4709 matches found
American Express warns customers about third party data breach
American Express has sent affected customers a warning that “a third party service provider engaged by numerous merchants experienced unauthorized access to its system.” In a subsequent update, American Express explained that it was not a service provider, but a merchant processor that suffered t...
Change Healthcare outages reportedly caused by ransomware
On Wednesday February 21, 2024, Change Healthcare—a subsidiary of UnitedHealth Group—experienced serious system outages due to a cyberattack. In a Form 8-K filing the company said it: “identified a suspected nation-state associated cyber security threat actor had gained access to some of the Chan...
Atomic Stealer rings in the new year with updated version
Last year, we documented malware distribution campaigns both via malvertising and compromised sites delivering Atomic Stealer AMOS onto Mac users. This stealer has proven to be quite popular in the criminal underground and its developers have been adding new features to justify its hefty...
Windows Hello fingerprint authentication can be bypassed on popular laptops
Researchers have found several weaknesses in Windows Hello fingerprint authentication on Dell Inspiron 15, Lenovo ThinkPad T14, and Microsoft Surface Pro X laptops. Microsoft’s Offensive Research and Security Engineering MORSE asked the researchers to evaluate the security of the top three...
Should you allow your browser to remember your passwords?
At Malwarebytes weve been telling people for years not to reuse passwords, and that a password manager is a secure way of remembering all the passwords you need for your online accounts. But we also know that a password manager can be overwhelming, especially when youre just getting started. Once...
CISA updates ransomware guidance
The Cybersecurity and Infrastructure Security Agency CISA has updated its StopRansomware guide to account for the fact that ransomware actors have accelerated their tactics and techniques since the original guide was released in September of 2020. The StopRansomware guide is set up as a one-stop...
Introducing Malwarebytes Application Block: How to block unauthorized software from executing on Windows endpoints
Malwarebytes is excited to announce Application Block, a new module for Nebula and OneView for MSPs which helps organizations easily thwart unwanted applications from launching on Windows endpoints. For as many applications out there that help you keep business running as usual, there are just as...
Key takeaways from Malwarebytes 2023 State of Mobile Cybersecurity
The results of our latest survey on mobile cybersecurity in K-12 and hospitals are in--and its not all peaches and roses. When we talk about endpoint protection, its only natural to only think about the most commonly compromised endpoints like work laptops and servers--but your smartphone isnt of...
Update now! NetGear routers’ default configuration allows remote attacks
NetGear has made a hotfix available for its Nighthawk routers after researchers found a network misconfiguration in the firmware allowed unrestricted communication with the internet facing ports of the device listening through IPv6. No auto-update The hotfix is available for the model RAX30, also...
Android is slowly mastering memory management vulnerabilities
Recently we wrote about why the NSA wants you to shift to memory safe programming languages. The short version is: If you ever read our posts describing security vulnerabilities, you will see a lot of phrases like "buffer overflow", "failure to release memory", "use after free", "memory...
Optus data breach "attacker" says sorry, it was a mistake
Since Australian telecoms company Optus disclosed a security breach on September 22, 2022, a lot has been happening. Much of it reads like a movie script. Prologue A hacker acting under the pseudonym "optusdata" claims to have stolen the data of 10 million Optus customers. The information include...
Tech support scammers caught by their own cameras
A Youtuber has hacked into the CCTV cameras of an office used by tech support scammers and reported them to the police. The video feed of what is going on in that office ends with the arrest of the scammers. CCTV The Youtuber, acting under the handle Scambaiter, turned his attention to Punjab in...
Serious vulnerabilities found in ITarian software, patches available for SaaS products
Dutch research group DIVD has identified multiple vulnerabilities in ITarian products. In cooperation with DIVD, ITarian has made patches available to deal with these vulnerabilities for its SaaS platform. Software as a service SaaS is a software distribution model in which a cloud provider hosts...
AirTag stalking: What is it, and how can I avoid it?
More voices are being raised against the use of everyday technology repurposed to attack and stalk people. Most recently, its reported that Ohio has proposed a new bill in relation to electronic tagging devices. The bill, aimed at making short work of a loophole allowing people with no stalking o...
GitLab issues security updates; watch out for hard coded passwords
GitLab has issued several critical security updates, with users of the version control software urged to upgrade their installations as soon as possible. One of the fixes is for a hard coded password issue. What is distributed version control? Distributed version control is a way for an...
Okta admits 366 customers may have been impacted by LAPSUS$ breach
Through its usual means of communication, its Telegram channel, the LAPSUS$ group has posted screenshots of what appears to be superuser access to the Okta management console. As such, the group claims to have acquired "superuser/admin" access to Okta.com and gained access to Oktas customer data,...
Fake ransomware warnings hit WordPress sites: How to stay safe
A ransomware warning has appeared out of nowhere and started taking over WordPress sites. The warning, with its black background and red writing, says: “SITE ENCRYPTED Countdown FOR RESTORE SEND 0.1 BITCOIN: address redacted create file on site /unlock.txt with transaction key inside” But theres...
TrickBot helps Emotet come back from the dead
Probably one of the best known threats for the past several years, Emotet has always been under intense scrutiny from the infosec community. On several occasions, it appeared to take an early retirement, but then again it came back. However, when multiple law enforcement agencies seized control o...
A multi-stage PowerShell based attack targets Kazakhstan
This blog post was authored by Hossein Jazi. On November 10 we identified a multi-stage PowerShell attack using a document lure impersonating the Kazakh Ministry of Health Care, leading us to believe it targets Kazakhstan. A threat actor under the user name of DangerSklif perhaps in reference to...
Police take a piece out of a ransomware gang, but won’t say which one
One of the worlds ransomware groups appears to be a couple of members short today—and about two million dollars less rich—but nobody is sure which one. Police are staying tight-lipped about whos short-handed following the arrest of two individuals in Kyiv, Ukraine. The arrests are part of a joint...
Jail for consultant who scraped colossal trove of Alibaba customer data
A billion data points, including the usernames and mobile phone numbers of customers have been siphoned off Alibaba websites by a web crawler. The information has reached us about a week after a court ruling in the case. The court ruling A central Chinese court has ruled that an employee of a...
Colonial Pipeline attack spurs new rules for critical infrastructure
Following a devastating cyberattack on the Colonial Pipeline, the Transportation Security Administration—which sits within the government’s Department of Homeland Security—will issue its first-ever cybersecurity directive for pipeline companies in the United States, according to exclusive reporti...
FBI shuts down malware on hundreds of Exchange servers, opens Pandora’s box
A rather remarkable story has emerged, setting the scene for lively debates about permissible system access. A press release from the US Department of Justice Judge has revealed that the FBI were granted permission to perform some tech support backdoor removal. Bizarrely, they did this without...
How to enable Facebook’s hardware key authentication for iOS and Android
Since 2017 desktop users have had the opportunity to use physical security keys to log in to their Facebook accounts. Now iOS and Android users have the same option too. Physical security keys are a more secure option for two-factor authentication 2FA than SMS which is vulnerable to SIM swap...
LazyScripter: From Empire to double RAT
Malwarebytes’ Threat Intelligence analysts are continually researching and monitoring active malware campaigns and actor groups as the prevalence and sophistication of targeted attacks rapidly evolves. In this paper, we introduce a new APT group we have named LazyScripter, presenting in-depth...
Nude photo theft offers lessons in selfie security
Two former college graduates are in a lot of trouble after breaking into other students accounts and stealing sensitive personal data. They’re facing some serious charges with restitution payments of $35,430, potential jail time, and the threat of very big fines thrown into the mix. What happened...
Taurus Project stealer now spreading via malvertising campaign
For the past several months, Taurus Project—a relatively new stealer that appeared in the spring of 2020—has been distributed via malspam campaigns targeting users in the United States. The macro-laced documents spawn a PowerShell script that invokes certutil to run an autoit script ultimately...
Web skimmer hides within EXIF metadata, exfiltrates credit cards via image files
They say a picture is worth a thousand words. Threat actors must have remembered that as they devised yet another way to hide their credit card skimmer in order to evade detection. When we first investigated this campaign, we thought it may be another one of those favicon tricks, which we had...
Consumerization: a better way to answer cybersecurity challenges
A version of this article originally appeared in Forbes on February 12, 2020. Consumerization: The specific impact that consumer-originated technologies can have on enterprises. Gartner More and more, enterprises are coming to understand that they need to adopt the agile processes and product...
IoT bills and guidelines: a global response
You may not have noticed, but Internet of Things IoT rules and regulations are coming whether manufacturers want them or not. From experience, drafting up laws which are hopefully sensible and have some relevance to problems raised by current technology is a time-consuming, frustrating process...
A week in security (April 29 – May 5)
Last week on Labs we discussed the possible exit scam of dark net market Wall Street Market, how the Electrum DDoS botnet reaches 152,000 infected hosts, we looked at the sophisticated threats plague ailing healthcare industry, a mysterious database that exposed personal information of 80 million...
“Funky malware format” found in Ocean Lotus sample
Recently, at the SAS conference I talked about "Funky malware formats"—atypical executable formats used by malware that are only loaded by proprietary loaders. Malware authors use them in order to make static detection more difficult, because custom formats are not recognized as executable by AV...
Why bad coding habits die hard—and 7 ways to kill them
Developers are usually the focus of blame when software vulnerabilities cause organizational breaches. Sometimes, quality assurance engineers are included in the flame. Interestingly, though, hardly anyone looks at why bad coding habits form in the first place. We're talking about the culture, th...
Hancitor: fileless attack with a DLL copy trick
This article was authored by David Sánchez, Mickaël Roger, and Jérôme Segura During the past few years, malicious spam campaigns have proven to be one of the most efficient infection vectors, in part due to a combination of social engineering and a regular number of Office vulnerabilities. The...
Singapore government gets into the network defense game
There is a common assumption in the infosec community that enormous breaches like those at Equifax, Anthem, and Target are the new norm. That the next mega breach is simply a matter of time. This is because large companies loathe spending money on things that are not directly profitable like secu...
A week in security (December 11 – December 17)
Last week we explained what fast flux is and how it's being abused, we showed you all kinds of Bitcoin-related scams, presented a video recording of a tech support scammer trying to sell free software, and pointed out some free software to keep an eye on your Internet traffic. We also informed yo...
Free tools: Internet traffic monitoring
Are you an amateur analyst or security enthusiast looking for free tools to do some basic Internet traffic monitoring? You've come to the right place. Not everyone is versed in the use of robust tools like Wireshark even though it is worth the trouble of learning if you have to do network traffic...
Ransomware hiding in fake AI, business tools
Artificial intelligence AI and small business tools are being abused as smokescreens to hit unsuspecting victims with ransomware. In the masquerade campaigns discovered by Cisco Talos, cybercriminals hid malware behind software and install packages that mimicked the websites or names of the lead...
Encrypted messaging service intercepted, 2.3 million messages read by law enforcement
European law enforcement agencies have taken down yet another encrypted messaging service mainly used by criminals. The Matrix encrypted messaging service was an invite-only service which was also marketed under the names Mactrix, Totalsec, X-quantum, or Q-safe. Dutch and French authorities start...
Fake funeral “live stream” scams target grieving users on Facebook
Some scammers have the morals of an alley cat. But some sink even lower. Over the last few months, Malwarebytes Labs has discovered scammers active on Facebook that prey on bereaved people by using stolen images and phony funeral live stream links to steal money and/or credit card details. These...
Google patches actively exploited zero-day in Chrome. Update now!
Google has released an update for its Chrome browser which includes a patch for a vulnerability that Google says is already being exploited, known as a zero-day vulnerability. Google has fixed that zero-day with the release of versions 128.0.6613.84/.85 for Windows/macOS and 128.0.6613.84 for Lin...
TEMU sued for being “dangerous malware” by Arkansas Attorney General
Chinese online shopping giant Temu is facing a lawsuit filed by State of Arkansas Attorney General Tim Griffin, alleging that the retailers mobile app spies on users. “Temu purports to be an online shopping platform, but it is dangerous malware, surreptitiously granting itself access to virtually...
Data leak site BreachForums is back, boasting Live Nation/Ticketmaster user data. But is it a trap?
Notorious data leak site BreachForums appears to be back online after it was seized by law enforcement a few weeks ago. At least one of BreachForums domains and its dark web site are live again. However, questions have been raised over whether it is a genuine attempt to revive the forums once aga...
2024 State of Malware in Education report: Top 6 cyberthreats facing K-12 and Higher Ed
Educational institutions may face a range of cyberthreats in 2024, but our 2024 State of Malware in Education report identifies the six most critical ones. Ransomware, for example, stands out as a key threat for schools and universities. The report covers how last year, we witnessed a 92% increas...
Pig butchering scams, how they work and how to avoid them
Pig butchering scams are big business. There are hundreds of millions of dollars involved every year. The numbers are not very precise because some see them as a special kind of romance scam, while others classify them as investment fraud. The victims in Pig Butchering schemes are referred to as...
Clorox counts the cost of cyberattack
Cleaning products maker Clorox has reported losses of $49 million in connection to a cyberattack it suffered in August of last year. On Monday, August 14, 2023, Clorox disclosed it had identified unauthorized activity on some of its IT systems. Despite a business continuity plan, the incident...
Ransomware review: January 2024
This article is based on research by Marcelo Rivero, Malwarebytes ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, "known attacks" are those where the victim did not pay a ransom. This provides the best overall picture of...
Malwarebytes consumer product roundup: The latest
At Malwarebytes, we’re constantly evolving to protect our customers. These days, our products don’t just protect you from malware, we protect your identity, defend you from ads, safeguard your social media, and keep your mobile safe too. Here are the innovations we’ve made in our products recentl...
Malwarebytes named leader across six endpoint security categories, marking its ease of use, in G2 Fall 2023 results
The peer-to-peer review source G2 has released their Fall 2023 reports, ranking Malwarebytes as a leader across a number of endpoint protection categories. In the most recent results, Malwarebytes is the only vendor to earn the "Easiest to Use" and "Easiest Admin" recognition for its Endpoint...
Cloudflare Tunnel increasingly abused by cybercriminals
Cloudflare Tunnel provides you with a secure way to connect your resources to Cloudflare without a publicly routable IP address. Cybercriminals are increasingly using this service to keep their activities from being detected. Cloudflare Tunnel, also known by its executable name, Cloudflared,...