4709 matches found
A week in security (December 7 – December 13)
Last week on Malwarebytes podcast we talked to Doug Levin, founder of the K12 cybersecurity resource center and advisor to the K12 Security Information Exchange, about how schools can plan for a cybersecure 2021. We also released a Malwarebytes Labs report revealing that 50 percent of schools did...
File-sharing and cloud storage sites: How safe are they?
There it is again—that annoying message that pops up when your email client informs you that a file is too big to attach. Those of us that are confronted with this problem on a regular basis—and those of us that want to attach files that could get picked up by anti-malware scanners along the...
XSS to TSS: tech support scam campaign abuses cross-site scripting vulnerability
Tech support browser lockers continue to be one of the most common web threats. Not only are they a problem for end users who might end up on the phone with scammers defrauding them of hundreds of dollars, theyve also caused quite the headache for browser vendors to fix. Browser lockers are only...
FIFA 21 game scams: watch out for unsporting conduct
Despite COVID-19, soccer season is slowly ebbing its way back into daily life around the world. Its also sneaking back onto TV screens in the form of huge-budget video games. Step up to the plate, FIFA 21. FIFA games: the football juggernaut The FIFA series is an absolute monster in terms of sale...
A week in security (March 30 – April 5)
Last week on Malwarebytes Labs, we offered readers tips for safe online shopping now that cybercriminals are ramping up Internet-based attacks, showed the impact that GDPR has around the world, and helped users understand how social media platforms mine their personal data. We also hosted our...
A week in security (January 27 – February 2)
Last week on Malwarebytes Labs, we looked at the strengths and weaknesses of the Zero Trust model, gave you the low-down on spear phishing, and took a delve into the world of securing the managed service provider MSP. Other cybersecurity news UN compromised via Sharepoint hack: An extraordinary...
6 ways hackers are targeting retail businesses
Retail hacking is no new phenomenon, although it has increased in frequency over the last few years. In fact, retailers experienced more breaches than any other industry in 2019, and they've lost over $30 billion to cybersecurity attacks. Both brick-and-mortar and online businesses experience...
A week in security (December 23 – 29)
Last week on Malwarebytes Labs, we continued our retrospective coverage with a look at how lawmakers in the United States treated online privacy this year, finding trends in multiple federal bills introduced in the Senate. Then we took a little break for the holidays. Other cybersecurity news: No...
A week in security (December 16 – 22)
Last week on Malwarebytes Labs, we signalled that Mac threat detections have been on the rise in 2019, discussed how a new Consumer Online Privacy Rights Act COPRA would empower American users, warned that the Spelevo exploit kit debuts a new social engineering trick, and let our own Statler and...
New strain of Mac malware Proton found after two years
Last week, Kaspersky reported on a new variant of the Mac malware Proton, which they have dubbed Calisto, that has been around for at least two years. Calisto is thoroughly dead at this point, but there are still potential security implications involved with these older infections. Proton was fir...
Alleged creator of Fruitfly indicted for 13 years of spying
Way back at the start of last year, we took a look at something called Fruitfly, a Mac backdoor using old code that had been around for a long time and could deep breath upload files to computers, record images and video, snoop around in victims' information, take screenshots, and also log...
National cybersecurity awareness month: simple steps for online safety
With each new devastating breach of security—Equifax, Deloitte, and Sonic, to name a few recent cyber fails—the need for increased cybersecurity awareness has never been more apparent. It’s a good thing, then, that this month is National Cybersecurity Awareness Month NCSAM. Observed every October...
The numeric tech support scam campaign
There are many different tech support scam TSS campaigns active at any given moment, the majority of them are fueled by malicious adverts the browser lockers, or bundled software the screen lockers. Something interesting happened recently, where legitimate - but hacked - websites would redirect t...
Infostealers are becoming the go-to phishing payload
Phishing has changed. Slowly but surely, cybercriminals are turning to infostealers instead. Traditional phishing hasn't gone away. Far from it. But many attackers are no longer focused solely on tricking victims into entering usernames and passwords on fake login pages. Instead, they are using...
All Gmail users at risk from clever replay attack
Cybercriminals are abusing Google’s infrastructure, creating emails that appear to come from Google in order to persuade people into handing over their Google account credentials. This attack, first flagged by Nick Johnson, the lead developer of the Ethereum Name Service ENS, a blockchain...
Apple users: Update your devices now to patch zero-day vulnerability
Apple has released a host of security updates across many devices, including for a zero-day bug which is being actively exploited in iOS. Apple said: "A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against...
Was T-Mobile compromised by a zero-day in Jira?
A moderator of the notorious data breach trading platform BreachForums is offering data for sale they claim comes from a data breach at T-Mobile. The moderator, going by the name of IntelBroker, describes the data as containing source code, SQL files, images, Terraform data, t-mobile.com...
A week in security (June 10 – June 16)
Last week on Malwarebytes Labs: Truist bank confirms data breach Update now! Google Pixel vulnerability is under active exploitation Adobe clarifies Terms of Service change, says it doesn’t train AI on customer content 23andMe data breach under joint investigation in two countries When things go...
A week in security (April 8 – April 14)
Last week on Malwarebytes Labs: How to change your Social Security Number Apple warns people of mercenary attacks via threat notification system How to check if your data was exposed in the AT&T breach Microsoft’s April 2024 Patch Tuesday includes two actively exploited zero-day vulnerabilities H...
[updated] Apex Legends Global Series plagued by hackers
The North American finals of online shooter game Apex Legends has been postponed after games were disrupted by hacking incidents. Apex Legends, published by EA, is currently in an important stage of its Global Series, the regional finals mode. This is a big deal for the top players since there is...
Hewlett Packard Enterprise also searched by Cozy Bear
Hewlett Packard Enterprise HPE has disclosed that the state-sponsored actor known as Cozy Bear aka Midnight Blizzard, gained unauthorized access to HPE’s cloud-based email environment. This news comes only days after Microsoft broke very similar news that it got hacked by this same state sponsore...
ThreatDown earns highest ratings across EDR and MDR categories in G2 Winter 2024 results
The peer-to-peer review source G2 has released its Winter 2024 reports, ranking ThreatDown products on top across several Endpoint Detection and Response EDR and Managed Detection and Response MDR categories. Based on verified customer reviews, ThreatDown EDR was voted a Leader in the overall and...
Citrix NetScalers backdoored in widespread exploitation campaign
Fox-IT has uncovered a large-scale exploitation campaign of Citrix NetScalers in a joint effort with the Dutch Institute of Vulnerability Disclosure DIVD. Over 1900 instances were found to have a backdoor in the form of a web shell. These backdoored NetScalers can be taken over at will by an...
FakeSG enters the 'FakeUpdates' arena to deliver NetSupport RAT
Over 5 years ago, we began tracking a new campaign that we called FakeUpdates also known as SocGholish that used compromised websites to trick users into running a fake browser update. Instead, victims would end up infecting their computers with the NetSupport RAT, allowing threat actors to gain...
Financial services company OneMain fined $4.25 million for security lapses
A series of security errors and mishaps has cost personal loan provider OneMain $4.25m in penalties, issued by the New York State department of financial services. The fines, coming at the end of a detailed investigation into how security practices at the company were determined to be below-par,...
How the cops buy a "God view" of your location data, with Bennett Cyphers: Lock and Code S04E09
The list of people and organizations that are hungry for your location data--collected so routinely and packaged so conveniently that it can easily reveal where you live, where you work, where you shop, pray, eat, and relax--includes many of the usual suspects. Advertisers, obviously, want to sen...
Warning issued over Royal ransomware
As part of its StopRansomware effort, the Cybersecurity and Infrastructure Security Agency CISA has published a Cybersecurity Advisory CSA about Royal ransomware. Royal ransomware is a Ransomware-as-a-service Raas that first made an appearance in January 2022. In September of that year, it began...
Riot Games compromised, new releases and patches halted
Popular game developer Riot Games brings word of a system compromise which may cause issues for updates to well known titles, although for the time being it seems as though customer data isn't affected. A social engineering development Making the notification via Twitter late last week, were stil...
A week in security (January 31 – February 6)
Last week on Malwarebytes Labs: Threat actor steals email with Zimbra zero-day FBI warns of bogus job postings on recruitment sites Investment scams are on the rise A worrying Etsy listing reveals the stalking potential of Apple’s AirTags Beware bogus OperaGX sponsorship offers $320 milllion stol...
The Facebook Pixel Hunt aims to unravel Facebook’s tracking methods. Will you join?
Browser developer Mozilla has announced a research project to provide insights into, and data about, a space that’s opaque to policymakers, researchers and users themselves. Tracking the trackers is the name of the game. Give up some of your data voluntarily to stop the involuntary collection by...
Here’s what data the FBI can get from WhatsApp, iMessage, Signal, Telegram, and more
Not every secure messaging app is as safe as it would like us to think. And some are safer than others. A recently disclosed FBI training document shows how much access to the content of encrypted messages from secure messaging services US law enforcement can gain and what they can learn about yo...
Please don’t buy this! 3 gift card scams to watch out for this holiday season
With the holiday season around the corner, we thought it was a good time to look at the dangers that come with gift cards. Gift cards can be an easy win in cases where you don’t know the receiver well enough to decide on a fitting gift, or when their wishes are out of your price range. But there...
“Killware”: Is it just as bad as it sounds?
On October 12, after interviewing US Secretary of Homeland Security Alejandro Mayorkas, USA TODAY’s editorial board warned its readers about a dangerous new form of cyberattack under this eye-catching headline: “The next big cyberthreat isnt ransomware. Its killware. And its just as bad as it...
Zoom and gloom? Video comms org agrees to settle for $85m
Zoom has agreed to an $85m settlement regarding privacy, zoom-bombing, and data sharing. The class action privacy lawsuit filed in the US against the embattled company wasn’t particularly impressed with the following: Zoom-bombing running wild in video sessions. Zoom-bombing, the practice of...
Is crypto’s criminal rollercoaster approaching a terminal dip?
It’s a turbulent time in the cryptomining realm, especially for malware authors. Some big attacks and a lot of publicity has resulted in prolific groups promising to disband, even if potentially only temporarily. Running a tighter ship The mining banhammer continues to swing as China keeps puttin...
Beware password-spraying fancy bears
The NSA, FBI, and CISA, in cooperation with the UKs National Cyber Security Centre NCSC, have issued a report that describes in detail why, and how, they think that a Russian military unit is behind large-scale brute-force attacks on the cloud-IT resources of government and private sector compani...
SMS authentication code includes ad: a very bad idea
SMS authentication codes are back in the news, and the word Id use to summarise their reappearance is "embattled." I can still remember a time where two-factor authentication 2FA, authentication grids, regional lockouts, Yubikeys, and offline authentication apps simply did not exist. And if they...
Windows 10 to retire in four years (or 52 Patch Tuesdays, in sysadmin years)
Microsoft will terminate support for Windows 10 Home and Pro on 14 October 2025, a decade after the original Windows 10 was brought to market. Although some may claim that a Microsoft document has been "quietly edited" over the weekend to reflect this "sudden change", this reveal isnt new. In fac...
Security pros agree about threats—convincing everyone else is the problem
How about that Colonial Pipeline? As troubling as this event may be, for those of us working in the world of cybersecurity it can be hard to convince others to take dangers like this seriously—regardless of how real and immediate they are. “Sadly, the upper leadership team does not understand the...
What is an IP address? Do I need one?
An IP address tells computers how to find a certain device within a computer network. An IP address is like an address label for information packets. For each network your computer is connected to, it has a unique IP address on that network. So, one device can have several IP addresses at the sam...
New steganography attack targets Azerbaijan
This blog post was authored by Hossein Jazi Threat actors often vary their techniques to thwart security defenses and increase the efficiency of their attacks. One of the tricks they use is known as steganography and consists of hiding content within images. We recently observed a malicious Word...
Egregor ransomware hit by arrests
In a collaboration between French and Ukranian law enforcement, arrests have been made that might put a dent in one of the worlds most sophisticated ransomware operations. As reported first by France Inter, law enforcement made the arrests after French authorities traced ransom payments to...
Android devices caught in Matryosh botnet
Researchers at Netlab have discovered a new botnet that re-uses the Mirai framework to pull vulnerable Android devices into DDoS attacks. The new botnet, which is called Matryosh, is named after the Russian nesting dolls because the encryption algorithm it uses, and the process of obtaining comma...
A week in security (December 28 – January 3)
First off we would like to wish all our readers a happy and secure 2021! Last week on Malwarebytes Labs we presented an overview of developments in the SearchDimension hijackers, we looked at the most enticing cyberattacks of 2020, and we also looked back at the strangest cybersecurity events of...
Malwarebytes detects leaked tools from FireEye breach
Hello folks! If you have not heard yet, the security firm FireEye has had a breach of many red team assessment tools used for identification of vulnerabilities to help protect customers. While it is not known exactly who was behind this attack, a big concern is the sharing and use of these stolen...
Release the Kraken: Fileless injection into Windows Error Reporting service
This blog post was authored by Hossein Jazi and Jérôme Segura. On September 17th, we discovered a new attack called Kraken that injected its payload into the Windows Error Reporting WER service as a defense evasion mechanism. That reporting service, WerFault.exe, is usually invoked when an error...
Coronavirus campaigns lead to surge in malware threats, Labs report finds
In the first three months of 2020, as the world clamped down to limit coronavirus, cyber threats ramped up. Our latest, special edition for our quarterly CTNT report focuses on recent, increased malware threats which all have one, big thing in common—using coronavirus as a lure. Our report,...
Cybersecurity labeling scheme introduced to help users choose safe IoT devices
The Internet of Things IoT is a term used to describe a wide variety of devices that are connected to the Internet to improve user experience. For example, a doorbell becomes part of the IoT when it connects to the Internet and allows users to see visitors outside their door. But the way in which...
A week in security (March 16 – 22)
Last week on Malwarebytes Labs, we concluded our series on child identity theft. We also looked into threat actors and campaigns that ride the COVID-19 train, namely the criminal group APT36 and threat actors purporting to be the World Health Organization WHO but instead spreading malware. Lastly...
Child identity theft, part 2: How to reclaim your child’s identity
In a world where children as young as a single day old can fall prey to fraud, it is more important than ever to educate parents and other caretakers about the dangers of child identity theft. While the hope is that perceptions can be changed and criminals brought to justice, likely the biggest...