Twitter security under scrutiny after former executive turns whistleblower

A former Twitter executive has acted as a whistleblower and alleged some serious problems. Provided these accusations are true, the disclosure shows a side of Twitter that poses a threat to its own users' personal information, to company shareholders, to national security, and to democracy...

Introducing Malwarebytes Cloud Storage Scanning: How to scan for malware in cloud file storage repositories

Were excited to announce Malwarebytes Cloud Storage Scanning, a new service that extends Nebula malware scanning options to include files stored on cloud storage repositories that are part of your organizations digital ecosystem. Today, the service supports scanning of files under 100Mb in size...

KMSpico explained: No, KMS is not "kill Microsoft"

Thanks to Pieter Arntz and the Threat Intelligence Team who contributed to the research. A hack tool is a program that allows users to activate software even without a legitimate, purchased key. Hack tools are often used to root devices in order to among others remove barriers that stop users fro...

Criminals using compromised social media accounts to “post indecent images of children” says UK cybercrime organization

Action Fraud, the UKs national reporting center for fraud and cybercrime, is warning of a very disturbing scam involving social media and "indecent images of children." Details are light, but social media fans should take this as a warning to lock down their accounts immediately. Criminals are...

Malware spent months hoovering up credit card details from 300 US restaurants

Criminal hackers have been able to steal at least 50,000 credit cards from 300 restaurants in the US, after launching two Magecart campaigns that target the MenuDrive, Harbortouch, and InTouchPOS online payment platforms: Magecart is a web-skimmer—malware that is injected onto a vulnerable websit...

The winding road to compliance

“Here are the keys. Buy milk and bread. Drive safely.” These are important instructions for a new driver tasked with running an errand. But unless the driver knows where they are going, a bit of guidance on how to get to the store can only help. Without it, the driver may complete the errand...

Ring shares data with police without consent (but it’s in good faith), says Amazon

Ring, the Amazon-owned company behind the popular smart doorbells, has admitted to giving doorbell data to law enforcement willy-nilly. All they have to do is fill out a form called the Amazon Law Enforcement Request Tracker—no need to ask for the data owners consent, give a warrant or court orde...

Ransomware rolled through business defenses in Q2 2022

Ransomware has given security professionals a headache for the better part of a decade. Fast forward to 2022, and the headache has become a migraine—not just for IT teams but business owners, employees, and customers as well. Over the last three months, ransomware gangs have increased the pressur...

Microsoft appears to be rolling back Office Macro blocking

Were seeing several reports indicating that Microsoft may have rolled back its decision to block Macros in Office. Currently no official statement exists—the reports rely on a post by a Microsoft employee in the replies of the original article where the plan to block macros was announced. Earlier...

4 ways businesses can save money on cyber insurance

So, your business has just suffered a data breach and it’s time to dig deep in your pockets to pay all the resulting expenses. Without cyber insurance, you can expect to pay a dizzying amount of cash. In 2022 alone, the average cost of a data breach for businesses under 1,000 employees was close ...

North Korean APT targets US healthcare sector with Maui ransomware

State-sponsored North Korean threat actors have been targeting the US Healthcare and Public Health HPH sector for the past year using the Maui ransomware, according to a joint cybersecurity advisory CSA from the FBI, Cybersecurity and Infrastructure Security Agency CISA, and the Department of the...

Insider Threat: Employees indicted for stealing $88 million of license keys

Two insiders and an accomplice were indicted on Tuesday for multiple counts of fraud. According to documents unsealed by the Wester District of Oaklahoma, a grand jury charged Raymond Bradley Pearce aka Brad Pearce, a former employee of Avaya; Dusti O. Pearce, his wife; and Jason M. Hines aka Joe...

ZuoRAT is a sophisticated malware that mainly targets SOHO routers

Researchers have analysed a campaign leveraging infected SOHO routers to target predominantly North American and European networks of interest. The so-called ZuoRAT campaign, which very likely started in 2020, is so sophisticated that the researchers suspect that there is a state sponsored threat...

Raccoon Stealer returns with a new bag of tricks

The popular malware Raccoon stealer, which suspended operations after a developer allegedly died in the Ukraine invasion, has returned. Raccoon stealer is malware as a service, with the developers selling it to would-be users. The operation is a tightly-run ship, to the extent that customers have...

LGBTQ+ community targeted by extortionists who threaten to publish nudes

The FTC Federal Trade Commission has warned the LGBTQ+ community about extortionists posing as potential romantic partners on Grindr and Feeld. The scammers send their targets explicit photos and then ask for them to reciprocate. If they do, targets are then blackmailed into paying a ransom,...

You only have nine months to ditch Exchange Server 2013

Microsoft has posted a reminder that Exchange Server 2013 reaches End of Support EoS on April 11, 2023. Thats a little more than 9 months from now. A useful and timely reminder, since we all realize that it takes some time to migrate to a different system. Every Windows product has a lifecycle. T...

Dial 311 for… cybersecurity emergencies?

Members of the Cybersecurity Advisory Committee of CISA Cybersecurity and Infrastructure Security Agency have proposed an emergency cybersecurity call line for small and medium-sized businesses SMBs. Should the proposition be approved, SMBs would be able to call 311 in the event of a cybersecurit...

ALPHV squeezes victim with dedicated leak site for employees and customers

Eyebrows were raised this week when the ALPHV ransomware group created a leak site dedicated to just one of its victims. The site was aimed at the employees and guests of a hotelier that had been attacked, and allowed them to see if their personal details had been leaked. The new tactic seems to ...

Intuit phish says “we have put a temporary hold on your account”

Intuit released a warning about a phishing email being sent to its customers. The phishing emails tell recipients that their account has been put on hold, and try to trick users into “validating their account” to release it again. Intuit Intuit Inc. is an American business software company that...

A week in security (May 9 – 15)

Last week on Malwarebytes Labs: How to spot the signs of a virtual kidnap scam Virtual credit cards coming to Chrome: What you need to know Clearview AI banned from selling facial recognition data in the US Cyberattacks on SATCOM networks attributed to Russian threat actors F5 BIG-IP vulnerabilit...

Custom PowerShell RAT targets Germans seeking information about the Ukraine crisis

This blog post was authored by Hossein Jazi and Jérôme Segura Populations around the world—and in Europe in particular—are following the crisis in Ukraine very closely, and with events unfolding on a daily basis, people are hungry for information. Although all countries have reasons to be...

Google, Apple, and Microsoft step hand in hand into a passwordless future

While we recently "celebrated" World Password Day, almost every security outlet keeps telling us that passwords alone are not enough. In practice, in the last few years this has meant pairing passwords with something else, such as a one-time code from an app or an SMS message, in a scheme called...

Steer clear of fake premium mobile app unlockers

A site has been bouncing around YouTube comments for the past couple of weeks. The site sometimes changes, the messages alter slightly, but the essence remains the same: In all cases, people acting in suspiciously automated fashion ask if everyone is using this "glitch" or generator without ever...

The $43 billion Business Email Compromise threat

The FBI has released a public service announcement regarding the ever-present threat of Business Email Compromise BEC. This comes hot on the heels of an earlier release from the Las Vegas FBI department in April. Losses continue to mount, and were currently facing a scam racking up domestic and...

8 security tips for small businesses

Small businesses and startups are known to face some extra challenges when it comes to cybersecurity. Because they don’t have the size or budget to have a fully-fledged dedicated security team, it often comes down to a smaller staff that doesn’t have the time to do everything that is recommended ...

Russia continues digital onslaught against Ukrainian systems

According to Microsoft, at least six Kremlin-backed hacking groups have been attacking Ukraine in the digital space in an onslaught that began before the invasion in late February. The company counted more than 237 cyberattack operations against Ukrainian systems and critical infrastructure. Thes...

Malwarebytes Evaluation of the MITRE ENGENUITY ATT&CK Round 4 Emulations

The results of the MITRE Engenuity ATT&CK Evaluation of the Wizard Spider and Sandworm adversaries were officially released1 last week. We are very proud of the Malwarebytes EDR results in the MITRE Engenuity test, which are the direct reflection of a relentless core EDR team and the learnings fr...

Old Play Store apps served notice by upcoming API level changes

Starting very soon, old and outdated apps on the Google Play Store will no longer be available to download. A major clearout is coming, and if you’re an app developer it may be time to overhaul your product or face Android-centric oblivion. What’s happening? Android makes use of APIs application...

Facebook users wary of security mail find themselves locked out of accounts

It’s not unusual for sites and services to offer additional forms of protection on top of regular security features. Some of the bigger ones even go the extra mile, protecting from attacks up to a potential nation state level. The most famous example of this recently is likely Google. Its Advance...

Online Safety Bill’s provisions for “legal but harmful” content described as “censor’s charter”

The UKs Online Safety Bill, a landmark piece of legislation that that aims to regulate the countrys online content, has just been introduced into Parliament after undergoing significant revisions. The bill has been in progress for about five years and its main objective is to regulate online...

Tips to protect your data, security, and privacy from a hands-on expert

This post was authored by one of the most active helpers on the Malwarebytes forums who wishes to remain anonymous. Back in the early days of personal computing, perhaps one of the only real concerns was data loss from a drive failure. That risk still exists, but we all face many other threats...

A week in security (February 21 – February 27)

Last week on Malwarebytes Labs: Potential cybersecurity impacts of Russia’s invasion of Ukraine Cyber lures and threats in the context of the war in Ukraine CISA warns of cyberespionage by Iranian APT “MuddyWater” Google and Microsoft accused of feeding smaller search engines spam ads Cyclops Bli...

A week in security (February 14 – February 20)

Last week on Malwarebytes Labs: Adobe patches actively exploited Magento/Adobe Commerce zero-day Ransomware gang hits 49ers’ network before Super Bowl kick off Don’t let scammers ruin your Valentine’s Day CISA Ransomware report warns “triple threat” attacks still on the prowl City: Skylines...

Microsoft warns of phishy OAuth apps

Microsoft is warning Office 365 users to watch out for a phishy emails asking you to install an app called Upgrade. The app requests multiple permissions which could cause problems on a network if granted: Creating inbox rules Read and write emails and calendar items Read contacts This is only th...

The Facebook Pixel Hunt aims to unravel Facebook’s tracking methods. Will you join?

Browser developer Mozilla has announced a research project to provide insights into, and data about, a space that’s opaque to policymakers, researchers and users themselves. Tracking the trackers is the name of the game. Give up some of your data voluntarily to stop the involuntary collection by...

Attackers are mailing USB sticks to drop ransomware on victims’ computers

Physical objects as security threats are in the news at the moment. The oft-touched upon tale of rogue USB sticks is a common one. Being wary of random devices found on the floor, or handed out at events is a smart move. You simply don’t know what’s lurking, and it’s hard to find out safely witho...

A week in security (January 3 – 9)

Last week on Malwarebytes Labs: Ransomware attacks Finalsite, renders 8,000 school sites unreachable for days Patchwork APT caught in its own web Sophisticated phishing scheme spent years robbing authors of their unpublished work Google and Facebook fined $240 million for making cookies hard to...

Spear phish, whale phish, regular phish: What’s the difference?

There are many types of phishing attack nowadays, to the extent it can be tricky to keep up with them all. We have unique names for mobile attacks, postal attacks, threats sent via SMS and many more besides. However, we often see folks mix up their spears and their whales, and even occasionally...

What is a search engine and why does anyone care which one you use?

An attempt at a simple definition: a search engine is a software system that allows users to find content on the Internet based on their input. The introduction of the major search engines brought about huge changes in the way we use the Internet. There is a wealth of knowledge available for thos...

How to check for Windows updates and install them

Keeping Windows up to date is an important part of warding off malware, exploits, and other attacks. If you’re not running the latest version of your OS, it can give cybercriminals the leverage they need to compromise your system. Unfortunately not all machines are running automatic updates by...

Emotet’s back and it isn’t wasting any time

Emotet is one of the best known, and most dangerous, malware threats of the past several years. On several occasions it appeared to take an early retirement, but it has always came back. In January of this year, a global police operation dismantled Emotets botnet. Law enforcement then used their...

Attacker unmasked by VPN flubs charged with Ubiquiti hack

A veritable barn-stormer of an insider threat story has recently come to light. A former employee of Ubiquiti Networks, Nickolas Sharp, has been arrested and charged for allegedly hacking company servers, stealing gigabytes of information, and then rounding it all off with a splash of extortion...

How to remove adware on an Android phone

It shouldn’t be surprising that Android devices are the targets of threats like adware and other Potentially Unwanted Programs PUPs. After all, there are millions of apps on the Google Play Store, servicing billions of monthly active users globally. And, as we have noted with Mac virus trends,...

What is Twitch?

Twitch is primarily a site dedicated to live streaming content. It also offers the ability to chat with others in the Stream you happen to be in via text. The primary draw of Twitch streams is video games and e-sports, leading to the rise of many big name streamers and content creators. Is Twitch...

A week in security (Oct 25 – Oct 31)

Last week on Malwarebytes Labs Beyond the VPN: Ultimate online privacy with the Tor Project’s Isabela Bagueros: Lock and Code S02E20 Patch now to bypass Firefox add-ons that abuse the proxy API to deny updates How social media mistakes can impact cybersecurity Update now! Apple patches bugs in iO...

Threat profile: Ranzy Locker ransomware

Ranzy Locker ransomware emerged in late 2020, when the variant began to target victims in the United States. According to a flash alert issued by the FBI, unknown cyber criminals using Ranzy Locker ransomware had compromised more than 30 US businesses as of July 2021, including victims in the...

Apple Pay vulnerable to wireless pickpockets

Researchers have shown that it is possible for attackers to bypass an Apple iPhones lock screen to access payment services and make contactless transactions. The issue, which only applies to Apple Pay and Visa, is caused by the use of so-called magic bytes, a unique code used to unlock Apple Pay...

No, Colonel Gaddafi’s daughter isn’t emailing to give you untold riches

It’s not every day you receive a big money offer from someone claiming to sit in political asylum, but here we are. The following missive landed in our spam traps at the weekend. The mail claims to be from the daughter of no less than the late Colonel Gaddafi. Ayesha Gaddafi promises you untold...

A deep dive into Saint Bot, a new downloader

This post was authored by Hasherezade with contributions from Hossein Jazi and Erika Noerenberg In late March 2021, Malwarebytes analysts discovered a phishing email with an attached zip file containing unfamiliar malware. Contained within the zip file was a PowerShell script masquerading as a li...

A week in security (August 3 – 9)

Last week on Malwarebytes Labs, on our Lock and Code podcast, we talked about identity and access management technology. We also wrote about business email compromises to score big, discussed how the Data Accountability and Transparency Act of 2020 looks beyond consent, and we analyzed how the...