4662 matches found
ThemeBleed exploit is another reason to patch Windows quickly
Included in the September 2023 Patch Tuesday updates was a fix for a vulnerability which has been dubbed ThemeBleed. A Proof-of-Concept PoC exploit has been released by Gabe Kirkpatrick, one of the researchers acknowledged for reporting the vulnerability. The Common Vulnerabilities and Exposures...
Update now! ASUS fixes nine security flaws
ASUS has released firmware updates for several router models fixing two critical and several other security issues. The new firmware with accumulated security updates is available for the models GT6, GT-AXE16000, GT-AX11000 PRO, GT-AXE11000, GT-AX6000, GT-AX11000, GS-AX5400, GS-AX3000, XT9, XT8,...
VMware patches critical vulnerabilities in Aria Operations for Networks
VMware has released security updates to fix three vulnerabilities in Aria Operations for Networks which could result in information disclosure and remote code execution. The vulnerabilities were found in Aria Operations for Networks which was formerly known as vRealize Network Insight. Users of...
Update Chrome now! Google patches actively exploited flaw
In a recent security advisory, Google says it patched a high-severity zero-day security flaw in its Chrome browser--the first in 2023--currently being exploited in the wild by threat actors. The company urges all its Windows, Mac, and Linux users to update to version 112.0.5615.121 immediately, a...
Google reveals 18 chip vulnerabilities threatening mobile, wearables, vehicles
Googles Project Zero is warning of multiple significant vulnerabilities found across many models of mobile devices including Samsung Galaxy, Google Pixel, Vivo, and several forms of wearable and vehicles using certain types of components. Between late 2022 and early 2023, Project Zero reported 18...
Fake Amazon Prime email abuses LinkedIn's URL shortener
Over the last few days, scammers have been sending out phishing mails that disguise bogus URLs with something called Slinks--shortened Linkedin URLs. The shortened URLs redirect users to a different URL when they are clicked. If youve ever seen a Tiny URL, or a Bit.ly link, youll already be...
TikTok dances to the tune of $5.4m cookie fine
The big social media fines just keep coming. Hot on the heels of Meta experiencing a $277m fine from the Irish Data Protection Commission, its now TikToks turn in the spotlight thanks to a cookie crumble. Can you walk into a huge fine in 2023 for making it difficult to refuse a cookie as easily a...
Law enforcement app SweepWizard leaks data on crime suspects
SweepWizard, an obscure app apparently created by ODIN Intelligence and used by more than 60 law enforcement departments, has a flaw: According to an ethical hacker, a misconfiguration in the app's API application programming interface caused it to unintentionally leak to the open internet a trov...
Multiple schools hit by Vice Society ransomware attack
The real world impact of cybercrime rears its head once more, with word that 14 schools in the UK have been caught out by ransomware. The schools, attacked by the group known as Vice Society, have had multiple documents leaked online in the wake of the attack. One of the primary schools...
A new rootkit comes to an ATM near you
Its not unusual to hear about malware created to affect automated teller machines ATMs. Malware can be planted at the ATMs PC or its network, or attackers could launch a Man-in-the-Middle MiTM attack. Recently, a new rootkit, which the Mandiant Advanced Practices team have named CAKETAP, was foun...
Clop stopped? Ransomware gang loses Tesla and other treasures in police raid
Ukrainian law enforcement officials announced Wednesday that they had arrested several individuals involved in criminal activity committed by the Clop ransomware gang, a cybercriminal gang that helped popularize the “double extortion” model of not only threatening to encrypt a victim’s files, but...
A doctor reveals the human cost of the HSE ransomware attack
"It’s cracking, the whole thing." The words were delivered quickly, but in a thoughtful and measured way. As if the person saying them was used to delivering difficult news. Little surprise, given they belonged to a doctor. But this doctor wasnt describing a medical condition—this was their...
Why you need to trust your VPN: Lock and Code S02E05
This week on Lock and Code, we discuss the top security headlines generated right here on Labs. In addition, we speak to Malwarebytes senior security researcher JP Taggart about the importance of trusting your VPN. Youve likely heard the benefits of using a VPN: You can watch TV shows restricted ...
When contractors attack: two years in jail for vengeful IT admin
An IT contractor working for an IT consultancy company took it upon himself to perform an act of revenge against the firm he worked at, after they complained about his performance. The charge he faced was breaking into the network of a company in Carlsbad, California. And it got him two years in...
Mother charged with using deepfakes to shame daughter’s cheerleading rivals
A Pennsylvania woman reportedly sent doctored photos and videos of her daughters cheerleader rivals to their coaches, in an attempt to embarrass them and get them kicked off the team. Shes alleged to have used deepfake technology to create photo and video depictions of the girls naked, drinking,...
Fonix ransomware gives up life of crime, apologizes
Ransomware gangs deciding to pack their bags and leave their life of crime is not new, but it is a rare thing to see indeed. And the Fonix ransomware also known as FonixCrypter and Xinof, one of those ransomware-as-a-service RaaS offerings, is the latest to join the club. End of FonixCrypter...
Adobe Flash Player reaches end-of-life
“What now? My farm is no longer working. Can you have a look, honey?” Like millions of other people my wife likes to play online browser games. You know, the ones that don’t require a fast connection because your virtual life is not in constant danger, and an occasional harvest is enough to make...
German users targeted with Gootkit banker or REvil ransomware
This blog post was authored by Hasherezade and Jérôme Segura On November 23, we received an alert from a partner about a resurgence of Gootkit infections in Germany. Gootkit is a very capable banking Trojan that has been around since 2014 and possesses a number of functionalities such as keystrok...
Everything you need to know about ATM attacks and fraud: Part 1
Flashback to two years ago. At exactly 12:33 a.m., a solitary ATM somewhere in Taichung City, Taiwan, spewed out 90,000 TWD New Taiwan Dollar—about US$2,900 today—in bank notes. No one was cashing out money from the ATM at the time. In fact, this seemingly odd system glitch was actually a test: T...
Is FIDO the future instrument to prove our identity?
FIDO, short for Fast IDentity Online, is an industry consortium started in 2013 to address the lack of interoperability among strong authentication devices and the problems users face creating and remembering multiple usernames and passwords. Among the founders were those who work in the financia...
Safari users: Where did your extensions go?
Safari 12 has brought with it some changes to how OSX handles browser extensions. At WWDC in June, Apple announced that Safari would block legacy extensions installed from outside the Extensions Gallery, which itself would now be deprecated. As a replacement, Safari will now rely on "app...
GDPR causes a flood of new policies
The European Union claims that the General Data Protection Regulation GDPR, which comes to term on May 25, is the most important change in data privacy regulation in 20 years. Many companies have spent months preparing for the changes, working on policy and compliance, and introducing changes to...
A week in security (March 05 – March 11)
Last week on Malwarebytes Labs, we paid homage to several women in tech, including some of our very own, on International Women's Day and shared their stories. We also looked into an adware posing as an Android app that claims to live stream the 2018 Winter Olympics, exposed scammers that go by t...
A week in security (February 12 – February 18)
Last week on Malwarebytes Labs, we looked at a huge Android cryptomining campaign, malicious apps on Google Play, and some Apple scams doing the rounds. We also explored the world of healthcare security, and dived into the land of scammy Valentine's Day tricks and cheats. Other news Thought the...
Of scammers and cute puppies
We’ve followed tech support scammers for quite a while at Malwarebytes. They’ve been of particular interest because of their preference for scamming the poor, the elderly, and the developmentally disabled. But there’s a diverse spectrum of online scams a criminal can profit from, and today we’re...
A week in security (July 31 – August 6)
Last week we explored some basic PowerShell commands, dived into the new methods used by TrickBot, and wrote at length about the Magnitude exploit kit redirection chain. Our teams were busy at both BlackHat and DefCon, and outside of those famous hallways, we also took time to fire up some basic...
CISA: Disconnect vulnerable Ivanti products TODAY
In an emergency directive, the Cybersecurity and Infrastructure Security Agency CISA has ordered all federal agencies to disconnect all instances of Ivanti Connect Secure and Policy Secure solution products from agency networks no later than 11:59PM on Friday February 2, 2024. Besides the Ivanti...
Police investigate sexual assault on an avatar
British police are investigating a case involving a virtual sexual assault of a girls avatar. Even though there was no physical violence involved the incident will be investigated as it has caused psychological trauma. By definition, an avatar is a virtual representation of a user and is driven b...
Update Chrome now! Google patches another actively exploited vulnerability
Google has updated the Stable Channel for Chrome to 117.0.5938.132 for Windows, Mac and Linux. This update includes ten security fixes. According to Google there is an active exploit for one of the patched vulnerabilities, which means cybercriminals are aware of the vulnerability and are using it...
Ransomware review: July 2023
This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, "known attacks" are those where the victim did not pay a ransom. This provides the best overall picture of...
Ransomware review: June 2023
This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, "known attacks" are those where the victim didn't pay a ransom. This provides the best overall picture of...
"Brad Pitt," a still body, ketchup, and a knife, or the best trick ever played on a romance scammer, with Becky Holmes: Lock and Code S04E06
Becky Holmes knows how to throw a romance scammer off script--simply bring up cannibalism. In January, Holmes shared on Twitter that an account with the name "Thomas Smith" had started up a random chat with her that sounded an awful lot like the beginning stages of a romance scam. But rather than...
Consumer privacy and social media
Looking at the privacy related stories of 2022, its not hard to see that much of the focus was on the social media giants. Banning TikTok is slowly becoming a trend among US states. Google and Facebooks owner Meta was fined on several occasions for amounts that would have put other companies out ...
CircleCI: Malware stole GitHub OAuth keys, bypassing 2FA
Software development service company CircleCI has published its incident report on a breach that happened in December. CircleCI revealed an engineer's laptop was successfully infected with a yet-to-be-named information-stealing Trojan, which was used to steal an engineer's session cookie. The...
Update now! Apple patches active exploit vulnerability for iPhones
Apple has released new security content for iOS 16.1.2 and Safari 16.2. Normally we would say that Apple pushed out updates, but in this mysterious case the advisory is about an iPhone software update Apple released two weeks ago. As it turns out, to fix a zero-day security vulnerability that was...
Millions of Arris routers are vulnerable to path traversal attacks
Security researcher Derek Abdine has published an advisory about vulnerabilities that exist in the MIT-licensed muhttpd web server. This web server is present in Arris firmware which can be found in several router models. muhttpd web server muhttpd mu HTTP deamon is a simple but complete web serv...
Ransomware: April 2022 review
The Malwarebytes Threat Intelligence team monitors the threat landscape continuously and produces monthly ransomware reports based on a mixture of proprietary and open-source intelligence. April 2022 was most notable for the emergence of three new ransomware-as-a-service RaaS groups—Onyx, Mindwar...
CISA advises D-Link users to take vulnerable routers offline
On April 4 2022, the Cybersecurity & Infrastructure Security Agency CISA added CVE-2021-45382 to its known exploited vulnerabilities catalog. But since the affected products have reached end of life EOL, the advice is to disconnect them, if still in use. CISA catalog The CISA catalog of known...
Adobe patches actively exploited Magento/Adobe Commerce zero-day
Adobe has released an emergency advisory for users of its Commerce and Magento platforms. It explains that a critical zero-day vulnerability is actively being exploited in attacks against sites that use these two content management system CMSs. Users should apply the patch as soon as possible. Th...
Millions of GoDaddy customer data compromised in breach
Domain name registrar giant and hosting provider GoDaddy yesterday disclosed to the Securities and Exchange Commission SEC that it had suffered a security breach. In the notice, it explained it had been compromised via an "unauthorized third-party access to our Managed WordPress hosting...
Beware of COVID Pass scams
You’ve likely seen fake parcel delivery texts in the news recently, and we’ve covered a few of these ourselves. SMS missives claim a package is waiting to be delivered, and a small processing fee is required. There is no package; it’s a ruse to have people hand over their credit card details. It’...
A week in security (August 9 – August 15)
Last week on Malwarebytes Labs: Home routers are being hijacked using a vulnerability disclosed just 2 before Ransomware turncoat leaks Conti data, lifts the lid on the ransomware business Check your passwords! Synology NAS devices are under attack from StealthWorker PrintNightmare and RDP RCE...
3 things the Kaseya attack can teach us about ransomware recovery
Only rarely do companies allow us a look inside their organization while they are recovering from a ransomware attack. Many find it more convenient to keep a low profile or to be secretive. A positive exception to this is found in the Dutch managed service provider MSP VelzArt, one of the many...
Kaseya CEO: “The impact of this incredibly sophisticated attack is very minimal”
The official YouTube channel of Kaseya, the latest organization attacked by no less than the criminals behind REvil ransomware, released a video of Fred Voccola, Kaseyas CEO, giving a first-hand account of what happened during the attack, the facts on affected customers, and the next steps theyre...
Racing against a real-life ransomware attack, with Ski Kacoroski: Lock and Code S02E12
At 11:37 pm on the night of September 20, 2019, cybercriminals launched a ransomware attack against Northshore School District in Washington state. Early the next morning, Northshore systems administrator Ski Kacoroski arrived on scene. As Kacoroski soon found out, he and his team were on a race...
MITRE introduces D3FEND framework
The US National Security Agency NSA has announced it will fund the development of a knowledge base of defensive countermeasures for the most common techniques used by malicious threat actors. The project will be made available through MITRE and will be called D3FEND as it complements MITRE’s...
Can two VPN “wrongs” make a right? Lock and Code S02E10
This week on Lock and Code, were presenting you something a little different. Were telling you a story—with no guest interview included—that involves the use of VPNs. In 2016, a mid-20s man began an intense, prolonged harassment campaign against his new roommate. He emailed her from spoofed email...
WhatsApp calls and messages will break unless you share data with Facebook
WhatsApp told users last week that there was no need for alarm regarding an upcoming privacy policy deadline, as users who refuse to accept the privacy policy will not have their accounts deleted—they will just have their apps rendered useless, eventually incapable of receiving calls and messages...
Avaddon ransomware campaign prompts warnings from FBI, ACSC
Both the Australian Cyber Security Centre ACSC and the US Federal Bureau of Investigation FBI have issued warnings about an ongoing cybercrime campaign that is using Avaddon ransomware. The FBI states that is has received notifications of unidentified cyber actors using Avaddon ransomware against...
What is Smishing? The 101 guide
Smishing is a valuable tool in the scammers armoury. Youve likely run into it, even if you didnt know that is its name. It doesnt arrive by email or social media direct message, instead choosing a route directly aimed at what may be your most personal device: the mobile phone. So, what is Smishin...