Update your iPhones and iPads now: Apple patches security vulnerabilities in iOS and iPadOS

Apple has released a security update for iOS and iPadOS to patch two zero-day vulnerabilities which are reported to already have been exploited. Zero-day vulnerabilities are discovered by attackers before the software company itself - meaning the vendor has zero days to fix them. Both the two...

Update now! Apple fixes three actively exploited vulnerabilities

Apple has released security updates for several products to address a set of flaws that it says are being actively exploited. Updates are available for these products: Safari 16.5.1 | macOS Big Sur and macOS Monterey ---|--- iOS 16.5.1 and iPadOS 16.5.1 | iPhone 8 and later, iPad Pro all models,...

Sponsored Twitter post uses fake BBC News site to boost slippery oil trading app

A sponsored post on Twitter promises to offer the benefits of obtaining citizenship, but really just wants to lure you into some form of Forex trading AI scheme. This tangled web also includes faked BBC web pages and suspicious-looking website reviews to round the whole thing off. Shall we take a...

Microsoft: You're already using the last version of Windows 10

Microsoft issued a client roadmap update on Thursday to remind us once again that Windows 10 support is slowly coming to an end. In less than three years, all Windows 10 users will need to have moved to Windows 11. While moving to Windows 11 should be a win for security, some Windows 10 fans may ...

Medibank customers' personal data compromised by cyber attack

Australian health care insurance company Medibank confirmed that the threat actor behind a cyberattack on the company had access to the data of at least 4 million customers. Although Medibank at first said that there was "no evidence that customer data has been accessed," a week later their...

The ransomware landscape changes as fewer victims decide to pay

Fewer victims are choosing to pay their ransomware extorters, especially among large enterprises, according to a recent investigation from Coveware. As a result of this, and other circumstances, we can see some shifts in the way that ransomware groups and their affiliates work. Large organization...

Xenomorph banking Trojan downloaded over 50,000 times from Play Store

Besides the name of the creature that “stars” in the Alien movies by 20th Century Fox, Xenomorph is also the name given to an Android banking Trojan. Researchers found this banking Trojan to be distributed on the official Google Play Store, with more than 50,000 installations. The researchers...

Update now! Apple fixes actively exploited zero-day

Apple has released a security fix for a zero-day vulnerability CVE-2022-22620 that it says "may have been actively exploited." According to the security update information provided by Apple the vulnerability exists in WebKit—the HTML rendering engine component of its Safari browser—and can be use...

A week in security (Nov 8 – Nov 14)

Last week on Malwarebytes Labs Multiple video games break after domain name snafu How to remove adware on an Android phone Smart TV adverts put a wrinkle in your programming Are cybercriminals turning away from the US and targeting Europe instead? Patch now! Microsoft plugs actively exploited...

What is Tor?

Tor, The Onion Router Tor The Onion Router is free software used to keep your online communications safe and secure from outside observers. It’s designed to block tracking and eavesdropping, resist fingerprinting where services tie your browser and device information to an identity, and to hide t...

Judge drops hammer, dishes 7 years slammer for BEC and romance scammer

A Texas resident has finally paid the price for a heady mix of malicious mail antics. A combination of business email compromise BEC scams and romance fakeouts bagged them $2.2 million across roughly 6 years. This is quite a divergent portfolio of scamming activity. You may typically assume BEC...

Fake Trezor app steals more than $1 million worth of crypto coins

Several users of Trezor, a small hardware device that acts as a cryptocurrency wallet, have been duped by a fake app with the same name. The app was available on Google Play and Apple’s App Store and also claimed to be from SatoshiLabs, the creators of Trezor. According to the Washington Post, th...

Report goes “behind enemy lines” to reveal SilverFish cyber-espionage group

The PRODAFT Threat Intelligence Team has published a report pdf that gives an unusually clear look at the size and structure of organized cybercrime. It uncovered a global cybercrime campaign that uses modern management methods, sophisticated tools—including its own malware testing sandbox—and ha...

A week in security (March 15 – 21)

Last week on Malwarebytes Labs, our podcast featured Adam Kujawa, who talked us through our 2021 State of Malware report. We cover our own research on: Royal mail parcel scam How your iPhone can tell you if you’re being stalked Careers in cybersecurity ProxyLogon PoC whack-a-mole Teen behind 2020...

FBI warns of increase in PYSA ransomware attacks targeting education

On March 16, the Federal Bureau of Investigation FBI issued a "Flash" alert on PYSA ransomware after an uptick on attacks this month against institutions in the education sector, particularly higher ed, K-12, and seminaries. According to the alert PDF, the United Kingdom and 12 states in the US...

5 common VPN myths busted

Virtual Private Networks VPNs are popular but often misunderstood. There are many misconceptions about them—misconceptions that may be stopping people from adding a useful layer to their security and privacy defenses. So, let’s do some myth busting. 1. VPNs are for illegal activity Some people...

China’s RedEcho accused of targeting India’s power grids

RedEcho, an advanced persistent threat APT group from China, has attempted to infiltrate the systems behind Indias power grids, according to a threat analysis report from Recorded Future PDF. It appears that what triggered this attempt to gain a foothold in Indias critical power generation and...

What Google learned from 1 billion evil email scams

Google and researchers at Stanford University have released an in-depth study analysing 5 months of phishing / malware mails sent globally. "Who is targeted by email-based phishing and malware? Measuring factors that differentiate risk" looked at more than a billion mails. The results were then f...

Lock and Code S1Ep11: Locating concerns of Bluetooth and beacon technology with Chris Boyd

This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Chris Boyd, lead malware intelligence analyst for Malwarebytes, about Bluetooth and beacon technology. Last month, cybersecurity experts warned the publi...

GDPR: An impact around the world

A little more than one month after the European Union enacted the General Data Protection Regulation GDPR to extend new data privacy rights to its people, the governor of California signed a separate, sweeping data protection law that borrowed several ideas from GDPR, sparking a torch in a...

A week in security (October 28 – November 3)

Last week on Malwarebytes Labs, we celebrated the birth of the Internet 50 years ago, highlighted reports about the US Federal Trade Commission FTC filing a case against stalkerware developer Retina-X, issued a PSI on disaster donation scams, looked at the top cybersecurity challenged SMBs face,...

A week in security (October 14 – 20)

Last week on Malwarebytes Labs, we tried to unlock the future of the password its vulnerabilities, current alternatives, and possible future disappearance, analyzed the lagging response by many businesses in adopting a patch for Pulse VPN vulnerability, looked at Instagram’s bulked-up security...

Ransomware continues assault against cities and businesses

Ransomware continues to make waves in the US, forcing multiple cities and organizations into tough choices. Pressed for cash and time, local government organizations are left with few options: Either pay the ransom as soon as possible and encourage criminals to continue bringing essential service...

8 ways to improve security on smart home devices

Every so often, a news story breaks that hackers have made their way into a smart home device and stolen personal data. Or that vulnerabilities in smart tech have been discovered that allow their producers or other cybercriminals to spy on customers. We've seen it play out over and over with smar...

Cryptojacking in the post-Coinhive era

September 2017 is widely recognized as the month in which the phenomenon that became cryptojacking began. The idea that website owners could monetize their traffic by having visitors mine for cryptocurrencies in their browser was not new, but this time around it became mainstream, thanks to an...

Explained: like-farming

Like-farming, aka like-harvesting, is a method used by commercial parties and scammers alike to raise the popularity of a site or domain. The ultimate dream of every like-farmer is for his post to go viral by accumulating as many likes and shares as possible from all over the world. Like-farmers...

Millions of accounts affected in latest Facebook hack

Update 2018-10-18: According to the Wall Street Journal, the hack on Facebook was perpetrated by spammers rather than a nation state. Facebook also revised its numbers down, saying that about 30 million accounts had been compromised. Facebook announced earlier today that its social network had be...

Mobile Menace Monday: SMS phishing attacks target the job market

Recently, a co-worker received an enticing SMS message from ASPXPPZUPS Human Resources. It read: Tired of your old job? Join our team today, work from home and earn $6,200 per month: hire-me-zvcbrvpffy.hidden.com. Could it be that our dream job awaits via random text message? On the contrary, thi...

PBot: a Python-based adware

Recently, we came across a Python-based sample dropped by an exploit kit. Although it arrives under the disguise of a MinerBlocker, it has nothing in common with miners. In fact, it seems to be PBot/PythonBot: a Python-based adware. Apart from a couple of posts on forums in Russian language and...

DDoS attacks are growing: What can businesses do?

Depending on the type and size of your organization, a DDoS Distributed Denial of Service attack can be anything from a small nuisance to something that can break your revenue stream and damage it permanently. A DDoS attack can cripple some online businesses for a period of time long enough to se...

Physician, protect thyself: healthcare cybersecurity circling the drain

No one knows you better than you do. But thanks to technology advances and the continued digitization of healthcare data accumulation and sharing processes, we can also honestly say the same about your healthcare provider. Indeed, every time we get in touch with a health professional, data is...

Update now! JetBrains TeamCity vulnerability abused at scale

JetBrains issued a warning on March 4, 2024 about two serious vulnerabilities in TeamCity server. The flaws can be used by a remote, unauthenticated attacker with HTTPS access to a TeamCity on-premises server to bypass authentication checks and gain administrative control of the TeamCity server...

Patch now! First patch Tuesday of 2024 is here

Microsoft has issued patches for 48 security vulnerabilities in the first Patch Tuesday of 2024. With a relatively low number of patches—and only two of them critical—this makes it a relatively quiet month, which is certainly not the norm in January. The Common Vulnerabilities and Exposures CVE...

A proxyjacking campaign is looking for vulnerable SSH servers

A researcher at Akamai has posted a blog about a worrying new trend--proxyjacking--where criminals sell your bandwidth to a third-party proxy service. To understand how proxyjacking works, well need to explain a few things. There are several legitimate services that pay users to share their surpl...

[updated] Barracuda Networks patches zero-day vulnerability in Email Security Gateway

On May 20, Barracuda Networks issued a patch for a zero day vulnerability in its Email Security Gateway ESG appliance. The vulnerability existed in a module which initially screens the attachments of incoming emails, and was discovered on May 19. Barracuda's investigation showed that the...

Timely patching is good, but sometimes it's not enough

Ransomware gangs have shown that they can play a long game, so it shouldnt come as a surprise to learn of one prepared to wait months to make use of a compromised system. S-RMs Incident Response team shared details of a campaign attributed to the Lorenz ransomware group that exploited a specific...

Update now! Two zero-days fixed in 2022's last patch Tuesday

In numbers, the patch Tuesday of December 2022 is a relatively light one for Windows users. Microsoft patched 48 vulnerabilities with only six considered critical. But numbers are only half the story. Two of the updates are zero-days with one of them known to be actively exploited. Windows...

Researchers found one-click exploits in Discord and Teams

A group of security researchers have discovered a series of vulnerabilities in Electron, the software underlying popular apps like Discord, Microsoft Teams, and many others, used by tens of millions of people all over the world. Electron is a framework that allows developers to create desktop...

Facebook phish claims “Someone tried to log into your account”

Watch out for bogus Facebook phishing messages winging their way to your mailbox. The ruse is quite simple: The mail senders are relying on the recipient’s sense of panic to respond without thinking about it. The mail looks professional enough, and seeks to imitate what would be a fairly typical...

Mac users, update now! “Powerdir” flaw could allow attackers to spy on you

If you have been forgoing updating your Mac, this article might make you think twice. The Microsoft 365 Defender Research Team has discovered a vulnerability in macOS, which allows malicious apps to successfully bypass a users privacy preferences. This means attackers could access personal data...

A week in security (Nov 1 – Nov 7)

Last week on Malwarebytes Labs Celebrity jewelry house Graff falls victim to ransomware Lessons from a real-life ransomware attack Is Apples Safari browser the last, best hope for web privacy? What is Twitch? Google patches zero-day vulnerability, and others, in Android Zuckerbergs Metaverse, and...

Microsoft Exchange Autodiscover flaw reveals users’ passwords

Researchers have been able to get hold of 372,072 Windows domain credentials, including 96,671 unique credentials, in slightly over 4 months by setting up a Microsoft Exchange server and using Autodiscover domains. The credentials that are being leaked are valid Windows domain credentials used to...

COVID-19 vaccine appointment system attacked in Italy

In another cyberattack on a healthcare system, threat-actors have tried to throw a wrench into the ongoing COVID-19 vaccine roll-out in the region of Lazio, Italy. The large and densely populated region is the countrys second most populous and includes the countrys capital, Rome. On Sunday the...

Second colossal LinkedIn “breach” in 3 months, almost all users affected

LinkedIn has reportedly been breached—again—following reports of a massive sale of information scraped from 500M LinkedIn user profiles in the underground in May. According to Privacy Shark, the VPN company who first reported on this incident, a seller called TomLiner showed them he was in...

Hotel staff bust Hermes SMS scammer with suspiciously large number of cables

If you’re in the UK, you’ve likely received a fake delivery SMS at this point. The original big driver for this over the pandemic was a non-stop wave of Royal Mail phishing scams. As that article mentions, most if not all of our interactions with organisations is done by mobile. I receive medical...

Malicious commits found in PHP code repository: What you need to know

You’ve probably heard that PHP’s Git repository was recently compromised, allowing backdoors to be added to the code located there. You may also be wondering what that means, what a supply chain attack is, and how you could be affected. Read on and well lead you though a straightforward descripti...

Police credit “unlocked” SKY ECC encryption for organized crime bust

At the moment, I’m really torn, and I need your help. Let me tell you what is going on. I read these statements and they can’t both be true, right? “The continuous monitoring of the illegal Sky ECC communication service tool by investigators in three countries has provided invaluable insights int...

Retrohunting APT37: North Korean APT used VBA self decode technique to inject RokRat

This post was authored by Hossein Jazi On December 7 2020 we identified a malicious document uploaded to Virus Total which was purporting to be a meeting request likely used to target the government of South Korea. The meeting date mentioned in the document was 23 Jan 2020, which aligns with the...

Spotify resets some user logins after hacker database found floating online

A team of researchers working for vpnMentor has found a treasure trove in the form of an unsecured Elasticsearch database containing over 380 million records. The trove contained login credentials and other data belonging to Spotify users. So whats Spotify doing leaving its user data hanging arou...

Mac ThiefQuest malware may not be ransomware after all

Editor's note: The original name for the malware, EvilQuest, has been changed due to a legitimate game of the same name from 2012. The new name, ThiefQuest, is also more fitting for our updated understanding of the malware. The ThiefQuest malware, which was discovered last week, may not actually ...