How AI hallucinations are making bug hunting harder

Bug bounty programs that pay people for finding bugs are a very useful tool for improving the security of software. But with the availability of artificial intelligence AI as seen in the popular large language models LLMs like ChatGPT, Bard, and others it looks like there is a new problem on the...

Facebook introduces another way to track you – Link History

In what seems like yet another attempt to adapt its platform to prepare for new regulations, Facebook has started rolling out a new feature called Link History. Link History allows users to view and re-visit links they have visited with their Facebook browsing activity. Obviously Facebook will te...

Signal is testing usernames so you don’t have to share your phone number

Messaging service Signal is testing support for usernames as a replacement for phone numbers to serve as user identities. Signal provides encrypted instant messaging and is popular among people that value their privacy. Compared to more popular services like WhatsApp, Signal offers more layers of...

YouTube launches “global effort” to block ad blockers

The ongoing struggle between YouTube and ad blockers is turning users into the victims. YouTube has gone all out in its fight against the use of add-ons, extensions and programs that prevent it from serving ads to viewers around the world. It started out as just a small experiment, but it looks...

Should you allow your browser to remember your passwords?

At Malwarebytes weve been telling people for years not to reuse passwords, and that a password manager is a secure way of remembering all the passwords you need for your online accounts. But we also know that a password manager can be overwhelming, especially when youre just getting started. Once...

A firsthand perspective on the recent LinkedIn account takeover campaign

Not long ago I wrote about a recent campaign to hold LinkedIn users' accounts to ransom. Shortly after I published the article, a co-worker, Pearce, reached out to me told me he'd been a target of the campaign. His story begins with an SMS text from LinkedIn telling him to reset his password. He...

Teenage members of Lapsus$ ransomware gang convicted

A wave of video game developer compromises has come to a court-based conclusion for those responsible, with several convictions the end result. Arion Kurtaj, and a second teen who cannot be named due to their age, are finding themselves to be in quite a lot of trouble after repeated and sustained...

Catching up with WoofLocker, the most elaborate traffic redirection scheme to tech support scams

Back in January 2020, we blogged about a tech support scam campaign dubbed WoofLocker that was by far using the most complex traffic redirection scheme we had ever seen. In fact, the threat actor had started deploying infrastructure in earnest as early as 2017, about 3 years prior to our...

Microsoft validation error allowed state actor to access user email of government agencies and others

Microsoft is getting criticized for the way in which it handled a serious security incident that allowed a suspected Chinese espionage group to access user email from approximately 25 organizations, including government agencies and related consumer accounts in the public cloud. The attacks were...

Information stealer compromises legitimate sites to attack other sites

Security researchers at Akamai have published a blog about a new Magecart-alike web skimming campaign that uses compromised legitimate sites as command and control C2 servers. A web skimmer is a piece of malicious code embedded in web payment pages to steal personally identifiable information PII...

Swatting-as-a-Service is a growing and complicated problem to solve

One Telegram channel has been found to be behind a great deal of swatting incidents in the US. Using the anonymity provided by Telegram, caller ID spoofing, and voices generated by Artificial Intelligence AI, a person or group of persons calling themselves Torswats is suspected to be behind dozen...

A week in security (February 13 - 19)

Last week on Malwarebytes Labs: What is AI good at and what the heck is it, actually, with Josh Saxe: Lock and Code S04E04 Malwarebytes recognized as endpoint security leader by G2 CISA issues alert with South Korean government about DPRK's ransomware antics Jailbreaking ChatGPT and other large...

Malwarebytes earns AV-TEST Top Product awards for fifth consecutive quarter

AV-TEST, a leading independent tester of cybersecurity solutions, has just ranked Malwarebytes as a Top Product for consumers and businesses for the fifth quarter in a row. Every two months, experts at AV-Test evaluate Windows antivirus software across three categories: Protection against malware...

Sharing Netflix, Disney+, other passwords is illegal, according to new guidance

The Intellectual Property Office IPO, the UK government body overseeing intellectual property rights in the UK, has quietly released new guidance on piracy and online counterfeit goods. This campaign is a joint effort between IPO and Meta, Facebooks parent company. The general issue on piracy is...

Raccoon Stealer admin will be extradited to the US, charged for computer crimes

The US Department of Justice has indicted a Ukrainian national for his involvement in Raccoon Stealer, a noteworthy password-stealing Trojan leased in the underground for criminals to use as part of a malware-as-a-service MaaS business model. According to court documents, Mark Sokolovsky, 26, is...

Fake Proof-of-Concepts used to lure security professionals

Researchers from the Leiden University published a paper detailing how cybercriminals are using fake Proof-of-Concepts PoCs to install malware on researchers' systems. The researchers found these fake PoCs on a platform where security professionals would usually expect to find them--the public co...

Winnti APT group docks in Sri Lanka for new campaign

In early August, the Malwarebytes Threat Intelligence team identified a new attack targeting government entities in Sri Lanka. The threat actors used multiple layers of protection and techniques to make analysis harder and hide their final payload. However, based on tactic, techniques and...

Update now! Google patches vulnerabilities for Pixel mobile phones

Googles Pixel Update Bulletin for September included two security patches that are Pixel specific. Both underlying vulnerabilities are rated critical and could lead to privilege escalation and device takeover. The vulnerabilities Publicly disclosed computer security flaws are listed in the Common...

Reset your password now! Plex suffers data breach

In an email sent to its users, Plex has revealed that a cybercriminal accessed some customer data, including emails and encrypted passwords. From the email that was sent out by the Plex security team: Yesterday, we discovered suspicious activity on one of our databases. We immediately began an...

Twitter data breach affects 5.4M users

Twitter has confirmed that it was breached last month via a now-patched 0-day vulnerability in Twitters systems, allowing an attacker to link email addresses and phone numbers to user accounts. This enabled the attacker to compile a list of 5.4 million Twitter user account profiles. "We want to l...

FCC warns of steep rise in phishing over SMS

After the FCC Federal Communications Commission made a huge splash weeks ago when it told Google and Apple to pull TikTok from their respective app stores, the federal agency is now warning Americans of an increased wave of SMS phishing attacks. SMS phishing, otherwise known as smishing or...

Bank fraud scammers trick victims with claims of bogus Zelle transfers

It pays to be careful where cold calls from someone claiming to work for your bank are concerned. Scam callers are impersonating bank staff, with suggestions of dubious payments made to your account. One unfortunate individual has already lost around $1,000 to this slice of telephone-banking base...

When a sextortion victim fights back

When Katie Yates suddenly started receiving nude photos of her friend, Natalie Claus, over on Snapchat, she instantly recognized that Claus had just become a victim of a sextortion attack. She also knew how Claus should respond. This happened in December 2019 when Claus was a sophomore. Both were...

A week in security (July 18 – July 24)

Last week on Malwarebytes Labs: Extortionists target restaurants, demand money to take down bad reviews The FTC will go after companies misusing location, health, and other sensitive data Roblox breached: Internal documents posted online by unknown attackers Warning for WordPress admins: Uninstal...

Fraudulent cryptocurrency investment apps are duping investors

Together with the Department of Homeland Security DHS and the Cybersecurity and Infrastructure Security Agency CISA, the FBI has released a warning about cybercriminals creating fraudulent cryptocurrency investment apps in order to defraud cryptocurrency investors. The threat actors convince...

Fake streamed cricket matches knocks victims for six

An incredible scam which resembles hidden camera prank shows has been shut down by police. Four men were arrested last week in connection with the con-job involving fake cricket and online betting. It begins in Russia, takes a trip to India, and ends up back in Russia. Heres how it unfolded:...

Ransomware: May 2022 review

The Malwarebytes Threat Intelligence team monitors the threat landscape continuously and produces monthly ransomware reports based on a mixture of proprietary and open-source intelligence. Conti sleight of hand? Although LockBit remained the most widely-deployed ransomware in May 2022, it was,...

Introducing Malwarebytes DNS Filtering module: How to block sites and create policy rules

We’re happy to announce Malwarebytes DNS Filtering, a new module for the Nebula platform which helps block access to malicious websites and limit threats introduced by suspicious content. But how exactly does it work, you ask? In this post, we give a basic walkthrough of the module, starting off...

3 ways DNS filtering can save SMBs from cyberattacks

If you’re an SMB, chances are that you’re already well-aware of the fact that cyber threats can wreak havoc on your business. Everything from rootkits to ransomware threaten not just financial losses, but also significant network downtime and reputational damage as well. Couple this with the fact...

Is quantum teleportation the future of secure communications?

“Beam me up Scotty” will always remain my first association with teleportation. And as it stands now, we are still a long way from teleporting matter, but the teleportation of information has recently made a huge step forward. Researchers in Delft say they have succeeded in teleporting quantum...

A week in security (May 16 – 22)

Last week on Malwarebytes Labs: Fake reCAPTCHA forms dupe users via compromised WordPress sites How COVID-19 fuelled a surge in malware Why MRG-Effitas matters to SMBs “Look what I found here” phish targets Facebook users AirTag stalking: What is it, and how can I avoid it? Long lost @ symbol get...

Client side scanning may cost more than it delivers

On May 11, 2022, the EU will publicize a proposal for a law on mandatory chat control. The European Commission wants all providers of email, chat and messaging services to search for suspicious messages in a fully automated way and forward them to the police in the fight against child pornography...

Elon Musk-themed cryptocurrency scam uses fake Medium as the promotion site

So Elon Musk is buying Twitter, and you can be sure that scammers are making the most of this news. As Elon Musk spends most of the week in the headlines, so pop up Elon Musk-themed scams—and it looks like they may be ramping up. We witnessed a flurry of replies from the man himself in response t...

Don’t enter your recovery phrase! Phishers target Ledger crypto-wallet users

Ledger is one of the biggest hardware cryptocurrency wallets around and scammers have noticed. Phishing mails are in circulation, hoping to snag Ledger users with a sneaky request for passphrases. What is a Ledger recovery phrase? A recovery phrase is an incredibly important combination of words...

Ukraine shuts down disinformation bot farm

Given current world events, there’s an incredible amount of misinformation and disinformation around at the moment. Whether we’re talking 5G, the pandemic, vaccines, or invasions, there’s a lot out there. One of the biggest problems where bad information placed online is concerned is bot farms. A...

Facebook sued for siphoning facial recognition data without consent

Ken Paxton, the Attorney General of Texas, recently filed a lawsuit against Facebooks parent company, Meta, for harvesting the facial recognition data of millions of Texan residents—for a decade. Paxton filed the lawsuit on Monday in the states Harrison County District Court. The suit contains...

Watch out for this bump in LinkedIn phishing

LinkedIn is sometimes forgotten about in more general coverage of phishing attacks. Social media sites such as Facebook, Twitter, and Instagram receive regular attention. Cryptowallet customer support scams run wild in the replies to any cryptocurrency themed tweet. Facebook users can often be...

Ban Pegasus spyware, urges European Union Data Protection Supervisor

The European Data Protection Supervisor EDPS has urged the EU to ban the development and deployment of spyware with the capabilities of Pegasus to protect fundamental rights and freedoms. What is Pegasus? On July 18, a group of 17 newspaper and media organizations—aided by Amnesty International’s...

Hackers take over 1.1 million accounts by trying reused passwords

The New York State Office of the Attorney General has warned 17 companies that roughly 1.1 million customers have had their user accounts compromised in credential stuffing attacks. Credential stuffing is the automated injection of stolen username and password pairs in to website login forms, in...

A week in security (Dec 6 – 12)

Last week on Malwarebytes Labs: Log4j zero-day “Log4Shell” arrives just in time to ruin your weekend Click “OK” to defeat MFA Fake job interviews plague major game developers like Riot Games and Rockstar Has your WordPress site been backdoored by a skimmer? What is a search engine and why does...

ICO challenges adtech to step up privacy protection

The UK Information Commissioners Office ICO wants the advertising industry to come up with new initiatives that address the risks of adtech, and take account of data protection requirements from the outset. The ICO is an independent body set up to uphold information rights. The technology that is...

Windows 10 chills out, gives sysadmins a break

A few short weeks ago, Microsoft launched the very latest version of its desktop operating system OS, Windows 11. In security terms, Windows 11 is very much Windows 10 with knobs on. Or what Spinal Taps Nigel Tufnel might describe as Windows 10 turned up to 11. Unlike Tufnels description of his...

At long last, Microsoft is disabling Excel 4.0 macros by default

Sometimes good news in the security world comes unexpectedly. This is one of those times. After three decades of macro viruses, and three decades of trying to convince every single Excel user individually to disable macros, Microsoft is going disable Excel 4.0 macros for everyone. Better late tha...

The many tentacles of Magecart Group 8

This blog post was authored by Jérôme Segura During the past couple of years online shopping has continued to increase at a rapid pace. In a recent survey done by Qubit, 70.7% of shoppers said they increased their online shopping frequency compared to before COVID-19. Criminals gravitate towards...

A week in security (August 23 – August 29)

Last week on Malwarebytes Labs: Patch now! Microsoft Exchange is being attacked via ProxyShell Realtek-based routers, smart devices are being gobbled up by a voracious botnet Criminals exploited weak checks and old tech to pull off vast COVID benefit fraud Mice “taking over the world!”, one Windo...

How to stay secure from ransomware attacks this Labor Day weekend

Labor Day weekend is just around the corner and, believe it or not, cybercriminals are likely just as excited as you are! Ransomware gangs have nurtured a nasty habit of starting their attacks at the least convenient times: When computers are idle, when employees who might notice a problem are ou...

Twitter takes aim at the chaos, clutter and trolls with new feature concepts

Twitter is potentially looking to add some new features to combat specific forms of abuse and / or aggravation on the platform. They’re still at the design stage, but they’re asking for feedback and it seems this will happen down the line. With that in mind, let’s take a look at what they’re up t...

800 arrests after police dupe crime groups into using backdoored phones

An international operation that monitored an encrypted device company under control of the Federal Bureau of Investigation FBI and the Australian Federal Police AFP has led to a massive, coordinated string by law enforcement in several countries. The setup Law enforcement agencies around the worl...

Hospital ransomware: Gangs are back to target healthcare

Healthcare is not in a good place right now. With some countries and states deciding to go back in to lockdown due to the continued rise of reported COVID-19 infections—and several garnering record-high numbers compared to when almost every country initially went into lockdown—it seems horrible...

The value of cybersecurity integration for MSPs

For modern Managed Service Providers MSPs, gone are the days of disparate workflows, and that’s really for the best. Imagine trying to run a successful MSP business today—finding potential customers, procuring new clients, developing purchase orders, managing endpoints, and sending invoices—all...