4707 matches found
Sponsored Twitter post uses fake BBC News site to boost slippery oil trading app
A sponsored post on Twitter promises to offer the benefits of obtaining citizenship, but really just wants to lure you into some form of Forex trading AI scheme. This tangled web also includes faked BBC web pages and suspicious-looking website reviews to round the whole thing off. Shall we take a...
Update Chrome now! Google patches actively exploited flaw
In a recent security advisory, Google says it patched a high-severity zero-day security flaw in its Chrome browser--the first in 2023--currently being exploited in the wild by threat actors. The company urges all its Windows, Mac, and Linux users to update to version 112.0.5615.121 immediately, a...
Update now! Apple patches vulnerabilities in MacOS and iOS
Apple has released information about the new security content of macOS Ventura 13.2.1 and of iOS 16.3.1 and iPadOS 16.3.1. Most prominent is a vulnerability in WebKit that may have been actively exploited. In December, 2022, we warned our readers about another actively exploited vulnerability in...
5 facts about Vice Society, the ransomware group wreaking havoc on the education sector
Move over Lockbit, there's a new ransomware-as-a-service RaaS player in town attacking the education sector--and its name is Vice Society. Vice Society is believed to be a Russian-based intrusion, exfiltration, and extortion group. And their ideal prey? You guessed it: universities, colleges, and...
Sharing Netflix, Disney+, other passwords is illegal, according to new guidance
The Intellectual Property Office IPO, the UK government body overseeing intellectual property rights in the UK, has quietly released new guidance on piracy and online counterfeit goods. This campaign is a joint effort between IPO and Meta, Facebooks parent company. The general issue on piracy is...
Ransomware: April 2022 review
The Malwarebytes Threat Intelligence team monitors the threat landscape continuously and produces monthly ransomware reports based on a mixture of proprietary and open-source intelligence. April 2022 was most notable for the emergence of three new ransomware-as-a-service RaaS groups—Onyx, Mindwar...
How to delete your Snapchat account
Snapchat is an instant messaging app popular with youngsters that allows users to send pictures and videos that are only viewable for short periods. But while hundreds of millions of daily active users consume and create content with Snapchat, not everyone is pleased with the mobile app. One of t...
Multiple vulnerabilities in popular WordPress plugin WP Fastest Cache
Multiple vulnerabilities have been found in the popular WordPress plugin WP Fastest Cache during an internal audit by the Jetpack Scan team. Jetpack reports that it found an Authenticated SQL Injection vulnerability and a Stored XSS Cross-Site Scripting via Cross-Site Request Forgery CSRF issue. ...
Firefox reveals sponsored ad “suggestions” in search and address bar
Mozilla is trying a novel experiment into striking a balance between ad revenue generation and privacy protection by implementing a new way to deliver ads in its Firefox web browser—presenting them as “suggestions” whenever users type into the dual-use search and URL address bar. The advertising...
Analysts “strongly believe” the Russian state colludes with ransomware gangs
"We have the smoke, the smell of gunpowder and a bullet casing. But we do not have the gun to link the activity to the Kremlin." This is what Jon DiMaggio, Chief Security Stretegist for Analyst1, said in an interview with CBS News following the release of its latest whitepaper, entitled "Nation...
Beware, crypto-scammer seeks foreigner with BLOCK CHAIN ACCOUNT
We’ve observed a 419-style scam also known as an advance fee scam which combines the promise of cryptocurrency riches with WhatsApp conversation. The mail, which arrived with the subject "Urgent respond", begins as follows: Greetings to you my friend, My name is Haifa Kalfan, I am the Store manag...
Ransomware to be investigated like terrorism
The impact of recent ransomware attacks on vital infrastructure in the US has triggered a reaction from the US Attorney’s office. In an internal guidance it says that all ransomware investigations in the field should be centrally coordinated with a recently created task force in Washington...
WhatsApp calls and messages will break unless you share data with Facebook
WhatsApp told users last week that there was no need for alarm regarding an upcoming privacy policy deadline, as users who refuse to accept the privacy policy will not have their accounts deleted—they will just have their apps rendered useless, eventually incapable of receiving calls and messages...
Slack hurries to fix direct message flaw that allowed harassment
The enormous work messaging platform Slack quickly reversed course yesterday, promising to revise a brand-new direct message feature that could have been misused for harassment. Added to the company’s “Slack Connect” product—which lets enterprise users share messages with contract workers and...
HelloKitty: When Cyberpunk met cy-purr-crime
On February 9, after discovering a compromise, CD Projekt Red CDPR announced to its 1+ million followers on Twitter that it was the victim of a ransomware attack against its systems and made it clear they would not yield to the demands of the threat actors, nor negotiate. Cyberpunk 2077, the late...
Clubhouse under scrutiny for sending data to Chinese servers
The audio-chat app Clubhouse is the latest rage in the social media landscape. What makes it so popular and, now its part of the social media landscape, can we trust it? The Clubhouse app Clubhouse was launched about a year ago and was initially only used by Silicon Valley’s rich and famous. It i...
Lock and Code S1Ep15: Safely using Google Chrome Extensions with Pieter Arntz
This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Pieter Arntz, malware intelligence researcher for Malwarebytes, about Google Chrome extensions. These sometimes helpful online tools that work directly...
VPNs are mainstream, which is good news
Virtual private networks VPNs have been growing in popularity for the last three years, a notable trend revealed in a collaborative report PDF by Top10VPN and GlobalWebIndex. This year is no different. When a majority of the world’s internet users are in isolation due to the COVID-19 global...
The little-known ways mobile device sensors can be exploited by cybercriminals
The bevy of mobile device sensors in modern smartphones and tablets make them more akin to pocket-sized laboratories and media studios than mere communication devices. Cameras, microphones, accelerometers, and gyroscopes give incredible flexibility to app developers and utility to mobile device...
DEF CON 27 retrospective: badge life redux
Kickstarter or DEF CON attendee? Be forewarned, this light overview contains some mild spoilers. If you want the purest “Da Bomb” experience with no web-based OSINT hints, read no further. I’m not revealing any earth-shattering secrets here, but figured it was worth mentioning. Also DEF CON is ov...
Location data leaks from family tracking app database
An app called Family Locator, which allows family members to keep track of one another recently experienced an exposed database issue of the worst kind. Specifically: the MongoDB database was left exposed with no password, like so many other recent infosec tales of woe. The end result is the...
IRISSCON security conference comes to Dublin in November
It's that time of the year when IRISSCON—the biggest security conference in Ireland, in my humble opinion—springs into life with a great collection of talks and Capture the Flag events. Held on November 23 in Dublin, there will be a strong focus on working in Infosec this year, alongside some of...
Don’t let these gaming threats give you a Game Over
With EGX, the biggest gaming event in the UK opening its doors today, we thought it'd be timely to remind you of some of the threats currently facing gamers. No matter what type of game, client, or system you use, there's always something waiting to try and give you a bad day where the safety of...
A week in security (August 14 – August 20)
Last week, we gave some security tips for parents and kids aimed at the new school term. We also took a peek at the inside of the Kronos malware, focusing on how it works and protects itself. And, once again, we spotted a return of Locky ransomware with two new flavors at once, diablo6 and Lukitu...
7 tips to stay cyber safe this summer
You’ve probably already seen the back-to-school ads on TV and rolled your eyes a little bit. We’re with you: There’s still plenty of summer left. That’s why we want to remind you about some of the cybersecurity pitfalls you might encounter during the remainder of the summer season. Whether you’re...
Windows File Shredder: When deleting a file isn’t enough
Most of us think deleting a file means it’s gone for good. But “delete” on a Windows device often just means “out of sight,” not necessarily “out of reach.” That’s where File Shredder, a new feature within Malwarebytes Tools for Windows, comes in. File Shredder lets you securely delete files from...
Semrush impersonation scam hits Google Ads
This blog post was co-authored with Elie Berreby, Senior SEO Strategist Criminals are highly interested in online marketing and advertising tools that they can leverage as part of their ongoing malware campaigns. In particular, we have previously detailed how Google advertiser accounts can be...
CISA urges urgent patching of two actively exploited Citrix NetScaler vulnerabilities
The Cybersecurity and Infrastructure Security Agency CISA has added two Citrix NetScaler vulnerabilities to its Known Exploited Vulnerabilities catalog, and it has set the “due date” a week after they were added. Federal Civilian Executive Branch FCEB agencies are handed specific deadlines for wh...
[updated] Ivanti Sentry critical vulnerability—don't play dice, patch
Ivanti has published a security blog post about a vulnerability in Ivanti Sentry, formerly MobileIron Sentry. Successful exploitation of the vulnerability would enable an unauthenticated attacker to access some sensitive APIs that are used to configure Ivanti Sentry on the administrator portal...
A week in security (July 17 - 23)
Last week on Malwarebytes Labs: CISA: You've got two weeks to patch Citrix NetScaler vulnerability CVE-2023-3519 Estee Lauder targeted by Cl0p and BlackCat ransomware groups Google fixes "Bad.Build" Cloud Build flaw, researchers say it's not enough Accidental VirusTotal upload is a valuable...
Apple releases emergency updates for two known-to-be-exploited vulnerabilities
On Friday April 7, 2023, Apple released iOS 16.4.1, iPadOS 16.4.1, and macOS 13.3.1 for the iPhone, iPad, and Mac, respectively, and our advice is to install them as soon as possible because all three updates include important security fixes. The Cybersecurity and Infrastructure Security Agency...
JSSLoader: the shellcode edition
The Malwarebytes Threat Intelligence team observed a malspam campaign in late June that we attribute to the FIN7 APT group. One of the samples was also reported on Twitter by Josh Trombley; during execution, it was observed to drop a secondary payload, written in .NET. Details about FIN7 campaign...
HermeticWiper: A detailed analysis of the destructive malware that targeted Ukraine
This blog post was authored by Hasherezade, Ankur Saini and Roberto Santos Disk wipers are one particular type of malware often used against Ukraine. The implementation and quality of those wipers vary, and may suggest different hired developers. The day before the invasion on Ukraine by Russian...
Update now! Apple fixes actively exploited zero-day
Apple has released a security fix for a zero-day vulnerability CVE-2022-22620 that it says "may have been actively exploited." According to the security update information provided by Apple the vulnerability exists in WebKit—the HTML rendering engine component of its Safari browser—and can be use...
Katie Moussouris hacked Clubhouse. Her emails went unanswered for weeks: Lock and Code S02E15
Nearly one year after the exclusive app Clubhouse launched on the iOS store, its popularity skyrocketed. The app, which is now out of beta, lets users drop into spontaneous audio conversations that, once they are over, are over. With COVID lockdown procedures separating many people around the wor...
Microsoft exec reveals “routine” secrecy orders from government investigators
Microsoft executive Tom Burt told Congressional lawmakers Wednesday that Federal law enforcement agencies send “routine” secret orders for customer information from the Seattle-based company, numbering anywhere from 2,400 to 3,500 such requests a year. “While the recent news about secret...
A week in security (June 21 – June 27)
Last week on Malwarebytes Labs: Want to stop ransomware attacks? Send the cybercriminals to jail, says Brian Honan: Lock and Code S02E11 Atomic research institute breached via VPN vulnerability Hotel staff bust Hermes SMS scammer with suspiciously large number of cables City of Liège hit by...
A week in security (June 14 – June 20)
Last week on Malwarebytes Labs: How to delete your Instagram account. Working from home? You’re probably being spied on. Another one bites the dust: Avaddon ransomware group shuts down operation. Patch now! Apple fixes in-the-wild iPhone vulnerabilities. Windows 10 to retire in four years or 52...
White hat, black hat, grey hat hackers: What’s the difference?
When you think of the world of ethical hackers white hat, malicious hackers black hat, and hackers that flirt with both sides grey hat, you may envision people in shiny trench coats and dark glasses, whose computer skills are only matched by their prowess in martial arts. The truth is that hacker...
Password manager hijacked to deliver malware in supply chain attack
In the latest example of a supply chain attack, cybercriminals delivered malware to customers of the business password manager Passwordstate by breaching its developer’s networks and then deploying a fraudulent update last week, said Passwordstate’s maker, Click Studios. Though the number of...
Apple shines and buffs Mac security—Is it enough to stop today’s malware?
There’s a lot going on in the Mac security world lately. Over the last few months, Apple has ramped up security efforts across its platforms. From an endpoint security framework overhaul of macOS Catalina to phasing out kernel extensions, the tech giant has been battening down the...
Cybercriminals want your cloud services accounts, CISA warns
On January 13 the Cybersecurity and Infrastructure Security Agency CISA issued a warning about several recent successful cyberattacks on various organizations’ cloud services. What methods did the attackers use? In the initial phase, the victims were targeted by phishing emails trying to capture...
The most enticing cyberattacks of 2020
This is part one of a two-part series. To read about the strangest cybersecurity events of 2020, read our second story here. In 2020, we experienced a major shift. Much of the world pitched in to limit the spread of the coronavirus, with people changing their daily routines to include a mixture o...
Missing person scams: what to watch out for
Social media has a long history of people asking for help or giving advice to other users. One common feature is the ubiquitous “missing person” post. You’ve almost certainly seen one, and may well have amplified such a Facebook post, or Tweet, or even blog. The sheer reach and virality of social...
New Mac variant of Lazarus Dacls RAT distributed via Trojanized 2FA app
This blog post was authored by Hossein Jazi, Thomas Reed and Jérôme Segura. We recently identified what we believe is a new variant of the Dacls Remote Access Trojan RAT associated with North Korea's Lazarus group, designed specifically for the Mac operating system. Dacls is a RAT that was...
International Women’s Day: awareness of stalkerware, monitoring, and spyware apps on the rise
Nine months ago, Malwarbytes recommitted itself to detecting invasive monitoring apps that can lead to the excessive harm of women—most commonly known as stalkerware. We pledged to raise public awareness, reach out to advocacy groups, and share samples and intelligence with other security vendors...
Mac adware is more sophisticated and dangerous than traditional Mac malware
As the data revealed in our State of Malware report showed, Mac threats are on the rise, but they are not the same type of threats experienced by Windows users. Most notably, more traditional forms of malware, such as ransomware, spyware, and backdoors account for over 27 percent of all Windows...
Spear phishing 101: what you need to know
Phishing, a cyberattack method as old as viruses and Nigerian Princes, continues to be one of the most popular means of initiating a breach against individuals and organizations, even in 2020. The tactic is so effective, it has spawned a multitude of sub-methods, including smishing phishing via...
Vital infrastructure: emergency services
Organizations in the emergency services sector are there for the public to provide help when situations get out of hand or are too much to handle. This can be because the problem requires special tools and skills to use them, and the organizations are set up to provide assistance at short notice...
300 shades of gray: a look into free mobile VPN apps
The times, they are a changin'. When users once felt free to browse the Internet anonymously, post about their innermost lives on social media, and download apps with frivolity, folks are playing things a little closer to the vest these days. Nowadays, users are paying more attention to privacy a...