4706 matches found
The 6 best Chrome extensions for privacy and security
While searching for security- and privacy-improving extensions, users may end up installing an extension that is counterproductive to their goals. To help our readers I have compiled a list of Chrome extensions that can actually help you improve your online privacy and security. Our regular reade...
How bitcoin payments unmasked a man who hired a Dark Web contract killer
An Italian citizens apparent attempt to hire a hitman on the Dark Web has been undone by clever analysis of his Bitcoin transactions. The man, who is reported to be an IT worker employed by a major corporation, is alleged to have paid the hitman to assassinate his former girlfriend. What happened...
What is encryption? And why it matters in a VPN
Encryption is a term used to describe the methods that hide the true meaning of messages using code, especially to prevent unauthorized access to the information in the messages. Not all users of virtual private networks VPN care about encryption, but many are interested and benefit from strong...
Steamship Authority answers question: Who’s the next ransomware victim?
After the attacks on Colonial Pipeline and JBS, many may have been wondering, as we did, what the next ransomware headline was going to be. Well, here it is—another victim in the vital infrastructure of transport and logistics, although this time the impact may be less brutal. Steamship Authority...
What is Incognito mode? Our private browsing 101
Incognito mode is the name of Google Chrome’s private browsing mode, but it’s also become the catch-all term used to describe this type of web surfing, regardless of the browser being used. Some call it Private Mode, others call it Private Browsing. Apple almost certainly got there first, yet...
Trolls abuse Twitter Lists to collate their targets
I’ve been using Twitter for more than a decade. And one of its features that I find valuable is Lists. Turns out I'm not the only one. Lists allow Twitter users to group profiles or feeds based on certain criteria, such as sports, tech news, celebrities, fashion—you get the idea. Having Lists mak...
Update now! F5 BIG-IP vulnerability being actively exploited
The Australian Cyber Security Centre ACSC has announced it is aware of the existence of Proof of Concept PoC code exploiting a F5 Security Advisory Addressing Multiple Vulnerabilities in its BIG-IP Product Range. The vulnerability listed as CVE-2022-1388 allows attackers to bypass authentication ...
Update Google Chrome now! New version includes 11 important security patches
The latest Google Chrome update includes 11 security fixes, some of which could be exploited by an attacker to take control of an affected system. Google Chromes Stable channel has been updated to 103.0.5060.134 for Windows, Mac, and Linux, and the new version will roll out over the coming...
Edge’s Super Duper Secure Mode benchmarked: How much speed would you trade for security?
In an attempt to make Edge more secure, the Microsoft Vulnerability Research team has started to experiment with disabling Just-In-Time JIT compilation in the browsers V8 JavaScript engine, to create what its calling Super Duper Secure Mode. The reasoning behind this experiment sounds valid. A...
Pegasus spyware has been here for years. We must stop ignoring it
On July 18, a group of 17 newspaper and media organizations—aided by Amnesty International’s Security Lab and the research group Citizen Lab—revealed that one of the world’s most advanced and viciously invasive spyware tools had been used to hack, or attempt to hack, into 37 mobile phones owned b...
QxSearch hijacker fakes failed installs
Recently, one of the more dominant search hijacker families on our radar has started to display some curious behavior. The family in question is delivered by various Chrome extensions and classified as PUP.Optional.QxSearch because of its description in listings of installed extensions, which tel...
Magecart skimmers found on Amazon CloudFront CDN
Update 06-08-2019: The compromises of Amazon S3 buckets continue and some large sites are being affected. Our crawler spotted a malicious injection that loads a skimmer for the Washington Wizards page on the official NBA.com website. The skimmer was inserted in this JavaScript library:...
Researcher’s audacious hack demonstrates new type of supply-chain attack
Often the most brilliant ideas are the most simple. The hard part is being the first one to come up with the idea and put it to use. One such brilliant yet simple idea belongs to Alex Birsan, a researcher who came up with a method to breach 35 big tech companies including Microsoft, Apple, Yelp,...
Update now! Many HP printers affected by three critical security vulnerabilities
In two security advisories, HP has alerted users to the existence of security vulnerabilities in several of its printer models. In total, four vulnerabilities were patched, but three of those vulnerabilities are rated critical, and all of them can lead to remote code execution RCE when exploited...
Coronavirus phishing: “Welcome back to the office…”
As offices start to slowly open back up, the theoretically post-pandemic world is changing its threat landscape once again, and that includes the likely inclusion of coronavirus phishing attempts. With the move to remote work, attackers switched up their tactics. Personal devices and home network...
Microsoft Office zero-day “Follina”—it’s not a bug, it’s a feature! (It’s a bug)
Update: Please see our FAQ for the latest guidance and mitigation tips on Follina. On Monday May 30, 2022, Microsoft issued CVE-2022-30190 regarding the Microsoft Support Diagnostic Tool MSDT in Windows vulnerability. The mitigation offered by Microsoft consists of an alternative method to...
[updated] Patch now! Microsoft plugs actively exploited zero-days and other updates
On what might seem a relatively calm Patch Tuesday with 55 vulnerabilities being patched, the fact that six of them were rated “Critical” and two of them actively exploited spoils the Zen factor somewhat. Publicly disclosed computer security flaws are listed in the Common Vulnerabilities and...
Pega Infinity patches authentication vulnerability
Security researchers came across a Pega Infinity vulnerability through participation in Apple’s bug bounty program, after focusing on vendors that supplied technology to Apple. By using Burp Suite—an integrated platform for performing security testing of web applications—the security researchers...
Newly observed PHP-based skimmer shows ongoing Magecart Group 12 activity
This blog post was authored by Jérôme Segura Web skimming continues to be a real and impactful threat to online merchants and shoppers. The threat actors in this space greatly range in sophistication from amateurs all the way to nation state groups like Lazarus. In terms of security, many...
“I have full control of your device”: Sextortion scam rears its ugly head in time for 2021
Malwarebytes recently received a report about a fresh spate of Bitcoin sextortion scam campaigns doing the rounds. Bitcoin sextortion scams tend to email you to say theyve videoed you on your webcam performing sexual acts in private, and ask you to pay them amount in Bitcoin to keep the video whi...
The Advanced Persistent Threat Files: APT1
We've heard a lot about Advanced Persistent Threats APTs over the past few years. As a refresher, APTs are prolonged, aimed attacks on specific targets with the intention to compromise their systems and gain information from or about that target. While the targets may be anyone or anything—a...
Luas data ransom: the hacker who cried wolf?
In a terrible start to the year for Irish tram firm Luas, their site was compromised a week ago and adorned with a stark ransom warning: Click to enlarge You are hacked. Some time ago I wrote that you have serious security holes. You didn’t reply. The next time someone talks to you, press the rep...
US, EU, UK, NATO blame china for “reckless” Exchange attacks
Do you remember back when the latest urgent update was a vulnerability in Microsoft Exchange? How is that only four months ago? The trigger for the urgent advice in March was the fact that Microsoft detected multiple zero-day exploits being used to attack on-premises versions of Microsoft Exchang...
Kimsuky APT continues to target South Korean government using AppleSeed backdoor
This blog post was authored by Hossein Jazi. The Kimsuky APT—also known as Thallium, Black Banshee, and Velvet Chollima—is a North Korean threat actor that has been active since 2012. The group conducts cyber espionage operations to target government entities mainly in South Korea. On December...
Cleaning up after Emotet: the law enforcement file
This blog post was authored by Hasherezade and Jérôme Segura Emotet has been the most wanted malware for several years. The large botnet is responsible for sending millions of spam emails laced with malicious attachments. The once banking Trojan turned into loader was responsible for costly...
11-13 year old girls most likely to be targeted by online predators
The Internet Watch Foundation IWF, a not-for-profit organization in England whose mission is "to eliminate child sexual abuse imagery online", has recently released its analysis of online predator victimology and the nature of sexual abuse media that is currently prevalent online. The scope of th...
Extortion, precision malware, and ruthless scams. Read the State of Malware 2021 report
Last year, threat actors took advantage of the COVID-19 public health crisis in a way previously considered unimaginable, not only preying on uncertainty and fear during the initial months of the global pandemic, but retooling attack methods, reneging on promises, strengthening malware, and...
A week in security (May 13 – 19)
Last week, Malwarebytes Labs reviewed active and unique exploit kits targeting consumers and businesses alike, reported about a flaw in WhatsApp used to target a human rights lawyer, and wrote about an important Microsoft patch that aimed to prevent a "WannaCry level" attack. We also profiled the...
macOS 11’s hidden security improvements
A deep dive into macOS 11s internals reveals some security surprises that deserve to be more widely known. Contents 1. Introduction 1. Disclaimers 2. macOS 11s better known security improvements 1. Secret messages revealed? 3. CPU security mitigation APIs 1. The NOSMT mitigation 2. The TECS...
A zero-day guide for 2020: Recent attacks and advanced preventive techniques
Zero-day vulnerabilities enable threat actors to take advantage of security blindspots. Typically, a zero-day attack involves the identification of zero-day vulnerabilities, creating relevant exploits, identifying vulnerable systems, and planning the attack. The next steps are infiltration and...
Senate Committee passes new antitrust bill aimed at Big Tech companies
The American Innovation and Choice Online Act AICOA, a bill that forbids Big Tech platforms like Apple, Alphabet Google’s parent company, and Amazon from generally behaving in an anti-competitive manner, was approved by the Senate Judiciary Committee late last week with a 16-6 vote. US Senator Am...
What is personal information? In legal terms, it depends
In early March, cybersecurity professionals around the world filled the San Francisco Moscone Convention Center’s sprawling exhibition halls to discuss and learn about everything infosec, from public key encryption to incident response, and from machine learning to domestic abuse. It was RSA...
Resident Evil 8 just the latest game plagued by fake demos and early access scams
There’s been a number of scams targeting fans of major upcoming video game releases over the last week or two. Why is this happening, and what can you do to ensure both you and your children avoid such fakeouts? Preview power: the 80s and 90s Back in the 80s, games reviews were only really found ...
Funke Media Group suffers nationwide ransomware attack in Germany
On December 22, Germany’s third largest publisher fell victim to a cyberattack that affected systems in offices all around the country. The Funke Media Group publishes dozens of newspapers, like Berliner Morgenpost, Hamburger Abendblatt, and Bergedorfer Zeitung, as well as magazines, several loca...
Twitter says it out loud: Removing anonymity will not stop online abuse
An investigation by Twitter into racist tweets levied against three Black players on the English football team following the national hopefuls’ loss against Italy last month revealed that anonymity played almost no role in whether users posted abusive comments from their accounts. The analysis,...
Scammers use old browser trick to create fake virus download
Tech support scammers are reusing an old technique in their existing browser locker browlock schemes to force a special kind of file download. Contrary to past attacks, where the purpose was to flood the machine with a large amount of file requests in order to crash the browser, this one is purel...
FBI and CISA warn of APT groups exploiting ADSelfService Plus
In a joint advisory the FBI, the United States Coast Guard Cyber Command CGCYBER, and the Cybersecurity and Infrastructure Security Agency CISA warn that advanced persistent threat APT cyber-actors may be exploiting a vulnerability in ManageEngines single sign-on SSO solution. The vulnerability...
Ryuk ransomware develops worm-like capability
The French governments computer emergency readiness team, thats part of the National Cybersecurity Agency of France, or ANSSI, has discovered a Ryuk variant that has worm-like capabilities during an incident response. For those unacquainted with Ryuk, it is a type of ransomware that is used in...
Simple Authentication and Security Layer (SASL) vulnerabilities
Simple Authentication and Security Layer SASL is an authentication layer used in Internet protocols. SASL is not a protocol, but rather a framework that provides developers of applications and shared libraries with mechanisms for authentication, data integrity–checking, and encryption. Within the...
Chinese APT's favorite vulnerabilities revealed
In a joint cybersecurity advisory, the National Security Agency NSA, the Cybersecurity and Infrastructure Security Agency CISA, and the Federal Bureau of Investigation FBI have revealed the top CVEs used by state-sponsored threat actors from China. The advisory aims to "inform federal and state,...
Was threat actor KAX17 de-anonymizing the Tor network?
A mysterious threat actor has run thousands of malicious servers in entry, middle, and exit positions of the Tor network. Tracked as KAX17, the threat actor ran at its peak more than 900 malicious servers part of the Tor network, which typically tends to hover around a daily total of up to...
Talking Emotet’s takedown with Adam Kujawa: Lock and Code S02E02
This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Adam Kujawa, security evangelist and director of Malwarebytes Labs, about Emotet, the former public enemy No. 1 in the cybercrime world. What began in 20...
Analyzing a new stealer written in Golang
Golang Go is a relatively new programming language, and it is not common to find malware written in it. However, new variants written in Go are slowly emerging, presenting a challenge to malware analysts. Applications written in this language are bulky and look much different under a debugger fro...
Windows Installer vulnerability becomes actively exploited zero-day
Sometimes the ways in which malicious code gets in the hands of cybercriminals is frustrating for those in the industry, and incomprehensible to those on the outside. A quick summary of the events in the history of this exploit: A researcher found a flaw in Windows Installer that would allow an...
Healthcare service faces test of willpower with Ransomware authors
Healthcare and ransomware are in the news in a big way. Data leaks are inevitable, but those are typically associated with accidents by the general public. Possibly the most malicious type of data spillage is when people compromising said data decide to do the spilling. It’s one thing to...
How security orchestration improves detection and response
Working together in perfect harmony like the wind and percussion sections of a symphony orchestra requires both rigorous practice and a skilled conductor. Wouldn’t it be great if our cybersecurity solutions did the same to better protect organizations? The methods and tools used to accomplish thi...
Hidden Bee: Let’s go down the rabbit hole
Some time ago, we discussed the interesting malware, Hidden Bee. It is a Chinese miner, composed of userland components, as well as of a bootkit part. One of its unique features is a custom format used for some of the high-level elements this format was featured in my recent presentation at SAS...
Update now! February's Patch Tuesday tackles three zero-days
The Patch Tuesday roundup from Microsoft for February 2023 includes three zero-days. Not exactly what we had in mind for Valentine's Day. Microsoft classifies a vulnerability as a zero-day if it is publicly disclosed or actively exploited with no official fix available. As far as we can tell, onl...
Cisco warns of ISE vulnerability with no fixed release or workaround
Cisco has published a security advisory for a vulnerability in the web-based management interface of Cisco Identity Services Engine ISE that could allow an authenticated, remote attacker to read and delete files on an affected device. The bug, with a CVSS score of 7.1 has no patch and no...
Millions of Arris routers are vulnerable to path traversal attacks
Security researcher Derek Abdine has published an advisory about vulnerabilities that exist in the MIT-licensed muhttpd web server. This web server is present in Arris firmware which can be found in several router models. muhttpd web server muhttpd mu HTTP deamon is a simple but complete web serv...