4706 matches found
Falsifying and weaponizing certified PDFs
The Portable Document Format PDF file type is one of the most common file formats in use today. Its value comes from the fact that PDFs always print the same way, and that PDFs are supposed to be read-only unlike a Word document, say, which is designed to be easy to edit. This immutability can be...
Intel CPU vulnerabilities fixed. But should you update?
Microsoft has released out of band updates for information disclosure vulnerabilities in Intel CPUs. The normal gut reaction would be to install out of band updates as soon as possible. Microsoft wouldnt be releasing the updates ahead of the regular cycle without good reason, would it? Well, mayb...
[updated] Patch now! PrintNightmare over, MSHTML fixed, a new horror appears … OMIGOD
The September 2021 Patch Tuesday could be remembered as the final patching attempt in the PrintNightmare… nightmare. The ease with which the vulnerabilities shrugged off the August patches doesn’t look to get a rerun. So far we haven’t seen any indications that this patch is so easy to circumvent...
Royal Mail phish deploys evasion tricks to avoid analysis
Royal Mail phish scams are still in circulation, slowly upgrading their capabilities with evasion tools deployed in far more sophisticated malware attacks. Often, the quality of sites we see varies greatly. Many fake Royal Mail pages are cookie-cutter efforts existing on borrowed time. The...
A week in security (September 24 – 30)
Last week on Labs was a busy one. We discussed how SMS phishing attacks target the job market, issued a warning for TV Licensing phishes, commented on how Apple confused Safari users with recent changes to how OSX handles browser extensions, and elaborated on holes found in Mojave’s privacy...
Google reminds website owners to move to HTTPS before October deadline
With the release of Chrome v62 in less than 3 months, Google will begin marking non-HTTPS pages with text input fields—like contact forms and search bars—and all HTTP websites viewed in Incognito mode as "NOT SECURE" in the address bar. The company has started sending out warning emails to web...
WhatsApp fix goes live after targeted attack on human rights lawyer
If you use WhatsApp, you’ll want to update both app and device as soon as possible due to a freshly-discovered exploit. The vulnerability was found in Google Android, Apple iOS, and Microsoft Windows Phone builds of the app. Unlike many mobile attacks, potential victims aren’t required to install...
How to harden AdwCleaner’s web backend using PHP
More and more applications are moving from desktop to the web, where they are particularly exposed to security risks. They are often tied to a database backend, and thus need to be properly secured, even though most of the time they are designed to restrict access to authenticated users only. PHP...
Google Chrome zero-day: Now is the time to update and restart your browser
Update 2019-03-21 A proof of concept for CVE-2019-5786 was published by Exodus Intel. In our earlier post we exercised caution before claiming we would have blocked this zero-day, but we can now say with confidence that an older version of Malwarebytes 1.12.1.122 would have mitigated this attack:...
Cybersecurity for journalists: How to defeat threat actors and defend freedom of the press
When you’re a journalist or work for the press, there may be times when you need to take extra cybersecurity precautions—more so than your Average Joe. Whether a reporter is trying to crowd-source information without revealing their story or operating in a country where freedom of the press is a...
The strangest cybersecurity events of 2020: a look back
This year is finally coming to an end, and it only took us about eight consecutive months of March to get here. There is a ton to talk about, and that’s without even discussing the literal global pandemic. You see, 2020s news stories were the pressure-cooker product of mania, chaos, and the...
RMM software: What is it and do you need it?
As cybersecurity products evolve to better protect against new forms of malware, trickier evasion techniques, and more organized cybercrime campaigns, the practice of cybersecurity evolves, too, providing simple, streamlined methods to manage hundreds of endpoints through one tool: RMM software...
Update now! Chrome patches zero-day that was exploited in the wild
A Chrome patch has been issued with an advisory stating that the Stable channel has been updated to 88.0.4324.150 for Windows, Mac and Linux. The only noteworthy thing about this update is a patch for a zero-day vulnerability that has been actively exploited in the wild. But that one looks to be...
Video game portrayals of hacking: NITE Team 4
Note: The developers of NITE Team 4 granted the blog author access to the game plus DLC content. A little while ago, an online acquaintance of mine asked if a new video game based on hacking called NITE Team 4 was in any way realistic, or “doable” in terms of the types of hacking it portrayed...
Don't share the WhatsApp 'Martinelli' phone hacking alert: It's a hoax
Everyone loves a good campfire story prone to exaggeration. However, when told online its not quite got the same effect. Long ago, sites like Myspace would play host to very certain types of messages. "Dont open this post from Johnny Cyberhack, or your account will be stolen and your C drive will...
How your iPhone could tell you if you’re being stalked
The latest iOS beta suggests that Apple’s next big update will include an iPhone feature that warns users about hidden, physical surveillance of their location. The feature detects AirTags, Apples answer to trackable fobs made by Tile, and serves to block the potential abuse of the much-rumored...
Skimmer acts as payment service provider via rogue iframe
Criminals continue to target online stores to steal payment details from unaware customers at a rapid pace. There are many different ways to go about it, from hacking the shopping site itself, to compromising its supply-chain. A number of online merchants externalize the payment process to a...
Plugin vulnerabilities exploited in traffic monetization schemes
In their Website Hack Trend Report, web security company Sucuri noted that WordPress infections rose to 90 percent in 2018. One aspect of Content Management System CMS infections that is sometimes overlooked is that attackers not only go after the CMSes themselves—WordPress, Drupal, etc.—but also...
2022's most routinely exploited vulnerabilities—history repeats
The Cybersecurity and Infrastructure Security Agency CISA, National Security Agency NSA, Federal Bureau of Investigation FBI, and international partners have released a joint Cybersecurity Advisory CSA called the 2022 Top Routinely Exploited Vulnerabilities. We went over the list and it felt like...
Chrome targeted by Magnitude exploit kit
Exploit kits EK are not as widespread as they used to be. One of the reasons is likely that most exploit kits targeted software that is hardly ever used anymore. Internet Explorer, Silverlight, and Flash Player to name a few, have been deprecated, replaced, and quickly lost their user-base. So,...
How to send an anonymous email
Sometimes readers ask us how to send an anonymous email or how criminals and scammers manage to send anonymous emails. Since this is not an easy question to answer, because, for starters, there are several ways to interpret the question, I’ll try to give you some information here. Interpret the...
New Flash Player zero-day comes inside Office document
Update 2018-02-06: Adobe has released a patch for this vulnerability. More information is available here. We tested this zero-day with a proof-of concept that was made available. Rather than launching it from within Office, we turned it into a drive-by download attack. The animation below shows...
Electrum Bitcoin wallets under siege
By Adam Thomas and Jérôme Segura, with additional contributions from Vasilios Hioueras and S!Ri Since at least late December 2018, many users of the popular Electrum Bitcoin wallet have fallen victim to a series of phishing attacks, which we estimate netted crooks well over 771 Bitcoins—an amount...
Magniber ransomware: exclusively for South Koreans
The Magnitude exploit kit has been pretty consistent over the last few months, dropping the same payload—namely, the Cerber ransomware—and targeting a few select countries in Asia. Strangely, Magnitude EK disappeared in late September, and for a while we wondered whether this was yet another...
What SMBs can do to protect against Log4Shell attacks
As you may already know, the business, tech, and cybersecurity industries have been buzzing about Log4Shell CVE-2021-44228, aka Logjam, the latest software flaw in an earlier version of the Apache Log4j logging utility. As the name suggests, a logger is a piece of software that logs every event...
The Malwarebytes 2021 State of Malware report: Lock and Code S02E04
This week on Lock and Code, we discuss the top security headlines generated right here on Labs. In addition, we tune in to a special presentation from Adam Kujawa about the 2021 State of Malware report, which analyzed the top cybercrime goals of 2020 amidst the global pandemic. If you just pay...
A week in security (July 1 – 7)
Last week on Malwarebytes Labs, we explained what to do when you find stalkerware, how cooperating apps and automatic permissions are setting you up for failure, and why you should steer clear of Bitcoin Cash generators. Other cybersecurity news: A former Chief Information Officer CIO of Equifax...
Iranian hacking group uses compromised email accounts to distribute MSP remote access tool
Researchers have uncovered a new campaign by hacking group MuddyWater, aka Static Kitten, in which a legitimate remote access tool is sent to targets from a compromised email account. The targets in this campaign are reportedly in Armenia, Azerbaijan, Egypt, Iraq, Israel, Jordan, Oman, Qatar,...
Threat spotlight: DarkSide, the ransomware used in the Colonial Pipeline attack
Late last week, the business network systems of Colonial Pipeline, the biggest supplier of fuels on the East Coast of the United States, were compromised due to a ransomware attack, forcing the company to temporarily shut down its operations while investigations are underway. Monday morning,...
US Facebook users can now claim Cambridge Analytica settlement cash
US-based Facebook users can now claim a piece of the enormous settlement payment by Meta, Facebook's parent company, over the Cambridge Analytica scandal. This news follows Meta agreeing to pay $725 million in December 2022 to settle the longstanding class action lawsuit filed by Lauren Price in...
Update now! Apple patches two zero-day vulnerabilities that may have been actively exploited
Apple has released security updates for macOS Monterey 12.3.1, iOS 15.4.1, iPadOS 15.4.1, tvOS 15.4.1, and watchOS 8.5.1. The update patches two vulnerabilities about which the advisory states that Apple is aware of a report that this issue may have been actively exploited for both vulnerabilitie...
New Mac ransomware spreading through piracy
Editor’s note: The original name for the malware, EvilQuest, has been changed due to a legitimate game of the same name from 2012. The new name, ThiefQuest, is also more fitting for our updated understanding of the malware. A Twitter user going by the handle @beatsballert messaged me yesterday...
Recipe for success: tech support scammers zero in via paid search
Tech support scammers are known for engaging in a game of whack-a-mole with defenders. Case in point, last month there were reports that crooks had invaded Microsoft Azure Cloud Services to host fake warning pages, also known as browser lockers. In this blog, we take a look at one of the top...
Compromising vital infrastructure: communication
Have you ever been witness to a Wi-Fi failure in a household with school-aged children? If so, I don’t have to convince you that communication qualifies as vital infrastructure. For the doubters: when you see people risking their lives in traffic just to check their phone, you'll understand why...
Godfather Android banking malware is on the rise
Researchers at Cyble Research & Intelligence Labs CRIL have found a new version of the Android banking Trojan called Godfather. The new version of Godfather uses an icon and name similar to a legitimate application named MYT Music, which is hosted on the Google Play Store with over 10 million...
Threat profile: RansomHouse makes extortion work without ransomware
Cybersecurity is an industry known for many hats: white hats, black hats, and grey hats. White hats refer to "the good people" in the industry for those who are not in the know. They are malware analysts, security researchers, and penetration testers. Black hats are the opposite of white hats, an...
What is a honeypot? How they are used in cybersecurity
Cybersecurity experts strive to enhance the security and privacy of computer systems. Quietly observing threat actors in action can help them understand what they have to defend against. A honeypot is one such tool that enables security professionals to catch bad actors in the act and gather data...
Software renewal scammers unmasked
Weve been tracking a fraudulent scheme involving renewal notifications for several months now. It came to our attention because the Malwarebytes brand as well as other popular names were being used to send fake invoices via email. The concept is simple but effective. You receive an invoice for a...
Hacking with AWS: incorporating leaky buckets into your OSINT workflow
Penetration testing is often conducted by security researchers to help organizations identify holes in their security and fix them, before cybercriminals have the chance. While there's no malicious intent for the researcher, part of his job is to think and act like a cybercriminal would when...
Microsoft fixes seven zero-days, including two PuzzleMaker targets, Google fixes serious Android flaw
This patch Tuesday harvest was another big one. The Windows updates alone included seven zero-day vulnerability updates, two of them are actively being used in the wild by a group called PuzzleMaker, four others that have also been seen in the wild, plus one other zero-day vulnerability not known...
How to solve the Malwarebytes CrackMe: a step-by-step tutorial
The topic of this post is a Malwarebytes CrackMe—an exercise in malware analysis that I recently created. First, the challenge was created to serve internal purposes, but then it was released to the community on Twitter and triggered a lot of positive response. Thanks to all of you who sent in yo...
Adware and PUPs families add push notifications as an attack vector
Some existing families of potentially unwanted programs and adware have added browser push notifications to their weapons arsenal. Offering themselves up as browser extensions on Chrome and Firefox, these threats pose as useful plugins then haggle users with notifications. A family of search...
Process Doppelgänging meets Process Hollowing in Osiris dropper
One of the Holly Grails for malware authors is a perfect way to impersonate a legitimate process. That would allow them to run their malicious module under the cover, being unnoticed by antivirus products. Over the years, various techniques have emerged in helping them to get closer to this goal...
Out of character: Homograph attacks explained
In April, Xudong Zheng, a security enthusiast based in New York, found a flaw in some modern browsers in the way they handle domain names. While Chrome, Firefox, and Opera already have security measures in place to cue users that they might be visiting a destination they thought was legitimate, a...
Update now! Apple patches bugs in iOS and iPadOS
On two consecutive days Apple has released a few important patches. iOS 14.8.1 comes just a month after releasing iOS 14.8 for those who didn’t want to update their iPhones to iOS 15. This update also came as a sort of surprise as it was not beta-tested beforehand. Earlier this year Apple announc...
IoT forecast: Running antivirus on your smart device?
In 2016, threat actors pulled off a basic but devastating botnet attack that harnessed the power of the Internet of Things IoT. After gathering a list of 61 default username and password combinations for IoT devices, threat actors scanned the Internet for open Telnet ports and, when they found a...
How to securely send your personal information
This story originally ran on The Parallax and was updated on July 3, 2019. A few months ago, my parents asked a great security question: How could they securely send their passport numbers to a travel agent? They knew email wasn’t safe on its own. Standard email indeed isn’t safe for sending...
Fake Elder Scrolls Online developers go phishing on PlayStation
A player of popular gaming title Elder Scrolls Online recently took to Reddit to warn users of a phish via Playstation messaging. This particular phishing attempt is notable for ramping up the pressure on recipients—a classic social engineering technique taken to the extreme. A terms of service...
Steer clear of Bitcoin Cash generators
Here’s an interesting evolution on a well-worn scam, taking one profit generating fakeout and turning it into something else entirely. For years, gamers have been stuck navigating the treacherous waters of fake video game giveaways. With so many actual genuine gaming giveaways around, you’re neve...
Update now! October patch Tuesday fixes actively used zero-day...but not the one you expected
Microsoft fixed 84 vulnerabilities in its October 2022 Patch Tuesday updates. Thirteen of them received the classification 'Critical'. Among them are a zero-day vulnerability that's being actively exploited, and another that hasnt been spotted in the wild yet. The bad news is that the much-desire...