4662 matches found
A week in security (January 31 – February 6)
Last week on Malwarebytes Labs: Threat actor steals email with Zimbra zero-day FBI warns of bogus job postings on recruitment sites Investment scams are on the rise A worrying Etsy listing reveals the stalking potential of Apple’s AirTags Beware bogus OperaGX sponsorship offers $320 milllion stol...
Investment scams are on the rise
Preying on one of the most basic human flaws, investment scams and other get-rich-quick schemes are making up an ever larger portion of the online scammers cake. The number of victims, for now, is lower than the number of victims of fraudulent sales, identity fraud, and dating fraud, but the cost...
Vulnerability in Windows 10 URI handler leads to remote code execution
Researchers at Positive Security have discovered a drive-by remote code-execution RCE bug in Windows 10. The vulnerability can be triggered by an argument injection in the Windows 10 default handler for ms-officecmd: URIs. It is likely that this vulnerability also exists in Windows 11. What’s...
Please don’t buy this! 3 gift card scams to watch out for this holiday season
With the holiday season around the corner, we thought it was a good time to look at the dangers that come with gift cards. Gift cards can be an easy win in cases where you don’t know the receiver well enough to decide on a fitting gift, or when their wishes are out of your price range. But there...
Check your passwords! Synology NAS devices under attack from StealthWorker
Synology PSIRT Product Security Incident Response Team has put out a warning that it has recently seen and received reports about an increase in brute-force attacks against Synology devices. PSIRT suspects the botnet commonly known as StealthWorker is responsible for this increase in activity...
Zoom and gloom? Video comms org agrees to settle for $85m
Zoom has agreed to an $85m settlement regarding privacy, zoom-bombing, and data sharing. The class action privacy lawsuit filed in the US against the embattled company wasn’t particularly impressed with the following: Zoom-bombing running wild in video sessions. Zoom-bombing, the practice of...
US offers huge reward in fight against state-sponsored cybercriminals
The US Department of State has announced that its Rewards for Justice RFJ program is now offering: …up to $10 million for information leading to the identification or location of any person who, while acting at the direction or under the control of a foreign government, participates in malicious...
Beware password-spraying fancy bears
The NSA, FBI, and CISA, in cooperation with the UKs National Cyber Security Centre NCSC, have issued a report that describes in detail why, and how, they think that a Russian military unit is behind large-scale brute-force attacks on the cloud-IT resources of government and private sector compani...
City of Liège hit by ransomware, Ryuk suspected
Liège, the third largest city in Belgium, and a major educational hub, has been hit by a ransomware attack, disrupting its IT services and network. The municipality of Lieges official website, which was translated from the French. According to its official website pictures above: The City of Lièg...
Bizarro: a banking Trojan full of nasty tricks
Researchers have discovered a new banking Trojan that has been found targeting customers of European and South American banks. They have dubbed the new Trojan Bizarro. How does Bizarro spread? The Bizarro malware spreads via Microsoft Installer MSI packages. Identified sources so far have been sp...
Millions put at risk by old, out of date routers
Since the first stay-at-home measures were imposed by governments to keep everyone safe from the worsening COVID-19 pandemic, we at Malwarebytes have been making sure that you, dear reader, are as cyber-secure as possible in your home network, while you try to work and while your children attend...
City fined for tracking its citizens via their phones
The Dutch information watchdog—the Autoriteit Persoonsgegevens AP—has fined the city of Enschede for € 600,000 for tracking its citizens movements without permission. It is the first time that a Dutch government body has been fined by the AP. The investigation was set in motion after it received ...
Interview with a bug bounty hunter: Youssef Sammouda
Behind the scenes there are many people working in cyber-security that make the internet a safer place. Youssef Sammouda is one of these people. He has submitted at least a hundred reports to Facebook which have been resolved, making Facebook a safer platform along the way. Generally speaking,...
The human impact of a Royal Mail phishing scam
Last week, we looked at a Royal Mail themed scam which has very quickly become the weapon of choice for phishers. It’s pretty much everywhere at this point. Even one of my relatives with a semi-mystical ability to never experience a scam ever, received a fake SMS at the weekend. The problem with...
Egregor ransomware hit by arrests
In a collaboration between French and Ukranian law enforcement, arrests have been made that might put a dent in one of the worlds most sophisticated ransomware operations. As reported first by France Inter, law enforcement made the arrests after French authorities traced ransom payments to...
Android devices caught in Matryosh botnet
Researchers at Netlab have discovered a new botnet that re-uses the Mirai framework to pull vulnerable Android devices into DDoS attacks. The new botnet, which is called Matryosh, is named after the Russian nesting dolls because the encryption algorithm it uses, and the process of obtaining comma...
Malwarebytes targeted by Nation State Actor implicated in SolarWinds breach. Evidence suggests abuse of privileged access to Microsoft Office 365 and Azure environments
A nation state attack leveraging software from SolarWinds has caused a ripple effect throughout the security industry, impacting multiple organizations. We first reported on the event in our December 14 blog and notified our business customers using SolarWinds asking them to take precautionary...
Emotet returns just in time for Christmas
Emotet is a threat we have been tracking very closely throughout the year thanks to its large email distribution campaigns. Once again, and for about two months, the botnet stopped its malspam activity only to return days before Christmas. In typical Emotet fashion, the threat actors continue to...
Smart toy security: How to keep your kids safe this Christmas
Christmas is coming, and so are the smart toys. The ever-present pandemic has meant a lot more staying at home this year. Videogame playing has increased considerably, because why not? Screentime for kids has gone up, because again, it’s bound to. It hasn’t brought about the end of civilisation a...
Malwarebytes detects leaked tools from FireEye breach
Hello folks! If you have not heard yet, the security firm FireEye has had a breach of many red team assessment tools used for identification of vulnerabilities to help protect customers. While it is not known exactly who was behind this attack, a big concern is the sharing and use of these stolen...
File-sharing and cloud storage sites: How safe are they?
There it is again—that annoying message that pops up when your email client informs you that a file is too big to attach. Those of us that are confronted with this problem on a regular basis—and those of us that want to attach files that could get picked up by anti-malware scanners along the...
IoT cybersecurity bill passed by Senate
Days before taking a week-long Thanksgiving recess, the US Senate passed an almost mundane cybersecurity bill that, if approved by the President, will improve security guidelines and protocols for Internet of Things IoT devices purchased and owned by the Federal government. The bill, called the...
XSS to TSS: tech support scam campaign abuses cross-site scripting vulnerability
Tech support browser lockers continue to be one of the most common web threats. Not only are they a problem for end users who might end up on the phone with scammers defrauding them of hundreds of dollars, theyve also caused quite the headache for browser vendors to fix. Browser lockers are only...
FIFA 21 game scams: watch out for unsporting conduct
Despite COVID-19, soccer season is slowly ebbing its way back into daily life around the world. Its also sneaking back onto TV screens in the form of huge-budget video games. Step up to the plate, FIFA 21. FIFA games: the football juggernaut The FIFA series is an absolute monster in terms of sale...
Mobile network operator falls into the hands of Fullz House criminal group
Update 2020-10-05: The malicious code has been removed from Boom! Mobiles website Most victims of Magecart-based attacks tend to be typical online shops selling various goods. However, every now and again we come across different types of businesses which were affected simply because they happene...
Dutch ISP Ziggo demonstrates how not to inform your customers about a security flaw
“Can you have a look at this email I got, please?" my brother asked. “It looks convincing enough, but I don’t trust it,” he added and forwarded me the email he received from Ziggo, his Internet Service Provider ISP. Shortly after, he informed me that despite its suspicious aura, he found...
A week in security (April 13 – 19)
Last week on Malwarebytes Labs, we looked at how to avoid Zoom bombing, weighed the risks of surveillance versus pandemics, and dug into a spot of WiFi credential theft. Other cybersecurity news: Malware creeps back into the home: With a pandemic forcing much of the workforce into remote position...
Security tips for working from home (WFH)
Over the last decade, remote work and working from home has grown in popularity for many professionals. In fact, a 2018 study found more than 70 percent of global employees work remotely at least once per week. However, the coronavirus pandemic and resulting lockdown in many parts of the world ha...
A week in security (February 17 – 23)
Last week on Malwarebytes Labs, we highlighted the benefits and concerns of identity-as-a-service IDaaS, an identity management scheme deployed from the cloud; reported on scammers and squatters taking advantage of Rudy Giuliani’s Twitter typos; and gave a high-level overview of RobbinHood, the...
A week in security (November 11 – 17)
Last week on Malwarebytes Labs, we offered statistics and information on a sneaky new Trojan malware for Android, inspected a bevy of current Facebook scams, and explained the importance of securing food and agriculture infrastructure. We also released our latest report on cybercrime tactics and...
Mozilla urges Apple to make privacy a team sport
We often say cybersecurity is a team sport, but, pending a public advocacy campaign from one major tech developer to another, the same might be true for online privacy. Mozilla is currently getting people around the world to lend their voices toward Apple, asking that the company place some extra...
Mysterious database exposed personal information of 80 million US households
Word has broken of yet another massive data trove exposed for anyone to see. A research team from vpnMentor discovered an exposed 24GB database hosted on a Microsoft cloud server containing the addresses, income levels, and marital statuses of users within 80 million US households. As we’ve seen...
A week in security (October 1 – 7)
Last week, Malwarebytes welcomed National Cybersecurity Awareness Month by renewing our pledge to do what we do best: offer the best protection for our customers and promote security awareness for all. On Labs, we raised the question of whether it is a good idea to bring your own security or not,...
Mobile Menace Monday: despicable adware
Are you wondering how that mysterious icon ended up on your Android phone's start screen? Annoyed at the ads clogging your notification bar? You aren't alone. Thousands of Android apps now include software that shoves marketing icons onto your phone's start screen or pushes advertising into your...
A week in security (September 11 – September 17)
Last week, we dug into phishing campaigns done via Linkedin accounts, remediation versus prevention, issues with smart syringe pumps, and advised you to go patch against a Word 0day. We had some tips regarding identity theft protection, explored crowdsourced fraud, and explained YARA rules...
Apple users: Update your devices now to patch zero-day vulnerability
Apple has released a host of security updates across many devices, including for a zero-day bug which is being actively exploited in iOS. Apple said: "A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against...
Adobe Coldfusion vulnerability used in attacks on government servers
The Cybersecurity and Infrastructure Security Agency CISA put out a Cybersecurity Advisory CSA to alert government agencies about cybercriminals using a vulnerability in Adobe Coldfusion to gain initial access to servers. Adobe ColdFusion is a platform for building and deploying web and mobile...
Cisco IOS XE vulnerability widely exploited in the wild
An authentication bypass affecting Cisco IOS X was disclosed on October 16, 2023. Researchers have found since then that the vulnerability is widely being exploited in the wild to help install implants on affected switches and routers. Cisco IOS XE is a universally deployed Internetworking...
Europol lifts the lid on cybercrime tactics
The European Union Agency for Law Enforcement Cooperation Europol, has published a report that examines developments in cyberattacks, discussing new methodologies and threats observed by Europols operational analysts. The report also discusses the criminal organizations behind cyberattacks and th...
Citrix NetScalers backdoored in widespread exploitation campaign
Fox-IT has uncovered a large-scale exploitation campaign of Citrix NetScalers in a joint effort with the Dutch Institute of Vulnerability Disclosure DIVD. Over 1900 instances were found to have a backdoor in the form of a web shell. These backdoored NetScalers can be taken over at will by an...
Update now! Apple patches vulnerabilities in MacOS and iOS
Apple has released information about the new security content of macOS Ventura 13.2.1 and of iOS 16.3.1 and iPadOS 16.3.1. Most prominent is a vulnerability in WebKit that may have been actively exploited. In December, 2022, we warned our readers about another actively exploited vulnerability in...
Critical WhatsApp vulnerabilities patched: Check you've updated!
WhatsApp has fixed two remote code execution vulnerabilities in its September update, according to its security advisory. These could have allowed an attacker to remotely access a device and execute commands from afar. These versions of WhatsApp are affected by at least one of the vulnerabilities...
Why you shouldn’t automate your VirusTotal uploads
It is important to realize that uploading certain files to VirusTotal may result in leaking confidential data, which could result in a breach of confidentiality, or worse. We have warned against uploading personal information, as does VirusTotal itself on their home page. But apparently some...
Double header: IsaacWiper and CaddyWiper
As war in Ukraine rages, new destructive malware continues to be discovered. In this short blog post, we will review IsaacWiper and CaddyWiper, two new wipers that do not have much in common based on their source code, but with the same intent of destroying targeted Ukrainian computer systems...
Blunting RDP brute-force attacks with rate limiting
Thanks to the Malwarebytes Threat Intelligence Team for the information they provided for this article. Not long ago, guessing a Windows Remote Desktop Protocol RDP password successfully was widely regarded as ransomware operators number one choice for breaching a target. It attracted a lot of...
Warning issued over tampered QR codes
Avid readers of the Malwarebytes Labs blog will be well aware of QR code scams. Take, for example, that QR code scam in the Netherlands that victimized at least a dozen and definitely more car owners. It went like this: Someone approaches you and says they want to pay for their parking but cant...
Windows 11 is out. Is it any good for security?
Windows 11, the latest operating system OS from Microsoft, launches today, and organizations have begun asking themselves when and if they should upgrade from Windows 10 or older versions. The requirements and considerations of each organization will be different, and many things will inform the...
Macs turn on apps signed by Symantec, treat them as malware
On August 23, following an update to Apples security systems on macOS, some Mac users began to see security alerts about some of their apps, claiming that they "will damage your computer," and offering users the option to "report malware to Apple." This has led to much confusion online, and to an...
OSX.XLoader hides little except its main purpose: What we learned in the installation process
Last week, Check Point Research described a new Mac variant of malware they call XLoader. It was identified as being the successor of something called Formbook, a very prevalent threat in the Windows world. According to Check Point, the Mac version of the malware is being "rented" as part of a...
A week in security (May 31 – June 6)
Last week on Malwarebytes Labs, we looked at an interesting trend in facial recognition technology—hint: its a slow fade, the latest ransomware attacks on JBS and Steamship Authority, Cobalt Strike, a Coronavirus phishing campaign, WhatsApp’s decision to not limit app functionalities for...