4709 matches found
FBI warns of increase in PYSA ransomware attacks targeting education
On March 16, the Federal Bureau of Investigation FBI issued a "Flash" alert on PYSA ransomware after an uptick on attacks this month against institutions in the education sector, particularly higher ed, K-12, and seminaries. According to the alert PDF, the United Kingdom and 12 states in the US...
Police credit “unlocked” SKY ECC encryption for organized crime bust
At the moment, I’m really torn, and I need your help. Let me tell you what is going on. I read these statements and they can’t both be true, right? “The continuous monitoring of the illegal Sky ECC communication service tool by investigators in three countries has provided invaluable insights int...
China’s RedEcho accused of targeting India’s power grids
RedEcho, an advanced persistent threat APT group from China, has attempted to infiltrate the systems behind Indias power grids, according to a threat analysis report from Recorded Future PDF. It appears that what triggered this attempt to gain a foothold in Indias critical power generation and...
Defending online anonymity and speech with Eva Galperin: Lock and Code S02E03
This week on Lock and Code, we discuss the top security headlines generated right here on Labs. In addition, we talk to Eva Galperin, director of cybersecurity for Electronic Frontier Foundation, about the importance of protecting online anonymity and speech. In January, the New York Times expose...
Romance scams: FTC reveals $304 million of heartache
In 2020, reported losses to the FTC for romance scams went up by 50% from 2019, totalling $304 million. And things werent exactly good before: Romance scams have cost people a fortune for 3 years running, according to the FTC. Their latest report suggests a steady rise in these kind of scams...
Chrome wants to make your passwords stronger
A common sentiment, shared by many people down the years, is that storing passwords in browsers is a bad idea. Malware, for example, would specifically target password storage in browsers and plunder everything in sight. Password managers weren’t exactly flying off the shelves back in 2007, your...
Credit card skimmer targets virtual conference platform
Weve seen many security incidents affecting different websites simultaneously because they were loading the same tampered piece of code. In many instances, this is due to what we call a supply-chain attack, where a threat actor targets one company that acts as an intermediary to others. In todays...
The impact of COVID-19 on healthcare cybersecurity
As if stress levels in the healthcare industry weren’t high enough due to the COVID-19 pandemic, risks to its already fragile cybersecurity infrastructure are at an all-time high. From increased cyberattacks to exacerbated vulnerabilities to costly human errors, if healthcare cybersecurity wasnt...
EncroChat system eavesdropped on by law enforcement
Due to the level of sophistication of the attack, and the malware code, we can no longer guarantee the security of your device. This text caused a lot of aggravation, worries, and sleepless nights. No one wants to hear the security of their device has been compromised by a malware attack. The goo...
Lock and Code S1Ep8: Securely working from home (WFH) with John Donovan and Adam Kujawa
This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to John Donovan, head of security at Malwarebytes, and Adam Kujawa, director of Malwarebtyes Labs, about securely working from home WFH. With shelter-in-pla...
Lock and Code S1Ep6: Recognizing facial recognition’s flaws with Chris Boyd
This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Chris Boyd, lead malware intelligence analyst at Malwarebytes, about facial recognition technology—its early history, its proven failures at accuracy, an...
GDPR: An impact around the world
A little more than one month after the European Union enacted the General Data Protection Regulation GDPR to extend new data privacy rights to its people, the governor of California signed a separate, sweeping data protection law that borrowed several ideas from GDPR, sparking a torch in a...
New Consumer Online Privacy Rights Act (COPRA) would empower American users
Despite the already dizzying number of comprehensive data privacy proposals before the US Senate—nearly 10 have been introduced since mid-2018—yet another bill has entered the conversation: the Consumer Online Privacy Rights Act. This time, the bill, called COPRA for short, is sponsored by a...
A week in security (October 21 – 27)
Last week on Malwarebytes Labs, we explored a link between Magecart Group 5 and the Carbanak APT, we discussed the growing rate of robocalls threatening user privacy, and we tipped you off on how to protect yourself from doxing. We were glad to see the BBC raise awareness about stalkerware, much...
For Cybersecurity and Domestic Violence Awareness months, we pledge to fight stalkerware
Starting today, two hallmark holidays are upon us. No, it’s not Halloween and Thanksgiving. It’s both Cybersecurity Awareness Month and Domestic Violence Awareness Month. It’s no coincidence these two awareness campaigns overlap. What were once seen as separate realities—the physical and the...
Emotet malspam campaign uses Snowden’s new book as lure
Exactly one week ago, Emotet, one of the most dangerous threats to organizations in the last year, resumed its malicious spam campaigns after several months of inactivity. Based on our telemetry, we can see that the botnet started becoming chatty with its command and control servers C2, about a...
Mysterious database exposed personal information of 80 million US households
Word has broken of yet another massive data trove exposed for anyone to see. A research team from vpnMentor discovered an exposed 24GB database hosted on a Microsoft cloud server containing the addresses, income levels, and marital statuses of users within 80 million US households. As we’ve seen...
Google’s Nest fiasco harms user trust and invades their privacy
Technology companies, lawmakers, privacy advocates, and everyday consumers likely disagree about exactly how a company should go about collecting user data. But, following a trust-shattering move by Google last month regarding its Nest Secure product, consensus on one issue has emerged: Companies...
Millions of accounts affected in latest Facebook hack
Update 2018-10-18: According to the Wall Street Journal, the hack on Facebook was perpetrated by spammers rather than a nation state. Facebook also revised its numbers down, saying that about 30 million accounts had been compromised. Facebook announced earlier today that its social network had be...
Under the hoodie: why money, power, and ego drive hackers to cybercrime
Just one more hour behind the hot grill flipping burgers, and Derek could call it a day. Under his musty hat, his hair was matted down with sweat, and his work uniform was spattered with grease. He knew he’d smell the processed meat and smoke for the next three days, even after he’d showered. But...
GDPR causes a flood of new policies
The European Union claims that the General Data Protection Regulation GDPR, which comes to term on May 25, is the most important change in data privacy regulation in 20 years. Many companies have spent months preparing for the changes, working on policy and compliance, and introducing changes to...
A week in security (February 12 – February 18)
Last week on Malwarebytes Labs, we looked at a huge Android cryptomining campaign, malicious apps on Google Play, and some Apple scams doing the rounds. We also explored the world of healthcare security, and dived into the land of scammy Valentine's Day tricks and cheats. Other news Thought the...
Winning the battle against PUPs on your computer and in court
I know very few people, other than lawyers, that get excited about corporate court cases. But, I want to share with you a recent decision that I believe is cause for every computer user to celebrate. This week, a United States District Court judge ruled in Malwarebytes' favor, dismissing a lawsui...
Of scammers and cute puppies
We’ve followed tech support scammers for quite a while at Malwarebytes. They’ve been of particular interest because of their preference for scamming the poor, the elderly, and the developmentally disabled. But there’s a diverse spectrum of online scams a criminal can profit from, and today we’re...
Please don’t buy this: smart locks
We all like buying the latest and greatest tech toy. It’s fun to get new and novel features on a product that used to be boring and predictable; a draw of the original BeBox amongst many was a layer of “das blinkenlights” across the front. But sometimes, the latest feature is not always the...
Locky ransomware returns to the game with two new flavors
We recently observed a fresh malicious spam campaign pushed through the Necurs botnet distributing so far, two new variants of Locky ransomware. In our last Q2 2017 report on tactics and techniques, we mentioned that Locky ransomware had reappeared with a new extension, but went dark again for...
Barclays Bank customers targeted by phishers
Today we have a phish targeting customers of Barclays Bank, located at: bankdotbarclaydotcodotukdotolbdotauthdotloginlinkdotactiondotp1242557947640dotchofcgdotcom/bd/ The phish opens up with an initial lunge for personal details: The first page asks for a surname, then offers the potential victim...
Trusted Advisor now available for Mac, iOS, and Android
First released for Windows last year, the Malwarebytes Trusted Advisor dashboard is also now available on Mac, iOS and Android. Our Trusted Advisor dashboard provides an easy-to-understand assessment of your device’s security, with a single comprehensive protection score, and clear, expert-driven...
Act now! Ivanti vulnerabilities are being actively exploited
Software vendor Ivanti has warned customers about two actively exploited vulnerabilities in all supported versions of Ivanti Connect Secure and Ivanti Policy Secure Gateways. Successful exploitation would give an attacker the ability to run arbitrary code on Ivantis Virtual Private Network VPN...
SupremeBot and Mario cross the finish line together
Researchers have reported how popular game installers like Super Mario Games are being used to deliver malware. The malicious components include cryptominers, the SupremeBot mining client, and the open-source Umbral stealer. The game installers route offers some very distinct advantages to the...
Hundreds of Microsoft SQL servers found to be backdoored
Researchers at DCSO CyTec recently found a backdoor that specifically targets Microsoft SQL servers. The malware acts as an Extended Stored Procedure, which is a special type of extension used by Microsoft SQL servers. After scanning approximately 600,000 servers worldwide, they found 285 servers...
Firefox, Thunderbird, receive patches for critical security issues
Mozilla has published updates for two critical security issues in Firefox and Thunderbird, demonstrated during Pwn2Own Vancouver. The vulnerabilities, discovered in the Firefox JavaScript engine shared by the Firefox-based Tor browser relate to Firefox 100.0.2, Firefox for Android 100.3.0, and...
Inside Apple: How macOS attacks are evolving
The start of fall 2021 saw the fourth Objective by the Sea OBTS security conference, which is the only security conference to focus exclusively on Apples ecosystem. As such, it draws many of the top minds in the field. This year, those minds, having been starved of a good security conference for ...
The best browsers for privacy and security
Unfortunately there is a low correlation factor between what most people find the best browsers and what are the best browsers when it comes to privacy and security. If you look at the market share of the most popular browsers, there is one browser that steals the crown without a lot of...
Amazon will pay you $10 for your palm prints. Should you be worried?
Retail giant Amazon recently offered to pay $10 USD for your palm prints. Would you offer them your hand? Many seem to home in and seethe over the price being too little for something as priceless and unique as their palm print, not realizing that when it does come to registering biometric data i...
Signal app insists it’s so private it can’t provide subpoenaed call data
Signal—the private, end-to-end encrypted messaging app that surged in popularity in recent months—once again reminded criminal investigators that it could not fully comply with a legal request for user records and communications because of what it asserts as a simple, unchanging fact: The records...
Ransomware is targeting vulnerable Microsoft Exchange servers
The Microsoft Exchange attacks using the ProxyLogon vulnerability, and previously associated with the dropping of malicious web shells, are taking on a ransomware twist. Until now, the name of the game has been compromise and data exfiltration, with a bit of cryptomining on the side. To summarise...
Scammers, profiteers, and shady sites? It must be tax season
US tax season is upon us, a time of the year when a special kind of vermin comes crawling out of the woodwork: tax scammers! Not that their goals are any different from any other scammers. They want your hard-earned dollars in their pockets. Most of the tax-related attacks follow a few tried and...
RDP, the ransomware problem that won’t go away
The year 2020 will certainly be remembered as one of the most difficult and tragic years humankind has faced in modern times. The global pandemic changed the way we live and work in ways unimaginable, perhaps forever. It also altered the cybersecurity landscape dramatically. The FBI reported a 30...
Pow! Emotet’s down. Is it out?
In a coordinated action, multiple law enforcement agencies have seized control of the Emotet botnet. Agencies from eight countries worked together to deliver what they hope will be a decisive blow against one of the worlds most dangerous and sophisticated computer security threats. The Emotet...
Threat spotlight: WastedLocker, customized ransomware
WastedLocker is a new ransomware operated by a malware exploitation gang commonly known as the Evil Corp gang. The same gang that is associated with Dridex and BitPaymer. The attribution is not based on the malware variants as WastedLocker is very different from BitPaymer. What was kept was the...
Shining a light on “Silent Night” Zloader/Zbot
When it comes to banking Trojans, ZeuS is probably the most famous one ever released. Since its source code originally leaked in 2011, several new variants proliferated online. That includes a past fork called Terdot Zbot/Zloader, which we extensively covered in 2017. But recently, we observed...
Introducing Malwarebytes Privacy
Here at Malwarebytes, we’re no strangers to using virtual private networks VPNs to protect our privacy while browsing online. Regular readers of our blog will remember that we’ve advised on VPN usage on many occasions, whether for mobile device users looking for anonymity or business owners wanti...
Fraudsters cloak credit card skimmer with fake content delivery network, ngrok server
Threat actors love to abuse legitimate brands and infrastructure—this, we know. Last year we exposed how web skimmers had found their way onto Amazon's Cloudfront content delivery network CDN via insecure S3 buckets. Now, we discovered scammers pretending to be CDNs while exfiltrating data and...
Spelevo exploit kit debuts new social engineering trick
2019 has been a busy year for exploit kits, despite the fact that they haven't been considered a potent threat vector for years, especially on the consumer side. This time, we discovered the Spelevo exploit kit with its virtual pants down, attempting to capitalize on the popularity of adult...
Growing rate of robocalls threatens user privacy
When a person sees a call from an unknown number and picks up to hear a recorded voice on the other end, they've received a robocall. Some are helpful, such as reminders of upcoming doctor's appointments or school announcements. However, the vast majority are from unsolicited parties trying to...
Emotet is back: botnet springs back to life with new spam campaign
After a fairly long hiatus that lasted nearly four months, Emotet is back with an active spam distribution campaign. For a few weeks, there were signs that the botnet was setting its gears in motion again, as we observed command and control C2 server activity. But this morning, the Trojan started...
A week in security (June 24 – 30)
Last week on Malwarebytes Labs, we peeled back the mystery on an elusive malware campaign that relied on blank JavaScript injections, detailed for readers our latest telemetry on the tricky GreenFlash Sundown exploit, and looked at one of the top campaigns directing traffic toward scareware pages...
Facebook’s plain text misstep, and other password sins
Two days after an article by Brian Krebs disclosed that hundreds of millions of Facebook account passwords had been stored in plain text for years, Facebook released a statement indicating they hash and salt passwords, more or less in accordance with industry best practice. Plain text storage of...
A week in security (April 16 – April 22)
Last week, we took a stroll down memory lane talking about Facebook and MySpace, noticed a change in the Magnitude exploit kit—wherein it started adopting the GandCrab ransomware, took a good look at a new form of adware that is based on Python, chatted a bit about Russian hacking with a...