A week in security (Sept 13 – Sept 19)

Last week on Malwarebytes Labs Why backups aren’t a “silver bullet” against ransomware, with Matt Crape: Lock and Code S02E17 The many tentacles of Magecart Group 8 Apple releases emergency update: Patch, but don’t panic Update now! Google Chrome fixes two in-the-wild zero-days Parts of the Dark...

Get a head start on defending against tax scams

It may not be tax season in your part of the world right now but you’ll no doubt be pleased to know a prolific tax scammer is on their way to jail for 20 years. If you’re annoyed by tax scam missives, or had the misfortune to hand money over, this is probably satisfying news. Between 2013 and 201...

Chris Krebs, director of Cybersecurity and Infrastructure Security Agency, fired by President

On Tuesday evening, President Donald Trump fired Chris Krebs, director of the Cybersecurity and Infrastructure Security Agency CISA, just days after CISA called the recent presidential election the “most secure in American history.” In a tweet posted the same day, the President justified his...

SMB cybersecurity posture weakened by COVID-19, Labs report finds

In August, Malwarebytes Labs analyzed the damage caused by COVID-19 to business cybersecurity. Because of immediate, mandated transitions to working from home WFH, businesses across the United States suffered more data breaches, lost more dollars, and increased their overall attack surfaces, all...

Avoid these PayPal phishing emails

For the last few weeks, there’s been a solid stream of fake PayPal emails in circulation, twisting FOMO fear of missing out into DO THIS OR BAD THINGS WILL HAPPEN. It’s one of the most common tools in the scammer’s arsenal, and a little pressure applied in the right way often brings results for...

The digital entropy of death: what happens to your online accounts when you die

Unless you're planning on having your mind jammed inside some sort of computer chip, eventually mortality will catch up and you're going to have to work out what you'll do with all of your online accounts. When it's time to shuffle off this mortal coil, you might, theoretically, be slightly annoy...

All rise! Mind these digital crimes and arm yourself against them

Have you noticed that, in this year alone, headlines are inundated with words that contain "cyber"? Cybercrime. Cyberattack. Cybersecurity. Cyberwarfare. The cyber. Okay, that was last year. Frankly, with so much going on, we hardly remember a time when the term "cyber" seemed quaint and a little...

Today is System Administrator Appreciation Day

And we are enormously grateful. What started off as a tongue-and-cheek offshoot of Administrative Professionals Day has now become a special holiday that people around the world recognize and practice. Dear reader, today is System Administrator Appreciation Day. Let’s be honest, maintaining the...

“Nudify” deepfakes stored unprotected online

Yesterday, we told you about how millions of pictures from specialized dating apps had been stored online without any kind of password protection. Now it's the turn of an AI "nudify" service. A researcher, famous for finding unprotected cloud storage buckets, has uncovered an unprotected AWS buck...

Beware of scammers impersonating Malwarebytes

Scammers love to bank on the good name of legitimate companies to gain the trust of their intended targets. Recently, it came to our attention that a cybercriminal is using fake websites for security products to spread malware. One of those websites was impersonating the Malwarebytes brand. Image...

Criminal record database of millions of Americans dumped online

A cybercriminal going by the names of EquationCorp and USDoD has released an enormous database containing the criminal records of millions of Americans. The database is said to contain 70 million rows of data. Post by USDoD on a breach forum The leaked database is said to include full names, date...

Update Chrome now! Google patches possible drive-by vulnerability

Google has released an update to Chrome which includes seven security fixes. Version 123.0.6312.86/.87 of Chrome for Windows and Mac and 123.0.6312.86 for Linux will roll out over the coming days/weeks. The easiest way to update Chrome is to allow it to update automatically, which basically uses...

Check your DNS! Abandoned domains used to bypass spam checks

Researchers at Guardio Labs have discovered that a group of spammers is using long-forgotten subdomains from established brands like MSN, eBay, CBS, and Marvel to send out malicious emails. The emails can bypass spam checks and to recipients they look like they come from a legitimate source. A...

No “Apple magic” as 11% of macOS detections last year came from malware

We’re going to let you in on a little cybersecurity secret… There’s malware on Mac computers. There pretty much always has been. As revealed in our 2024 ThreatDown State of Malware report, a full 11% of all detections recorded by Malwarebytes on Mac computers in 2023 were for different variants o...

Patch now! Roundcube mail servers are being actively exploited

The Cybersecurity & Infrastructure Security Agency CISA has added a vulnerability in Roundcube Webmail to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This means that Federal Civilian Executive Branch FCEB agencies need to remediate this vulnerability by...

“The mother of all breaches”: 26 billion records found online [Updated]

Security researchers have discovered billions of exposed records online, calling it the "mother of all breaches". However, the dataset doesnt seem to be from one single data breach, but more a compilation of multiple breaches. These sets are often created by data enrichment companies. Data...

AirTags stalking lawsuit alleges Apple’s negligence in protecting victims

Each year, an estimated 13.5 million people in the US are victim to stalking. This is a worrying fact stated in the introduction of a lawsuit against Apple brought by stalking victims who charge that AirTags empowered their abusers. AirTags are marketed as trackers that allow you to easily find...

New MetaStealer malvertising campaigns

MetaStealer is a popular piece of malware that came out in 2022, levering previous code base from RedLine. Stealers have become a very hot commodity in the criminal space, so much so that there is competition between various groups. Threat actors have primarily used malspam as an infection vector...

$19 Stanley cup deal is a Black Friday scam

Scammers never miss an opportunity to make a quick buck, and love to piggy back on the latest trends. So what better way to kick off the scamming season than by offering Black Friday sales on one of the most popular products around: a Stanley cup. We found an ad on Facebook offering a Stanley...

How to stop fake System notifications on macOS

Scammers are abusing an Apple feature that allows websites to create push notifications that look like theyre coming from macOS, or apps. The notifications try to scare users into clicking a link with fake virus alerts or messages saying their account has been hacked. Years ago we warned our...

Introducing Advanced Device Control: Shielding businesses from USB threats

With experts noting a troubling threefold surge in USB drive malware incidents in early 2023, Device Control has just leveled up with a key addition: the Advanced Auto Scanning & Block Until Scan feature. Heres the breakdown: When a USB device is connected, ThreatDown now doesnt just control...

ThreatDown powered by Malwarebytes: A 15 Year Journey

November marks a significant shift in our legacy. After 15 years as Malwarebytes, we are proud to introduce our rebranded identity, ThreatDown powered by Malwarebytes. Building off Malwarebytes’ initial recognition for removing every trace of viruses that others missed, ThreatDown powered by...

Malwarebytes named leader across six endpoint security categories, marking its ease of use, in G2 Fall 2023 results

The peer-to-peer review source G2 has released their Fall 2023 reports, ranking Malwarebytes as a leader across a number of endpoint protection categories. In the most recent results, Malwarebytes is the only vendor to earn the "Easiest to Use" and "Easiest Admin" recognition for its Endpoint...

Financial services company OneMain fined $4.25 million for security lapses

A series of security errors and mishaps has cost personal loan provider OneMain $4.25m in penalties, issued by the New York State department of financial services. The fines, coming at the end of a detailed investigation into how security practices at the company were determined to be below-par,...

LockBit and Cl0p ransomware gangs actively exploiting Papercut vulnerabilities

A few days ago we wrote about two vulnerabilities found in PaperCut application servers. As we noted, exploitation was fairly simple so there was some urgency to install the patches. My esteemed colleague Chris Boyd literally wrote: "Arbitrary code can be deployed, or even ransomware if thats par...

Food giant Dole reveals more about ransomware attack

Fruit and vegetable producer Dole has confirmed attackers behind its February ransomware attack accessed employee data. The company hasn't revealed the number of staff impacted. In an annual report filed to the US Securities and Exchange Commission SEC last week, Dole said: "In February of 2023, ...

TikTok "a loaded gun" says NSA

America's TikTok-addicted youth is playing with a "loaded gun" according to General Paul Nakasone, Director of the National Security Agency NSA. Speaking at a US Senate hearing on Wednesday, the general said "one third of Americans get their news from TikTok", adding "one sixth of American youth...

DeepStreamer: Illegal movie streaming platforms hide lucrative ad fraud operation

This investigation was a joint effort between Malwarebytes Threat Intelligence's Jerome Segura, DeepSee's Rocky Moss and Antonio Torres. Key findings Over a dozen unique domains were found selling ad inventory through Google Ad Manager, even though the pages were embedded invisibly under the...

Ransomware led to multiple DISH Network outages

Satellite broadcast organisation DISH experienced a major system issue over the past week which affected multiple services. Websites and channels were unavailable, logins were non-functional, and some folks couldnt even pay their bills as a result of the downtime. There was a suspicion that...

Google sponsored ads lead to rogue imitation sites

Theres a big push in rogue advert land at the moment, with multiple forms of bogus websites being used as bait to rob people of their logins and funds. This story first came to light a few days ago, with news of a well known cryptocurrency fan "NFT God" being caught out by a bogus video recording...

Ransomware attack freezes newspaper printing system

Several German newspapers were left unable to release printed versions of their papers after a ransomware attack affected their printing systems. Speaking to BleepingComputer, Uwe Ralf Heer, editor-in-chief of Heilbronn Stimme, said the attack hit the entire Stimme Mediengruppe media group, which...

Malvertising on Microsoft Edge's News Feed pushes tech support scams

While Google Chrome still dominates as the top browser, Microsoft Edge, which is based on the Chromium source code, is gradually gaining more users. Perhaps more importantly, it is the default browser on the Microsoft Windows platform and as such some segments of its user base are of particular...

NetStandard attack should make Managed Service Providers sit up and take notice

Managed Service Providers MSPs, organizations that allow companies to outsource a variety of IT and security functions, are a growing market. Because they are a potential gateway to lots of company networks they make a very attractive target for cybercriminals. In a recent threat advisory Huntres...

For months, JusTalk messages were accessible to everyone on the Internet

JusTalk, a popular mobile video calling and messaging app with 20 million global users, exposed a massive database of supposedly private messages to the public Internet for months. According to security researcher Anurag Sen, who discovered the open database, the messages were stored unencrypted,...

Microsoft clamps down on RDP brute-force attacks in Windows 11

It wasnt so long ago that we were wondering what improvements Windows 11 would make in the security stakes. Well, we havent had to wait too long to find out. Windows 11 build 22528.1000 and up will tackle one of the more common entry points for network intruders. Namely, trying to prevent the bru...

IconBurst software supply chain attack offers malicious versions of NPM packages

Researchers discovered evidence of a widespread software supply chain attack involving malicious Javascript packages offered via the npm package manager. The threat actors behind the IconBurst campaign used typosquatting to mislead developers looking for very popular packages. npm npm is short fo...

5 pro-freedom technologies that could change the Internet

In the digital era, freedom is inextricably linked to privacy. After a good start, the Internet-enabled, technological revolution we are living through has hit some bumps in the road. We have already lost a lot of control over who and what has access to our data, and there are further threats to...

Instagram introduces new ways for users to verify their age

If Instagram suspects you are fibbing about your age, youll currently see the following message: “You must be at least 13 years old to have an Instagram account. We disabled your account because you are not old enough yet. If you believe we made a mistake, please verify your age by submitting a...

A week in security (June 20 – June 26)

Last week on Malwarebytes Labs: LinkedIn scams are a "significant threat", warns FBI DDoS-for-hire service provider jailed Internet Safety Month: 7 tips for staying safe online while on vacation Client-side Magecart attacks still around, but more covert Security vulnerabilities: 5 times that...

Gmail-linked Facebook accounts vulnerable to attack using a chain of bugs—now fixed

A security researcher has disclosed how he chained together multiple bugs in order to take over Facebook accounts that were linked to a Gmail account. Youssef Sammouda states it was possible to target all Facebook users but that it was more complicated to develop an exploit, and using Gmail was...

Canon printer owners: Be careful of bogus driver download sites

Think of all the really common, very mundane things you search for of a tech nature. Drivers. Scanners. Printers. A broken photocopier. USB sticks not recognised. Activating a streaming service which refuses to play ball. Some of the above have many issues already with bogus search engine results...

“Chemical attack” email warnings deliver Jester Stealer malware

Jester Stealer, a malicious file capable of large amounts of data theft, is on the prowl again. The Ukrainian Computer Emergency Response Team CERT-UA has warned of a large distribution campaign abusing a "chemical attack" theme. Receiving an email like this in the invasion-affected regions of...

Recovering from romance scams with Cindy Liebes: Lock and Code S03E10

Earlier this year, many members of the public were introduced to the facets of a long-ignored crime in cyberspace: The romance scam. A flashy documentary called The Tinder Swindler had premiered on Netflix, and in it, filmmakers documented the efforts of one man to manipulate several women into...

World Password Day: Brushing up on the basics

World Password Day is today, reminding us of the value of solid passwords, and good password practices generally. There are awareness days for all sorts of things, and perhaps we dont need all of them. You cant go wrong shoring up a leaky password line of defence though, so without further ado:...

Airdrop phishing: what is it, and how is my cryptocurrency at risk?

Airdrop phishing is a really popular tactic at the moment. It emerged alongside the explosion of Web3/NFT/cryptocurrency popularity, and ensures scammers get a slice of the money pie. You may well have heard the term in passing, and wondered what an Airdrop is. Is your iPhone about to be Airdrop...

US senators introduce the Kids Online Safety Act (KOSA)

US Senators Richard Blumenthal of Connecticut and Marsha Blackburn of Tennessee have introduced the Kids Online Safety Act KOSA, legislation that aims to enhance childrens safety online. This follows the The Wall Street Journal WSJs reporting on the harm Instagram can inflict on teens, which was...

Roblox Beamers steal items from kids

Roblox gamers are once again being warned to be on their guard against scammers plundering valuable digital items. Most multiplayer titles are all about customization. You won’t find many popular games where digital items aren’t up for grabs. Some games lock the items, such as outfits, weapons, o...

Twitter cans 2FA service provider over surveillance claims

Twitter is transitioning away from from its two-factor authentication 2FA provider, Mitto AG, a Swiss communications company. The social media giant broke the news to US Senator Ron Wyden of Oregon. It is noted that Twitters decision to move away from Mitto AG came after allegations that its...

How to share your Wi-Fi password safely

You may not have as many people visiting your home due to the pandemic, but restrictions are a hit-and-miss affair. Its possible your region has opened up a little, and youre seeing folks in your home for the first time in a long time. They may well be bringing new devices to your home, and you m...

Patch now! FatPipe VPN zero-day actively exploited

According to its marketing team, a FatPipe MPVPN can make your VPN "900% more secure." Well, I dont know about that, but I do know a way to make your MPVPN admin console 100% more secure, and that you should do so right away, by installing the latest version of its software. Why? Because older...