4709 matches found
Cerber ransomware delivered in format of a different order of Magnitude
As a follow up to our study into the Magnitude exploit kit and its gate which we profiled in a previous blog post, we take a look at an interesting technique used to distribute the Cerber ransomware. Exploit kits are a very effective means of serving malicious payloads and an important aspect is...
Keep getting calls from questionable numbers? Meet Scam Number Check
Have you ever gotten a phone call and had a gut feeling that those random digits looked extra suspicious? It happens to millions of people every day. While many people have trained themselves to ignore such calls, they still pose a threat across the US. In fact, scammers stole more than $21 billi...
Signal users targeted in backup-stealing phishing attacks
A new phishing campaign is targeting Signal users by attempting to steal their backup recovery keys to access encrypted message archives. The attack is initiated by a text message pretending to come from Signal Support. “Action Required: Data Recovery Needed Your Signal account data message and...
FBI and CISA publish guide to Living off the Land techniques
The Cybersecurity and Infrastructure Security Agency CISA, National Security Agency NSA, Federal Bureau of Investigation FBI, and other authoring agencies have released a joint guidance about common living off the land LOTL techniques and common gaps in cyber defense capabilities. Living Off The...
Police investigate sexual assault on an avatar
British police are investigating a case involving a virtual sexual assault of a girls avatar. Even though there was no physical violence involved the incident will be investigated as it has caused psychological trauma. By definition, an avatar is a virtual representation of a user and is driven b...
Malvertising via Dynamic Search Ads delivers malware bonanza
Most, if not all malvertising incidents result from a threat actor either injecting code within an existing ad, or intentionally creating one. Today, we look at a different scenario where, as strange as that may sound, malvertising was entirely accidental. The reason this happened was due to the...
Europol lifts the lid on cybercrime tactics
The European Union Agency for Law Enforcement Cooperation Europol, has published a report that examines developments in cyberattacks, discussing new methodologies and threats observed by Europols operational analysts. The report also discusses the criminal organizations behind cyberattacks and th...
Warning issued over increased activity of TrueBot malware
In a joint advisory, the Cybersecurity and Infrastructure Security Agency CISA, the Federal Bureau of Investigation FBI, the Multi-State Information Sharing and Analysis Center MS-ISAC, and the Canadian Centre for Cyber Security CCCS have warned about newly identified TrueBot malware variants use...
More MOVEit vulnerabilities found while the first one still resonates
In early June, we reported on the discovery of a critical vulnerability in MOVEit Transfer--known as CVE-2023-34362. After the first vulnerability was discovered, MOVEit's owner Progress Software partnered with third-party cybersecurity experts to conduct further detailed code reviews of the...
Ransomware review: April 2023
This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, "known attacks" are those where the victim didn't pay a ransom. This provides the best overall picture of...
A first look at the builder for LockBit 3.0 Black
A few months after the LockBit gang released version 3.0 of its ransomware, LockBit 3.0 Black, the builder for it has been leaked by what seems to be a disgruntled developer. LockBit has been by far the most widely used ransomware in 2022 and the appearance of the builder could make things worse...
Patch now! Cisco VPN routers are vulnerable to remote control
Cisco has released a security advisory about several vulnerabilities in the Cisco Small Business RV series routers, covering the RV160, RV260, RV340, and RV345. There are no workarounds available that address these vulnerabilities, so you need to patch. Vulnerabilities The vulnerabilities are...
BlackBasta is the latest ransomware to target ESXi virtual machines on Linux
BlackBasta, an alleged subdivision of the ransomware group Conti, just began supporting the encryption of VMwares ESXi virtual machines VM installed on enterprise Linux servers. Because more and more organizations have begun using VMs for cost-effectiveness and easier management of devices, this...
Discord scammers go CryptoBatz phishing
It’s not been a great couple of weeks for people looking to get in on NFTs. Missing apes, rug-pulls, it’s all go in non-fungible token land. The latest mishap has come to light, in the shape of bad planning and the slowly shifting impermanence of link ownership. Rockstar Ozzy Osbourne announced...
Cold wallet, hot wallet, or empty wallet? What is the safest way to store cryptocurrency?
In August of 2021, a thief stole about $600 million in cryptocurrencies from The Poly Network. They ended up giving it back, but not because they were forced to. Slightly more than one week later, Japanese cryptocurrency exchange Liquid was hacked and lost $97 million worth of digital coins. Thes...
Kaseya CEO: “The impact of this incredibly sophisticated attack is very minimal”
The official YouTube channel of Kaseya, the latest organization attacked by no less than the criminals behind REvil ransomware, released a video of Fred Voccola, Kaseyas CEO, giving a first-hand account of what happened during the attack, the facts on affected customers, and the next steps theyre...
Racing against a real-life ransomware attack, with Ski Kacoroski: Lock and Code S02E12
At 11:37 pm on the night of September 20, 2019, cybercriminals launched a ransomware attack against Northshore School District in Washington state. Early the next morning, Northshore systems administrator Ski Kacoroski arrived on scene. As Kacoroski soon found out, he and his team were on a race...
Binance receives the ban hammer from UK’s FCA
Binance, the worlds largest and most popular cryptocurrency exchange network, has had a rough few days. First, Japans financial regulator, the Financial Services Agency FSA, issued its second warning to Binance on Friday, 25 June, for operating in the country without permission The first warning...
Lil’ skimmer, the Magecart impersonator
This blog post was authored by Jérôme Segura A very common practice among criminals consists of mimicking legitimate infrastructure when registering new domain names. This is very true for Magecart threat actors who love to impersonate Google, jQuery and many other popular brands. In this post we...
Avaddon ransomware campaign prompts warnings from FBI, ACSC
Both the Australian Cyber Security Centre ACSC and the US Federal Bureau of Investigation FBI have issued warnings about an ongoing cybercrime campaign that is using Avaddon ransomware. The FBI states that is has received notifications of unidentified cyber actors using Avaddon ransomware against...
CodeCov supply-chain compromise likened to SolarWinds attack
CodeCov, a company that creates software auditing tools for developers, was recently breached the company says it was breached on April 1, and reported it on the April 15. According to investigators, this incident, in turn, gave attackers access to an unknown number of CodeCov’s clients networks...
NFTs explained: daylight robbery on the blockchain
Did you hear about the JPG file that sold for $69 million? I’ll give you some more detail, the JPG file is a piece of digital art made by Mike Winkelmann, the artist known as Beeple. The file was sold on Thursday by Christie’s in an online auction for $69.3 million. This set a record for artwork...
Vastaamo psychotherapy data breach sees the most vulnerable victims extorted
“Hell is too nice a place for these people.” Never have we seen outrage about a cybercrime at such a level. The outrage is aimed at cybercriminals behind the data breach that occurred at Finnish psychotherapy practice Vastaamo. Vastaamo, which has treated some 40,000 patients, is a subcontractor ...
Sodinokibi drops greatest hits collection, and crime is the secret ingredient
When a group of celebrities ask to speak with their lawyer, they usually don’t have to call in a bunch of other people to go speak with their lawyer. However, in this case it may well be a thing a little down the line. A huge array of musicians including Bruce Springsteen, Lady Gaga, Madonna, Run...
Mass surveillance alone will not save us from coronavirus
As the pattern-shattering truth of our new lives drains heavy—as coronavirus rends routines, raids our wellbeing, and whiplashes us between anxiety and fear—we should not look to mass digital surveillance to bring us back to normal. Already, governments have cast vast digital nets. South Koreans...
Windows 7 is EOL: What next?
End-of-life EOL is an expression commonly used by software vendors to indicate that a product or version of a product has reached the end of usefulness in the eyes of the vendor. Many companies, including Microsoft, announce the EOL dates for their products far in advance. Every Windows product h...
A week in security (February 17 – 23)
Last week on Malwarebytes Labs, we highlighted the benefits and concerns of identity-as-a-service IDaaS, an identity management scheme deployed from the cloud; reported on scammers and squatters taking advantage of Rudy Giuliani’s Twitter typos; and gave a high-level overview of RobbinHood, the...
A week in security (November 11 – 17)
Last week on Malwarebytes Labs, we offered statistics and information on a sneaky new Trojan malware for Android, inspected a bevy of current Facebook scams, and explained the importance of securing food and agriculture infrastructure. We also released our latest report on cybercrime tactics and...
Announcing Malwarebytes 4.0: smarter, faster, and lighter
Malwarebytes was founded on the belief that everyone has a fundamental right to a malware-free existence. Every product we make is built on that premise. That’s why we’ve been hard at work on the latest version of Malwarebytes for Windows that not only sports a whole new look, but packs...
How to protect yourself from doxing
“Abandon hope all ye who enter.” This ominous inscription affixed atop the gates to Hell in Dante’s Divine Comedy applies peculiarly well to describe the state of the Internet today. It’s hard to draw a parallel to the utility that the Internet has offered to modern civilization—perhaps no other...
Europol: Ransomware remains top threat in IOCTA report
The European Union Agency for Law Enforcement Cooperation, or Europol, just released its annual Internet Organized Crime Threat Assessment IOCTA report for the year. And we weren’t surprised to find that ransomware, despite its palpable decline in volume these past few months—a trend we’ve also...
A week in security (October 7 – 13)
Last week on Malwarebytes Labs, we peered into the possible future of cybersecurity insurance, described the process for securing today’s managed service provider, and provided an in-depth explainer on the business espionage tactic known as “war shipping.” Further, in considering the intersection...
Capital One breach exposes over 100 million credit card applications
Just as we were wrapping up the aftermath of the Equifax breach—how was that already two years ago?—we are confronted with yet another breach of about the same order of magnitude. Capital One was affected by a data breach in March. The hacker gained access to information related to credit card...
No summer break for Magecart as web skimming intensifies
This summer, you are more likely to find the cybercriminal groups Magecart client-side rather than poolside. Web skimming, which consists of stealing payment information directly from within the browser, is one of today's top web threats. Magecart, the group behind many of these attacks, gained...
Mozilla urges Apple to make privacy a team sport
We often say cybersecurity is a team sport, but, pending a public advocacy campaign from one major tech developer to another, the same might be true for online privacy. Mozilla is currently getting people around the world to lend their voices toward Apple, asking that the company place some extra...
Sophisticated threats plague ailing healthcare industry
The healthcare industry is no longer circling the drain, but it's still in critical condition. While many organizations in healthcare have aimed at or made positive strides toward a more robust cybersecurity and privacy posture, they still have a long way to go. In 2018, healthcare had the highes...
A week in security (October 1 – 7)
Last week, Malwarebytes welcomed National Cybersecurity Awareness Month by renewing our pledge to do what we do best: offer the best protection for our customers and promote security awareness for all. On Labs, we raised the question of whether it is a good idea to bring your own security or not,...
UK law enforcement: an uphill struggle to fight hackers
About 16 years ago in the UK, I walked into a local police station to report a computer crime, because walking into local police stations is how they did things back then. There may well also have been penny farthing bicycles, real pea souper fogs, Mary Poppins, and Jack the Ripper, though I coul...
Mobile Menace Monday: despicable adware
Are you wondering how that mysterious icon ended up on your Android phone's start screen? Annoyed at the ads clogging your notification bar? You aren't alone. Thousands of Android apps now include software that shoves marketing icons onto your phone's start screen or pushes advertising into your...
A week in security (September 11 – September 17)
Last week, we dug into phishing campaigns done via Linkedin accounts, remediation versus prevention, issues with smart syringe pumps, and advised you to go patch against a Word 0day. We had some tips regarding identity theft protection, explored crowdsourced fraud, and explained YARA rules...
FBI warns online daters to avoid “free” online verification schemes that prove costly
The FBI has warned of fraudsters targeting users of dating websites and apps with “free” online verification service schemes that turn out to be very costly. Instead of being free, as advertised, the verification schemes involve steep monthly subscription fees, and will steal personal information...
Predator spyware vendor banned in US
The US Treasury Department has sanctioned Predator spyware vendor Intellexa Consortium, and banned the company from doing business in the US. Predator can turn infected smartphones into surveillance devices. Intellexa is based in Greece but the Treasury Department imposed the sanctions because of...
Explained: SMTP smuggling
SMTP smuggling is a technique that allows an attacker to send an email from pretty much any address they like. The intended goal is email spoofing—sending emails with false sender addresses. Email spoofing allows criminals to make malicious emails more believable. Let’s take a closer look at what...
Recently-patched Apache Struts vulnerability used in worldwide attacks
Attackers are exploiting a critical vulnerability in Apache Struts 2 that was patched recently. Struts is a very popular open source platform to develop applications and websites. On December 7, 2023, Apache announced versions 6.3.0.2 and 2.5.33 of Struts were now available to address a potential...
What Gen Z really cares about when it comes to privacy
It would be easy to think that Gen Z doesn’t care about privacy. They worry less about ad tracking, do little to stem the flow of their private information online, and, as Malwarebytes recently uncovered, monitor one another’s lives far more than other generations. But it isn’t that Gen Z,...
[Updated] Apple issues Rapid Security Response for zero-day vulnerability
Apple has issued an update for a vulnerability which it says may have been actively exploited. In the security content for Safari 16.5.2 we can learn that the vulnerability was found in the WebKit component which is Apples web rendering engine. In other words, WebKit is the browser engine that...
Swatting-as-a-Service is a growing and complicated problem to solve
One Telegram channel has been found to be behind a great deal of swatting incidents in the US. Using the anonymity provided by Telegram, caller ID spoofing, and voices generated by Artificial Intelligence AI, a person or group of persons calling themselves Torswats is suspected to be behind dozen...
Malware targeting SonicWall devices could survive firmware updates
Researchers at Mandiant have identified a malware campaign targeting SonicWall SMA 100 Series appliances, thought to be of Chinese origin. The malware was likely deployed in 2021, and was able to persist on the appliances tenaciously, even surviving firmware upgrades. The malware was able to stea...
PayPal phishing campaign goes after more than just your login credentials
A new phishing campaign targeting PayPal users aims to get extensive data from potential victims. The data its after includes government documents like passport, as well as selfie photos. In a nutshell, its an extensive form of information theft, the likes of which could result in someones identi...
“URGENT BUSINESS PROPOSAL!!!” 419 scammer wants your help to move someone’s inheritance
We’ve received several emails over the last couple of days which follow the classic 419 mail scam method. Titled “URGENT BUSINESS PROPOSAL!!!”, the mail reads as follows: Greetings, I am Mukhtar M. Hussain. I got your contact information from a reputable business/professional directory. I'm worki...