4663 matches found
New ransomware group demands Change Healthcare ransom
The Change Healthcare ransomware attack has taken a third cruel twist. A new ransomware group, RansomHub, has listed the organisation as a victim on its dark web leak site, saying it has 4 TB of "highly selective data," which relates to "all Change Health clients that have sensitive data being...
Trusted Advisor now available for Mac, iOS, and Android
First released for Windows last year, the Malwarebytes Trusted Advisor dashboard is also now available on Mac, iOS and Android. Our Trusted Advisor dashboard provides an easy-to-understand assessment of your device’s security, with a single comprehensive protection score, and clear, expert-driven...
Disturbing robocaller fined $9.9 million
A federal court in Montana has fined a man $9.9 million after he was found responsible for causing thousands of unlawful and malicious spoofed robocalls. Sometimes there is good news. Well, for almost everybody except for the robocaller who was found guilty of unlawful robocalls to people in stat...
Canada revisits decision to ban Flipper Zero
In February 2024 the Canadian government announced plans to ban the sale of the Flipper Zero, mainly because of its reported use to steal cars. The Flipper Zero is a portable device that can be used in penetration testing with a focus on wireless devices and access control systems. If that doesnt...
A week in security (March 11 – March 17)
Last week on Malwarebytes Labs: Ransomware’s appetite for US healthcare sees known attacks double in a year Webinar recap: 6 critical cyberthreats in 2024 and how to counter them TikTok faces ban in US unless it parts ways with Chinese owner ByteDance Malwarebytes Premium blocks 100% of malware...
Ransomware’s appetite for US healthcare sees known attacks double in a year
Following the February 21 attack on Change Healthcare, scores of people in the US have been living with the brutal, real-world effects of ransomware. Described by the American Hospital Association AHA President and CEO Rick Pollack as “the most significant and consequential incident of its kind...
Why keeping track of user accounts is important
CISA the Cybersecurity & Infrastructure Security Agency has issued a cybersecurity advisory after the discovery of documents containing host and user information of a state government organization’s network environment—including metadata—on a dark web brokerage site. An attacker managed to...
GoldPickaxe Trojan steals your face!
Well, the GoldPickaxe Trojan does not literally steal your face, but it does steal an image of your face in order to be able to identify as you. Researchers have found a family of Trojans, attributed to a financially motivated Chinese group, which come in versions for iOS and Android...
Facebook Marketplace users’ stolen data offered for sale
Personal data belonging to Facebook Marketplace users has been published online, according to BleepingComputer. A cybercriminal was allegedly able to steal a partial database after hacking the systems of a Meta contractor. The leak consists of around 200,000 records that contain names, phone...
Warzone RAT infrastructure seized
On February 9, 2024, the Justice Department announced that an international operation had seized internet domains that were selling information-stealing malware. Federal authorities in Boston seized www.warzone.ws and three related domains, which sold the Warzone RAT malware. The Warzone RAT...
2 million job seekers targeted by data thieves
A cybercriminal group known as ResumeLooters has infiltrated 65 job listing and retail websites, compromising the personal data of over two million job seekers. The group used SQL injection and cross-site scripting XSS attacks—both common techniques— to extract the sensitive information from the...
Hewlett Packard Enterprise also searched by Cozy Bear
Hewlett Packard Enterprise HPE has disclosed that the state-sponsored actor known as Cozy Bear aka Midnight Blizzard, gained unauthorized access to HPE’s cloud-based email environment. This news comes only days after Microsoft broke very similar news that it got hacked by this same state sponsore...
A week in security (January 8 – January 14)
Last week on Malwarebytes Labs: FCC wants cars to make life harder for stalkers Joomla! vulnerability is being actively exploited Act now! Ivanti vulnerabilities are being actively exploited Ransomware review: January 2024 Info-stealers can steal cookies for permanent access to your Google accoun...
FCC wants cars to make life harder for stalkers
Most new model cars are not just cars anymore. With multiple digital systems, vehicles are increasingly plugged into web applications and digital processes. Some of them are basically smartphones on wheels. Even if we assume these new features were all created with your convenience in mind, some ...
23andMe blames “negligent” breach victims, says it’s their own fault
In a surprising move, in a letter to legal representatives of victims of the recent 23andMe data breach, the company has laid the blame at the feet of victims themselves. 23andMe even goes as far as to claim that this wasn’t a data breach at 23andMe at all. The reasoning: “… unauthorized actors...
4 sneaky scams from 2023
In 2023, the public primarily confronted two varieties of online scams: the technical and the topical. Technical scams abuse legitimate aspects of modern internet infrastructure to lead users to illegitimate or compromised sites. A team of hackers can, say, boost their own info-stealing websites...
Nothing Chats pulled from Google Play
Sometimes it’s all in the name. The Nothing Chats beta has been pulled from the Google Play Store after reports that the company behind it has access to your unencrypted messages. Nothing Phone 2 owners were promised a first-of-its-kind app developed in partnership with Sunbird, which allowed the...
Why less is more: 10 steps to secure customer data
In an advisory aimed at the protection of customers’ personal data, the Australian Cyber Security Centre ACSC has emphasized that businesses should only collect personal data from customers that they need in order to operate effectively. While that may seem like kicking in an open door, it’s real...
Atomic Stealer distributed to Mac users via fake browser updates
Atomic Stealer, also known as AMOS, is a popular stealer for Mac OS. Back in September, we described how malicious ads were tricking victims into downloading this piece of malware under the disguise of a popular application. In an interesting new development, AMOS is now being delivered to Mac...
Scattered Spider ransomware gang falls under government agency scrutiny
As you may have read in our November Ransomware Review, Scattered Spider is a relatively new, albeit dangerous, ransomware gang who made headlines in September for attacking MGM Resorts and Caesar Entertainment. For small security teams, one of the most important findings about the group is their...
Student discount: Get 50% off Malwarebytes
Technology is now an indispensable part of student life, used for everything from socialising and calling home, to writing and researching essays. Unfortunately, that makes students taking their first steps into adult life a prime target for cybercrime. But how can you be sure the Wi-Fi network...
OneView updates: Dive into Report 2.0 & the new Global Site Filter
Were rolling out two new features to enhance usability in OneView, our multi-tenant platform for Managed Service Providers: Report 2.0 and the Global Site Filter. Heres what you need to know: Report 2.0: Improved Reporting in OneView Report 2.0 offers a more streamlined approach to reporting with...
Ransomware review: September 2023
This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, "known attacks" are those where the victim did not pay a ransom. This provides the best overall picture of...
DarkGate reloaded via malvertising and SEO poisoning campaigns
In July 2023, we observed a malvertising campaign that lured potential victims to a fraudulent site for a Windows IT management tool. Unlike previous similar attacks, the final payload was packaged differently and not immediately recognizable. The decoy file came as an MSI installer containing an...
Ford says it’s safe to drive its cars with a WiFi vulnerability
Ford has released information about a buffer overflow vulnerability in its SYNC 3 infotainment system. Ford learned from a supplier that a security researcher had discovered a vulnerability in the Wi-Fi software driver supplied for use in the SYNC 3 infotainment system available on some Ford and...
SupremeBot and Mario cross the finish line together
Researchers have reported how popular game installers like Super Mario Games are being used to deliver malware. The malicious components include cryptominers, the SupremeBot mining client, and the open-source Umbral stealer. The game installers route offers some very distinct advantages to the...
Former TikTok exec: Chinese Communist Party had "God mode" entry to US data
A former executive at TikToks parent company ByteDance has claimed in court documents that the Chinese Communist Party CCP had access to TikTok data, despite the data being stored in the US. The allegations were made in a wrongful dismissal lawsuit which was filed in May in the San Francisco...
Update your Cisco System Secure Client now to fix this AnyConnect bug
Cisco Secure Client is the fresh recipient of a fix to address a high-severity vulnerability related to improper permissions. The flaw allows attackers to potentially escalate privileges to the SYSTEM account. From the vulnerability advisory: A vulnerability in the client update feature of Cisco...
Navigating mobile malware trends: Crucial insights and predictions for MSPs
Whether a company gives them out or they're owned by the employees or students, mobile devices are like honey for cybercriminals. And the kicker? Most of these devices are not protected enough. Just check out the following stats from last year: 18 percent of clicked phishing emails in 2022 came...
Newspaper evades Russian censors, hides news in Counter-Strike map
A Finnish newspaper is making clever use of popular video game titles to promote press freedom and bypass Russian media restrictions regarding the invasion of Ukraine. The plan: Hide a secret room underneath a map, which players can stumble upon and see facts, figures, and photographs of whats be...
Payment giant's point-of-sale outage caused by ALPHV ransomware
On April 12, 2023, payment giant NCR reported it was looking into an issue with its point-of-sale POS systems that caused an outage, leaving customers unable to use the system. The NCR Aloha POS systems are popular in hospitality services. Customers include Wendys, Chuck e Cheese, Cafe Rio, Leean...
Emotet adopts Microsoft OneNote attachments
Last week, Emotet returned after a three month absence when the botnet Epoch 4 started sending out malicious emails with malicious Office macros. While the extracted attachments were inflated to several hundred megabytes, it was surprising to see that Emotet persisted in using the same attack...
Crushing the two biggest threats to mobile endpoint security in 2023
Dont let their small size fool you: mobile devices can have a big impact on your security posture. Its easy to see why, considering that almost half of organizations said they suffered a mobile-related compromise in 2022. Malware and phishing are two particular mobile threats that you need to...
Hive! Hive! Hive! Ransomware site submerged by FBI
On January 26, 2023, the United States Department of Justice DoJ released details about a disruption campaign against the Hive ransomware group. The disruption campaign has reportedly had access to Hive's infrastructure since July of 2022. Its access became public on Thursday when Hive's dark web...
Play ransomware attacks city of Antwerp
The city of Antwerps digital systems have come to a grinding halt. The Flemish government under which Antwerp resides has confirmed that this is the result of a ransomware attack. The consequences for the city's inhabitants are drastic, as hundreds of city employees revert to working on paper...
Lazarus group uses fake cryptocurrency apps to plant AppleJeus malware
The North Korean Lazarus Group, aka APT38, is one of the most sophisticated North Korean APTs. It's been active since 2009 and is responsible for many high profile attacks. In January of 2022 the Malwarebytes Intelligence Team uncovered a campaign where Lazarus conducted spear phishing attacks...
Snapchat gives Californians more power over their personal data
There's a new toggle switch in Snapchat that, once enabled, limits the use of sensitive personal information. TechCrunch reports that the switch is a new privacy feature Snapchat will be rolling out to comply with the California Privacy Rights Act CPRA, also known as Proposition 24. The act, whic...
Eufy "no cloud" security cameras streaming data to the cloud
Eufy home security cameras are currently in a spot of trouble as a result of door camera footage. This is because it turns out that data which should not have been going to the cloud was doing so anyway in certain conditions. Securing your home: a complicated proposition Insecure cameras,...
Malformed signature trick can bypass Mark of the Web
Mark of the Web MOTW--the technology that ensures Windows pops a warning message when trying to open a file downloaded from the Internet--is back in the news, but unfortunately not in a good way. Bleeping Computer reports that a recently uncovered but somewhat old bug has been unearthed which hel...
Top 5 ransomware detection techniques: Pros and cons of each
In the fight against ransomware, much of the discussion revolves around prevention and response. Actually detecting the ransomware, however, is just as important to securing your business. To understand why, just consider the following example. Lets say youre a farmer taking care of a flock of...
Grand Theft Auto 6 suffers grand theft
For games publisher Take-Two Interactive, damage control is in full effect as word spreads of a Grand Theft Auto-centric network compromise. Developer Rockstar Games has suffered a major leak of upcoming game content, specifically unfinished video footage of Grand Theft Auto 6. The first anyone...
EDR vs MDR vs XDR – What’s the Difference?
Cyberattacks are rapidly evolving, leaving businesses and their IT security teams to handle immense workloads. Keeping up with todays cyberthreats not only involves staying up to date in an ever-changing threat landscape, it also involves managing complex security infrastructure and technologies...
A week in security (August 22 - August 28)
Last week on Malwarebytes Labs: Cryptojackers growing in numbers and sophistication CISA wants you to patch these actively exploited vulnerabilities before September 8 Reddit users crowdsourcing explicit images and identities Criminals socially engineer their way to bank details with fake arrest...
Cryptojackers growing in numbers and sophistication
With rising energy costs and increased volatility in the value of cryptocurrencies, we were bound to see a rise in malicious cryptomining, aka cryptojacking. If you dont know whether you will ever see a return on your investments in mining equipment, one will look for other opportunities. But if...
Summer of exploitation leads to healthcare under fire
May 2021 was a tough month for the Healthcare and Medical sector-the most notable threat trend at the time was the heavy use of a new popular exploit against Dell systems, leading to immense effort by attackers to utilize the exploit before it became less effective due to patching. During this...
Phishy calls and emails play on energy cost increase fears
Gas and electricity price concerns are rife at the moment, with spiralling costs and bigger increases waiting down the line. Sadly this makes the subject valuable material for fraudsters, playing into peoples fears with a dash of social engineering to make them worse off than they were previously...
Have we lost the fight for data privacy? Lock and Code S03E16
At the end of 2021, Lock and Code invited the folks behind our news-driven cybersecurity and online privacy blog, Malwarebytes Labs, to discuss what upset them most about cybersecurity in the year prior. Today, were bringing those same guests back to discuss the other, biggest topic in this space...
Report: Brazil must do more to encrypt, back up data
Federal government organisations in Brazil may need to reassess their approach to cyberthreats, according to a new report by the countrys Federal Audit Court. It outlines multiple key areas of concern across 29 key areas of risk. One of the biggest problems in the cybercrime section of the report...
Discord Shame channel goes phishing
A variant of a popular piece of social media fraud has made its way onto Discord servers. Multiple people are reporting messages of an "Is this you" nature, tied to a specific Discord channel. is this a new discord scam or something? someone I haven’t spoken to in years randomly sent me this and...
TikTok is “unacceptable security risk” and should be removed from app stores, says FCC
Brendan Carr, the commissioner of the FCC Federal Communications Commission, called on the CEOs of Apple and Google to remove TikTok from their app stores. In a letter dated June 24, 2022, Carr told Tim Cook and Sundar Pichai that "TikTok poses an unacceptable national security risk due to its...