4662 matches found
FBI warns food and agriculture to brace for seasonal ransomware attacks
The Federal Bureau of Investigation FBI recently released a Private Industry Notification warning agriculture cooperatives also known as "farmers co-ops" of the looming danger of well-timed ransomware attacks. The agency warns that during the critical planting and harvesting seasons, attacks coul...
Fake USA for UNHCR site wants your Ukraine donations in Bitcoin
Since Russia began invading Ukraine in late February, many organizations have set up donation pages to aid the most heavily affected: Families who were forced out of their homes due to bombings and children separated from grown-ups who decided to stay and take arms. Weve also seen a considerable...
SMS group spam promises free gifts in return for bill payment
We’re seeing lots of examples of peculiar SMS messages sent to random groups of people. Most of these messages promise free gifts and/or offers after having paid bills. Nobody has asked for these texts, and they’re not being sent by providers of any services. What’s going on? The set up Most of t...
Conti ransomware offshoot targets Russian organizations
Thanks to the Threat Intelligence team for their help with this article. Conti, the infamous ransomware created by a group of Russian and Eastern European cybercriminals, has again made headlines after a hacking group used its leaked source code to create another variant of the ransomware and...
USPS “Your package could not be delivered” text is a smishing scam
A scam is doing the rounds which begins with a text from what claims to be the US Postal Service. The SMS reads as follows: "U.S. Postal Service We’re sorry to let you know that your package could not be delivered. To reschedule a delivery please visit bitdotly" I’ve never received an SMS from th...
Colibri Loader combines Task Scheduler and PowerShell in clever persistence technique
This blog post was authored by Ankur Saini, with contributions from Hossein Jazi and Jérôme Segura 2022-04-07: Added MITRE ATT&CK mappings 2022-04-07: Changed the name of the final payload from Vidar to Mars Stealer Colibri Loader is a relatively new piece of malware that first appeared on...
A week in security (March 21 – 27)
Last week on Malwarebytes Labs: Anti-war open-source software developer targets Russians and Belarussians with “protestware” Elden Ring exploit traps players in infinite death loop Update now! Many HP printers affected by three critical security vulnerabilities White House urges US businesses:...
Gh0stCringe RAT makes database servers squeal for protection
Researchers have found that the Gh0stCringe RAT is infecting Microsoft SQL and MySQL, and seems to focus on servers with weak protection. The Gh0stCringe RAT communicates with a command and control C&C server to receive instructions and is capable of exfiltrating information. SQL SQL is short for...
FBI catches up with one of its Most Wanted, arrests head of advance-fee crime network
Some dont mind putting extra effort into making their crime appear as legitimate as possible by perpetuating more lies as long as they are guaranteed money in the end. Osondu Victor Igwilo is one such Nigerian scammer. The "catchers" 52-year-old Igwilo has been on the Federal Bureau of...
Meta blocks Russia-Ukraine disinformation campaigns on Facebook, Instagram
Meta says it has detected and removed two disinformation campaigns regarding the current Russia-Ukraine war. These campaigns, it says, were run by groups in Russia and Ukraine to target Ukraine users. In the post, Nathaniel Gleicher, Metas head of security policy, and David Agranovich, Metas...
Toyota’s just in time manufacturing faced with disruptive cyberattack
Toyota suspended the operation of 28 lines at 14 plants in Japan on Tuesday, March 1, after a cyberattack on supplier Kojima Industries Corp. Some plants operated by Toyotas affiliates Hino Motors and Daihatsu are included in the shutdown. Hino suspended all operations at its Koga facility, which...
Google and Microsoft accused of feeding smaller search engines spam ads
Google and Microsoft appear to have been flooding their smaller search engine rivals with spam ads, to limit the number of higher-value ads that appear on them, according to data viewed by POLITICO. Ads are considered "spam" if they appear in search results but have little to no relevance to the...
“We absolutely do not care about you”: Sugar ransomware targets individuals
Ransomware tends to target organizations. Corporations not only house a trove of valuable data they cant function without, but they are also expected to cough up a considerable amount of ransom money in exchange for their encrypted files. And while corporations struggle to keep up with attacks,...
Beware bogus OperaGX sponsorship offers
If you’re a YouTuber, watch out for bogus Opera missives winging their way to you. The Browser team has had to send out a warning in relation to scammy antics trading on their good name. At a time when people are stretched for cash, nothing could be better than a promo mail bearing good news...
Segway store compromised with Magecart skimmer
In the early 2000s, the Segway company released a personal transporter that would become iconic. The Segway Human Transporter was quickly sold on Amazon and featured in a number of movies. Since 2015, Segway has been a subsidiary of Chinese-based company Ninebot and sells electric scooters under...
Data Privacy Day: Know your rights, and the right tools to stay private
Not all data privacy rights are the same. There’s the flimsy, the firm, the enforceable, and the antiquated, and, unfortunately, much of what determines the quality of your own data privacy rights is little more than your home address. Those in Chile, for example, enjoy a globally rare...
Ransomware attacks Finalsite, renders 8,000 school sites unreachable for days
Finalsite, a popular platform for creating school websites, appears to have recovered significant functionality after being attacked by a still-unknown ransomware on Tuesday, January 4, 2022. At least 8,000 schools are said to have been affected by the resulting outage. An important message from...
Patchwork APT caught in its own web
Patchwork is an Indian threat actor that has been active since December 2015 and usually targets Pakistan via spear phishing attacks. In its most recent campaign from late November to early December 2021, Patchwork has used malicious RTF files to drop a variant of the BADNEWS Ragnatela Remote...
Customer support scammers take aim at NFT enthusiasts
Adidas has been making waves in the NFT space with a collection of footwear/bored ape crossover sales. WEN? EARLY ACCESS MINTING STARTS NOW First look of the collaborative NFT with @gmoneyNFT @punkscomic and @BoredApeYC Good luck and TracksuitUp pic.twitter.com/REYOSdRbNT -- adidas Originals...
NSO Group spyware found on iPhones of US State Department employees
iPhones of at least nine US State Department employees are said to have been hacked using the Pegasus spyware developed by the Israeli technology company, NSO Group. Pegasus is a proprietary and sophisticated spyware capable of the remote surveillance of smartphones. The employees targeted by an...
Evasive maneuvers: HTML smuggling explained
Microsoft Threat Intelligence Center MSTIC last week disclosed “a highly evasive malware delivery technique that leverages legitimate HTML5 and JavaScript features” that it calls HTML smuggling. HTML smuggling has been used in targeted, spear-phishing email campaigns that deliver banking Trojans...
Are cybercriminals turning away from the US and targeting Europe instead?
Significant cyberattacks against critical targets in Europe have doubled in the past year, according to EU figures obtained by CNN. And with the announced pressure from the US against major ransomware gangs we can expect these figures to go up even more. Its also clear from recent attacks that th...
Multiple video games break after domain name snafu
We’ve seen quite a few complaints from gamers this past weekend, unable to load up and play games on the Steam platform. The problem wasn’t hackers, or DDoS attacks, or anything else. Rather, the issue is something bundled with the game by default designed to keep titles “secure” from tampering...
Discord scammers lure victims with promise of free Nitro subscriptions
A number of bogus offers are doing the rounds in Discord land at the moment. Discord, a group text chat/VoiP app of choice for many gaming communities, is having a bit of trouble with phishing links. You may recall we’ve covered a lot of Discord scams previously. Service users can create bots,...
Facebook shoots own foot, hits Instagram and WhatsApp too
Mark Zuckerberg was left counting the personal cost of bad PR yesterday about $6 billion, according to Bloomberg on a day when his company couldnt get out of the news headlines, for all the wrong reasons. The billionaire Facebook CEOs bad day at the office started with whistleblower Frances Hauge...
Criminals were inside Syniverse for 5 years before anyone noticed
"A global privacy disaster", "espionage gold", and "a state-sponsored wet dream" are just some of the comments one can read regarding the breach at Syniverse, a key player in the tech/telecommunications industry that calls itself the "center of the connected world." In a filing with the US Securi...
Parents and teachers believe digital surveillance of kids outweighs risks
Schools in the US have been using surveillance software to keep an eye on their students, and such software has grown significantly in popularity since the COVD-19 pandemic closed campuses nationwide. And this is fine—at least according to new research released by the Center for Democracy &...
Google, geofence warrants, and you
Another day, another example of how the data sharing choices we make can come back to haunt us. The Guardian reports a Florida resident finding his bike ride data requested by law enforcement. This is due to his route taking him close to the scene of a burglary a year earlier. According to the...
What are computer cookies?
We all know cookies as tasty baked treats that we love to eat, but computer cookies are quite different. Although they’re most popularly known as just "cookies", they may be referred to as browser cookies, Internet cookies, HTTP cookies, web cookies, computer cookies, or digital cookies. What are...
Why backups aren’t a “silver bullet” against ransomware, with Matt Crape: Lock and Code S02E17
A recent spate of ransomware attacks in the US and abroad have derailed major corporations, spurring a fuel shortage on the US East Coast, shuttering grocery stores in Sweden, and sending students home from grade schools. The solution, so many cybersecurity experts say, is to implement backups,...
Facebook puts on Ray-Bans, struts into the privacy minefield of smart glasses
Facebook, neck-deep in virtual / augmented reality with the Oculus headset, continues to move things up a gear. Its announced “Ray-Ban stories”, smart glasses which take video and photos. The company may yet go one step further and incorporate these features into Augmented Reality AR specs which ...
Hackers, tractors, and a few delayed actors. How hacker Sick Codes learned too much about John Deere: Lock and Code S02E16
No one ever wants a group of hackers to say about their company: "We had the keys to the kingdom." But thats exactly what the hacker Sick Codes said on this weeks episode of Lock and Code, in speaking with host David Ruiz, when talking about his and fellow hackers efforts to peer into John Deeres...
Facebook bans Signal ads that reveal the depth of what it knows about you
Most of our readers are well aware of the fact that the big tech corporations, especially those that run social media know a great deal about us and our behavior. But it rarely hits home how much personal data they have about us and how they can guess, quite correctly, even more. Lots more. Signa...
HP printer issue on Mac: What happened?
Apple holds the keys to nearly all recent Mac software. This is a story of those keys, and how a Hewlett Packard HP error caused problems for a lot of people. Code signing and certificates First, its important to understand that when I say "keys," what I really mean is "certificates." These...
Caught in the payment fraud net: when, not if?
Sometimes, I think there are three certainties in life: death, taxes, and some form of payment fraud. Security reporter Danny Palmer experienced this a little while ago, and has spent a significant amount of time tracking the journey of his card details from the UK to Suriname. His deep-dive...
PCI DSS compliance: why it’s important and how to adhere
PCI DSS is short for Payment Card Industry Data Security Standard. Every party involved in accepting credit card payments is expected to comply with the PCI DSS. The PCI Standard is mandated by the card brands, but administered by the Payment Card Industry Security Standards Council PCI SSC. The...
Do Chromebooks need antivirus protection?
The supervisor handed Jim a Chromebook and said: “Take this home with you and use it to send me updates. We want to minimize the number of visits to the office—anything you can do from home helps keep this place safer. When the pandemic is over, I’d like to have it back in one piece, if possible....
Labs CTNT report shows shift in threat landscape to cryptomining
It's that time again! Time for the quarterly Malwarebytes Labs Cybercrime Tactics and Techniques report aka the Labs CTNT report. To get a more complete picture of what's been going on in cybercrime this quarter, the Labs team has combined intel and statistics gathered from January through March...
New Mac cryptominer distributed via a MacUpdate hack
Early this morning, security researcher Arnaud Abbati of SentinelOne tweeted about new Mac malware being distributed via MacUpdate. This malware, which Abbati has named OSX.CreativeUpdate, is a new cryptocurrency miner, designed to sit in the background and use your computer's CPU to mine the...
Solution Corner: Malwarebytes Incident Response
Unless you’ve been stuck at a fiery music festival, I don’t need to tell you the threat landscape is constantly evolving and that threats have become increasingly sophisticated at evading detection. Recent Malwarebytes Labs reports, including the 2017 State of Malware shine a light on just how fa...
Breaking the attack chain
The attack chain. It’s a term used often in infosecurity. Also known as the kill chain, it was originally used as a military concept to describe the structure of an attack. It serves the same function in cybersecurity, where various methods of malware infiltration, deployment, and execution are...
A week in security (June 8 – June 14)
Last week on Malwarebytes Labs: Stolen iPhones could soon be worth a lot less to thieves Fake verification pages are stealing Steam accounts from players Google can be liable for false AI Overviews, court rules VRChat says reported data breach never happened Children’s phones must block nude imag...
88% of people struggle to tell what’s real online
What would you trade for a technology that can do almost anything? For many people, the answer is clear: Everything they thought they could trust. In a few, short years, Artificial Intelligence AI tools have granted people unfettered access to easier writing, faster image generation, quicker...
Patch now! New Chrome update for two critical vulnerabilities
Google has released an update for its Chrome browser which includes patches for two critical vulnerabilities. The update brings the Stable channel to versions 130.0.6723.91/.92 for Windows and Mac and 130.0.6723.91 for Linux. The easiest way to update Chrome is to allow it to update automatically...
Say hello to the fifth generation of Malwarebytes
Announcing the latest version of Malwarebytes, which brings a faster, responsive, and consistent user interface, integrated security and privacy, and expert guidance to keep you secure. Heres what you can expect: 1. Unified user experience across platforms The new generation of Malwarebytes now...
800 arrests, 40 tons of drugs, and one backdoor, or what a phone startup gave the FBI, with Joseph Cox: Lock and Code S05E12
This week on the Lock and Code podcast… This is a story about how the FBI got everything it wanted. For decades, law enforcement and intelligence agencies across the world have lamented the availability of modern technology that allows suspected criminals to hide their communications from legal...
Dell notifies customers about data breach
Dell is warning its customers about a data breach after a cybercriminal offered a 49 million-record database of information about Dell customers on a cybercrime forum. A cybercriminal called Menelik posted the following message on the “Breach Forums” site: “The data includes 49 million customer a...
Kaiser health insurance leaked patient data to advertisers
Health insurance giant Kaiser has announced it will notify millions of patients about a data breach after sharing patients’ data with advertisers. Kaiser said that an investigation led to the discovery that “certain online technologies, previously installed on its websites and mobile applications...
Ring agrees to pay $5.6 million after cameras were used to spy on customers
Amazons Ring has settled with the Federal Trade Commission FTC over charges that the company allowed employees and contractors to access customers private videos, and failed to implement security protections which enabled hackers to take control of customers’ accounts, cameras, and videos. The FT...
35-year long identity theft leads to imprisonment for victim
Sometimes the consequences of a stolen identity exceed anything you could have imagined. Matthew David Keirans, a 58-year-old former hospital employee has pleaded guilty to assuming another man’s identity since 1988. He was convicted of one count of making a false statement to a National Credit...