4663 matches found
The joy of phishing your employees
Many companies set up phishing test programs for their employees, often as part of a compliance requirement involving ongoing employee education on security topics. The aim of these programs is to train employees on how to spot a malicious link, not click it, and forward it on to the appropriate...
GnuPG fixes a problem with Let’s Encrypt certificate chain validation
Despite advance warnings that a root certificate provided by Let’s Encrypt would expire on September 30, users reported issues with a variety of services and websites once that deadline hit. So what happened? The problem A number of high profile tech and security companies noticed their products...
Tor vs VPN—What is the difference?
Our data is a precious commodity and there are plenty of people who would like to get their hands on it, from spouses and marketing teams to crooks and state-sponsored spies. Because of that, tools like Tor and Virtual Private Networks VPNs are growing in popularity. But while both tools can...
Microsoft warns about phishing campaign using open redirects
The Microsoft 365 Defender Threat Intelligence Team posted an article stating that they have been tracking a widespread credential phishing campaign using open redirector links. Open redirects have been part of the phisher’s arsenal for a long time and it is a proven method to trick victims into...
Mice “taking over the world!”, one Windows machine at a time
Famously, Pinky and the Brain were a pair of animated mice that wanted to take over the world. Of course they never succeed, but maybe they just set their sights too high. Because while mice may not be taking over the world yet, they are taking over computers. In the last week, security researche...
T-Mobile customers, change your PINs
At the end of last week, T-Mobile was investigating reports of a “massive” customer data breach. A hacker claimed to stolen 100 million people’s data from T-Mobile’s servers, which included everything from names and driver licences to addresses and social security numbers. Its now confirmed...
Gamers level up with rewards for better security
There was a time when stolen gaming accounts were almost treated as a fact of life. Console hacks weren’t taken particularly seriously. Security research in this area was occasionally derided as unimportant or trivial. Gaming accounts had an essence of innate disposability to them, even if this...
5G slicing vulnerability could be used in DoS attacks
The IT security researchers at AdaptiveMobile have called out what looks like an important vulnerability in the architecture of 5G network slicing and virtualized network functions. They warn that the risks, if this fundamental vulnerability in the design of 5G standards had gone undiscovered, ar...
Apple security hampers detection of unwanted programs
Anyone who uses Malwarebytes software is probably familiar with the fact that, in addition to things like malware and adware, Malwarebytes detects potentially unwanted programs PUPs. These are programs that exhibit a variety of unsavory behaviors, but that, for legal reasons, cannot be called...
California’s Prop 24 splits data privacy supporters
California’s data privacy house is divided. On the Golden State’s November ballot this year is the question as to whether to amend California’s barely-two-year-old data privacy law, the California Consumer Privacy Act. Far from the first attempt to change the fledgling law, Proposition 24 sets...
Scammers are spoofing bank phone numbers to rob victims
It can be a very convincing trick… “You can check the number in your display online sir. You’ll see I’m really calling from your bank.” That is, of course, if you are unaware that phone numbers can be spoofed. Then again, they wouldn’t be successful scammers if they weren’t convincing. If you...
A week in security (October 12 – October 18)
Last week on Malwarebytes Labs, we looked at journalism’s role in cybersecurity on our Lock and Code podcast, gave tips for safer shopping on Amazon Prime day, and discussed an APT attack springing into life as Academia returned to the real and virtual campus environment. We also dug into potenti...
Charities and the advertising industry: data ecosystems and privacy risks
Data makes the world go round, more often than not via advertising and its tracking mechanisms. Whether you think making money from large volumes of PII to keep the web ticking over is a good thing, or a sleazy data-grab often encouraging terrible ad practices, it’s not going to go away anytime...
SBA phishing scams: from malware to advanced social engineering
A number of threat actors continue to take advantage of the ongoing coronavirus pandemic through phishing scams and other campaigns distributing malware. In this blog, we look at 3 different phishing waves targeting applicants for Covid-19 relief loans. The phishing emails impersonate the US Smal...
A week in security (July 20 – 26)
Last week on Malwarebytes Labs, our Lock and Code podcast delved into Bluetooth and beacon technology. We also dug into APT groups targeting India and Hong Kong, covered a law enforcement bust, and tried to figure out when, exactly, a Deepfake is a Deepfake. Other cybersecurity news Insecure emai...
VPNs: should you use them?
We are going to talk today about something you’ve likely heard of before: VPNs, or Virtual Private Networks. We at Malwarebytes have delved into these tools in greater depth, and we’ve literally discussed them on the digital airwaves. But we want to answer a question we’ve been getting more and...
Teaching from home might become part of every teachers’ job description
“Hey Joe, I wanted to remind you that starting next Monday you will be expected to teach from home. The lesson material is in your inbox along with the list of pupils that are expected to follow them. We are sure it will take some adjustments, but we trust that by working together we can make the...
RevenueWire to pay $6.7 million to settle FTC charges
What can you do as a scammer when no legitimate payment provider wants to process your payments anymore? Or, what if you are growing sick and tired of these same payment providers reimbursing disgruntled customers who claim that your products didn't fix computers, like—you know—you said they woul...
A week in security (April 27 – May 3)
Last week on Malwarebytes Labs, we looked at how secure the cloud is, understood why unexpected demand can influence an organization to consider their “just in time” JIT system, speculated on why the threat actors behind the Troldesh ransomware suddenly released thousands of decryption keys,...
Cookies: Should I worry about them?
Starting off the new year, many of us are worried about cookies—how many we ate over the holidays and how we're going to avoid them in the break room, for example. With so much cybercrime and data theft swirling around like daily bomb cyclones, there's more than a few folks worried about the kind...
Lo lo lo Loapi Trojan could break your Android
Kaspersky has found what they deem as a jack of all trades malicious app they call Trojan.AndroidOS.Loapi. Like the Trojan AsiaHitGroup we discovered last month on Google Play, this malware can do all the things—it's a downloader, dropper, SMS Trojan, and can push ads all from the same malicious...
Magnitude EK actor goes for Bitcoin multiplier scam (updated)
It is well known that hot commodities tend to attract scammers and online criminals. The continuous rise of Bitcoin over the past year valued at over USD $7,188 at the time of writing is generating frenzy amongst fans of cryptocurrencies as well as those watching from the sidelines. While the...
Announcing Malwarebytes Endpoint Protection, a next-generation antivirus replacement for businesses
Six months ago, we announced Malwarebytes 3.0, a next-generation antivirus replacement for home users. Today, I am happy to announce Malwarebytes Endpoint Protection, its equivalent for businesses. Malwarebytes Endpoint Protection includes an easy to deploy, scalable cloud platform that allows yo...
Google fixes two actively exploited zero-day vulnerabilities in Android
Google has patched 62 vulnerabilities in Android, including two actively exploited zero-days in its April 2025 Android Security Bulletin. When we say "zero-day" we mean an exploitable software vulnerability for which there was no patch at the time of the vulnerability being exploited or published...
2024 State of Malware in Education report: Top 6 cyberthreats facing K-12 and Higher Ed
Educational institutions may face a range of cyberthreats in 2024, but our 2024 State of Malware in Education report identifies the six most critical ones. Ransomware, for example, stands out as a key threat for schools and universities. The report covers how last year, we witnessed a 92% increas...
MFA bombing taken to the next level
Simply put, MFA bombing also known as “push bombing” or “MFA fatigue” is a brute force attack on your patience. Cybercriminals use MFA bombing to break into accounts that are protected by multi-factor authentication MFA. MFA normally requires a user to enter a six-digit code sent by SMS, or...
Meta to abandon social media tracking tool CrowdTangle
On 14 March, Meta announced it would abandon CrowdTangle, saying the tool will no longer be available after August 14, 2024. While most people have never heard of CrowdTangle, among journalists the tool is considered essential. Its popularity largely depends on the ability to monitor social media...
Social media influencers targeted by identity thieves
Social media influencers are attractive targets for identity thieves. With large followings and a literal influence on their followers, its no wonder they are targeted by scammers and spreaders of fake news. A subset of influencers are the so-called "finfluencers": influencers that provide their...
American Express warns customers about third party data breach
American Express has sent affected customers a warning that “a third party service provider engaged by numerous merchants experienced unauthorized access to its system.” In a subsequent update, American Express explained that it was not a service provider, but a merchant processor that suffered t...
Why ransomware gangs love using RMM tools—and how to stop them
One of the most alarming trends our ThreatDown Intelligence team has noticed lately is the increased exploitation of legitimate Remote Monitoring and Management RMM tools by ransomware gangs in their attacks. RMM software, such as AnyDesk, Atera, and Splashtop, are essential for IT administrators...
Ransomware in 2023 recap: 5 key takeaways
This article is based on research by Marcelo Rivero, Malwarebytes’ ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, “known attacks” are those where the victim did not pay a ransom. This provides the best overall picture of...
In conversation: Bruce Schneier on AI-powered mass spying
For decades, governments and companies have surveilled the conversations, movements, and behavior of the public. And then the internet came along and made that a whole lot easier. Today, search engines collect our queries, browsers collect our device information, smartphones collect out locations...
Bruce Schneier predicts a future of AI-powered mass spying: Lock and Code S05E03
This week on the Lock and Code podcast… If the internet helped create the era of mass surveillance, then artificial intelligence will bring about an era of mass spying. That’s the latest prediction from noted cryptographer and computer security professional Bruce Schneier, who, in December, share...
How does ThreatDown Vulnerability Assessment and Patch Management work?
Maintaining updated systems and applications is a challenge for any IT team—especially considering the sheer volume of vulnerabilities organizations must find and prioritize on a rolling basis. ThreatDown Vulnerability Assessment VA, now included for free in every ThreatDown bundle, simplifies th...
Explained: Domain fronting
Domain fronting is a technique of using different domain names on the same HTTPS connection. Put simply, domain fronting hides your traffic when connecting to a specific website. It routes traffic through a larger platform, masking the true destination in the process. The technique became popular...
Chrome pushes forward with plans to limit ad blockers in the future
Google has announced it will shut down Manifest V2 in June 2024 and move on to Manifest V3, the latest version of its Chrome extension specification that has faced criticism for putting limits on ad blockers. Roughly said, Manifest V2 and V3 are the rules that browser extension developers have to...
Defeating Little Brother requires a new outlook on privacy: Lock and Code S04E23
This week on the Lock and Code podcast… A worrying trend is cropping up amongst Americans, particularly within Generation Z—theyre spying on each other more. Whether reading someones DMs, rifling through a partners text messages, or even rummaging through the bags and belongings of someone else,...
A week in security (October 30 – November 5)
Last week on Malwarebytes Labs: Apache ActiveMQ vulnerability used in ransomware attacks YouTube launches "global effort" to block ad blockers Should you allow your browser to remember your passwords? Atlassian: "Take immediate action" to patch your Confluence Data Center and Server instances Wha...
How the cops buy a "God view" of your location data, with Bennett Cyphers: Lock and Code S04E09
The list of people and organizations that are hungry for your location data--collected so routinely and packaged so conveniently that it can easily reveal where you live, where you work, where you shop, pray, eat, and relax--includes many of the usual suspects. Advertisers, obviously, want to sen...
Ransomware attack hits ANOTHER school
In what is likely Vice Society's handiwork, the UK's largest state boarding school Wymondham College has announced it has become the victim of a "sophisticated cyberattack". The school didn't provide additional information, but Jonathan Taylor, chief of the school's parent company Sapientia...
Investment fraud overtakes business email compromise as most reported fraud
The Federal Bureau of Investigation FBI has published its 2022 Internet Crime Report. One of the most notable points is that investment fraud has now overtaken business email compromise BEC as the most reported and most damaging type of fraud. The numbers are based on the complaints reported to t...
Chip company loses $250m after ransomware hits supply chain
Applied Materials, one of the worlds leading suppliers of equipment, services, and software for the manufacture of semiconductors, has warned that its second-quarter sales are likely to be hurt to the tune of $250 million due to a cybersecurity attack at one of its suppliers. MKS Instruments Inc...
KillNet hits healthcare sector with DDoS attacks
At the end of January, the Health Sector Cybersecurity Coordination Center warned that the KillNet group is actively targeting the US healthcare sector with distributed denial-of-service DDoS attacks. The Cybersecurity and Infrastructure Security Agency CISA says it helped dozens of hospitals...
Web skimmer found on website of Liquor Control Board of Ontario
On January 12, 2023, the Liquor Control Board of Ontario LCBO published a news release about a cybersecurity incident, affecting online sales through LCBO.com. It is one of the largest retailers and wholesalers of beverage alcohol in the world. Web skimmer The cybersecurity incident was a web...
CISA and the FBI issue alert about Cuba ransomware
In the latest StopRansomware effort of publicizing ransomware information for network defenders, the Cybersecurity and Infrastructure Security Agency CISA and the Federal Bureau of Investigation FBI have issued a joint Cybersecurity Advisory CSA on the ransomware known as "Cuba." Though named...
Why (almost) everything we told you about passwords was wrong
I have an embarrassing confession to make: I reuse passwords. I am not proud of it, but honestly its a relief to finally get it off my chest. I am not a heavy re-user, nothing crazy, I use a password manager to handle most of my credentials but I still reuse the odd password from time to time. It...
Optus data breach "attacker" says sorry, it was a mistake
Since Australian telecoms company Optus disclosed a security breach on September 22, 2022, a lot has been happening. Much of it reads like a movie script. Prologue A hacker acting under the pseudonym "optusdata" claims to have stolen the data of 10 million Optus customers. The information include...
A first look at the builder for LockBit 3.0 Black
A few months after the LockBit gang released version 3.0 of its ransomware, LockBit 3.0 Black, the builder for it has been leaked by what seems to be a disgruntled developer. LockBit has been by far the most widely used ransomware in 2022 and the appearance of the builder could make things worse...
Adware found on Google Play — PDF Reader serving up full screen ads
A PDF reader found on Google Play with over one million downloads is aggressively displaying full screen ads, even when the app is not in use. More specifically, the reader is known as PDF reader - documents viewer, package name com.document.pdf.viewer. As a result, this aggressive behavior lands...
Introducing Patch Management for OneView
We're thrilled to announce our Patch Management module for OneView, which is paired alongside our Vulnerability Assessment module to help you uncover vulnerabilities, respond to threats, and keep your customers productive and safe. Vulnerability identification and system patching are critical to...