4709 matches found
ChatGPT writes insecure code
Research by computer scientists associated with the Universite du Quebec in Canada has found that ChatGPT, OpenAI's popular chatbot, is prone to generating insecure code. "How Secure is Code Generated by ChatGPT?" is the work of Raphael Khoury, Anderson Avila, Jacob Brunelle, and Baba Mamadou...
DeepStreamer: Illegal movie streaming platforms hide lucrative ad fraud operation
This investigation was a joint effort between Malwarebytes Threat Intelligence's Jerome Segura, DeepSee's Rocky Moss and Antonio Torres. Key findings Over a dozen unique domains were found selling ad inventory through Google Ad Manager, even though the pages were embedded invisibly under the...
TrickBot gang members sanctioned after pandemic ransomware attacks
In a collaborative partnership, officials in the United States and the United Kingdom unmasked and imposed financial sanctions against seven members of the notorious Russian gang TrickBot alias "TrickLoader", a mainstream banking Trojan turned malware-as-a-service MaaS platform for other criminal...
ChromeOS vulnerability found by Microsoft
Microsoft recently released a report about a ChromeOS remote memory corruption vulnerability. The issue has already been fixed. In fact, it was reported to Google in April. The fix was applied shortly after, and released on June 15. The resulting deep-dive from Microsoft is a fascinating look at...
SonicWall urges customers to patch critical SQL injection bug ASAP
Cybersecurity hardware company, SonicWall, recently released a public security notice about a critical SQL injection flaw affecting its GMS Global Management System and Analytics On-Prem products. The flaw, which is tracked as CVE-2022-22280, is given a 9.4 critical rating. With the high capabili...
Discord Shame channel goes phishing
A variant of a popular piece of social media fraud has made its way onto Discord servers. Multiple people are reporting messages of an "Is this you" nature, tied to a specific Discord channel. is this a new discord scam or something? someone I haven’t spoken to in years randomly sent me this and...
Rogue cryptocurrency billboards go phishing for wallets
Billboards and digital real world advertising has raised many questions of privacy and anonymity in recent years. Until now, the primary concern has been mostly legal, yet potentially objectionable geolocation and user profiling. Bluetooth beacons work in tandem with geofenced billboards to send...
DFSCoerce, a new NTLM relay attack, can take control over a Windows domain
A researcher has published a Proof-of-Concept PoC for an NTLM relay attack dubbed DFSCoerce. The method leverages the Distributed File System: Namespace Management Protocol MS-DFSNM to seize control of a Windows domain. Active Directory A directory service is a hierarchical arrangement of objects...
Hertzbleed exposes computers’ secret whispers
Hertzbleed is the name for a vulnerability that can be used to obtain cryptographic keys and other secret data from Intel and AMD CPUs, remotely. It works by monitoring changes in power consumption, which can be deduced by the careful timing of known workloads, thanks to a processor power saving...
Ransomware Task Force priorities see progress in first year
This blog is part of our live coverage from RSA Conference 2022: US President Joseph R. Biden Jr., The White House, and law enforcement agencies across the world paid close attention last year when a group of more than 60 cybersecurity experts launched the Ransomware Task Force, heeding the group...
Elden Ring exploit traps players in infinite death loop
Back in January, we wrote about how the Dark Souls games had their online components switched off for PC gamers. This is because someone figured out how to execute code remotely on the target’s PC. Given that the multiplayer angle of Souls games is rather important, this was quite a body blow for...
Potential cybersecurity impacts of Russia’s invasion of Ukraine
On Thursday night, Russia launched a military invasion of its neighbor and former Soviet Union member Ukraine, drawing a broad rebuke from international leaders, along with significant protest from the Russian public. The toll of human life from this war is unknown, and, like the many internation...
FBI warns of bogus job postings on recruitment sites
Before Christmas was a busy time down at the fake job factory, with all manner of dubious antics out to ruin someone’s day. We’re now info February and the bogus job offers show no sign of abating. In fact, the FBI considers it to be such a problem that its issued an alert. This isn’t your typica...
Logistics giant warns of scams following ransomware attack
German logistics giant Hellmann Worldwide Logistics has issued a warning that data was stolen from the company when it was hit with a ransomware attack on December 9, 2021. It is not entirely clear what type of data was extracted, but the company says it is warning partners and customers to doubl...
Adblocker promises to blocks ads, injects them instead
Researchers at Imperva uncovered a new ad injection campaign based on an adblocker named AllBlock. The AllBlock extension was available at the time of writing for Chrome and Opera in the respective web stores. While disguising your adware as an adblocker may seem counterintuitive, it is actually ...
Google warns some users that FancyBear’s been prowling around
APT28, also known as FancyBear, is at the heart of another targeted campaign. This time, it’s sniffing around users of Google services. Some 14,000 people have been notified about a spear phish attempt looking to compromise accounts and access their files. When did this happen? Sometime late...
Stop. Do you really need another security tool?
The last few years have seen a mushrooming of the number and type of security tools that organizations can use to protect themselves. You can have tools, tools to integrate the tools, tools to monitor the tools, APIs, dashboards so many dashboards, and machine learning with everything. And yet,...
A week in security (Sept 27 – Oct 3)
Last week on Malwarebytes Labs Teaching cybersecurity skills to special needs children with Alana Robinson: Lock and Code S02E18 Phone screenshots accidentally leaked online by stalkerware-type company FoggyWeb, analysis of a Nobelium backdoor Instagram Kids put on hold Microsoft, CISA and NSA...
Android Trojan GriftHorse, the gift horse you definitely should look in the mouth
Researchers at Zimperium have discovered an aggressive mobile premium services campaign with over 10 million victims all over the world. The stolen amount could amass hundreds of millions of Euros. The scam was hidden behind malicious Android apps, and the researchers have named the Trojan...
How to clear your cache
The term “cache” refers to a storage container. If you’re familiar with the outdoor recreational activity geocaching, you may be familiar with the term outside of computing. But in website and computer terms, a cache is temporary storage that is used to speed up future requests and load things mo...
Largest DDoS attack ever reported gets hoovered up by Cloudflare
On the Cloudflare blog, the American web infrastructure behemoth that provides content delivery network CDN and DDoS mitigation services reports that it detected and mitigated a 17.2 million request-per-second rps DDoS attack. To put that number in perspective. The company reports that this is...
TrickBot indictment reveals the scale and complexity of organized cybercrime
Back in 2016, we saw the emergence of a botnet mainstay called TrickBot. Initially observed by our Labs team spreading via malvertising campaigns, it quickly became a major problem for businesses everywhere. Whether spread by malvertising or email spam, the end result was the same. Data...
Ransomware disrupts food supply chain, Exchange exploitation suspected
When malware found its way into the network of Bakker Logistiek, a company specializing in the transport and warehousing of food and other products, on the night of 4 to 5 April, its IT systems ground to a halt. And, along with them, the reception of orders from clients, and the delivery of goods...
Barcode Scanner app on Google Play infects 10 million users with one update
UPDATE: February 12, 2021 It has come to our attention that there is another bad actor in this story. Apparently, the original publisher, LAVABIRD LTD, is not the bad actor. It is instead an account under the name "The space team." Nevertheless, there is evidence that updates of Barcode Scanner b...
A week in security (November 9 – November 15)
Last week on Malwarebytes Labs, we reported on multiple patch releases: from Mozillas Firefox and Thunderbird to Googles Chrome. We also had a chat with our resident experts, Adam Kujawa and John Donovan, about the future of IoT cybersecurity in our latest Lock and Code podcast episode. Lastly, w...
A week in security (May 25 – 31)
Last week on Malwarebytes Labs, we published our most recent episode of our podcast Lock and Code, providing an in-depth discussion on web browser privacy, looked at the membership bump for the Coalition against Stalkerware, and dug into EDR solutions. We also looked at twists added to the threat...
Cybercriminals impersonate World Health Organization to distribute fake coronavirus e-book
The number of scams, threats, and malware campaigns taking advantage of public concern over the coronavirus is increasing each day. As a result, we've been actively monitoring emails within our spam honeypot to flag such threats and make sure our users are protected. Yesterday, we observed a...
Domen toolkit gets back to work with new malvertising campaign
Last year, we documented a new social engineering toolkit we called "Domen" being used in the wild. Threat actors were using this kit to trick visitors into visiting compromised websites and installing malware under the guise of a browser update or missing font. Despite being a robust toolkit, we...
Why managed service providers (MSP) are critical for business continuity
With the threat landscape becoming more hostile to businesses, small- and medium-sized businesses SMBs are often finding it difficult to cope. Hence, they turn to managed service providers MSPs for help, not only to keep their businesses going—the concept known as business continuity—but also to...
A week in security (February 10 – 16)
Last week on Malwarebytes Labs, we explained how to battle online coronavirus scams with facts, discussed the persistent re-infection techniques of Android/Trojan.xHelper and how to remove it, provided cyber tips for safe online dating, and showed how Hollywood teaches us misleading cybersecurity...
When corporate communications look like a phish
Many organizations will spend significant sums of money on phishing training for employees. Taking the form of regular awareness training, or even simulated phishes to test employee awareness, this is a common practice at larger companies. However, even after training, a consistent baseline of...
A week in security (April 22 – 28)
Last week on Labs, we looked at security threats to headphones, privacy options in the world of law, and wandered through the FBI’s 2018 IC3 online crime report. We also explored another MageCart attack, and we released our 2019 Q1 Crime Tactics and Techniques report. Other cybersecurity news...
Of hoodies and headphones: a spotlight on risks surrounding audio output devices
More than a decade ago, cardiologists from the Beth Israel Medical Center in Boston presented their findings at the American Heart Association AHA Scientific Sessions 2008 about MP3 headphones causing disruptions with heart devices—such as the pacemaker and the implantable cardioverter...
Are hackers gonna hack anymore? Not if we keep reusing passwords
Enterprises have a password problem, and it’s one that is making the work of hackers a lot easier. From credential stuffing to brute force and password spraying attacks, modern hackers don’t have to do much hacking in order to compromise internal corporate networks. Instead, they log in using wea...
Where did the tech support scam blacklist go?
For about five years, we've maintained a blacklist of recognized tech support scammers, along with websites and phone numbers they might use to contact victims. The blacklist was part of our Tech support scams: help and resource page, which tells readers how scams work, what tricks to look out fo...
Explained: blockchain technology
Last week, we talked about what cryptocurrency is and why cybercriminals love it. We mentioned that cryptocurrency was founded on a technology called blockchain, which is a tight system that, when applied correctly, is more secure than most other financial transactions. In this post, we'll explai...
Digital forensics: How to recover deleted files
Where I personally have a problem remembering names and birthdays, computers have a hard time “forgetting” things. Even when we tell them to do so. If you ever unintentionally deleted a file, you may have been able to retrieve it from the Recycle Bin. Or, if it was past that stage and the file wa...
Fake Google and Cloudflare verification pages spread multiple malware families
Updated July 6 to add connections with SyncTDS and TrafficTDS ClickFix attacks, which trick people into running malicious commands themselves, continue to evolve. This latest campaign uses fake Google and Cloudflare verification pages to convince victims to infect their own devices. A single...
Payment apps are watching what you say (Lock and Code S07E11)
This week on the Lock and Code podcast … In the United States today, you can have your bank account closed, your credit cards cancelled, and your online payments revoked for any number of crimes, like funding terrorism, engaging in money laundering, or violating sanctions. Sensible, right? Well,...
What privacy? Perplexity wants your data, builds browser to track you and serve ads
AI search service Perplexity AI doesn't just want you using its app—it wants to take over your web browsing experience too. The company is planning to launch its own browser, called Comet, next month. But what does this mean for your privacy? Launched in 2022, Perplexity AI is an AI-powered searc...
“Can you try a game I made?” Fake game sites lead to information stealers
The background and the IOCs for this blog were gathered by an Expert helper on our forums and Malwarebytes researchers. Our thanks go out to them. A new, malicious campaign is making the rounds online and it starts simple: Unwitting targets receive a direct message DM on a Discord server asking...
Upcoming webinar: How a leading architecture firm approaches cybersecurity
How does a company navigate over 80 years of technical debt? Which tools do a security team of 5 rely on everyday? What threats are considered most dangerous? On March 28, 2024, Malwarebytes CEO, Marcin Kleczynski, and Payette Associates Director of Information Technology, Dan Gallivan, will answ...
How to make a fake ID online, with Joseph Cox: Lock and Code S05E05
This week on the Lock and Code podcast… For decades, fake IDs had roughly three purposes: Buying booze before legally allowed, getting into age-restricted clubs, and, we can only assume, completing nation-state spycraft for embedded informants and double agents. In 2024, thats changed, as the use...
[updated] Vibrator virus steals your personal information
I know that some of you are expecting a post similar to that about a toothbrush botnet, but this is not a hypothetical case. It actually happened. A Malwarebytes Premium customer started a thread on Reddit saying we had blocked malware from trying to infect their computer after they connected a...
A week in security (February 5 – February 11)
Last week on Malwarebytes Labs: Ivanti urges customers to patch yet another critical vulnerability Ransomware in 2023 recap: 5 key takeaways FBI and CISA publish guide to Living off the Land techniques Warning from LastPass as fake app found on Apple App Store 2 million job seekers targeted by da...
Apple warns of “privacy and security threats” after EU requires it to allow sideloading
Despite several warnings about the risks, Apple will allow European iPhone owners to install apps obtained from outside the official App store sideloading. These drastic changes are brought about to comply with the European Union’s EU Digital Markets Act DMA. The Digital Markets Act DMA establish...
Investment fraud a serious money maker for criminals
Europols’s spotlight report ‘Online fraud schemes: a web of deceit’, looks into online fraud schemes—a major crime threat in the EU and beyond—and one of the reports primary themes is investment fraud. But first I want to share some more remarkable conclusions from the report: Charity scams that...
Medical research data Advarra stolen after SIM swap
Clinical research company Advarra has reportedly been compromised after a SIM swap on one of their executives. SIM swapping, also known as SIM jacking, is the act of illegally taking over a target’s cell phone number. This can be done in a number of ways, but one of the most common methods involv...
OneView updates: Dive into Report 2.0 & the new Global Site Filter
Were rolling out two new features to enhance usability in OneView, our multi-tenant platform for Managed Service Providers: Report 2.0 and the Global Site Filter. Heres what you need to know: Report 2.0: Improved Reporting in OneView Report 2.0 offers a more streamlined approach to reporting with...
Ransomware review: September 2023
This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, "known attacks" are those where the victim did not pay a ransom. This provides the best overall picture of...