4662 matches found
US agencies issue warning about DAIXIN Team ransomware
The FBI, Cybersecurity and Infrastructure Security Agency CISA, and the Department of Health and Human Services HHS have issued a joint advisory about DAIXIN Team, a fledgling ransomware and data exfiltration group that has been targeting US healthcare. First spotted in June 2022, the DAIXIN Team...
Update Firefox and Thunderbird now! Mozilla patches several high risk vulnerabilities
Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. In Firefox 105 a total of seven vulnerabilities were patched, three of which received the...
Ransomware protection with Malwarebytes EDR: Your FAQs, answered!
We get a few questions about ransomware protection and how our Endpoint Detection and Response software can protect you from ransomware. In this post, our security experts answer some of your most frequently asked questions about ransomware and how our EDR can help—let’s get started. Q: When...
Roblox breached: Internal documents posted online by unknown attackers
A data compromise situation has impacted Roblox Corporation, the developers of the massive smash-hit video game Roblox. An as-yet unknown attacker has breached an employee account, and is in the process of exposing the data theyve collected. Nobody knows if theyve exhausted their newly-plundered...
China’s Tonto Team increases espionage activities against Russia
According to analyses of several cybersecurity firms and CERT Computer Emergency Response Team Ukraine CERT-UA, the state-sponsored threat actor group Tonto Team, which has been linked to China-backed cyber operations, is ramping up its spying campaign against Russian government agencies. The...
A week in security (June 27 – July 3)
Last week on Malwarebytes Labs: Ransomware review: June 2022 AstraLocker 2.0 ransomware isn’t going to give you your files back YTStealer targets YouTube content creators ZuoRAT is a sophisticated malware that mainly targets SOHO routers Amazon Photos vulnerability could have given attackers acce...
Watch out for the email that says “You have a new voicemail!”
A phishing campaign is using voicemail notification messages to go after victims Office 365 credentials. According to researchers at ZScaler, the campaign uses spoofed emails with an HTML attachment that contains encoded javascript. The email claims that you have a new voicemail and that you can...
How to remove Google from your life
Swearing off a company used to be easier. Rude customer service, an unfortunate bout of food poisoning, even standing up for workers’ rights against the alleged involvement of a private company to order a country’s military to brutally quash a strike—almost every facet of an individual boycott...
Fake Cyberpunk Ape Executives target artists with malware-laden job offer
The wacky world of ape jpegs are at the heart of yet another increasingly bizarre internet scam, which contains malware, stolen accounts, a faint possibility of phishing, and zips full of ape pictures. The Ape Executives have a job offer you can, and must, refuse Lots of people with art profiles ...
Warning! Instagram Stories hides a scam in plain sight
When someone finds their social media account compromised, they first think about letting their followers know. And they do. They warn others from reading any strange posts, usually containing a rogue link, before they sort out the matter behind the scenes. Some curious followers who missed these...
Apps removed from Google Play for harvesting user data
Dozens of apps were removed from the Google Play Store after they were found to be harvesting the data of device owners. The code in question—a software development kit SDK—was used inside apps which were downloaded over 10 million times. What happened? A wide range of Android apps were found to...
Threat actor steals email with Zimbra zero-day
Researchers have discovered a threat actor attempting to exploit a cross-site scripting XSS zero-day vulnerability in the Zimbra email platform. Zimbra is open source webmail application used for messaging and collaboration. Cross-site scripting is a type of injection attack wherein a vulnerabili...
North Korea’s Lazarus APT leverages Windows Update client, GitHub in latest campaign
This blog was authored by Ankur Saini and Hossein Jazi Lazarus Group is one of the most sophisticated North Korean APTs that has been active since 2009. The group is responsible for many high profile attacks in the past and has gained worldwide attention. The Malwarebytes Threat Intelligence team...
Improving security for mobile devices: CISA issues guides
The Cybersecurity and Infrastructure Security Agency CISA has released two actionable Capacity Enhancement Guides CEGs to help users and organizations improve mobile device cybersecurity. Consumers One of the guides is intended for consumers. There are an estimated 294 million smart phone users i...
A week in security (Nov 15 – Nov 21)
Last week on Malwarebytes Labs Instagram’s memorialize feature abused to memorialize…Instagram’s boss Evasive manoeuvres: HTML smuggling explained FBI server hijacked to send up to 100,000 bogus attack mails New Mac malware raises more questions about Apple’s security patching SharkBot Android...
Phishers target TikTok influencers with verification promises and copyright threats
Influencers on TikTok are feeling the pinch of scams and phishing thanks to targeted campaigns hungry for fresh logins. The phishing campaigns make use of much older tactics seen across multiple platforms down the years. It’s a one-two combo of “Do this quickly, or else something bad will happen”...
Fake ransomware warnings hit WordPress sites: How to stay safe
A ransomware warning has appeared out of nowhere and started taking over WordPress sites. The warning, with its black background and red writing, says: “SITE ENCRYPTED Countdown FOR RESTORE SEND 0.1 BITCOIN: address redacted create file on site /unlock.txt with transaction key inside” But theres...
“Free Steam game” scams on TikTok are Among Us
TikTok has long since evolved beyond being thought of as "just" dance clips, also becoming a home for educational and informative content presented in a fun and casual way. There are accounts themed around pretty much any interest you can think of, and one of the biggest is gaming. Its not all...
Twitch compromised: What we know so far, and what you need to do
Update, 7th October: Twitch has now confirmed the breach. The companys statement is as follows: We have learned that some data was exposed to the internet due to an error in a Twitch server configuration change that was subsequently accessed by a malicious third party. At this time, we have no...
Telegram-powered bots circumvent 2FA
Two-factor authentication is a great way to protect your online accounts, and we always recommend you turn it on. But where users put up walls, you can be sure there are cybercriminals trying to break them down. Yesterday, security intelligence firm, Intel 147, revealed it had noticed an uptick o...
How to clear your cache
The term “cache” refers to a storage container. If you’re familiar with the outdoor recreational activity geocaching, you may be familiar with the term outside of computing. But in website and computer terms, a cache is temporary storage that is used to speed up future requests and load things mo...
3 security lessons from an MSP that survived the Kaseya VSA attack
Jay Tipton, chief executive for the Managed Service Provider MSP Technology Specialists, remembers his Fourth of July weekend this year like many MSP employees likely remember theirs: As a bit of a nightmare. “That’s like the worst feeling you’ll ever have,” Tipton said about his initial...
Ransomware scammers target artists with fake Krita revenue deals
The Krita digital painting application is currently being targeted by ransomware authors. Available on Steam and other platforms, it’s a powerful tool with a very cheap purchase price and great reviews. A perfect bit of bait to start reeling in potential victims, in other words. How does the scam...
Ransomware attack shuts down Colonial Pipeline fuel supply
UPDATE 10:47 AM Pacific Time, May 10: At 8:55 AM Pacific Time, the FBI confirmed that Colonial Pipeline was attacked by Darkside. According to a statement posted on Twitter, the FBI said: "The FBI confirms that the Darkside ransomware is responsible for the compromise of Colonial Pipeline network...
Beware: not so festive social media scams
We’re now into the most crucial stage of Christmas festivities, where money and gifts are on the march…and social media is a conduit for both good and bad tidings. This is the absolute best time for social media scammers to make their move. A little confidence trick here, the promise of good chee...
VideoBytes: Is it goodbye forever to Maze ransomware?
Hello Folks! In this Videobyte we’re talking about Maze ransomware and whether or not its shutting down, and what that means for the cybercrime world. The notorious Maze ransomware group, known for its corporate targeting and data leaking extortion schemes is, apparently, shutting down operations...
November spam roundup: Stalkers, property tips, porn, stern words and PayPal
Today were rounding up some of the interesting pieces of spam currently in circulation, taking in everything from housing deals to mysteriously free slices of cash. You may have seen some of these already. Hopefully we can help make up your mind about whatevers lurking in your mailbox. A full hou...
A week in security (November 9 – November 15)
Last week on Malwarebytes Labs, we reported on multiple patch releases: from Mozillas Firefox and Thunderbird to Googles Chrome. We also had a chat with our resident experts, Adam Kujawa and John Donovan, about the future of IoT cybersecurity in our latest Lock and Code podcast episode. Lastly, w...
Lock and Code S1Ep17: Journalism’s role in cybersecurity with Alfred Ng and Seth Rosenblatt
Most everything about cybersecurity—the threats, the vulnerabilities, the breaches and the blunders—doesnt happen in a vacuum. And the public doesn’t learn about those things because threat actors advertise their exploits, or because companies trumpet their lackluster data security practices. No,...
A week in security (September 14 – 20)
Last week on Malwarebytes Labs, we looked at Fintech industry developments, specifically the differences between Europe and the US, and we analyzed how some charities and the advertising industry are tied together. We also told readers about what companies can do to counter domain name abuse. In...
Coordinated Twitter attack rakes in 100 grand
Update 7/18/2020 Twitter released an update about the situation and their investigation on their blog. Update 8/2/2020 ZDNet published a timeline based on the court documents released by the DOJ "Im feeling generous because of Covid-19. Ill double any BTC payment sent to my BTC address for the ne...
We found yet another phone with pre-installed malware via the Lifeline Assistance program
We have discovered, yet again, another phone model with pre-installed malware provided from the Lifeline Assistance program via Assurance Wireless by Virgin Mobile. This time, an ANS American Network Solutions UL40 running Android OS 7.1.1. After our writing back in January—"United States...
Domen toolkit gets back to work with new malvertising campaign
Last year, we documented a new social engineering toolkit we called "Domen" being used in the wild. Threat actors were using this kit to trick visitors into visiting compromised websites and installing malware under the guise of a browser update or missing font. Despite being a robust toolkit, we...
Rudy Giuliani’s Twitter mishaps invite typosquatters and scammers
Former cybersecurity czar Rudy Giuliani has been targeted by typosquatters on Twitter, thanks to copious misspellings and other keyboarding errors made in a number of his public tweets. In a tweet sent out on Sunday, Giuliani meant to send his 650,000-plus followers to his new website,...
A week in security (February 10 – 16)
Last week on Malwarebytes Labs, we explained how to battle online coronavirus scams with facts, discussed the persistent re-infection techniques of Android/Trojan.xHelper and how to remove it, provided cyber tips for safe online dating, and showed how Hollywood teaches us misleading cybersecurity...
Dubious downloads: How to check if a website and its files are malicious
A significant amount of malware infections and potentially unwanted program PUP irritants are the result of downloads from unreliable sources. There are a multitude of websites that specialize in distributing malicious payloads by offering them up as something legitimate or by bundling the desire...
Of hoodies and headphones: a spotlight on risks surrounding audio output devices
More than a decade ago, cardiologists from the Beth Israel Medical Center in Boston presented their findings at the American Heart Association AHA Scientific Sessions 2008 about MP3 headphones causing disruptions with heart devices—such as the pacemaker and the implantable cardioverter...
Why bad coding habits die hard—and 7 ways to kill them
Developers are usually the focus of blame when software vulnerabilities cause organizational breaches. Sometimes, quality assurance engineers are included in the flame. Interestingly, though, hardly anyone looks at why bad coding habits form in the first place. We're talking about the culture, th...
New Deepfakes forum goes mining with Coinhive
You may or may be familiar with the furore over Deepfakes, a relatively new development in pornography involving a tool called FacesApp, which is capable of producing a real porn clip that replaces the original actors' heads with those of celebrities—or indeed, anyone at all. Online fakes have be...
Napoleon: a new version of Blind ransomware
The ransomware previously known as Blind has been spotted recently with a .napoleon extension and some additional changes. In this post, we'll analyze the sample for its structure, behavior, and distribution method. Analyzed samples 31126f48c7e8700a5d60c5222c8fd0c7 - Blind ransomware the first...
Explained: blockchain technology
Last week, we talked about what cryptocurrency is and why cybercriminals love it. We mentioned that cryptocurrency was founded on a technology called blockchain, which is a tight system that, when applied correctly, is more secure than most other financial transactions. In this post, we'll explai...
Digital forensics: How to recover deleted files
Where I personally have a problem remembering names and birthdays, computers have a hard time “forgetting” things. Even when we tell them to do so. If you ever unintentionally deleted a file, you may have been able to retrieve it from the Recycle Bin. Or, if it was past that stage and the file wa...
WhatsApp for Windows vulnerable to attacks. Update now!
In a security advisory, Meta has disclosed a vulnerability that allowed an attacker to run arbitrary code on a user’s system that existed in all WhatsApp versions before 2.2450.6. WhatsApp offers a desktop application for Windows and macOS, which users can synchronize with their mobile devices...
Android vulnerability used in targeted attacks patched by Google
Google has released patches for 46 vulnerabilities in Android, including a remote code execution RCE vulnerability that it says has been used in limited, targeted attacks. You can find your device’s Android version number, security update level, and Google Play system level in your Settings app...
A week in security (June 10 – June 16)
Last week on Malwarebytes Labs: Truist bank confirms data breach Update now! Google Pixel vulnerability is under active exploitation Adobe clarifies Terms of Service change, says it doesn’t train AI on customer content 23andMe data breach under joint investigation in two countries When things go...
Active Nitrogen campaign delivered via malicious ads for PuTTY, FileZilla
In the past couple of weeks, we have observed an ongoing campaign targeting system administrators with fraudulent ads for popular system utilities. The malicious ads are displayed as sponsored results on Googles search engine page and localized to North America. Victims are tricked into downloadi...
Massive utility scam campaign spreads via online ads
For many households, energy costs represent a significant part of their overall budget. And when customers want to discuss their bills or look for ways to save money, scammers are just a phone call away. Enter the utility scam, where crooks pretend to be your utility company so they can threaten...
Meet the entirely legal, iPhone-crashing device, the Flipper Zero: Lock and Code S04E25
This week on the Lock and Code podcast… It talks, it squawks, it even blocks! The stocking-stuffer on every hobby hacker’s wish list this year is the Flipper Zero. “Talk” across low-frequency radio to surreptitiously change TV channels, emulate garage door openers, or even pop open your friend’s...
Judge rules it’s fine for car makers to intercept your text messages
A federal judge has refused to bring back a class action lawsuit that alleged four car manufacturers had violated Washington state’s privacy laws by using vehicles’ on-board infotainment systems to record customers’ text messages and mobile phone call logs. The judge ruled that the practice doesn...
Malvertising via Dynamic Search Ads delivers malware bonanza
Most, if not all malvertising incidents result from a threat actor either injecting code within an existing ad, or intentionally creating one. Today, we look at a different scenario where, as strange as that may sound, malvertising was entirely accidental. The reason this happened was due to the...