4709 matches found
Nude “before and after” photos stolen from plastic surgeon, posted online, and sent to victims’ family and friends
The FBI is investigating a data breach where cybercriminals were able to steal patients’ records from a Las Vegas plastic surgeons office, and then post the details online which included nude photos. In February, cybercriminals gained access to Hankins & Sohns network, which has offices in both...
Warning issued over vulnerability in cardiac device monitoring software
The Cybersecurity and Infrastructure Security Agency CISA has issued a warning about a vulnerability that could result in remote code execution or a denial-of-service DoS condition impacting a healthcare delivery organizations Paceart Optima system. Paceart Optima is a software application that...
US dangles $10 million reward for information about Cl0p ransomware gang
The US Department of States national security rewards program, Rewards for Justice RFJ, is offering a reward of up to $10 million for information linking the Cl0p ransomware gang, or any other malicious cyber actors targeting US critical infrastructure, to a foreign government. Advisory from...
Breast cancer photos published by ransomware gang
The Russia-linked ALPHV ransomware group, also known as BlackCat, has posted sensitive clinical photos of breast cancer patients--calling them "nude photos"--to extort money from the Lehigh Valley Health Network LVHN. This has triggered a chorus of accusations from the cybersecurity community, wi...
University suffers leaks, shutdowns at the hands of Vice Society
The Vice Society ransomware gang is back and making some unfortunate waves in the education sector. According to Bleeping Computer, the Society has held their ransomware laden hands up and admitted an attack on the University of Duisberg-Essen. Sadly this isnt the Universitys first encounter with...
Crypto-inspired Magecart skimmer surfaces via digital crime haven
This blog post was authored by Jerome Segura Online criminals rarely reinvent the wheel, especially when they don't have to. From ransomware to password stealers, there are a number of toolkits available for purchase on various underground markets that allow just about anyone to get a jumpstart...
An 18 year scam odyssey of stranded astronauts
There is a semi-mythical scam which comes around every couple of years, like some sort of digital bad luck version of Halleys Comet. Instead of flood, famine, and the death of Kings, it brings confusion, some level of hilarity, and a slice of sheer disbelief. Unfortunately it also threatens to...
Update Firefox and Thunderbird now! Mozilla patches several high risk vulnerabilities
Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. In Firefox 105 a total of seven vulnerabilities were patched, three of which received the...
TrustPid is another worrying, imperfect attempt to replace tracking cookies
German ISPs are considering the introduction of TrustPid, a new type of “supercookie” that comprises of a unique identifier which will be issued for each customer that will be able to track what that customer is doing online. The providers are trying to sell this idea by telling the public that t...
How to share your Wi-Fi password safely
You may not have as many people visiting your home due to the pandemic, but restrictions are a hit-and-miss affair. Its possible your region has opened up a little, and youre seeing folks in your home for the first time in a long time. They may well be bringing new devices to your home, and you m...
When renting a hitman online goes horribly wrong
You might think looking up an illegal act online, and then visiting a website claiming to be all about doing said act, would be a huge mistake. Nobody would do this, right? Right? Its too wild to contemplate. You can barely move online for warnings about tracking or tracing. Even your web browser...
[updated]REvil ransomware disappears after Tor services hijacked
With some pests you hope they never recover from a blow. It’s almost too good to be true, but one can hope. This is one of them. The REvil ransomware group has shut down their operation for the second time this year after losing control over their Tor-based domains. Shutdown number 1 REvils first...
Teaching cybersecurity skills to special needs children with Alana Robinson: Lock and Code S02E18
School is fully back in session for kids all across the world, and for many students, that means logging back online to learn, do homework, submit assignments, and maybe even continue some distance learning, depending on their schools pandemic precautions. But with more Internet activity comes...
3 security lessons from an MSP that survived the Kaseya VSA attack
Jay Tipton, chief executive for the Managed Service Provider MSP Technology Specialists, remembers his Fourth of July weekend this year like many MSP employees likely remember theirs: As a bit of a nightmare. “That’s like the worst feeling you’ll ever have,” Tipton said about his initial...
Disaster planning with Lesley Carhart, and the slim chance of a critical infrastructure “big one”: Lock and Code S02E14
The 2021 attacks on two water treatment facilities in the US—combined with ransomware attacks on an oil and gas supplier and a meat and poultry distributor—could lead most people to believe that a critical infrastructure “big one” is coming. But, as Lesley Carhart, principal threat hunter with...
DOJ recovers pipeline ransom, signals more aggressive approach to cybercrime
The US Department of Justice announced Monday that it recovered much of the ransomware payment that Colonial Pipeline paid to free itself from the attack that derailed the oil and gas supplier’s operations for several days last month. The seizure of 63.7 of the initial 75 paid bitcoins represente...
VPN protocols explained and compared
A Virtual Private Network VPN creates a safe "tunnel" between you and a computer you trust normally your VPN provider to protect your traffic from spying and manipulation. Any VPN worth its money encrypts the information that passes through it, so in this article we will ignore those that dont us...
VideoBytes: Ryuk Ransomware Targeting US Hospitals
Hello Folks! In this Videobyte, we’re talking about why hospitals are being targeted by the Ryuk ransomware, what tricks they are using to pull this off and what their motivations might be. Ryuk ransomware is being spread to hospitals using targeted phishing emails that infect systems with the...
50 percent of schools did not prepare for secure distance learning, Labs report reveals
Education in the United States faced a crisis this year. The looming threat of the coronavirus—which spreads easily in highly-populated, enclosed rooms—forced schools across the country to develop new strategies for education. The dramatic stress of this transition is known. Teachers are working...
A week in security (November 23 – November 29)
Last week on Malwarebytes Labs, we talked with Chris Boyd about charities that track you online. We also looked back at Zoom, and wondered whether its any safer months after its first vulnerability was reported. We talked about how Apples security is hampering the detection of potentially unwante...
Looks like we’re stuck with Zoom: Is it any safer?
Earlier this month, Zoom’s stock price took a dive on news of two promising COVID vaccines offering over 90 percent effectiveness against the virus a third vaccine was just announced. That’s nice. Glad to know some people think this nightmare is ending soon and we’ll all go back to the office and...
RegretLocker, new ransomware, can encrypt Windows virtual hard disks
Cybersecurity researchers discovered a new ransomware last month called RegretLocker that, despite a no-frills package, can do serious damage to virtual hard disks on Windows machines. Through a clever trick, RegretLocker can bypass the often-long encryption times required when encrypting a...
Deepfakes and the 2020 United States election: missing in action?
If you believe reports in the news, impending deepfake disaster is headed our way in time for the 2020 United States election. Political intrigue, dubious clips, mischief and mayhem were all promised. We’ll need to be careful around clips of the President issuing statements about being at war, or...
Sandbox in security: what is it, and how it relates to malware
To better understand modern malware detection methods, it’s a good idea to look at sandboxes. In cybersecurity, the use of sandboxes has gained a lot of traction over the last decade or so. With the plethora of new malware coming our way every day, security researchers needed something to test ne...
Charities and the advertising industry: data ecosystems and privacy risks
Data makes the world go round, more often than not via advertising and its tracking mechanisms. Whether you think making money from large volumes of PII to keep the web ticking over is a good thing, or a sleazy data-grab often encouraging terrible ad practices, it’s not going to go away anytime...
Report: Pandemic caused significant shift in buyer appetite in the dark web
Last year, credentials for PayPal, Facebook, and Airbnb were among the top goods on high demand in the dark web, aka the Internets underground market. But due to the COVID-19 outbreak, with most of the worldwide population sheltering, working, and studying indoors, many facets of life have made a...
SMB cybersecurity posture weakened by COVID-19, Labs report finds
In August, Malwarebytes Labs analyzed the damage caused by COVID-19 to business cybersecurity. Because of immediate, mandated transitions to working from home WFH, businesses across the United States suffered more data breaches, lost more dollars, and increased their overall attack surfaces, all...
How exposed are you to cybercrime?
No country, business, or person is immune to cybercrime, and as the Internets influence on our daily lives grows exponentially, so will the level of malicious activity throughout the world. An ever-changing cyber landscape will always carry with it new threats, but are they the same for everyone?...
Coughing in the face of scammers: security tips for the 2020 tax season
In spite of everything happening in the world right now—the 2020 tax season is about to come to an end, and taxes are due. Americans got a reprieve back in March when the US Treasury Department and Internal Revenue Service IRS announced they were pushing back the federal income tax filing due dat...
Threat actors release Troldesh decryption keys
Update: Kaspersky has updated their ShadeDecryptor tool to include decryption for the keys released by "shade team". You can download the tool and find instructions here. A GitHub user claiming to represent the authors of the Troldesh Ransomware calling themselves the “Shade team” published this...
Cloud data protection: how to secure what you store in the cloud
The cloud has become the standard for data storage. Just a few years ago, individuals and businesses pondered whether or not they should move to the cloud. This is now a question of the past. Today, the question isn't whether to adopt cloud storage but rather how. Despite its rapid pace of...
Lock and Code S1Ep3: Dishing on data privacy with Adam Kujawa
This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Adam Kujawa, a director of Malwarebytes Labs, about the state of data privacy today, including how users and businesses can protect sensitive information...
The effects of climate change on cybersecurity
Outside the coronavirus pandemic and its related healthcare and economic fallout, climate change and cybersecurity are seen by many as the two most urgent problems facing our planet now and in the near future. They are two distinct and separate problems, to be sure. There are some areas, however,...
Adposhel adware takes over browser push notifications administration
Since late last year, our researchers have been monitoring new methods being deployed by cybercriminals to potentially abuse browser push notifications. Now, an adware family detected by Malwarebytes as Adware.Adposhel is doing just that, taking control of push notifications in Chrome at the...
Securing the MSP: why they’re their own worst enemy
We've previously discussed threats to managed service providers MSPs, covering their status as a valuable secondary target to both an assortment of APT groups as well as financially motivated threat groups. The problem with covering new and novel attack vectors, however, is that behind each new...
Deepfakes laws and proposals flood US
In a rare example of legislative haste, roughly one dozen state and federal bills were introduced in the past 12 months to regulate deepfakes, the relatively modern technology that some fear could upend democracy. Though the federal proposals have yet to move forward, the state bills have found...
A week in security (December 9 – 15)
Last week on Malwarebytes Labs, we cautioned readers against purchasing potentially privacy-invasive, cyber-insecure smart doorbells, warned about a new credit card skimmer vulnerability embedded within hundreds of fraudulent web sites selling supposedly name-brand shoes, and looked at the newest...
100 channels and nothing on, except TV Licensing phishes
We’ve seen a lot of people referencing fake TV Licensing emails they’ve received over the last few days. The majority so far appear to be fake refund notices, asking potential victims to log in to a phony TV License website and provide payment details for refunds. It's definitely keeping customer...
The digital entropy of death: BSides Manchester
Last week, I gave a talk at BSides Manchester based on a previous blog series for Malwarebytes Labs called "The digital entropy of death." What do you do when a relative or close friend dies, leaving all of their digital accounts lying around for anyone to break into and make use of? Which...
Fake Malwarebytes helpline scammer caught in the act
An estimated one in every 10 American adults lost money in a cyber scam in the past 12 months, according to a report released by the FTC earlier in the month. On average, each scam victim lost $430, totaling about $9.5 billion overall. To put this in perspective, that’s over 22 million Americans...
Locky ransomware adds anti sandbox feature (updated)
By Marcelo Rivero and Jérôme Segura The Locky ransomware has been very active since its return which we documented in a previous blog post. There are several different Locky campaigns going on at the same time, the largest being the one from affiliate ID 3 which comes with malicious ZIP containin...
Fake malware-signing service Fox Tempest dismantled by Microsoft
Microsoft says it dismantled a malware-signing-as-a-service MSaaS called Fox Tempest, which helped cybercriminals make malware appear legitimate. The service let customers submit malicious files to be digitally signed with short-lived Microsoft-issued certificates, making the malware look...
No, it’s not OK to delete that new inetpub folder
In a new update for the guide concerning CVE-2025-21204 Microsoft told users they need the new inetpub folder for protection. As part of April’s patch Tuesday updates, Microsoft released a patch to a link following flaw in the Windows Update Stack. Applying the patch creates a new...
A week in security (December 2 – December 8)
Last week on Malwarebytes Labs: Europol takes down criminal data hub Manson Market in busy month for law enforcement Americans urged to use encrypted messaging after large, ongoing cyberattack Crypto’s rising value likely to bring new wave of scams AI chatbot provider exposes 346,000 customer...
Apple and Google join forces to stop unwanted tracking
Apple and Google have announced an industry specification for Bluetooth tracking devices which help alert users to unwanted tracking. The specification, called Detecting Unwanted Location Trackers, will make it possible to alert users across both iOS and Android if a device is unknowingly being...
TikTok comes one step closer to a US ban
The US Senate has approved a bill that would effectively ban TikTok from the US unless Chinese owner ByteDance gives up its share of the immensely popular app. Social video platform TikTok has experienced explosive growth since it first appeared in 2017, and is now said to have well over 1.5...
Active Nitrogen campaign delivered via malicious ads for PuTTY, FileZilla
In the past couple of weeks, we have observed an ongoing campaign targeting system administrators with fraudulent ads for popular system utilities. The malicious ads are displayed as sponsored results on Googles search engine page and localized to North America. Victims are tricked into downloadi...
MFA bombing taken to the next level
Simply put, MFA bombing also known as “push bombing” or “MFA fatigue” is a brute force attack on your patience. Cybercriminals use MFA bombing to break into accounts that are protected by multi-factor authentication MFA. MFA normally requires a user to enter a six-digit code sent by SMS, or...
Update Chrome now! Google patches possible drive-by vulnerability
Google has released an update to Chrome which includes seven security fixes. Version 123.0.6312.86/.87 of Chrome for Windows and Mac and 123.0.6312.86 for Linux will roll out over the coming days/weeks. The easiest way to update Chrome is to allow it to update automatically, which basically uses...
American Express warns customers about third party data breach
American Express has sent affected customers a warning that “a third party service provider engaged by numerous merchants experienced unauthorized access to its system.” In a subsequent update, American Express explained that it was not a service provider, but a merchant processor that suffered t...