics product...
Drive-by mining and ads: The Wild Wild West
There seems to be a trend lately for publishers to monetize their traffic by having their visitors mine for cryptocurrencies while on their site. The idea is that you are accessing content for free and in exchange, your computer its CPU in particular will be used for mining purposes. The Pirate B...
Mobile Menace Monday: Malicious clicker with extra maliciousness included
A new malicious clicker has emerged onto third-party app stores. Chinese in origin, the malicious app uses heavy obfuscation and poses as a battery optimizer app. We classify is as Android/Trojan.Clicker.hyj. Click to view slideshow. Hide what’s inside To obfuscate its code, Clicker.hyj uses an A...
Adware the series, the final: Tools section
So far in this series, we have handed you some methods to recognize and remediate adware. We used this diagram as a guideline. During this journey, we have touched upon several free tools that we used to get some insight on what type of infection we were dealing with and where the adware could be...
A first analysis of the i-Soon data leak
Data from a Chinese cybersecurity vendor that works for the Chinese government has exposed a range of hacking tools and services. Although the source is not entirely clear, it seems that a disgruntled staff member of the group leaked the information on purpose. The vendor, i-Soon aka Anxun is...
Update Chrome! Google patches actively exploited zero-day vulnerability
Google has released an update for Chrome which includes four security fixes, including one for a vulnerability that has reportedly already been exploited. The easiest way to update Chrome is to allow it to update automatically, which basically uses the same method as outlined below but does not...
[updated] Atlassian: “Take immediate action” to patch your Confluence Data Center and Server instances
Atlassian has released an advisory about a critical severity authentication vulnerability in the Confluence Server and Data Center. All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. Atlassian Cloud sites are not impacted by this vulnerability, so if...
Ransomware review: February 2023
This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who builds a monthly picture of ransomware activity by monitoring the information published by ransomware gangs on their Dark Web leak sites. This information represents victims who were successfully attacke...
Introducing Quarantine for Cloud Storage Scanning in Nebula
Were excited to announce Quarantine for Malwarebytes Cloud Storage Scanning CSS, a new feature which allows you to automatically quarantine threats found in your cloud storage repositories. Malwarebytes Cloud Storage Scanning is an add-on service in Nebula that scans for malware on cloud storage...
A Chrome fix for an in-the-wild exploit is out—Check your version
Google has announced an update for Chrome that fixes an in-the-wild exploit. Chrome Stable channel has been updated to 107.0.5304.87 for Mac and Linux, and 107.0.5304.87/.88 for Windows. The vulnerability at hand is described as a type confusion issue in the V8 Javascript engine. Mitigation If...
iPhone zero-day. Update your devices now!
It's time to update your Apple devices to ward off a zero-day threat discovered by an anonymous researcher. As is customary for Apple, the advisory revealing this attack is somewhat threadbare, and doesn't reveal a lot of information with regard to what's happening, but if you own an iPad or iPho...
Escobar is the new Android banking Trojan we’ve met before
Aberebot, a known Android banking Trojan, has changed its name and returned loaded with new features. First spotted by @MalwareHunterTeam in early March, this mobile variant was renamed "Escobar"—a homage to the Colombian drug baron—and disguised itself as a McAfee app. It went by the package nam...