4706 matches found
UPDATED: Patch now! Emergency fix for PrintNightmare released by Microsoft
Last week we wrote about PrintNightmare, a vulnerability that was supposed to be patched but wasnt. After Junes Patch Tuesday, researchers found that the patch did not work in every case, most notably on modern domain controllers. Yesterday, Microsoft issued a set of out-of-band patches that sets...
Android “System Update” malware steals photos, videos, GPS location
A newly discovered piece of Android malware shares the same capabilities found within many modern stalkerware-type apps—it can swipe images and video, rifle through online searches, record phone calls and video, and peer into GPS location data—but the infrastructure behind the malware obscures it...
OVH cloud datacenter destroyed by fire
A fire in one of the OVH datacenters has destroyed one datacenter and knocked two others offline. It took 100 firefighters and 43 fire trucks to fight the fire in the five-story building. Even though the fire department was quick to respond, and the fire was brought under control relatively...
Fresh “video games” site welcomes new users with Steam phish
Over the weekend, I received this unsolicited message from an acquaintance on Steam: 1 free game for new users! Take the game you want https://t.co/redacted Fortunately, other friends on Steam were quick to publicly warn others about potentially hacked accounts spamming dubious messages to anyone...
Pre-installed auto installer threat found on Android mobile devices in Germany
Users primarily located in Germany are experiencing malware that downloads and installs on their Gigaset mobile devices—right out of the box! The culprit installing these malware apps is the Update app, package name com.redstone.ota.ui, which is a pre-installed system app. This app is not only th...
Healthcare security update: death by ransomware, what’s next?
A recent ransomware attack which played a significant role in the death of a German woman has put into focus both the dangers and the importance of cybersecurity today. But it has also led some to point fingers as to who was responsible. As usual, playing the blame game helps no one, but it does...
ownCloud vulnerability can be used to extract admin passwords
ownCloud has warned users about three critical security flaws in its file-sharing software which, if exploited, could reveal sensitive information and modify files. An especially and potentially impactful one is a vulnerability that could lead to disclosure of sensitive credentials and...
Medical industry struggles with PACS data leaks
In the medical world, sharing patient data between organizations and specialists has always been an issue. X-Rays, notes, CT scans, and any other data or related files have always existed and been shared in their physical forms slides, paperwork. When a patient needed to take results of a test to...
SonicWall warns users of “imminent ransomware campaign”
This post has been updated with a statement from SonicWall below SonicWall has issued an urgent security notice warning users of unpatched End-Of-Life EOL SRA & SMA 8.X remote access devices that they have been made aware of an imminent ransomware campaign using stolen credentials. The exploitati...
Vidar and GandCrab: stealer and ransomware combo observed in the wild
We have been tracking a prolific malvertising campaign for several weeks and captured a variety of payloads, including several stealers. One that we initially identified as Arkei turned out to be Vidar, a new piece of malware recently analyzed in detail by Fumik0 in his post: Let’s dig into Vidar...
Good Twitter Samaritans accidentally prevent shoeshine scam
A few days ago, Indian news portals were buzzing with tales of a well-worn shoeshine scam making its way into social media. It’s a great example of how good-natured gestures can unwittingly aid scammers when we combine high-visibility accounts with potential lack of fact checking. Thankfully, it...
PrintNightmare and RDP RCE among major issues tackled by Patch Tuesday
The sheer number of patches 44 security vulnerabilities should be enough to scare us, but unfortunately we have gotten used to those numbers. In fact, 44 is a low number compared to what we have seen on recent Patch Tuesdays. So what are the most notable vulnerabilities that were patched. One...
UPDATED: Kaseya hijacked, thousands attacked by REvil, fix delayed again
Malwarebytes does not use Kaseya products. Malwarebytes detects the REvil ransomware used in this attack as Sodinokibi. Latest updates July 7, 8:30 am, Kaseya VSA SaaS platform still offline, not updated as planned July 6, 3:40 pm, malspam using fake Kaseya security update July 6, 3:15 am,...
Honda and Enel impacted by cyber attack suspected to be ransomware
Car manufacturer Honda has been hit by a cyber attack, according to a report published by the BBC, and later confirmed by the company in a tweet. Another similar attack, also disclosed on Twitter, hit Edesur S.A., one of the companies belonging to Enel Argentina which operates in the business of...
Microsoft Exchange attacks cause panic as criminals go shell collecting
Only last week we posted a blog about multiple zero-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. Seeing how this disclosure came with a patch being available, under normal circumstances you would see some companies update...
CISA list of 95 new known exploited vulnerabilities raises questions
On Friday March 3, the Cybersecurity and Infrastructure Security Agency CISA added a whopping number of 95 new known exploited vulnerabilities to its Known Exploited Vulnerabilities Catalog. This catalog provides Federal Civilian Executive Branch FCEB agencies with a list of vulnerabilities that...
IoT riddled with BadAlloc vulnerabilities
The Cybersecurity and Infrastructure Security Agency CISA has published advisory ICSA-21-119-04 about vulnerabilities found in multiple real-time operating systems RTOS and supporting libraries. Those operating systems and libraries are widely used in smart, Internet-connected "things". The numbe...
Millions of Chrome users quietly added to Google’s FLoC pilot
Last month, Google began a test pilot of its Federated Learning of Cohorts—or FLoC—program, which the company has advertised as the newest, privacy-preserving alternative in Google Chrome to the infamous third-party cookie. Sounds promising, right? Well, about that. Despite Google’s rhetoric abou...
21 million free VPN users’ data exposed
Detailed credentials for more than 21 million mobile VPN app users were swiped and advertised for sale online last week, offered by a cyber thief who allegedly stole user data collected by the VPN apps themselves. The data includes email addresses, randomly generated password strings, payment...
A week in security (January 14 – 20)
Last week on the Malwarebytes Labs blog, we took a look at how the government shutdown is influencing cybersecurity jobs, Advanced Persistent Threats group APT10, the comeback of Fallout EK, the hosting of malicious sites on legitimate servers, and the Collection 1 data breach. Other cybersecurit...
Update now! Microsoft patches Follina, and many other security updates
The June 2022 Patch Tuesday may go down in history as the day that Follina got patched, but there was a host of other important updates. And not just from Microsoft. Many other software vendors follow the pattern of monthly updates set by the people in Redmond. Microsoft Microsoft released update...
Relax. Internet password books are OK
Passwords are a hot topic on social media at the moment, due to the re-emergence of a discussion about good password management practices. There’s a wealth of password management options available, some more desirable than others. The primary recommendation online is usually a software-based...
Busted! Fraud-as-a-Service gang that sold 2FA-proof phishing arrested
The Dutch police announced that they arrested two Dutch citizens, aged 24 and 15, for developing and selling phishing panels. The police also searched the house of another suspect, an 18 year old who was not arrested. The people behind this illegal business called themselves the Fraud Family and...
Shady scam bots trick Omegle users into nonconsensual video sex recordings
14-year old Michael not his real name from Scandinavia first visited Omegle, the video online chat that has become hugely popular since the start of the pandemic, after hearing about "unpredictable and weird encounters" one may experience on the site from other students in school. He was intrigue...
Update your Chrome again as Google patches second zero-day in two weeks
Before you start to Google for election news, wed like you to check whether your browser is at the latest and safest version. “Again?”, Chrome users may say. Yes, because Google has found another zero-day vulnerability - that means its a hole that is actively being exploited right now. Its the...
VPN Test: How to check if your VPN is working or not
The primary function of a Virtual Private Network VPN is to enhance your online privacy and security. It should do this without slowing your Internet too noticeably. Performing a VPN test or two can help you ensure that its up to the mark. VPN privacy test Your Internet Service Provider ISP assig...
How one word can disable an iPhone’s WiFi functionality
A researcher has found a way to disable the WiFi functionality on iPhones by getting them to join a WiFi hotspot with a weird name. This shouldnt be happening. The first thing you learn in coding school when it comes to input which is literally any data a device has to do something with is to...
Hosting malicious sites on legitimate servers: How do threat actors get away with it?
How do threat actors manage to get their sites and files hosted on legitimate providers’ servers? I have asked myself this question many times, and many times thought, “The threat actors pay for it, and for some companies, money is all that matters.” But is it really that simple? I decided to fin...
Aurora campaign: Attacking Azerbaijan using multiple RATs
This post was authored by Hossein Jazi As tensions between Azerbaijan and Armenia continue, we are still seeing a number of cyber attacks taking advantage of this situation. On March 5th 2021, we reported an actor that used steganography to drop a new .Net Remote Administration Trojan. Since that...
Sorry, Joe Biden isn’t offering you a work visa, it’s a scam
A US diplomatic mission in Nigeria warns of a visa scam affecting Nigerian citizens looking to move to the United States. It’s an old scam message, dressed up with a fresh coat of paint. Shall we take a look? Fraud Alert! Scammers and fraudsters are circulating a fake “press release” claiming to...
The Roblox Robux generator is too good to be true
Roblox is an enormously popular MMORPG title for kids available on both PC and console, and it suffers no end of scammers trying to fleece its players as a result. While the game tries to block and filter text/URLs and comes with additional security features, potentially dubious sites also bounce...
The story of ZeroLogon
This is the story of a vulnerability that was brought about by the incorrect use of an encryption technique. After it was discovered by researchers, the vulnerability was patched and that should have been the end of the story. Unfortunately the patch caused problems of its own, which made it very...
UDP Technology IP Camera firmware vulnerabilities allow for attacker to achieve root
Researchers at RandoriSec have found serious vulnerabilities in the firmware provided by UDP Technology to Geutebrück and many other IP camera vendors. According to the researchers the firmware supplier UDP Technology fails to respond to their reports despite numerous mails and LinkedIn messages...
Bluetooth vulnerability can be exploited in Key Negotiation of Bluetooth (KNOB) attacks
Those who are familiar with Bluetooth BR/EDR technology aka Bluetooth Classic, from 1.0 to 5.1 can attest that it is not perfect. Like any other piece of hardware or software technology already on market, its usefulness comes with flaws. Early last week, academics at Singapore University of...
Update now! April’s Patch Tuesday includes a fix for one zero-day
Its Patch Tuesday again. Microsoft and other vendors have released their monthly updates. Among a total of 97 patched vulnerabilities there is one actively exploited zero-day. Microsoft classifies a vulnerability as a zero-day if it is publicly disclosed or actively exploited with no official fix...
Keeping up with the Petyas: Demystifying the malware family
Last June 27, there was a huge outbreak of a Petya-esque malware with WannaCry-style infector in the Ukraine. Since there is still confusion about how exactly this malware is linked to the original Petya, we have prepared this small guide on the background of the Petya family. The origin of Petya...
Who is to blame for the malicious Barcode Scanner that got on the Google Play store?
In our last blog, Barcode Scanner app on Google Play infects 10 million users with one update, we wrote about a barcode scanner found on the Google Play store that was infected with Android/Trojan.HiddenAds.AdQR. All initial signs led us to believe that LavaBird LTD was the developer of this...
New DazzleSpy malware attacks macOS
DazzleSpy, a piece of malware that attacks macOS, was discovered last fall by researchers at ESET, and now those researchers have released more detailed findings. DazzleSpy, according to the researchers at ESET, was being spread via watering hole attacks via pro-democracy websites in China. It...
SolarWinds attackers launch new campaign
Nobelium is a synthetic chemical element with the symbol No and atomic number 102. It is named in honor of Alfred Nobel. But it is also the name given to the threat actor that is behind the attacks against SolarWinds, the Sunburst backdoor, TEARDROP malware, GoldMax malware, other related...
Apply those updates now: CVE bypass offers up admin privileges for Windows 10
If you’re running Windows 10, it’s time to stop delaying those patches and bring your systems up to date as soon as possible. Bleeping Computer reports that a researcher has come up with a bypass for an older bug, which could serve up some major headaches if left to fester. Those headaches will...
The life and death of the ZeuS Trojan
Whether youve read up on Greek mythology or youre simply a big fan of Marvel comics, the name "Zeus" should be familiar to you. In the context of cybercrime though, ZeuS aka the Zbot Trojan is a once-prolific malware that could easily be described as one of a handful of information stealers ahead...
Google patches actively exploited zero-day bug that affects Chrome users
Google has recently released Chrome version 86.0.4240.111 to patch several holes. One is for a zero-day flaw - that means a vulnerability that is being actively exploited in the wild. The flaw, which is officially designated as CVE-2020-15999, occurs in the way FreeType handles PNG images embedde...
Ransomware isn’t just a big city problem
This month, one ransomware story has been making a lot of waves: the attack on Baltimore city networks. This attack has been receiving more press than normal, which could be due to the actions taken or not taken by the city government, as well as rumors about the ransomware infection mechanism...
Android patches for 4 in-the-wild bugs are out, but when will you get them?
In the Android Security Bulletin of May 2021, published at the beginning of this month, you can find a list of roughly 40 vulnerabilities in several components that might concern Android users. According to info provided by Googles Project Zero team, four of those Android security vulnerabilities...
What is scareware?
Scareware is a type of rogue program which has been around for many years, arguably dating back to 1990. It can be installed without permission, or via deception and false promises. Scareware is primarily used to panic or worry someone into performing a task they otherwise wouldn’t have done. The...
A user’s right to choose: Why Malwarebytes detects Potentially Unwanted Programs (PUPs)
Potentially Unwanted Programs PUPs: the name says it all. While the programs themselves might have legitimate uses, their vendors often use inappropriate methods to drive downloads or hide within a program bundle. At Malwarebytes, we feel we have an obligation to help protect our customers from...
Reputation management in the age of cyberattacks against businesses
Avid readers of the Malwarebytes Labs blog would know that we strive to prepare businesses of all sizes for the inevitability of cyberattacks. From effectively training employees about basic cybersecurity hygiene to guiding organizations in formulating an incident response IR program, a...
Update now! Microsoft fixes two zero-day bugs
Microsoft, and other vendors, have released their monthly updates. In total Microsoft has fixed a total of 101 vulnerabilities for several titles including Edge, with two of them being actively exploited zero-days. On top of that, Adobe has fixed an actively exploited vulnerability in ColdFusion...
Collection 1 data breach: what you need to know
Yesterday, news broke that the largest data dump in history had been discovered, with more than 770 million people's Personally Identifiable Information PII decrypted, catalogued, and up for grabs on the Internet. The files, which are being dubbed Collection 1, were originally found on cloud...
“Multiple adversaries” exploiting Confluence vulnerability, warns Microsoft
Microsoft has warned that "multiple adversaries and nation-state actors" are making use of the recent Atlassian Confluence RCE vulnerability. A fix is now available for CVE-2022-26134. It is essential users of Confluence address the patching issue immediately. Confluence vulnerability: Background...