4709 matches found
Facebook phish claims “Someone tried to log into your account”
Watch out for bogus Facebook phishing messages winging their way to your mailbox. The ruse is quite simple: The mail senders are relying on the recipient’s sense of panic to respond without thinking about it. The mail looks professional enough, and seeks to imitate what would be a fairly typical...
Watch what you send on anonymous SMS websites
Its a good idea to try and keep certain things private. For example, people have been using anonymous email services for years. These either hide your real email address, or replace it entirely for specific tasks. Folks will go one step further, setting aliases for each service they sign up to. I...
3 things the Kaseya attack can teach us about ransomware recovery
Only rarely do companies allow us a look inside their organization while they are recovering from a ransomware attack. Many find it more convenient to keep a low profile or to be secretive. A positive exception to this is found in the Dutch managed service provider MSP VelzArt, one of the many...
Apple confirms Macs get malware
Anyone following the court case between Epic and Apple is undoubtedly already aware of the "bombshell" dropped by Apples Craig Federighi yesterday. For those not in the know, Federighi, as part of his testimony relating to the security of Apples mobile device operating system, iOS, stated that "w...
Bizarro: a banking Trojan full of nasty tricks
Researchers have discovered a new banking Trojan that has been found targeting customers of European and South American banks. They have dubbed the new Trojan Bizarro. How does Bizarro spread? The Bizarro malware spreads via Microsoft Installer MSI packages. Identified sources so far have been sp...
A week in security (May 10 – 16)
Last week on Malwarebytes Labs, we watched and reported on the Colonial Pipeline ransomware attack as developments of its story unfolded. This attack triggered the White House to refine a planned Executive Order on cybersecurity. We also profiled DarkSide, the ransomware responsible for the...
A week in security (May 3 – 9)
Last week on Malwarebytes Labs, we discussed how Spectre attacks have come back from the dead; why Facebook banned Instragram ads by Signal; we highlighted the differences between the most popular VPN protocols; pointed out that Google is about to start automatically enrolling users in two-step...
Malicious commits found in PHP code repository: What you need to know
You’ve probably heard that PHP’s Git repository was recently compromised, allowing backdoors to be added to the code located there. You may also be wondering what that means, what a supply chain attack is, and how you could be affected. Read on and well lead you though a straightforward descripti...
Why you need to trust your VPN: Lock and Code S02E05
This week on Lock and Code, we discuss the top security headlines generated right here on Labs. In addition, we speak to Malwarebytes senior security researcher JP Taggart about the importance of trusting your VPN. Youve likely heard the benefits of using a VPN: You can watch TV shows restricted ...
Don’t post it! Six social media safety sins to say goodbye to
If you or anyone you know is committing the below social media sins, it’s time to change that habit of an online lifetime. Even the most innocuous of things can cause trouble down the line, because everyone’s threat model is different. Unfortunately, people tend to realise what their threat model...
A week in security (March 15 – 21)
Last week on Malwarebytes Labs, our podcast featured Adam Kujawa, who talked us through our 2021 State of Malware report. We cover our own research on: Royal mail parcel scam How your iPhone can tell you if you’re being stalked Careers in cybersecurity ProxyLogon PoC whack-a-mole Teen behind 2020...
ProxyLogon PoCs trigger a game of whack-a-mole
As we reported recently, the use of the Microsoft Exchange Server ProxyLogon vulnerabilities has gone from “limited and targeted attacks” to a full-size panic in no time. Criminal activities, ranging in severity from planting crypto-miners to deploying ransomware, and conducted by numerous groups...
5 common VPN myths busted
Virtual Private Networks VPNs are popular but often misunderstood. There are many misconceptions about them—misconceptions that may be stopping people from adding a useful layer to their security and privacy defenses. So, let’s do some myth busting. 1. VPNs are for illegal activity Some people...
Retrohunting APT37: North Korean APT used VBA self decode technique to inject RokRat
This post was authored by Hossein Jazi On December 7 2020 we identified a malicious document uploaded to Virus Total which was purporting to be a meeting request likely used to target the government of South Korea. The meeting date mentioned in the document was 23 Jan 2020, which aligns with the...
Spotify resets some user logins after hacker database found floating online
A team of researchers working for vpnMentor has found a treasure trove in the form of an unsecured Elasticsearch database containing over 380 million records. The trove contained login credentials and other data belonging to Spotify users. So whats Spotify doing leaving its user data hanging arou...
Lock and Code S1Ep20: Tracking the charities that track you online with Chris Boyd
This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Chris Boyd, lead malware intelligence analyst for Malwarebytes, about charity organizations and online ad tracking. Though many might assume that these t...
Silent Librarian APT right on schedule for 20/21 academic year
A threat actor known as Silent Librarian/TA407/COBALT DICKENS has been actively targeting universities via spear phishing campaigns since schools and universities went back. In mid-September, we were tipped off by one of our customers about a new active campaign from this APT group. Based off a...
Dutch ISP Ziggo demonstrates how not to inform your customers about a security flaw
“Can you have a look at this email I got, please?" my brother asked. “It looks convincing enough, but I don’t trust it,” he added and forwarded me the email he received from Ziggo, his Internet Service Provider ISP. Shortly after, he informed me that despite its suspicious aura, he found...
Stalkerware and online stalking are accepted by Americans. Why?
Despite warnings from domestic abuse networks, privacy rights advocates, and a committed faction of cybersecurity vendors, Americans may be accepting and minimizing online stalking behaviors, including the use of invasive apps that can pry into a user’s text messages, emails, photos, videos, and...
Washington Privacy Act welcomed by corporate and nonprofit actors
The steady parade of US data privacy legislation continued last month in Washington with the introduction of an improved bill that would grant state residents the rights to access, control, delete, and port their data, as well as opting out of data sales. The bill, called the Washington Privacy...
A decade in cybersecurity fails: the top breaches, threats, and ‘whoopsies’ of the 2010s
This post was co-authored by Wendy Zamora and Chris Boyd. All opinions expressed belong to your mom. Back in the days before climate change stretched frigid winter months directly into the insta-sweat of summer, there was a saying about March: in like a lamb, out like a lion. The same might be sa...
Cryptojacking in the post-Coinhive era
September 2017 is widely recognized as the month in which the phenomenon that became cryptojacking began. The idea that website owners could monetize their traffic by having visitors mine for cryptocurrencies in their browser was not new, but this time around it became mainstream, thanks to an...
New Crossrider variant installs configuration profiles on Macs
A new variant of the Crossrider adware has been spotted that is infecting Macs in a unique way. For the most part, this variant is still quite ordinary, doing some of the same old things that we've been seeing for years in Mac adware. However, the use of a configuration profile introduces a uniqu...
You down with P2P? 10 tips to secure your mobile payment app
If you look at the figures, you cannot deny that the eCommerce industry is steadily growing. More and more people are doing their shopping online, not only for products and services geared toward the use of technologies and the Internet, but also for items previously only found in brick and morta...
A week in security (January 22 – January 28)
Last week on Labs, we analyzed a rogue app outbreak on Twitter, took a look at how Singapore's government is faring with network defense, and rolled out our 2017 State of Malware report. We also became visionaries in Gartner's Magic Quadrant report and explored a VR data mishap. Other news Man...
Be wary of Mega Millions winner “giveaway” on social media
I don't do lotteries, but if I did, I'd probably never, ever win in a million years. That's not a problem faced by 20-year-old Shane Missler, winner of the fourth-largest haul in Mega Millions' 21 years of handing out large bundles of cash. He's on record as saying he wants to "do some good" for...
A week in security (November 13 – November 19)
Last week, we gave you some tips for the inevitable online chaos that is Cyber Monday, explained how "trusted" root certificates can sometimes be anything but, and explored the strange world of catphishing. We also pulled apart some malware found on Google Play and laid out the specifics of the...
LinkedIn will use your data to train its AI unless you opt out now
LinkedIn plans to share user data with Microsoft and its affiliates for AI training. Framed as "legitimate interest", it won't ask for your permission—instead you'll have to opt out before the deadline. Microsoft has made major investments in ChatGPT’s creator OpenAI, and as we know, the more dat...
iPhone flaw could read your saved passwords out loud. Update now!
Apple has issued security updates for iOS 18.0.1 and iPadOS 18.0.1 which includes a fix for a bug that could allow a user's saved passwords to be read aloud by its VoiceOver feature. VoiceOver allows users to use their iPhone or iPad even if they can't see the screen. It gives audible description...
Microsoft’s April 2024 Patch Tuesday includes two actively exploited zero-day vulnerabilities
The April 2024 Patch Tuesday update includes patches for 149 Microsoft vulnerabilities and republishes 6 non-Microsoft CVEs. Three of those 149 vulnerabilities are listed as critical, and one is listed as actively exploited by Microsoft. Another vulnerability is claimed to be a zero-day by...
New Go loader pushes Rhadamanthys stealer
Malware loaders also known as droppers or downloaders are a popular commodity in the criminal underground. Their primary function is to successfully compromise a machine and deploy one or multiple additional payloads. A good loader avoids detection and identifies victims as legitimate i.e. not...
Update now! ConnectWise ScreenConnect vulnerability needs your attention
ConnectWise is warning self-hosted and on-premise customers that they need to take immediate action to remediate a critical vulnerability in its ScreenConnect remote desktop software. This software is typically used in data-centers and for remote assistance. Together ConnectWise’s partners manage...
Ransomware review: July 2023
This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, "known attacks" are those where the victim did not pay a ransom. This provides the best overall picture of...
Update now! Apple fixes actively exploited vulnerability and introduces new features
Apple has released security updates for several products. Most notably one of the updates fixes an actively exploited vulnerability in the WebKit component of iOS 15.7.4 and iPadOS 15.7.4 that was fixed earlier in macOS Ventura 13.2.1, iOS 16.3.1, iPadOS 16.3.1, and Safari 16.3. You can find the...
Multiple schools hit by Vice Society ransomware attack
The real world impact of cybercrime rears its head once more, with word that 14 schools in the UK have been caught out by ransomware. The schools, attacked by the group known as Vice Society, have had multiple documents leaked online in the wake of the attack. One of the primary schools...
Windows 11 pulls ahead of Windows 10 in anti-phishing stakes
Some new security additions and changes have been announced for users of Windows, but youll have to be using Windows 11 to get the most out of them. Windows 10 users may find that this is going to be a case of falling behind the herd ever so slightly. Anti-phishing tools Enhanced phishing...
Researchers found one-click exploits in Discord and Teams
A group of security researchers have discovered a series of vulnerabilities in Electron, the software underlying popular apps like Discord, Microsoft Teams, and many others, used by tens of millions of people all over the world. Electron is a framework that allows developers to create desktop...
Update now! Multiple vulnerabilities patched in Google Chrome
Google has announced an update for the Chrome browser that includes 32 security fixes. The severity rating for one of the patched vulnerabilities is Critical. The stable channel was promoted to 102.0.5005.61/62/63 for Windows, and 102.0.5005.61 for Mac and Linux. Critical Google rates...
APT34 targets Jordan Government using new Saitama backdoor
On April 26th, we identified a suspicious email that targeted a government official from Jordans foreign ministry. The email contained a malicious Excel document that drops a new backdoor named Saitama. Following our investigation, we were able to attribute this attack to the known Iranian Actor...
Adobe patches actively exploited Magento/Adobe Commerce zero-day
Adobe has released an emergency advisory for users of its Commerce and Magento platforms. It explains that a critical zero-day vulnerability is actively being exploited in attacks against sites that use these two content management system CMSs. Users should apply the patch as soon as possible. Th...
Let’s Encrypt to revoke “mis-issued” certificates
If you use a Let’s Encrypt SSL/TLS certificate, you may wish to check your account over the coming days. Revocation is coming, and you’ve only got until tomorrow to figure things out. What’s the deal with free certificates? If you’re running a website, you want to make sure that it’s HTTPs. It...
Mac users, update now! “Powerdir” flaw could allow attackers to spy on you
If you have been forgoing updating your Mac, this article might make you think twice. The Microsoft 365 Defender Research Team has discovered a vulnerability in macOS, which allows malicious apps to successfully bypass a users privacy preferences. This means attackers could access personal data...
Google’s Threat Horizons report: Will the straightforward approach get results?
Google’s Cybersecurity Action Team has released a Threat Horizons report focusing on cloud security. It’s taken some criticism for being surprisingly straightforward and less complex than you may expect. On the other hand, many businesses simply don’t understand many of the threats at large...
A week in security (Nov 8 – Nov 14)
Last week on Malwarebytes Labs Multiple video games break after domain name snafu How to remove adware on an Android phone Smart TV adverts put a wrinkle in your programming Are cybercriminals turning away from the US and targeting Europe instead? Patch now! Microsoft plugs actively exploited...
US government and private sector agree to invest time, money in cybersecurity
In the wake of several high-profile ransomware attacks against critical infrastructure and major organizations in the last few months, President Biden met with private sector and education leaders to discuss a whole-of-nation effort needed to address cybersecurity threats and bolster the nation’s...
What is Tor?
Tor, The Onion Router Tor The Onion Router is free software used to keep your online communications safe and secure from outside observers. It’s designed to block tracking and eavesdropping, resist fingerprinting where services tie your browser and device information to an identity, and to hide t...
Second colossal LinkedIn “breach” in 3 months, almost all users affected
LinkedIn has reportedly been breached—again—following reports of a massive sale of information scraped from 500M LinkedIn user profiles in the underground in May. According to Privacy Shark, the VPN company who first reported on this incident, a seller called TomLiner showed them he was in...
Clop stopped? Ransomware gang loses Tesla and other treasures in police raid
Ukrainian law enforcement officials announced Wednesday that they had arrested several individuals involved in criminal activity committed by the Clop ransomware gang, a cybercriminal gang that helped popularize the “double extortion” model of not only threatening to encrypt a victim’s files, but...
A doctor reveals the human cost of the HSE ransomware attack
"It’s cracking, the whole thing." The words were delivered quickly, but in a thoughtful and measured way. As if the person saying them was used to delivering difficult news. Little surprise, given they belonged to a doctor. But this doctor wasnt describing a medical condition—this was their...
FBI face recognition trawl finds Capitol rioter via his girlfriend’s Instagram
Facial recognition tech is in the news again after the FBI discovered the identify of one of the Capitol rioters by using facial recognition software on his girlfriends Instagram posts. It may sound scary and invasive, but in truth, what’s happening isn’t particularly new. In this case, we have...