4712 matches found
GTA 6 early access is nothing but a scam
A new wave of scam websites is offering something millions of people want: a way to play Grand Theft Auto VI before it comes out. " Get GTA 6 before everyone else." " Buy VIP early access." Pay a few hundred dollars in cryptocurrency, enter a payment code, and supposedly unlock the game. But it's...
A week in security (June 8 – June 14)
Last week on Malwarebytes Labs: Stolen iPhones could soon be worth a lot less to thieves Fake verification pages are stealing Steam accounts from players Google can be liable for false AI Overviews, court rules VRChat says reported data breach never happened Children’s phones must block nude imag...
A week in security (February 23 – March 1)
Last week on Malwarebytes Labs: Public Google API keys can be used to expose Gemini AI data Inside a fake Google security check that becomes a browser RAT Fake Zoom and Google Meet scams install Teramind: A technical deep dive How to understand and avoid Advanced Persistent Threats The Conduent...
Fake 7-Zip downloads are turning home PCs into proxy nodes
A convincing lookalike of the popular 7-Zip archiver site has been serving a trojanized installer that silently converts victims’ machines into residential proxy nodes—and it has been hiding in plain sight for some time. “I’m so sick to my stomach” A PC builder recently turned to Reddit’s...
Flaw in Verizon call record requests put millions of Americans at risk
Security researcher Evan Connelly discovered an enormous flaw affecting one of the largest telecommunications companies in the world that could allow any single person to view the recent incoming call log for potentially any Verizon phone number. "In short, anyone could lookup data for anyone,"...
Adobe clarifies Terms of Service change, says it doesn’t train AI on customer content
Following days of user pushback that included allegations of forcing a "spyware-like" Terms of Service ToS update into its products, design software giant Adobe explained itself with several clarifications. Apparently, the concerns raised by the community, especially among Photoshop and Substance...
How to back up your iPhone to a Windows computer
They say the only backup you ever regret is the one you didnt make. iPhone backups can be used to easily move your apps and data to a new phone, to recover things youve lost, or to fix things that have failed. Weve published posts on how to back up your iPhone to iCloud, and how to backup an iPho...
3 important lessons from a devastating ransomware attack
In October 2023, The British Library was attacked by the Rhysida ransomware gang in a devastating cyberattack. The library, a vast repository of over 170 million items, is still deep in the recovery process, but recently released an eighteen page cyber incident review describing the attack, its...
Ransomware’s appetite for US healthcare sees known attacks double in a year
Following the February 21 attack on Change Healthcare, scores of people in the US have been living with the brutal, real-world effects of ransomware. Described by the American Hospital Association AHA President and CEO Rick Pollack as “the most significant and consequential incident of its kind...
Malwarebytes Premium blocks 100% of malware during external AVLab test
Malwarebytes Premium earned a perfect score in the latest AVLab Cybersecurity Foundation “Advanced In-The-Wild Malware Test,” catching and stopping 100% of malware samples, outperforming multiple competitors in the field, and continuing a longstanding tradition of proven, perfect protection for...
How to update outdated software on Mac endpoints: Introducing ThreatDown VPM for Mac
ThreatDown is happy to announce that our Vulnerability Assessment and Patch Management VPM tool is now available for Mac endpoints. There are hundreds of third-party apps that Mac endpoint use on a daily basis—and with that large number of apps comes a dizzying amount of software updates to apply...
Check your DNS! Abandoned domains used to bypass spam checks
Researchers at Guardio Labs have discovered that a group of spammers is using long-forgotten subdomains from established brands like MSN, eBay, CBS, and Marvel to send out malicious emails. The emails can bypass spam checks and to recipients they look like they come from a legitimate source. A...
Airbnb scam sends you to a fake Tripadvisor site, takes your money
One of my co-workers who works on Malwarebytes’ web research team just witnessed a real life example of how useful his work is in protecting people against scammers. Stefan decided to visit Amsterdam with his girlfriend, and found a very nice and luxurious apartment in Amsterdam on Airbnb. In the...
10 things to do to improve your online privacy
1. Set up two-factor authentication Do this for as many of your online accounts as you can, especially the major ones like your email and social media accounts. Two-factor authentication 2FA adds an extra step of protection and makes it much harder for attackers to login as you. We recommend usin...
Scattered Spider ransomware gang falls under government agency scrutiny
As you may have read in our November Ransomware Review, Scattered Spider is a relatively new, albeit dangerous, ransomware gang who made headlines in September for attacking MGM Resorts and Caesar Entertainment. For small security teams, one of the most important findings about the group is their...
3 benefits of ThreatDown bundles
Traditional approaches to endpoint security today have a three-fold complexity problem—with big consequences. First, complexity in deployment causes long delays in protection, directly impacting ROI and leaving organizations vulnerable to breaches. In fact, almost 10 percent of small security tea...
A week in security (September 18 - September 24)
Last week on Malwarebytes Labs: Emergency update! Apple patches three zero-days T-Mobile spills billing information to other customers Involved in a data breach? Heres what you need to know Steer clear of cryptocurrency recovery phrase scams DoppelPaymer ransomware group suspects identified The...
Mac users targeted in new malvertising campaign delivering Atomic Stealer
Summary Malicious ads for Google searches are targeting Mac users Phishing sites trick victims into downloading what they believe is the app they want The malware is bundled in an ad-hoc signed app so it cannot be revoked by Apple The payload is a new version of the recent Atomic Stealer for OSX...
Teenage members of Lapsus$ ransomware gang convicted
A wave of video game developer compromises has come to a court-based conclusion for those responsible, with several convictions the end result. Arion Kurtaj, and a second teen who cannot be named due to their age, are finding themselves to be in quite a lot of trouble after repeated and sustained...
25 most popular websites vs Malwarebytes Browser Guard
Do you know how many see-everything-you're-doing-on-the-web trackers get loaded into your browser when you watch a YouTube video? Would you care to guess? It's about sixty. Sixty. Six zero. Sixty trackers when you load one video. I know this because I decided to take Browser Guard, the...
FAQ: How does Malwarebytes ransomware rollback work?
As the old cybersecurity saying goes: "Its not if, but when." Everyone and their grandma have repeated this foreboding maxim about the nature of ransomware attacks, but sadly, that doesn't make it any less true. Time and again were reminded that ransomware can slip past even the best defenses...
Docker Hub images found to expose secrets and private keys
Numerous Docker images shared on Docker Hub are exposing sensitive data, according to a study conducted by researchers at the German university RWTH Aachen. Needless to say, this poses a significant security risk. In traditional software development, programmers code an application in one computi...
Malwarebytes stops 100% of Advanced Threats in latest AV-Test assessment
AV-TEST, a leading independent tester of cybersecurity solutions, has just given Malwarebytes two Advanced awards for the ability of our consumer and business products to protect against the latest attack techniques. Lets take a deeper dive into the test and the results. Advanced Threat Protectio...
Malicious ad for USPS fishes for banking credentials
We often think of malvertising as being malicious ads that push malware or scams, and quite rightly so these are probably the most common payloads. However, malvertising is also a great vehicle for phishing attacks which we usually see more often via spam emails. Threat actors continue to abuse a...
LockBit and Cl0p ransomware gangs actively exploiting Papercut vulnerabilities
A few days ago we wrote about two vulnerabilities found in PaperCut application servers. As we noted, exploitation was fairly simple so there was some urgency to install the patches. My esteemed colleague Chris Boyd literally wrote: "Arbitrary code can be deployed, or even ransomware if thats par...
TikTok "a loaded gun" says NSA
America's TikTok-addicted youth is playing with a "loaded gun" according to General Paul Nakasone, Director of the National Security Agency NSA. Speaking at a US Senate hearing on Wednesday, the general said "one third of Americans get their news from TikTok", adding "one sixth of American youth...
A week in security (February 13 - 19)
Last week on Malwarebytes Labs: What is AI good at and what the heck is it, actually, with Josh Saxe: Lock and Code S04E04 Malwarebytes recognized as endpoint security leader by G2 CISA issues alert with South Korean government about DPRK's ransomware antics Jailbreaking ChatGPT and other large...
KillNet hits healthcare sector with DDoS attacks
At the end of January, the Health Sector Cybersecurity Coordination Center warned that the KillNet group is actively targeting the US healthcare sector with distributed denial-of-service DDoS attacks. The Cybersecurity and Infrastructure Security Agency CISA says it helped dozens of hospitals...
LastPass users should move their crypto funds, experts warn
Several experts have warned LastPass users who store cryptocurrency-related login information in their vaults to change that login information as soon as they can. Apparently, cybercriminals who have access to the stolen information are making it a priority to decrypt the data in an attempt to...
A week in security (December 12 - 18)
Last week on Malwarebytes Labs: Indiana sues TikTok, describes it as "Chinese Trojan Horse" Iranian hacking group uses compromised email accounts to distribute MSP remote access tool Electronic Sales Suppression Tools are cooking the books Silence is golden partner for Truebot and Cl0p ransomware...
Raccoon Stealer admin will be extradited to the US, charged for computer crimes
The US Department of Justice has indicted a Ukrainian national for his involvement in Raccoon Stealer, a noteworthy password-stealing Trojan leased in the underground for criminals to use as part of a malware-as-a-service MaaS business model. According to court documents, Mark Sokolovsky, 26, is...
Healthcare site leaks personal health information via Google and Meta tracking pixels
Advocate Aurora Health has disclosed that by visiting its websites users may have shared personal information, and possibly protected health information PHI, with Google and Meta Facebook. Advocate Aurora Health is the 11th largest not-for-profit, integrated health system in the US and provides...
A week in security (October 17 - 23)
Last week on Malwarebytes Labs: Thermal cameras could help reveal your password How to spot a scam Warning: "FaceStealer" iOS and Android apps steal your Facebook login Criminal group busted after stealing hundreds of keyless cars Fake tractor fraudsters plague online transactions DeadBolt...
Gas, a positive social network for teens (no, really)
A new social network is currently in the news, billed as a positive space for teens to enjoy themselves. Im all for positive spaces online, but what is it, and will teens really be happier there than say Instagram, or even just hanging out in WhatsApp groups? Pump the gas Launched in August of th...
Ransomware attack freezes newspaper printing system
Several German newspapers were left unable to release printed versions of their papers after a ransomware attack affected their printing systems. Speaking to BleepingComputer, Uwe Ralf Heer, editor-in-chief of Heilbronn Stimme, said the attack hit the entire Stimme Mediengruppe media group, which...
Warning: "FaceStealer" iOS and Android apps steal your Facebook login
Earlier this month, security researchers from Meta found 400 malicious Android and iOS apps designed to steal user Facebook login credentials. Such mobile malware, which Malwarebytes detects typically as Android/Trojan.Spy.Facestealer, usually arrives as an app disguised as a useful or entertaini...
Why (almost) everything we told you about passwords was wrong
I have an embarrassing confession to make: I reuse passwords. I am not proud of it, but honestly its a relief to finally get it off my chest. I am not a heavy re-user, nothing crazy, I use a password manager to handle most of my credentials but I still reuse the odd password from time to time. It...
4 times students compromised school cybersecurity
For many students school can be a tough time, and we've all heard stories about bored or frustrated kids compromising school cybersecurity to change grades. Sometimes the students are celebrated, and other times it ends in them being expelled from school, or even prosecuted. Of course, these acts...
Malvertising on Microsoft Edge's News Feed pushes tech support scams
While Google Chrome still dominates as the top browser, Microsoft Edge, which is based on the Chromium source code, is gradually gaining more users. Perhaps more importantly, it is the default browser on the Microsoft Windows platform and as such some segments of its user base are of particular...
Reset your password now! Plex suffers data breach
In an email sent to its users, Plex has revealed that a cybercriminal accessed some customer data, including emails and encrypted passwords. From the email that was sent out by the Plex security team: Yesterday, we discovered suspicious activity on one of our databases. We immediately began an...
Reddit users crowdsourcing explicit images and identities
The BBC is warned of a large photograph trading ring which operated on popular group forum site Reddit. These warnings are in relation to stolen nude photographs and other content shared without permission. In this case, even non-explicit photos are being posted alongside frequently degrading and...
For months, JusTalk messages were accessible to everyone on the Internet
JusTalk, a popular mobile video calling and messaging app with 20 million global users, exposed a massive database of supposedly private messages to the public Internet for months. According to security researcher Anurag Sen, who discovered the open database, the messages were stored unencrypted,...
Have we lost the fight for data privacy? Lock and Code S03E16
At the end of 2021, Lock and Code invited the folks behind our news-driven cybersecurity and online privacy blog, Malwarebytes Labs, to discuss what upset them most about cybersecurity in the year prior. Today, we're bringing those same guests back to discuss the other, biggest topic in this spac...
Simplifying the fight against ransomware: An expert explains
Fighting against ransomware can be difficult—especially if your organization has limited IT resources to begin with. But Adam Kujawa, security evangelist and director of Malwarebytes Labs, has a few tips for overburdened IT folks looking to simplify their fight against ransomware. In this post,...
Microsoft clamps down on RDP brute-force attacks in Windows 11
It wasnt so long ago that we were wondering what improvements Windows 11 would make in the security stakes. Well, we havent had to wait too long to find out. Windows 11 build 22528.1000 and up will tackle one of the more common entry points for network intruders. Namely, trying to prevent the bru...
Client-side Magecart attacks still around, but more covert
This blog post was authored by Jérôme Segura We have seen and heard less buzz about Magecart during the past several months. While some marketing playbooks continue to rehash the same breaches of yesteryear, we have been wondering if some changes took place in the threat landscape. One thing we...
Tor’s (security) role in the future of the Internet, with Alec Muffett
Tor has a storied reputation in the world of online privacy. The open-source project lets people browse the Internet more anonymously by routing their traffic across different nodes before making a final connection between their device and a desired website. Its something weve discussed previousl...
Ransomware: May 2022 review
The Malwarebytes Threat Intelligence team monitors the threat landscape continuously and produces monthly ransomware reports based on a mixture of proprietary and open-source intelligence. Conti sleight of hand? Although LockBit remained the most widely-deployed ransomware in May 2022, it was,...
Ransomware attack turns 2022 into 1977 for Somerset County
1977 was quite the year. Led Zeppelin! Jimmy Carter! Saturday Night Fever! We can now add "a ransomware attack" to this once static list. Somerset County, New Jersey, has been hit so hard by a network assault that theyve ended up in the direst straits imaginable, with county databases unavailable...
Massive increase in XorDDoS Linux malware in last six months
Microsoft says its recorded a massive increase in XorDDoS activity 254 percent in the last six months. XorDDoS, a Linux Trojan known for its modularity and stealth, was first discovered in 2014 by the white hat research group, MalwareMustDie MMD. MMD believed the Linux Trojan originated in China...