Client-side Magecart attacks still around, but more covert

This blog post was authored by Jérôme Segura We have seen and heard less buzz about Magecart during the past several months. While some marketing playbooks continue to rehash the same breaches of yesteryear, we have been wondering if some changes took place in the threat landscape. One thing we...

LinkedIn scams are a “significant threat”, warns FBI

Digital currency fraud is a growing issue on social media, and LinkedIn is no different. In fact, according to according to Sean Ragan, the FBI’s special agent in charge of the San Francisco and Sacramento, California, field offices, cryptocurrency scams are big business on LinkedIn. "It’s a...

It’s official, today you can say goodbye to Internet Explorer. Or can you?

Today, the Internet Explorer IE 11 desktop application goes out of support and will be retired for certain versions of Windows 10. The retirement consists of two phases. During the first phase—the redirection phase—devices will be progressively redirected from IE to Microsoft Edge over the...

Taking down the IP2Scam tech support campaign

Tech support scams follow a simple business model that has not changed much over the years. After all, why change a recipe that continues to yield large profits. We see countless such campaigns and block them indiscriminately to protect our customers from being defrauded by a fraudulent tech...

Rotten apples banned from the App store

Apple’s App Review process may have received ill wishes from many benevolent developers, but Apple has now revealed how effective it is and why it is so stringent. According to its review of the year 2021, Apple protected customers from nearly $1.5 billion in potentially fraudulent transactions,...

Unfixed vulnerability in popular library puts IoT products at risk

Researchers have found a vulnerability in a popular C standard library in IoT products that could allow attackers to perform DNS poisoning attacks against a target device. The library is known to be used by major vendors such as Linksys, Netgear, and Axis, but also by Linux distributions such as...

Rogue ads phishing for cryptocurrency: Are you secure?

Bad ads are at it again. Rogue Google ads caused no end of misery for cryptocurrency enthusiasts, costing them roughly $4.31 million between the 12th and the 21st of April. This is an astonishing slice of cryptocurrency cash to lose for the sake of clicking on something in a search engine. The...

Why software has so many vulnerabilities, with Tanya Janca: Lock and Code S03E09

Less than one year ago, the worst ransomware attack in history struck dozens of organizations. Threat actors had exploited a serious flaw in the remote monitoring and management tool Kaseya VSA that, when discussed on the Lock and Code podcast, was revealed to be "not advanced at all." This was f...

A week in security (April 11 – 17)

Last week on Malwarebytes Labs: Credential-stealing malware disguises itself as Telegram, targets social media users Old Play Store apps served notice by upcoming API level changes Denonia cryptominer is first malware to target AWS Lambda Ransomware: March 2022 review Why identity management...

How to password protect a folder

There are times when you would like a folder to be accessible by you alone. Financial information, personal documents, or work related files on your personal system sometimes need to be hidden from prying eyes. One of the ways to do this is to password protect the folder. Windows For the Windows...

Denonia cryptominer is first malware to target AWS Lambda

Security researchers at Cado Security, a cybersecurity forensics company, recently discovered the first publicly-known malware targeting Lambda, the serverless computing platform of Amazon Web Services AWS. Though Lambda has been around for less than ten years, serverless technology is considered...

MITRE ATT&CK® Evaluation results: Malwarebytes’ efficiency, delivered simply, earns high marks

Cybersecurity can be complex work, as security teams need to regularly decipher and prioritize alerts, protect against daily threats, and possibly implement product configuration changes, all while staying abreast of the latest intelligence on new and evolving threats. For organizations that lack...

DDoS barrage against Israel described as the “largest ever” cyberattack its faced

Several government websites in Israel—those using the .gov.il domain—were inaccessible after a distributed denial of service DDoS attack hit Israels telecommunication provider, Cellcom. NetBlocks, a network disruption watchdog, initially detected "a significant disruption" aimed at the provider,...

Microsoft: Slow MFA adoption presents “dangerous mismatch” in security

Multi-factor authentication MFA has been around for many years now, but few enterprises have fully embraced it. In fact, according to Microsofts inaugural "Cyber Signals" report, only 22 percent of all its Azure Active Directory AD enterprise clients have adopted two-factor authentication 2FA, a...

Big Mother is watching: What parents REALLY think about tracking their kids

Every year on Data Privacy Day, we’re greeted with countless arguments about the absolute merits of data privacy protections good, invasions bad, but we rarely see a faithful, factual accounting for the biggest data privacy conundrum facing billions of people every single day: Should parents inva...

Windows Update has changed over the years. Here are 25 group policies to avoid

Microsoft has published a list of 25 group policies that administrators should not use in Windows 10 and Windows 11 as they do not provide optimal behavior or cause unexpected results. Since November 2015 when Windows 10 was first introduced, there have been many changes and some of them have...

The Internet is not safe enough for women, and Sue Krautbauer has some ideas about why: Lock and Code S02E22

Decades ago, the promise of the Internet was clear: No one, depending on their age, gender, race, income, or place of birth, would be unwelcome from expressing their thoughts and ideas. Today, that promise has been largely unfulfilled. As Malwarebytes discovered earlier this year, the Internet is...

Patch now to bypass Firefox add-ons that abuse the proxy API to deny updates

In a Firefox security announcement, Mozilla said 455,000 users have downloaded Firefox add-ons that interfere with how they connect to the internet. The interference in itself was not the deciding factor, however. The add-ons abused the proxy API to prevent users who had installed them from...

The FCC moves to curb SIM swap attacks

The Federal Communications Commission FCC is going to set new rules to curb the rising threat of SIM swapping, also known as SIMjacking. SIM swapping and the very similar port-out fraud is the unlawful use of someones personal information to steal their phone number and swap or transfer it to...

Apple delays plans to search devices for child abuse imagery

After the uproar from users and privacy advocates about Apple’s controversial plans to scan users devices for photos and messages containing child abuse and exploitation media, the company has decided to put the brakes on the plan. If you may recall, Apple announced in early August that it would...

Google to start automatically enrolling users in two-step verification “soon”

If you use a Google account, it may soon be mandatory to sign up to Googles two-step verification program. As recently as 2017, a tiny amount of GMail users made use of its two-step options. Maybe the uptake is still slow, and Google has decided enough is enough. With so much valuable data stuffe...

Prop 24 passes in California, will change data privacy law

First-day returns in California showed voters firmly approving to change their state’s current data privacy law—which already guarantees certain privacy protections that many states do not—through the passage of Prop 24. As of the morning of November 4, according to The Sacramento Bee, 56.1 perce...

VideoBytes: Ransomware gets wasted!

Hello dear readers, and welcome to the latest edition of VideoBytes! On todays episode, were talking about how ransomware is on the rise again, focused on attacking corporations with malware that not only encrypts files, but also steals it. The tactics used to deploy these forms of ransomware hav...

How to keep K–12 distance learners cybersecure this school year

With the pandemic still in full swing, educational institutions across the US are kicking off the 2020–2021 school year in widely different ways, from re-opening classrooms to full-time distance learning. Sadly, as schools embracing virtual instruction struggle with compounding IT challenges on t...

Lock and Code S1Ep12: Pinpointing identity and access management’s future with Chuck Brooks

This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Chuck Brooks, cybersecurity evangelist and adjunct professor for Georgetown University’s Applied Intelligence Program and graduate Cybersecurity Programs...

MSPs, know what you’re really looking for in an RMM platform

MSPs naturally adapt and mature as innovative technologies and more effective processes are introduced into the industry. But with ransomware cyberattacks happening left and right, pushing them to evolve even further, MSPs are left with no choice but to go with the flow. Going for improved...

Online credit card skimming increased by 26 percent in March

Crisis events such as the current COVID-19 pandemic often lead to a change in habits that captures the attention of cybercriminals. With the confinement measures imposed in many countries, for example, online shopping has soared and along with it, credit card skimming. According to our data, web...

A week in security (January 15 – January 21)

Last week on Labs, we gave you some background information about cookies, specifically which ones to worry about and why. We also warned you about scams surrounding the Mega Millions winner, who promised to donate his money to good causes. We analyzed a cryptocurrency miner using a very old...

A week in security (October 16 – October 22)

Last week was an eventful one in security, keeping our research and intel teams on their toes. Multiple security researchers homed in on suspicious and malicious apps on Google Play, affecting thousands of Android users. A new variant of Mac malware Proton was also found in the wild, this time...

New Mac Malware-as-a-Service offerings

A couple weeks ago, two new Malware-as-a-Service MaaS offerings for the Mac became available. These two offerings - a backdoor named MacSpy and a ransomware app named MacRansom - were discovered by Catalin Cimpanu of Bleeping Computer on May 25. Cimpanu evidently had some trouble getting hold of...

Pirated PC games are delivering password-stealing malware

A new Windows malware campaign hides inside pirated PC games and modified installers for franchises like Far Cry, Need for Speed, FIFA, and Assassin’s Creed. Researchers estimate that more than 400,000 devices worldwide have been infected, with around 30,000 users in the US. The infection method ...

Fake calendar invites are spreading. Here’s how to remove them and prevent more

We’re seeing a surge in phishing calendar invites that users can’t delete, or that keep coming back because they sync across devices. The good news is you can remove them and block future spam by changing a few settings. Most of these unwanted calendar entries are there for phishing purposes. Mos...

Ransomware hiding in fake AI, business tools

Artificial intelligence AI and small business tools are being abused as smokescreens to hit unsuspecting victims with ransomware. In the masquerade campaigns discovered by Cisco Talos, cybercriminals hid malware behind software and install packages that mimicked the websites or names of the lead...

184 million logins for Instagram, Roblox, Facebook, Snapchat, and more exposed online

A recent discovery by cybersecurity researcher Jeremiah Fowler of an unsecured database containing over 184 million unique login credentials has once again highlighted the growing threat posed by infostealers. While the sheer volume of exposed data—including emails, passwords, and authorization...

What privacy? Perplexity wants your data, builds browser to track you and serve ads

AI search service Perplexity AI doesn't just want you using its app—it wants to take over your web browsing experience too. The company is planning to launch its own browser, called Comet, next month. But what does this mean for your privacy? Launched in 2022, Perplexity AI is an AI-powered searc...

Vulnerability in most browsers abused in targeted attacks

Researchers found a vulnerability in Chrome that was abused in the wild against organizations in Russia. Google has released an update for its Chrome browser which includes patches for this vulnerability. The update brings the Stable channel to versions 134.0.6998.178 for Windows. Other operating...

A week in security (March 17 – March 23)

Last week on Malwarebytes Labs: What Google Chrome knows about you, with Carey Parker Lock and Code S06E06 Personal data revealed in released JFK files Semrush impersonation scam hits Google Ads Targeted spyware and why it’s a concern to us The "free money" trap: How scammers exploit financial...

Apple fixes zero-day vulnerability used in “extremely sophisticated attack”

Apple has released an emergency security update for a vulnerability which it says may have been exploited in an "extremely sophisticated attack against specific targeted individuals.” The update is available for: iOS 18.3.1 and iPadOS 18.3.1 - iPhone XS and later, iPad Pro 13-inch, iPad Pro...

“Sad announcement” email implies your friend has died

Tech support scammers are again stooping low with their email campaigns. This particular one hints that one of your contacts may have met an untimely end. It all starts with an email titled “Sad announcement” followed by a full name of someone you know. The email may appear to come from the perso...

43% of couples experience pressure to share logins and locations, Malwarebytes finds

All isn’t fair in love and romance today, as 43% of people in a committed relationship said they have felt pressured by their own partners to share logins, passcodes, and/or locations. A worrying 7% admitted that this type of pressure has included the threat of breaking up or the threat of physic...

Adobe clarifies Terms of Service change, says it doesn’t train AI on customer content

Following days of user pushback that included allegations of forcing a "spyware-like" Terms of Service ToS update into its products, design software giant Adobe explained itself with several clarifications. Apparently, the concerns raised by the community, especially among Photoshop and Substance...

When things go wrong: A digital sharing warning for couples

“When things go wrong” is a troubling prospect for most couples to face, but the internet—and the way that romantic partners engage both with and across it—could require that this worst-case scenario become more of a best practice. In new research that Malwarebytes will release this month, romant...

How to tell if a VPN app added your Windows device to a botnet

On May 29, 2024, the US Department of Justice DOJ announced it had dismantled what was likely the world’s largest botnet ever. This botnet, called “911 S5,” infected systems at over 19 million IP addresses across more than 190 countries. The main sources of income for the operators, who stole a...

Financial institutions ordered to notify customers after a breach, have an incident response plan

The Securities and Exchange Commission SEC has announced rules around breaches for certain financial institutions—registered broker-dealers, investment companies, investment advisers, and transfer agents— that require them to have written incident response policies and procedures that can be used...

Dropbox Sign customer data accessed in breach

Dropbox is reporting a recent "security incident" in which an attacker gained unauthorized access to the Dropbox Sign formerly HelloSign production environment. During this access, the attacker had access to Dropbox Sign customer information. Dropbox Sign is a platform that allows customers to...

Apple warns people of mercenary attacks via threat notification system

Apple has reportedly sent alerts to individuals in 92 nations on Wednesday, April 10, to say its detected that they may have been a victim of a mercenary attack. The company says it has sent out these types of threat notifications to over 150 countries since the start in 2021. Mercenary spyware i...

AT&T confirms 73 million people affected by data breach

Telecommunications giant AT&T has finally confirmed that 73 million current and former customers have been caught up in a massive dark web data leak. The leaked data includes names, addresses, mobile phone numbers, dates of birth, and social security numbers. Malwarebytes VP of Consumer Privacy,...

How to back up your iPhone to a Mac

They say the only backup you ever regret is the one you didnt make. iPhone backups can be used to easily move your apps and data to a new phone, to recover things youve lost, or to fix things that have failed. One of the most cost effective ways to backup your iPhone is to save backups to your Ma...

Store manager admits SIM swapping his customers

A 42-year-old manager at an unnamed telecommunications company has admitted SIM swapping customers at his store. SIM swapping, also known as SIM jacking, is the act of illegally taking over a target’s cell phone number and re-routing it to a phone under the attackers control. Once an attacker has...

A week in security (February 12 – February 18)

Last week on Malwarebytes Labs: GoldPickaxe Trojan steals your face! Microsoft Exchange vulnerability actively exploited Massive utility scam campaign spreads via online ads Facebook Marketplace users’ stolen data offered for sale How ransomware changed in 2023 Malwarebytes crushes malware all th...