Vastaamo psychotherapy data breach sees the most vulnerable victims extorted

“Hell is too nice a place for these people.” Never have we seen outrage about a cybercrime at such a level. The outrage is aimed at cybercriminals behind the data breach that occurred at Finnish psychotherapy practice Vastaamo. Vastaamo, which has treated some 40,000 patients, is a subcontractor ...

Lock and Code S1Ep10: Pulling apart the Internet of Things with JP Taggart

This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to JP Taggart, senior security researcher at Malwarebytes, about the Internet of Things. For years, Internet capabilities have crept into modern consumer...

A week in security (June 22 – 28)

Last week on Malwarebytes Labs, we provided a zero-day guide for 2020 featuring recent attacks and advanced preventive techniques, and we learned how to cough in the face of scammers, offering security tips for the 2020 tax season. We also looked at a web skimmer hiding within EXIF metadata that...

Keep Zoombombing cybercriminals from dropping a load on your meetings

While shelter in place has left many companies struggling to stay in business during the COVID-19 epidemic, one company in particular has seen its fortunes rise dramatically. Zoom, the US-based maker of teleconferencing software, has become the web conference tool of choice for employees working...

Securing the MSP: best practices for vetting cybersecurity vendors

Ironically, to keep costs low for their enterprise and mid-market clients, managed service providers MSPs are some of the most reliant on third-party vendors—including those providing security. While this is generally not an indication of dysfunction or vulnerability, the responsible MSP will be...

Stalkerware and online stalking are accepted by Americans. Why?

Despite warnings from domestic abuse networks, privacy rights advocates, and a committed faction of cybersecurity vendors, Americans may be accepting and minimizing online stalking behaviors, including the use of invasive apps that can pry into a user’s text messages, emails, photos, videos, and...

Malwarebytes Labs releases 2020 State of Malware Report

Today is Safer Internet Day—and what better way to celebrate/pay homage than to immerse yourself in research on the latest in malware, exploits, PUPs, web threats, and data privacy? It so happens we've got just the right content to kick-start the party because today we released the results of our...

Washington Privacy Act welcomed by corporate and nonprofit actors

The steady parade of US data privacy legislation continued last month in Washington with the introduction of an improved bill that would grant state residents the rights to access, control, delete, and port their data, as well as opting out of data sales. The bill, called the Washington Privacy...

How to protect yourself from doxing

“Abandon hope all ye who enter.” This ominous inscription affixed atop the gates to Hell in Dante’s Divine Comedy applies peculiarly well to describe the state of the Internet today. It’s hard to draw a parallel to the utility that the Internet has offered to modern civilization—perhaps no other...

Europol: Ransomware remains top threat in IOCTA report

The European Union Agency for Law Enforcement Cooperation, or Europol, just released its annual Internet Organized Crime Threat Assessment IOCTA report for the year. And we weren’t surprised to find that ransomware, despite its palpable decline in volume these past few months—a trend we’ve also...

A week in security (September 9 – 15)

Last week on the Labs blog, we looked at free VPN offerings, how malware can hinder vital emergency services, and explored how the Heartbleed vulnerability is still causing problems. We also talked about a large FTC settlement involving Google, and how to keep an eye out for leaky AWS buckets...

Capital One breach exposes over 100 million credit card applications

Just as we were wrapping up the aftermath of the Equifax breach—how was that already two years ago?—we are confronted with yet another breach of about the same order of magnitude. Capital One was affected by a data breach in March. The hacker gained access to information related to credit card...

UK law enforcement: an uphill struggle to fight hackers

About 16 years ago in the UK, I walked into a local police station to report a computer crime, because walking into local police stations is how they did things back then. There may well also have been penny farthing bicycles, real pea souper fogs, Mary Poppins, and Jack the Ripper, though I coul...

What is cryptocurrency and why do cybercriminals love it?

Ever pretend you know what your friends are talking about because you want to sound smart and relevant—and then trap yourself in a lie? “Wow, looks like those hackers were mining for cryptocurrency. You know what cryptocurrency is, right?” “Oh yeah, totally. Cryptocurrency. Bad stuff. You know...

BYOD, why don’t you?

Bring Your Own Device BYOD is a policy that allows employees to bring their own devices to the workplace and use them there. At one time, this was the latest bonus to attract and keep employees happy—plus save a few bucks. Nowadays the question is more like: Is there anyone who doesn't bring his...

Cerber ransomware delivered in format of a different order of Magnitude

As a follow up to our study into the Magnitude exploit kit and its gate which we profiled in a previous blog post, we take a look at an interesting technique used to distribute the Cerber ransomware. Exploit kits are a very effective means of serving malicious payloads and an important aspect is...

Barclays Bank customers targeted by phishers

Today we have a phish targeting customers of Barclays Bank, located at: bankdotbarclaydotcodotukdotolbdotauthdotloginlinkdotactiondotp1242557947640dotchofcgdotcom/bd/ The phish opens up with an initial lunge for personal details: The first page asks for a surname, then offers the potential victim...

Microsoft patches bug that could have allowed an attacker to revert your computer back to an older, vulnerable version

Microsoft has released a patch for a bug for a "downgrade attack" that was recently revealed by researchers at security conferences Black Hat and Def Con. What does that mean in layman terms? You: Let me check whether my system is fully updated Windows: Sure, all’s well Attacker: Chuckles and...

Recently-patched Apache Struts vulnerability used in worldwide attacks

Attackers are exploiting a critical vulnerability in Apache Struts 2 that was patched recently. Struts is a very popular open source platform to develop applications and websites. On December 7, 2023, Apache announced versions 6.3.0.2 and 2.5.33 of Struts were now available to address a potential...

Two Apple issues added by CISA to its catalog of known exploited vulnerabilities

The Cybersecurity & Infrastructure Security Agency CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This means that Federal Civilian Executive Branch FCEB agencies need to remediate this vulnerability by October 2, 20...

New variant of Android SpyJoker malware removed from Play Store after 3 million+ installs

Security researcher Maxime Ingrao has found a new variant of Android/Trojan.Spy.Joker which hes dubbed Autolycos. Malware in this family secretly subscribes users to premium services. The researcher noted that the eight applications that contained this malware had racked up a total of over 3...

WhatsApp warns users: Fake versions of WhatsApp are trying to steal your personal info

WhatsApp boss Will Cathcart is warning users of the popular messaging app to be on their guard after the WhatsApp Security Team discovered bogus apps packing a hidden punch in the form of malware. Outside the safety of the walled garden App stores do whatever they can to try and prevent bogus...

Inside Apple: How macOS attacks are evolving

The start of fall 2021 saw the fourth Objective by the Sea OBTS security conference, which is the only security conference to focus exclusively on Apples ecosystem. As such, it draws many of the top minds in the field. This year, those minds, having been starved of a good security conference for ...

How to troubleshoot hardware problems that look like malware problems

Sometimes it’s hard to figure out what exactly is going wrong with your computer. What do you do if you’ve run all the scans, checked all the files, and everything says the PC is malware free? Here’s a list of common problems that resemble cybersecurity issues, but could be caused by something...

A week in security (July 26 – August 1)

Last week on Malwarebytes Labs: OSX.XLoader hides little except its main purpose: What we learned in the installation process. The Clubhouse database “breach” is likely a non-breach. Here’s why. Kaseya Unitrends has unpatched vulnerabilities that could help attackers expand a breach. UDP Technolo...

JBS says it is recovering quickly from a ransomware attack

This week another major supplier reported it had been hit with ransomware. After the Colonial Pipeline attack last month, this time the victim is the worlds largest meatpacker, JBS. JBS halted cattle slaughter at all its US plants on Tuesday after the attack caused their Australian operations to...

WhatsApp reverses course, will not limit app functionality

WhatsApp, the end-to-end encrypted messaging service that has lost users, its founders, and a large amount of public goodwill, issued a reversal on its recent privacy policy enforcement measures, clarifying that it will no longer punish users who refuse to share some of their data with the...

Insider threats: If it can happen to the FBI, it can happen to you

If you’re worried about the risk of insider threats, you’re not alone. It can affect anyone, even the FBI. A federal grand jury has just charged a former intelligence analyst with stealing confidential files from 2004 to 2017. That’s an incredible 13 years of “What are you doing with that pile of...

CodeCov supply-chain compromise likened to SolarWinds attack

CodeCov, a company that creates software auditing tools for developers, was recently breached the company says it was breached on April 1, and reported it on the April 15. According to investigators, this incident, in turn, gave attackers access to an unknown number of CodeCov’s clients networks...

How NOT to fail at PDF redaction

The heated spat between Europe and AstraZeneca over a contract has segued into an unexpected blunder that left many of us chuckling and surprised at the same time. Perhaps even feeling a bit awkward. Recently, the European Commission published a PDF version of the contract it had with AstraZeneca...

Zoom watermarking: pros and cons

Metadata, which gives background information on pieces of data, is typically hidden. It becomes a problem when accidentally revealed. Often tied to photography mishaps, it can be timestamps. It might be location. In some cases, it can be log analysis. Many tutorials exist to strip this informatio...

A week in security (December 7 – December 13)

Last week on Malwarebytes podcast we talked to Doug Levin, founder of the K12 cybersecurity resource center and advisor to the K12 Security Information Exchange, about how schools can plan for a cybersecure 2021. We also released a Malwarebytes Labs report revealing that 50 percent of schools did...

Buying COVID-19 vaccines from the Dark Web? No thanks!

Even though we hope that this is an unnecessary warning, we do want to put it out there. As soon as there was talk about a vaccine being available against the COVID-19 virus there were vendors on the Dark Web offering Russian and Chinese COVID-19 vaccines for sale. Now that the UK has started its...

Coronavirus Bitcoin scam promises “millions” working from home

In the last week, we’ve seen multiple coronavirus scams pushed by bad actors, including RAT attacks via fake health advisories, bogus e-books working in tandem with Trojans, and lots of other phishing shenanigans. Now we have another one to add to the ever-growing list: dubious coronavirus Bitcoi...

Windows 7 is EOL: What next?

End-of-life EOL is an expression commonly used by software vendors to indicate that a product or version of a product has reached the end of usefulness in the eyes of the vendor. Many companies, including Microsoft, announce the EOL dates for their products far in advance. Every Windows product h...

Announcing Malwarebytes 4.0: smarter, faster, and lighter

Malwarebytes was founded on the belief that everyone has a fundamental right to a malware-free existence. Every product we make is built on that premise. That’s why we’ve been hard at work on the latest version of Malwarebytes for Windows that not only sports a whole new look, but packs...

A week in security (October 7 – 13)

Last week on Malwarebytes Labs, we peered into the possible future of cybersecurity insurance, described the process for securing today’s managed service provider, and provided an in-depth explainer on the business espionage tactic known as “war shipping.” Further, in considering the intersection...

Sophisticated threats plague ailing healthcare industry

The healthcare industry is no longer circling the drain, but it's still in critical condition. While many organizations in healthcare have aimed at or made positive strides toward a more robust cybersecurity and privacy posture, they still have a long way to go. In 2018, healthcare had the highes...

Under the hoodie: why money, power, and ego drive hackers to cybercrime

Just one more hour behind the hot grill flipping burgers, and Derek could call it a day. Under his musty hat, his hair was matted down with sweat, and his work uniform was spattered with grease. He knew he’d smell the processed meat and smoke for the next three days, even after he’d showered. But...

Semrush impersonation scam hits Google Ads

This blog post was co-authored with Elie Berreby, Senior SEO Strategist Criminals are highly interested in online marketing and advertising tools that they can leverage as part of their ongoing malware campaigns. In particular, we have previously detailed how Google advertiser accounts can be...

Zimbra issues awaited patch for actively exploited vulnerability

Two weeks ago, we urged readers to apply a workaround for an actively exploited vulnerability in Zimbra Collaboration Suite ZCS email servers. Zimbra has released ZCS 10.0.2 that fixes two security issues, including the known bug that could lead to exposure of internal JSP and XML files. Zimbra i...

Threatening rogue finance apps removed from the Apple Store

Multiple apps have been removed from the App Store in India after a large helping of unethical behaviour was aimed at their users. TechCrunch reports that "Pocket Kash, White Kash, Golden Kash, and OK Rupee" among others were taken down after getting close to the top 20 finance app listing spots...

More MOVEit vulnerabilities found while the first one still resonates

In early June, we reported on the discovery of a critical vulnerability in MOVEit Transfer--known as CVE-2023-34362. After the first vulnerability was discovered, MOVEit's owner Progress Software partnered with third-party cybersecurity experts to conduct further detailed code reviews of the...

Super FabriXss: an RCE vulnerability in Azure Service Fabric Explorer

Researchers at Orca Security disclosed how they found a remote code execution vulnerability in Azure Service Fabric Explorer. The vulnerability was reported to the Microsoft Security Response Center MSRC with responsible disclosure and was included by Microsoft in their March 2023 Patch Tuesday...

Update your LearnPress plugins now!

Its time for a reminder to ensure all of your WordPress plugins are fully up to date or removed, if you don't need them. Bleeping Computer reports that as many as 75,000 WordPress sites may be open to several flaws in a plugin called LearnPress. Worse, the update tally for users of the plugin isn...

Android vulnerabilities could allow arbitrary code execution

Several vulnerabilities have been patched in the Google Android operating system OS, the most severe of which could allow for arbitrary code execution. None of the vulnerabilities have been spotted in the wild. Operating systems contain and manage all the programs and applications that a computer...

BlackBasta is the latest ransomware to target ESXi virtual machines on Linux

BlackBasta, an alleged subdivision of the ransomware group Conti, just began supporting the encryption of VMwares ESXi virtual machines VM installed on enterprise Linux servers. Because more and more organizations have begun using VMs for cost-effectiveness and easier management of devices, this...

Firefox, Thunderbird, receive patches for critical security issues

Mozilla has published updates for two critical security issues in Firefox and Thunderbird, demonstrated during Pwn2Own Vancouver. The vulnerabilities, discovered in the Firefox JavaScript engine shared by the Firefox-based Tor browser relate to Firefox 100.0.2, Firefox for Android 100.3.0, and...

“URGENT BUSINESS PROPOSAL!!!” 419 scammer wants your help to move someone’s inheritance

We’ve received several emails over the last couple of days which follow the classic 419 mail scam method. Titled “URGENT BUSINESS PROPOSAL!!!”, the mail reads as follows: Greetings, I am Mukhtar M. Hussain. I got your contact information from a reputable business/professional directory. I'm worki...

Online Safety Bill will legally require porn sites to verify users’ age

When Ioannis Dekas, a father of four boys, found that one of his sons had access to pornography, he and his wife became concerned. "In two weeks leading up to this moment, wed noticed a drastic change in his behavior," Dekas said in a BBC interview, "Withdrawal, a sense of anger towards his...