4709 matches found
Traditional AV solutions shown ineffective in real-time global heat map
It's no secret that antivirus technology AV has faced increased scrutiny in the tech industry for quite some time. With signature-based detection methods, traditional AV solutions are simply weak against unknown malware and other malicious content. Meanwhile, consumers and businesses continue to...
Insider threats in your work inbox
Recently, our friends at Barracuda found a new phishing campaign that banks on the popularity of cloud services used in most businesses, such as Microsoft Office 365. According to their blog post, this latest scheme takes advantage of the natural trust employees place on messages they receive fro...
Terror EK actor experiments with URL shortener fraud
Terror EK is an exploit kit made from a mishmash of stolen code and with very limited distribution. In the past few months, we have seen a few minor updates to its code base which remains largely simplistic in comparison to professional-grade exploit kits of the past such as Angler EK, or...
Ransomware in 2023 recap: 5 key takeaways
This article is based on research by Marcelo Rivero, Malwarebytes’ ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, “known attacks” are those where the victim did not pay a ransom. This provides the best overall picture of...
Ivanti vulnerabilities now actively exploited in massive numbers
Last week we wrote about two vulnerabilities in all supported versions of Ivanti Connect Secure and Ivanti Policy Secure Gateways that were being actively exploited. The researchers that discovered the active exploitation are warning that these attacks are now very widespread. "Victims are global...
Oops! Black Basta ransomware flubs encryption
Researchers at SRLabs have made a decryption tool available for Black Basta ransomware, allowing some victims of the group to decrypt files without paying a ransom. The decryptor works for victims whose files were encrypted between November 2022 and December 2023. The decryptor, called Black Bast...
Update vCenter Server now! VMWare fixes critical vulnerability
VMWare has issued an update to address one out-of-bounds write and one information disclosure vulnerability in its server management software, vCenter Server. Since there are no in-product workarounds, customers are advised to apply the updates urgently. The affected products are VMware vCenter...
Two Apple issues added by CISA to its catalog of known exploited vulnerabilities
The Cybersecurity & Infrastructure Security Agency CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This means that Federal Civilian Executive Branch FCEB agencies need to remediate this vulnerability by October 2, 20...
A week in security (August 21 - August 27)
Last week on Malwarebytes Labs: Teenage members of Lapsus$ ransomware gang convicted Update now! Google Chrome's first weekly update has arrived Smart lightbulb and app vulnerability puts your Wi-Fi password at risk Malwarebytes acquires Cyrus Security Ivanti Sentry critical vulnerability--don't...
Update now! Google Chrome's first weekly update has arrived
Google has published details about the first weekly update for the Chrome browser. Recently Google announced that it would start shipping weekly security updates for the Stable channel the version most of us use. Regular Chrome releases will still come every four weeks, but to get security fixes...
Android 14 developer preview highlights multiple security improvements
Android developers have been given a taste of whats to come in the next big step up in mobile land, thanks to Android 14 waiting on the horizon. The developer preview is a great way for those most familiar with the mobile operating system to see which changes theyll enjoy and what ones theyll hav...
Playing Doom on a John Deere tractor with Sick Codes: Lock and Code S03E18
In 1993, the video game developers at id Software released Doom, a first-person shooter that placed a nameless protagonist into the fiery depths of hell, equipped with an arsenal of weapons to mow down imps, demons, lost souls, and the intimidating "Barons of Hell." In 2022, the hacker Sick Codes...
Watch out for the email that says “You have a new voicemail!”
A phishing campaign is using voicemail notification messages to go after victims Office 365 credentials. According to researchers at ZScaler, the campaign uses spoofed emails with an HTML attachment that contains encoded javascript. The email claims that you have a new voicemail and that you can...
CISA advises D-Link users to take vulnerable routers offline
On April 4 2022, the Cybersecurity & Infrastructure Security Agency CISA added CVE-2021-45382 to its known exploited vulnerabilities catalog. But since the affected products have reached end of life EOL, the advice is to disconnect them, if still in use. CISA catalog The CISA catalog of known...
Millions of GoDaddy customer data compromised in breach
Domain name registrar giant and hosting provider GoDaddy yesterday disclosed to the Securities and Exchange Commission SEC that it had suffered a security breach. In the notice, it explained it had been compromised via an "unauthorized third-party access to our Managed WordPress hosting...
Vulnerable WordPress plugin leaves online shoppers vulnerable
The most popular web content management system CMS is WordPress, which is used by more than 30% of all websites. By extension, the most popular ecommerce platform in the world is WooCommerce, a plugin that turns a WordPress website into an online shop. In fact, WooCommerce is so popular that it...
How to delete your Twitter account: the deactivation process
You may decide to delete your Twitter account, because social media isn’t for everyone. Perhaps you set up an account to see what the big deal is. Maybe you wanted to hang out with friends but you’re all moving to a new platform. It’s possible the service just isn’t very good and filled with trol...
“Have I been pwnd?”– What is it and what to do when you *are* pwned
Adobe. Yahoo!. The US Department of Energy DoE. The New York Times. What these names have in common is that they have all experienced at least one breach in 2013—the year when threat actors started targeting organizations across industries to either steal data for profit or leak them to "teach...
When contractors attack: two years in jail for vengeful IT admin
An IT contractor working for an IT consultancy company took it upon himself to perform an act of revenge against the firm he worked at, after they complained about his performance. The charge he faced was breaking into the network of a company in Carlsbad, California. And it got him two years in...
Careers in cybersecurity: Malwarebytes talks to teachers and students
Every year, I take part in talks for universities and schools. The theme is often breaking into infosec. I give advice to teens considering pursuing tech as a further area of study. I explain a typical working day for degree undergraduates. Sometimes I’m asked to give examples of conference talks...
Yandex sysadmin caught selling access to email accounts
Yandex, a European multinational technology firm best known for being the most-used search engine in Russia, has revealed it had a security breach, leading to the compromise of almost 5,000 Yandex email accounts. The company says it spotted the breach after a routine check by its security team...
A week in security (January 4 – January 10)
Last week on Malwarebytes Labs, we released survey results about VPN usage and found that 36 percent of our respondents use it. We also talked about Adobe Flash Player reaching its end of life—meaning, Adobe wont be supporting the updating and patching of its Flash Player software; covered the...
Adobe Flash Player reaches end-of-life
“What now? My farm is no longer working. Can you have a look, honey?” Like millions of other people my wife likes to play online browser games. You know, the ones that don’t require a fast connection because your virtual life is not in constant danger, and an occasional harvest is enough to make...
VideoBytes: Brute force attacks increase due to more open RDP ports
Hello Folks! In this Videobyte, we’re talking about why brute force attacks are increasing and why that is a problem for everyone. The number of RDP ports exposed to the Internet grew from about three million in January 2020 to over four and a half million in March. The reason for this increase i...
When the coronavirus infodemic strikes
Social media sites are stepping up their efforts in the war against misinformation… specifically, the coronavirus/COVID-19 infodemic30461-X/fulltext. There’s a seemingly endless stream of potentially dangerous misinformation flying around online related to the COVID-19 pandemic, and that could ha...
How CVSS works: characterizing and scoring vulnerabilities
The Common Vulnerability Scoring System CVSS provides software developers, testers, and security and IT professionals with a standardized process for assessing vulnerabilities. You can use the CVSS to assess the threat level of each vulnerability, and then prioritize mitigation accordingly. This...
Coronavirus Bitcoin scam promises “millions” working from home
In the last week, we’ve seen multiple coronavirus scams pushed by bad actors, including RAT attacks via fake health advisories, bogus e-books working in tandem with Trojans, and lots of other phishing shenanigans. Now we have another one to add to the ever-growing list: dubious coronavirus Bitcoi...
Phone spampocalypse: fighting back in the age of unwanted calls
When Nigel Guest, then president of the Council of Neighborhood Associations CNA, sent an email with the subject line, “test,” and the small letter “x” in its message body, the city of Berkeley, CA, went into a frenzy. You see, Mr. Guest thought he sent it only to himself, but he actually posted...
Safari users: Where did your extensions go?
Safari 12 has brought with it some changes to how OSX handles browser extensions. At WWDC in June, Apple announced that Safari would block legacy extensions installed from outside the Extensions Gallery, which itself would now be deprecated. As a replacement, Safari will now rely on "app...
How to build an incident response program: GDPR guidelines
In today’s computing world, it is not a matter of “if” an organization will get compromised, but “when.” That’s why, in addition to the European Union’s General Data Protection Regulation GDPR going into effect this May, many organizations need to have a robust incident response program to ensure...
When an “Outstanding” rating from CNET isn’t enough
The editors at respected tech site CNET/Download.com recently awarded Malwarebytes for Windows with an “outstanding” rating of 4.5 stars out of five. In the review, editor Tom McNamara recommended Malwarebytes because the scanning engine is of “high quality,” it works well with Windows 10, and do...
A week in security (October 02 – October 08)
Last week, we gave you some tips for National Cybersecurity Awareness Month, walked through an exploration of a small adware file, and explored the complicated world of the Homograph attack. Here's what else happened in security. VB2017 Many of our team members attended VB2017 in Madrid, one of t...
A week in security (July 31 – August 6)
Last week we explored some basic PowerShell commands, dived into the new methods used by TrickBot, and wrote at length about the Magnitude exploit kit redirection chain. Our teams were busy at both BlackHat and DefCon, and outside of those famous hallways, we also took time to fire up some basic...
Booking.com phish uses fake CAPTCHAs to trick hotel staff into downloading malware
A new phishing campaign that uses the fake CAPTCHA websites we reported about recently is targeting hotel staff in a likely attempt to access customer data, according to research from ThreatDown. Here's how it works: Cybercriminals send a fake Booking.com email to a hotel’s email address, asking...
Big name TikTok accounts hijacked after opening DM
High profile TikTok accounts, including CNN, Sony, and—er—Paris Hilton have been targeted in a recent attack. CNN was the first account takeover that made the news, with Semafor reporting that the account was down for several days after the incident. According to Forbes, the attack happens witho...
Introducing ThreatDown: A new chapter for Malwarebytes
Since I started Malwarebytes 15 years ago the threat landscape has changed. Our offerings have evolved. And now the next chapter of our journey begins today. How did we get here? My first cyber “combatant” was an early form of adware running amok on my family’s computer. Removing it was a team...
Update now, there's a Chrome zero-day in the wild
Google has announced an important update for Chrome to help fend off a zero-day. The update fixes several issues, and readers are advised to ensure they're using the latest version of the browser. Mitigation If youre using Chrome on Mac, Windows, or Linux, you need to update as soon as you possib...
Malwarebytes earns AV-TEST Top Product awards for fifth consecutive quarter
AV-TEST, a leading independent tester of cybersecurity solutions, has just ranked Malwarebytes as a Top Product for consumers and businesses for the fifth quarter in a row. Every two months, experts at AV-Test evaluate Windows antivirus software across three categories: Protection against malware...
Evasive Shikitega Linux malware drops Monero cryptominer
Researchers from the AT&T Alien Labs Resarch have discovered a new and stealthy Linux malware it's dubbed Shikitega. Once it's on a machine or device, Shitega executes a "multistage infection chain" involving small files, a couple of vulnerabilities, and the use of Mettle, a portable Metasploit...
Warning! Instagram Stories hides a scam in plain sight
When someone finds their social media account compromised, they first think about letting their followers know. And they do. They warn others from reading any strange posts, usually containing a rogue link, before they sort out the matter behind the scenes. Some curious followers who missed these...
A new rootkit comes to an ATM near you
Its not unusual to hear about malware created to affect automated teller machines ATMs. Malware can be planted at the ATMs PC or its network, or attackers could launch a Man-in-the-Middle MiTM attack. Recently, a new rootkit, which the Mandiant Advanced Practices team have named CAKETAP, was foun...
Beyond the VPN: Ultimate online privacy, with The Tor Project’s Isabela Bagueros: Lock and Code S02E20
"What does online privacy mean to you?" This beguilingly simply question can produce dozens of overlapping and distinct answers, all depending on who you ask. A VPN service might tell you that online privacy means obscuring your IP address and hiding your Internet activity from your Internet...
Chrome casts away the padlock—is it good riddance or farewell?
It’s been an interesting journey for security messaging where browsers are concerned. Back in the day, many of the websites you’d visit on a daily basis weren’t secure. By secure, I mean that they didnt use HTTPS. There was no padlock, which meant that the traffic between you and the website wasn...
MITRE introduces D3FEND framework
The US National Security Agency NSA has announced it will fund the development of a knowledge base of defensive countermeasures for the most common techniques used by malicious threat actors. The project will be made available through MITRE and will be called D3FEND as it complements MITRE’s...
City of Liège hit by ransomware, Ryuk suspected
Liège, the third largest city in Belgium, and a major educational hub, has been hit by a ransomware attack, disrupting its IT services and network. The municipality of Lieges official website, which was translated from the French. According to its official website pictures above: The City of Lièg...
WhatsApp reverses course, will not limit app functionality
WhatsApp, the end-to-end encrypted messaging service that has lost users, its founders, and a large amount of public goodwill, issued a reversal on its recent privacy policy enforcement measures, clarifying that it will no longer punish users who refuse to share some of their data with the...
What is Smishing? The 101 guide
Smishing is a valuable tool in the scammers armoury. Youve likely run into it, even if you didnt know that is its name. It doesnt arrive by email or social media direct message, instead choosing a route directly aimed at what may be your most personal device: the mobile phone. So, what is Smishin...
Mother charged with using deepfakes to shame daughter’s cheerleading rivals
A Pennsylvania woman reportedly sent doctored photos and videos of her daughters cheerleader rivals to their coaches, in an attempt to embarrass them and get them kicked off the team. Shes alleged to have used deepfake technology to create photo and video depictions of the girls naked, drinking,...
Fonix ransomware gives up life of crime, apologizes
Ransomware gangs deciding to pack their bags and leave their life of crime is not new, but it is a rare thing to see indeed. And the Fonix ransomware also known as FonixCrypter and Xinof, one of those ransomware-as-a-service RaaS offerings, is the latest to join the club. End of FonixCrypter...
Ubiquiti breach, and other IoT security problems
Networking equipment manufacturer Ubiquiti sent out an email to warn users about a possible data breach. The email stated there had been unauthorized access to its IT systems that are hosted with a third-party cloud provider. Ubiquiti Networks sells networking devices and IoT devices. It did not...