Disaster planning with Lesley Carhart, and the slim chance of a critical infrastructure “big one”: Lock and Code S02E14

The 2021 attacks on two water treatment facilities in the US—combined with ransomware attacks on an oil and gas supplier and a meat and poultry distributor—could lead most people to believe that a critical infrastructure “big one” is coming. But, as Lesley Carhart, principal threat hunter with...

Game over: Apex Legends players locked out by protest message

Messages placed directly in or around games is a common hack technique. It can be used for trolling, phishing, scams, or anything else the message-placer can think of. Messages can also be placed in games for the purposes of advertising but thats a tale for a different day. Recently, players of...

VPN protocols explained and compared

A Virtual Private Network VPN creates a safe "tunnel" between you and a computer you trust normally your VPN provider to protect your traffic from spying and manipulation. Any VPN worth its money encrypts the information that passes through it, so in this article we will ignore those that dont us...

How to enable Facebook’s hardware key authentication for iOS and Android

Since 2017 desktop users have had the opportunity to use physical security keys to log in to their Facebook accounts. Now iOS and Android users have the same option too. Physical security keys are a more secure option for two-factor authentication 2FA than SMS which is vulnerable to SIM swap...

Google FLoC puts ad trackers on a cookie-free diet

Cookie tracking is dying and Google needs a replacement. Its betting on FLoC, an ad tracking technology that lets it understand peoples behaviour while respecting their privacy. Google has announced that its tests show promising signs that FLoC is working. Is this a milestone on the road to more...

A week in security (December 28 – January 3)

First off we would like to wish all our readers a happy and secure 2021! Last week on Malwarebytes Labs we presented an overview of developments in the SearchDimension hijackers, we looked at the most enticing cyberattacks of 2020, and we also looked back at the strangest cybersecurity events of...

A week in security (December 14 – December 20)

Last week on Malwarebytes Labs we kept you updated on the SolarWinds attack, we warned about the special dangers that come with the Christmas season, published a threat profile for the Egregor ransomware, warned how a lead generation scam was targeting potential Malwarebytes MSP partners, and...

Sandbox in security: what is it, and how it relates to malware

To better understand modern malware detection methods, it’s a good idea to look at sandboxes. In cybersecurity, the use of sandboxes has gained a lot of traction over the last decade or so. With the plethora of new malware coming our way every day, security researchers needed something to test ne...

Is domain name abuse something companies should worry about?

Even though some organizations and companies may not realize it, their domain name is an important asset. Their web presence can even make or break companies. Therefor, "domain name abuse" is something that can ruin your reputation. Losing control There are several ways in which perpetrators can...

Lock and Code S1Ep15: Safely using Google Chrome Extensions with Pieter Arntz

This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Pieter Arntz, malware intelligence researcher for Malwarebytes, about Google Chrome extensions. These sometimes helpful online tools that work directly...

Deepfakes or not: new GAN image stirs up questions about digital fakery

Subversive deepfakes that enter the party unannounced, do their thing, then slink off into the night without anybody noticing are where it’s at. Easily debunked clips of Donald Trump yelling THE NUKES ARE UP or something similarly ludicrous are not a major concern. We’ve already dug into why that...

How exposed are you to cybercrime?

No country, business, or person is immune to cybercrime, and as the Internets influence on our daily lives grows exponentially, so will the level of malicious activity throughout the world. An ever-changing cyber landscape will always carry with it new threats, but are they the same for everyone?...

Web skimmer hides within EXIF metadata, exfiltrates credit cards via image files

They say a picture is worth a thousand words. Threat actors must have remembered that as they devised yet another way to hide their credit card skimmer in order to evade detection. When we first investigated this campaign, we thought it may be another one of those favicon tricks, which we had...

Coronavirus campaigns lead to surge in malware threats, Labs report finds

In the first three months of 2020, as the world clamped down to limit coronavirus, cyber threats ramped up. Our latest, special edition for our quarterly CTNT report focuses on recent, increased malware threats which all have one, big thing in common—using coronavirus as a lure. Our report,...

A week in security (May 11 – May 17)

Last week on Malwarebytes Labs, we explained why RevenueWire has to pay $6.7 million to settle FTC charges, how CVSS works: characterizing and scoring vulnerabilities, and we talked about how and why hackers hit a major law firm with Sodinokibi ransomware. We also launched another episode of our...

Threat actors release Troldesh decryption keys

Update: Kaspersky has updated their ShadeDecryptor tool to include decryption for the keys released by "shade team". You can download the tool and find instructions here. A GitHub user claiming to represent the authors of the Troldesh Ransomware calling themselves the “Shade team” published this...

New AgentTesla variant steals WiFi credentials

AgentTesla is a .Net-based infostealer that has the capability to steal data from different applications on victim machines, such as browsers, FTP clients, and file downloaders. The actor behind this malware is constantly maintaining it by adding new modules. One of the new modules that has been...

Lock and Code S1Ep3: Dishing on data privacy with Adam Kujawa

This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Adam Kujawa, a director of Malwarebytes Labs, about the state of data privacy today, including how users and businesses can protect sensitive information...

Technology and the power of moral panic

Moral panic is a fascinating topic, and often finds itself tied up in the cutting edge-technology of the times once it works its way into the hands of younger generations. Music, games, movies—pretty much anything you can think of is liable to gatecrash the “won’t somebody think of the children?”...

Adposhel adware takes over browser push notifications administration

Since late last year, our researchers have been monitoring new methods being deployed by cybercriminals to potentially abuse browser push notifications. Now, an adware family detected by Malwarebytes as Adware.Adposhel is doing just that, taking control of push notifications in Chrome at the...

A week in security (December 23 – 29)

Last week on Malwarebytes Labs, we continued our retrospective coverage with a look at how lawmakers in the United States treated online privacy this year, finding trends in multiple federal bills introduced in the Senate. Then we took a little break for the holidays. Other cybersecurity news: No...

Mac threat detections on the rise in 2019

Conventional wisdom has been that, although not invulnerable to cyberthreats as some old Apple ads would have you believe, Macs are afflicted with considerably fewer infections than Windows PCs. However, when reviewing our 2019 Mac detection telemetry, we noticed a startling upward trend. Indeed,...

A week in security (December 9 – 15)

Last week on Malwarebytes Labs, we cautioned readers against purchasing potentially privacy-invasive, cyber-insecure smart doorbells, warned about a new credit card skimmer vulnerability embedded within hundreds of fraudulent web sites selling supposedly name-brand shoes, and looked at the newest...

A week in security (September 2 – 8)

Last week on Malwarebytes Labs, we looked at a smart social engineering toolkit, delved into TrickBot tampering with trusted texts, and explained five ways to help keep remote workers safe. Other cybersecurity news A new Chinese Deepfake app is under fire for privacy concerns related to the use o...

Fake Malwarebytes helpline scammer caught in the act

An estimated one in every 10 American adults lost money in a cyber scam in the past 12 months, according to a report released by the FTC earlier in the month. On average, each scam victim lost $430, totaling about $9.5 billion overall. To put this in perspective, that’s over 22 million Americans...

Spartacus ransomware: introduction to a strain of unsophisticated malware

Spartacus ransomware is a new sample that has been circulating in 2018. Written in C, the original sample is obfuscated, which we will go over as we extract it to its readable state. Spartacus is a relatively straight-forward ransomware sample and uses some similar techniques and code to others w...

Ransomware’s difficult second album

The last year has seen all manner of cybercrime, from scams and social engineering to malvertising and malspam. What's interesting is that so many "next-gen," sophisticated malware mainstays like exploits have dropped in popularity, while other more traditional types such as spyware have shot up...

Alleged creator of Fruitfly indicted for 13 years of spying

Way back at the start of last year, we took a look at something called Fruitfly, a Mac backdoor using old code that had been around for a long time and could deep breath upload files to computers, record images and video, snoop around in victims' information, take screenshots, and also log...

A look into the global drive-by cryptocurrency mining phenomenon

An important milestone in the history of cryptomining happened around mid-September when a company called Coinhive launched a service that could mine for a digital currency known as Monero directly within a web browser. JavaScript-based mining is cross-platform compatible and works on all modern...

Billions of scraped Discord messages up for sale

Four billions public Discord messages are for sale on an internet scraping service called Spy.pet. At first sight there doesn’t seem to be much that is illegal about it. The messages were publicly accessible and there are no laws against scraping data. However, it turns out the site did disregard...

Patch now: Mozilla patches two critical vulnerabilities in Firefox

Mozilla released version 124.0.1 of the Firefox browser to Release channel users the default channel that most non-developers run on March 22, 2024. The new version fixes two critical security vulnerabilities. One of the vulnerabilities affects Firefox on desktop only, and doesnt affect mobile...

Emergency update! Apple patches three zero-days

Apple has released security updates for several products to address a handful of zero-day vulnerabilities that may already have been used by criminals. Updates are available for: iOS 16.7 and iPadOS 16.7 iOS 17.0.1 and iPadOS 17.0.1 watchOS 9.6.3 watchOS 10.0.1 macOS Ventura 13.6 macOS Monterey...

Warning issued over vulnerability in cardiac device monitoring software

The Cybersecurity and Infrastructure Security Agency CISA has issued a warning about a vulnerability that could result in remote code execution or a denial-of-service DoS condition impacting a healthcare delivery organizations Paceart Optima system. Paceart Optima is a software application that...

Update VPN Plus Server now! Synology patches vulnerability with a CVSS of 10

Synology has issued an advisory about a vulnerability that allows remote attackers to execute arbitrary commands through a susceptible version of Synology VPN Plus Server. VPN Plus Server VPN Plus Server allows users to turn their Synology Router into a Virtual Rrivate Network VPN server. A VPN...

Update now! NetGear routers’ default configuration allows remote attacks

NetGear has made a hotfix available for its Nighthawk routers after researchers found a network misconfiguration in the firmware allowed unrestricted communication with the internet facing ports of the device listening through IPv6. No auto-update The hotfix is available for the model RAX30, also...

An 18 year scam odyssey of stranded astronauts

There is a semi-mythical scam which comes around every couple of years, like some sort of digital bad luck version of Halleys Comet. Instead of flood, famine, and the death of Kings, it brings confusion, some level of hilarity, and a slice of sheer disbelief. Unfortunately it also threatens to...

PayPal phishing campaign goes after more than just your login credentials

A new phishing campaign targeting PayPal users aims to get extensive data from potential victims. The data its after includes government documents like passport, as well as selfie photos. In a nutshell, its an extensive form of information theft, the likes of which could result in someones identi...

Tech support scammers caught by their own cameras

A Youtuber has hacked into the CCTV cameras of an office used by tech support scammers and reported them to the police. The video feed of what is going on in that office ends with the arrest of the scammers. CCTV The Youtuber, acting under the handle Scambaiter, turned his attention to Punjab in...

TrustPid is another worrying, imperfect attempt to replace tracking cookies

German ISPs are considering the introduction of TrustPid, a new type of “supercookie” that comprises of a unique identifier which will be issued for each customer that will be able to track what that customer is doing online. The providers are trying to sell this idea by telling the public that t...

Okta admits 366 customers may have been impacted by LAPSUS$ breach

Through its usual means of communication, its Telegram channel, the LAPSUS$ group has posted screenshots of what appears to be superuser access to the Okta management console. As such, the group claims to have acquired "superuser/admin" access to Okta.com and gained access to Oktas customer data,...

Valorant cheats on YouTube are actually information-stealing malware

Valorant, the popular free-to-play team based shooter, is attracting the attention of scammers. It’s reported that a malware distribution campaign is leveraging YouTube to push infection files. The campaign distributes a file known for password theft, and hunts for those passwords in browsers,...

TrickBot helps Emotet come back from the dead

Probably one of the best known threats for the past several years, Emotet has always been under intense scrutiny from the infosec community. On several occasions, it appeared to take an early retirement, but then again it came back. However, when multiple law enforcement agencies seized control o...

Police take a piece out of a ransomware gang, but won’t say which one

One of the worlds ransomware groups appears to be a couple of members short today—and about two million dollars less rich—but nobody is sure which one. Police are staying tight-lipped about whos short-handed following the arrest of two individuals in Kyiv, Ukraine. The arrests are part of a joint...

Two Google plans that could make open source code more secure

Recently Google announced that it will fund the further development of Rust. Rust is a low-level programming language that is designed to be more memory secure than other popular programming languages, such as C. Google has also proposed an end-to-end framework for supply chain integrity which it...

Jail for consultant who scraped colossal trove of Alibaba customer data

A billion data points, including the usernames and mobile phone numbers of customers have been siphoned off Alibaba websites by a web crawler. The information has reached us about a week after a court ruling in the case. The court ruling A central Chinese court has ruled that an employee of a...

DOJ recovers pipeline ransom, signals more aggressive approach to cybercrime

The US Department of Justice announced Monday that it recovered much of the ransomware payment that Colonial Pipeline paid to free itself from the attack that derailed the oil and gas supplier’s operations for several days last month. The seizure of 63.7 of the initial 75 paid bitcoins represente...

Ransomware disrupts food supply chain, Exchange exploitation suspected

When malware found its way into the network of Bakker Logistiek, a company specializing in the transport and warehousing of food and other products, on the night of 4 to 5 April, its IT systems ground to a halt. And, along with them, the reception of orders from clients, and the delivery of goods...

Nude photo theft offers lessons in selfie security

Two former college graduates are in a lot of trouble after breaking into other students accounts and stealing sensitive personal data. They’re facing some serious charges with restitution payments of $35,430, potential jail time, and the threat of very big fines thrown into the mix. What happened...

VideoBytes: Ryuk Ransomware Targeting US Hospitals

Hello Folks! In this Videobyte, we’re talking about why hospitals are being targeted by the Ryuk ransomware, what tricks they are using to pull this off and what their motivations might be. Ryuk ransomware is being spread to hospitals using targeted phishing emails that infect systems with the...

50 percent of schools did not prepare for secure distance learning, Labs report reveals

Education in the United States faced a crisis this year. The looming threat of the coronavirus—which spreads easily in highly-populated, enclosed rooms—forced schools across the country to develop new strategies for education. The dramatic stress of this transition is known. Teachers are working...