4709 matches found
“URGENT BUSINESS PROPOSAL!!!” 419 scammer wants your help to move someone’s inheritance
We’ve received several emails over the last couple of days which follow the classic 419 mail scam method. Titled “URGENT BUSINESS PROPOSAL!!!”, the mail reads as follows: Greetings, I am Mukhtar M. Hussain. I got your contact information from a reputable business/professional directory. I'm worki...
Why you shouldn’t automate your VirusTotal uploads
It is important to realize that uploading certain files to VirusTotal may result in leaking confidential data, which could result in a breach of confidentiality, or worse. We have warned against uploading personal information, as does VirusTotal itself on their home page. But apparently some...
Valorant cheats on YouTube are actually information-stealing malware
Valorant, the popular free-to-play team based shooter, is attracting the attention of scammers. It’s reported that a malware distribution campaign is leveraging YouTube to push infection files. The campaign distributes a file known for password theft, and hunts for those passwords in browsers,...
Online Safety Bill will legally require porn sites to verify users’ age
When Ioannis Dekas, a father of four boys, found that one of his sons had access to pornography, he and his wife became concerned. "In two weeks leading up to this moment, wed noticed a drastic change in his behavior," Dekas said in a BBC interview, "Withdrawal, a sense of anger towards his...
Investment scams are on the rise
Preying on one of the most basic human flaws, investment scams and other get-rich-quick schemes are making up an ever larger portion of the online scammers cake. The number of victims, for now, is lower than the number of victims of fraudulent sales, identity fraud, and dating fraud, but the cost...
North Korea’s Lazarus APT leverages Windows Update client, GitHub in latest campaign
This blog was authored by Ankur Saini and Hossein Jazi Lazarus Group is one of the most sophisticated North Korean APTs that has been active since 2009. The group is responsible for many high profile attacks in the past and has gained worldwide attention. The Malwarebytes Threat Intelligence team...
Windows 11 is out. Is it any good for security?
Windows 11, the latest operating system OS from Microsoft, launches today, and organizations have begun asking themselves when and if they should upgrade from Windows 10 or older versions. The requirements and considerations of each organization will be different, and many things will inform the...
US offers huge reward in fight against state-sponsored cybercriminals
The US Department of State has announced that its Rewards for Justice RFJ program is now offering: …up to $10 million for information leading to the identification or location of any person who, while acting at the direction or under the control of a foreign government, participates in malicious...
Police seize DoubleVPN data, servers, and domain
A coordinated effort between global law enforcement agencies—led by the Dutch National Police—shut down a VPN service that was advertised on cybercrime forums. The VPN company promised users the ability to double- and triple-encrypt their web traffic to obscure their location and identity. The...
Two Google plans that could make open source code more secure
Recently Google announced that it will fund the further development of Rust. Rust is a low-level programming language that is designed to be more memory secure than other popular programming languages, such as C. Google has also proposed an end-to-end framework for supply chain integrity which it...
JBS says it is recovering quickly from a ransomware attack
This week another major supplier reported it had been hit with ransomware. After the Colonial Pipeline attack last month, this time the victim is the worlds largest meatpacker, JBS. JBS halted cattle slaughter at all its US plants on Tuesday after the attack caused their Australian operations to...
Insider threats: If it can happen to the FBI, it can happen to you
If you’re worried about the risk of insider threats, you’re not alone. It can affect anyone, even the FBI. A federal grand jury has just charged a former intelligence analyst with stealing confidential files from 2004 to 2017. That’s an incredible 13 years of “What are you doing with that pile of...
Millions put at risk by old, out of date routers
Since the first stay-at-home measures were imposed by governments to keep everyone safe from the worsening COVID-19 pandemic, we at Malwarebytes have been making sure that you, dear reader, are as cyber-secure as possible in your home network, while you try to work and while your children attend...
City fined for tracking its citizens via their phones
The Dutch information watchdog—the Autoriteit Persoonsgegevens AP—has fined the city of Enschede for € 600,000 for tracking its citizens movements without permission. It is the first time that a Dutch government body has been fined by the AP. The investigation was set in motion after it received ...
Zoom watermarking: pros and cons
Metadata, which gives background information on pieces of data, is typically hidden. It becomes a problem when accidentally revealed. Often tied to photography mishaps, it can be timestamps. It might be location. In some cases, it can be log analysis. Many tutorials exist to strip this informatio...
Malwarebytes targeted by Nation State Actor implicated in SolarWinds breach. Evidence suggests abuse of privileged access to Microsoft Office 365 and Azure environments
A nation state attack leveraging software from SolarWinds has caused a ripple effect throughout the security industry, impacting multiple organizations. We first reported on the event in our December 14 blog and notified our business customers using SolarWinds asking them to take precautionary...
How a VPN can protect your online privacy
Have you ever experienced the feeling of relief that comes when you do something silly, but youre glad you did it where people dont know you? Or maybe you wished you were somewhere like that, but alas… That is what a Virtual Private Network VPN can do for you: it can put you in a place where you...
Emotet returns just in time for Christmas
Emotet is a threat we have been tracking very closely throughout the year thanks to its large email distribution campaigns. Once again, and for about two months, the botnet stopped its malspam activity only to return days before Christmas. In typical Emotet fashion, the threat actors continue to...
Smart toy security: How to keep your kids safe this Christmas
Christmas is coming, and so are the smart toys. The ever-present pandemic has meant a lot more staying at home this year. Videogame playing has increased considerably, because why not? Screentime for kids has gone up, because again, it’s bound to. It hasn’t brought about the end of civilisation a...
Buying COVID-19 vaccines from the Dark Web? No thanks!
Even though we hope that this is an unnecessary warning, we do want to put it out there. As soon as there was talk about a vaccine being available against the COVID-19 virus there were vendors on the Dark Web offering Russian and Chinese COVID-19 vaccines for sale. Now that the UK has started its...
Mobile network operator falls into the hands of Fullz House criminal group
Update 2020-10-05: The malicious code has been removed from Boom! Mobiles website Most victims of Magecart-based attacks tend to be typical online shops selling various goods. However, every now and again we come across different types of businesses which were affected simply because they happene...
Keep Zoombombing cybercriminals from dropping a load on your meetings
While shelter in place has left many companies struggling to stay in business during the COVID-19 epidemic, one company in particular has seen its fortunes rise dramatically. Zoom, the US-based maker of teleconferencing software, has become the web conference tool of choice for employees working...
Security tips for working from home (WFH)
Over the last decade, remote work and working from home has grown in popularity for many professionals. In fact, a 2018 study found more than 70 percent of global employees work remotely at least once per week. However, the coronavirus pandemic and resulting lockdown in many parts of the world ha...
Introducing Lock and Code: a Malwarebytes Labs podcast
Intrepid Labs readers might be happy to know that we're stepping into territory long-requested and desired: we're launching a podcast. Malwarebytes researchers and reporters are on the front lines of cybercrime, delivering both fast-breaking news and thoughtful features on our blog to raise...
Help prevent disaster donation scams from causing more misery
It’s a sad day when we have to warn people about medical charity scams, or tax fakeouts, or even have a week dedicated to foiling charity fraud—but here we are. With so many natural disasters occurring, from wildfires in California to tornadoes in Dallas, disaster donation scams remain a top...
World Cup 2018: malware attacks gunning for goal
World Cup 2018 is upon us and in full swing, bringing together 32 nations for a month of footballing to see who'll be crowned World Champion. With the tournament underway, we thought it'd be fun to see which of the footballing powerhouses also expended a similar amount of energy fighting off...
Bad romance: catphishing explained
You've heard or read about some variant of this story before: Girl meets Boy on a dating website. Girl falls in love. Boy claims he does, too. Girl is excited to meet Boy soon. But at the last minute, Girl finds out that Boy 1 had an accident and broke a hip; 2 has a very sick relative he needs t...
A week in security (May 12 – May 18)
Last week on Malwarebytes Labs: Data broker protection rule quietly withdrawn by CFPB Meta sent cease and desist letter over AI training Google to pay $1.38 billion over privacy violations Android users bombarded with unskippable ads Last week on ThreatDown: ThreatDown introduces Firewall...
Android vulnerability used in targeted attacks patched by Google
Google has released patches for 46 vulnerabilities in Android, including a remote code execution RCE vulnerability that it says has been used in limited, targeted attacks. You can find your device’s Android version number, security update level, and Google Play system level in your Settings app...
How to check if your data was exposed in the AT&T breach
AT&T has notified US state authorities and regulators about its recent or not data breach, saying 51,226,382 people were affected. For those that have missed the story so far: Back in 2021, a hacker named Shiny Hunters claimed to have breached AT&T. On March 20, 2024, we reported how the data of...
Patch now! Fortra GoAnywhere MFT vulnerability exploit available
On January 22, 2024, software company Fortra warned customers about a new authentication bypass vulnerability impacting GoAnywhere MFT Managed File Transfer that allows an attacker to create a new admin user. Fortra GoAnywhere MFT is a file transfer solution that organizations use to exchange the...
SEC X account hacked to hawk crypto-scams
We have seen several high-profile accounts that were taken over on X formerly Twitter only to be used for cryptocurrency related promotional activities, like expressing the approval of exchange-traded funds ETFs. The latest victim in this line-up is the Securities and Exchange Commission SEC. The...
Meet the entirely legal, iPhone-crashing device, the Flipper Zero: Lock and Code S04E25
This week on the Lock and Code podcast… It talks, it squawks, it even blocks! The stocking-stuffer on every hobby hacker’s wish list this year is the Flipper Zero. “Talk” across low-frequency radio to surreptitiously change TV channels, emulate garage door openers, or even pop open your friend’s...
YouTube launches “global effort” to block ad blockers
The ongoing struggle between YouTube and ad blockers is turning users into the victims. YouTube has gone all out in its fight against the use of add-ons, extensions and programs that prevent it from serving ads to viewers around the world. It started out as just a small experiment, but it looks...
Super FabriXss: an RCE vulnerability in Azure Service Fabric Explorer
Researchers at Orca Security disclosed how they found a remote code execution vulnerability in Azure Service Fabric Explorer. The vulnerability was reported to the Microsoft Security Response Center MSRC with responsible disclosure and was included by Microsoft in their March 2023 Patch Tuesday...
Malwarebytes' modernized bug bounty program—here's all you need to know
Malwarebytes welcomes and encourages independent researchers reporting vulnerabilities in our products, and has run a bug bounty program for several years. Our security team has spent the last few months modernizing the program and we thought you'd like to hear about it. What is a bug bounty...
KMSpico explained: No, KMS is not "kill Microsoft"
Thanks to Pieter Arntz and the Threat Intelligence Team who contributed to the research. A hack tool is a program that allows users to activate software even without a legitimate, purchased key. Hack tools are often used to root devices in order to among others remove barriers that stop users fro...
Fake Cyberpunk Ape Executives target artists with malware-laden job offer
The wacky world of ape jpegs are at the heart of yet another increasingly bizarre internet scam, which contains malware, stolen accounts, a faint possibility of phishing, and zips full of ape pictures. The Ape Executives have a job offer you can, and must, refuse Lots of people with art profiles ...
Blunting RDP brute-force attacks with rate limiting
Thanks to the Malwarebytes Threat Intelligence Team for the information they provided for this article. Not long ago, guessing a Windows Remote Desktop Protocol RDP password successfully was widely regarded as ransomware operators number one choice for breaching a target. It attracted a lot of...
Warning issued over tampered QR codes
Avid readers of the Malwarebytes Labs blog will be well aware of QR code scams. Take, for example, that QR code scam in the Netherlands that victimized at least a dozen and definitely more car owners. It went like this: Someone approaches you and says they want to pay for their parking but cant...
Vulnerability in Windows 10 URI handler leads to remote code execution
Researchers at Positive Security have discovered a drive-by remote code-execution RCE bug in Windows 10. The vulnerability can be triggered by an argument injection in the Windows 10 default handler for ms-officecmd: URIs. It is likely that this vulnerability also exists in Windows 11. What’s...
A week in security (Nov 15 – Nov 21)
Last week on Malwarebytes Labs Instagram’s memorialize feature abused to memorialize…Instagram’s boss Evasive manoeuvres: HTML smuggling explained FBI server hijacked to send up to 100,000 bogus attack mails New Mac malware raises more questions about Apple’s security patching SharkBot Android...
How to spot a DocuSign phish and what to do about it
Phishing scammers love well known brand names, because people trust them, and their email designs are easy to rip off. And the brands phishers like most are the ones youre expecting to hear from, or wouldnt be surprised to hear from, like Amazon or DHL. Now you can add DocuSign to that list...
How to troubleshoot hardware problems that look like malware problems
Sometimes it’s hard to figure out what exactly is going wrong with your computer. What do you do if you’ve run all the scans, checked all the files, and everything says the PC is malware free? Here’s a list of common problems that resemble cybersecurity issues, but could be caused by something...
OSX.XLoader hides little except its main purpose: What we learned in the installation process
Last week, Check Point Research described a new Mac variant of malware they call XLoader. It was identified as being the successor of something called Formbook, a very prevalent threat in the Windows world. According to Check Point, the Mac version of the malware is being "rented" as part of a...
A week in security (May 31 – June 6)
Last week on Malwarebytes Labs, we looked at an interesting trend in facial recognition technology—hint: its a slow fade, the latest ransomware attacks on JBS and Steamship Authority, Cobalt Strike, a Coronavirus phishing campaign, WhatsApp’s decision to not limit app functionalities for...
iPhone calendar spam attacks on the rise
Recently, we have seen an increasing number of reports from iPhone users about their calendars filling up with junk events. These events are most often either pornographic in nature, or claim that the device has been infected or hacked, and in all cases they contain malicious links. This phenomen...
The human impact of a Royal Mail phishing scam
Last week, we looked at a Royal Mail themed scam which has very quickly become the weapon of choice for phishers. It’s pretty much everywhere at this point. Even one of my relatives with a semi-mystical ability to never experience a scam ever, received a fake SMS at the weekend. The problem with...
International Women’s Day: Women in tech name their heroes
Happy Monday! And if you haven’t yet checked the significance of this day—March 8—before grabbing coffee, today is International Women’s Day IWD. Since March 19, 1911, the year the very first IWD was observed in several European countries, millions of people have been calling for women to be give...
How NOT to fail at PDF redaction
The heated spat between Europe and AstraZeneca over a contract has segued into an unexpected blunder that left many of us chuckling and surprised at the same time. Perhaps even feeling a bit awkward. Recently, the European Commission published a PDF version of the contract it had with AstraZeneca...