4709 matches found
State of Maine data breach impacts 1.3 million people
The US State of Maine says it has suffered a data breach impacting around 1.3 million people. According to the census from July 2022, thats more or less the the entire population of Maine. The State of Maine says it was compromised via a known vulnerability in secure transfer service MOVEit...
test post
...
Ragnar Locker ransomware group taken down
Even though it had a long run for a ransomware group, it seems the bell might be tolling for Ragnar Locker. On October 19, 2023, the group’s leak site was seized by an international group of law enforcement agencies. The take down action was carried out between 16 and 20 October. During the actio...
Giant health insurer struck by ransomware didn't have antivirus protection
The Philippine Health Insurance Corporation PhilHealth, has confirmed that it was unprotected by antivirus software when it was attacked by the Medusa ransomware group in September. Antivirus software--or more correctly, its modern descendents endpoint security and Endpoint Detection and Response...
Meta is using your public Facebook and Instagram posts to train its AI
Post anything publicly on Facebook and Instagram? Meta has likely been using those posts to train its AI, according to the company's top policy executive. In an interview with Reuters, Meta President of Global Affairs Nick Clegg said the company used the public posts to train the LLM large langua...
A history of ransomware: How did it get this far?
Today's ransomware is the scourge of many organizations. But where did it start? If we define ransomware as malware that encrypts files to extort the owner of the system, then the first malware that could be classified as ransomware is the 1989 AIDS Trojan. However, while it encrypted filenames a...
DarkGate reloaded via malvertising and SEO poisoning campaigns
In July 2023, we observed a malvertising campaign that lured potential victims to a fraudulent site for a Windows IT management tool. Unlike previous similar attacks, the final payload was packaged differently and not immediately recognizable. The decoy file came as an MSI installer containing an...
Attackers demand ransoms for stolen LinkedIn accounts
An ongoing campaign targeting LinkedIn accounts has led to victims losing control of their accounts, or being locked out following repeated login attempts. Whether the attackers are using brute force methods or credential stuffing isn't known, but because some victims are being being locked out...
OpenSSH trojan campaign targets Linux systems and IoT devices
Poorly configured Linux and Internet of Things IoT devices are at risk of compromise from a cryptojacking campaign, according to researchers at Microsoft. The attacks, which involve brute forcing a way into a system, are designed to profit from mining in illicit fashion for cryptocurrency. Once t...
5 facts to know about the Royal ransomware gang
When we first introduced the Royal ransomware gang in our November 2022 review, little did we know they'd rapidly evolve into one of the most potent threats in our ongoing monthly threat intelligence briefings. In fact, the Malwarebytes Threat Intelligence team has tracked down a staggering 195...
6 tips for a cybersecure honeymoon
You've done it, you've got married. The big day is over, and while you're relaxing on honeymoon you definitely don't want to get distracted by security problems. So, we rounded up some quick tips to keep you safe. Refrain from posting on social media about your honeymoon. This is good practice...
Strava heatmap loophole may reveal users' home addresses
Researchers at NC State University have outlined potential privacy issues with popular fitness app Strava which could lead to users' homes being pinpointed. The researchers' findings are detailed in a paper called Heat marks the spot: de-anonymising users' geographical data on the Strava heat map...
Former TikTok exec: Chinese Communist Party had "God mode" entry to US data
A former executive at TikToks parent company ByteDance has claimed in court documents that the Chinese Communist Party CCP had access to TikTok data, despite the data being stored in the US. The allegations were made in a wrongful dismissal lawsuit which was filed in May in the San Francisco...
Zip domains, a bad idea nobody asked for
If you heard a strange and unfamiliar creaking noise on May 3, it may have been the simultaneous rolling of a million eyeballs. The synchronised ocular rotation was the less than warm welcome that parts of the IT and security industries--this author included--gave to Google's decision to put .zip...
How to spot and avoid a tech support scam
Despite the occasional arrests and FTC fines for tech support scammers TSS and their henchmen, there are still plenty of cybercriminals active in this field. Scams range from unsolicited calls offering help with your "infected" computer to fully-fledged websites where you can purchase heavily...
Malware authors join forces and target organisations with Domino Backdoor
Theres a new ransomware gang in town, stitched together from members of well known threat creators to push a new kind of malware focused on punishing unwary organisations. The malware family, called "Domino", is the brainchild of FIN7 and ex-Conti ransomware members. Domino has been seen in attac...
Is AI being used for virtual kidnapping scams?
You may have seen a worrying report of Artificial Intelligence AI being used in a virtual kidnapping scam. The AI was supposedly used to imitate the voice of an Arizona resident's daughter, who claimed to have been kidnapped. The daughter was safe and well elsewhere on a school trip. Unfortunatel...
TikTok: What’s going on and should I be worried?
Since 2020, several governments and organizations have banned, or considered banning, the immensely popular social media app TikTok from their staffs devices. With all these alarming bells ringing, we thought it might be handy to break down what we know and see if we can plot a sensible strategy...
Ransomware review: March 2023
This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who builds a monthly picture of ransomware activity by monitoring the information published by ransomware gangs on their Dark Web leak sites. This information represents victims who were successfully attacke...
Samsung adds Message Guard protection against zero-click exploits
Samsung has announced the introduction of Message Guard for the Samsung Galaxy S23 series. It will be gradually rolled out to other Galaxy smartphones and tablets later this year. Message Guard works on images received in messages by the apps "Samsung Messages" and "Messages by Google" and...
GoDaddy says it's a victim of multi-year cyberattack campaign
Hosting and domain name company GoDaddy says it believes a "sophisticated threat actor group" has been subjecting the company to a multi-year attack campaign, the most recent of which occurred in December 2022. In December, it received complaints about customer websites being periodically...
What is AI good at (and what the heck is it, actually), with Josh Saxe: Lock and Code S04E04
In November of last year, the AI research and development lab OpenAI revealed its latest, most advanced language project: A tool called ChatGPT. ChatGPT is so much more than "just" a chatbot. As users have shown with repeated testing and prodding, ChatGPT seems to "understand" things. It can give...
3 ways Malwarebytes helps you browse securely and privately online
Malicious links. Third-party ad trackers. Information-gobbling data brokers. Lets face it, the Internet is kind of like the Wild West when it comes to threats to our privacy and security. And unfortunately, it takes a little more than a cowboy hat and a pistol to defend yourself out there. Thats...
"2.6 million DuoLingo account entries" up for sale
Not a week goes by where we dont see an example of data scraping causing concern for both business and folks at home. The latest target happens to be popular language platform DuoLingo, who is currently digging into a forum post concerning data related to its customer accounts. Scraping data for...
VASTFLUX ad fraud massively affected millions of iOS devices, dismantled
Researchers have successfully dismantled a massive ad fraud campaign they stumbled upon by accident. The Satori Threat Intelligence and Research Team dubbed the campaign VASTFLUX, a portmanteau of "fast flux"--an evasion technique involving the constant changing of IP addresses behind a single...
4 ways to protect your privacy while scrolling
Privacy is a right that is yours to value and defend. Article 8 of the Human Rights Act protects your right to respect for your private and family life. One of the pillars of the article is that personal information about you including official records, photographs, letters, diaries, and medical...
Polite WiFi loophole could allow attackers to drain device batteries
Researchers at the University of Waterloo in Ontario have further researched a loophole in the WiFi protocol that was dubbed "polite WiFi". Last year the researchers published a study in which they showed someone could use this loophole to triangulate the location of any WiFi enabled device. Now,...
New device? Here's how to safely dispose of your old one
Until recently I had two old phones, one tablet and about 20 hard drives in storage that I was afraid to give up for recycling, or to pass on to someone that could use them. I wanted to dispose of them, but knowing how easy it is to retrieve data--such as personally identifiable information--even...
Lego's Bricklink steps on cross site scripting blocks
If you build it, they will come. In Legos case, they built it and certain security flaws meant someone could have taken it all apart. PCMag reports that flaws in Legos Bricklink service meant that it was open to potential data leakage or even account hijacking. Those flaws, now addressed,...
Security advisories are falling short. Here's why, with Dustin Childs: Lock and Code S03E25
Decades ago, patching was, to lean into a corny joke, a bit patchy. In the late 90s, the Microsoft operating system OS Windows 98 had a supportive piece of software that would find security patches for the OS so that users could then download those patches and deploy them to their computers. That...
Bogus job offers hide trojanised open-source software
Microsoft researchers are warning of fake job offers where the only actual compensation available is a golden handshake of malware and trickery. The campaign targets those with technical know-how because, despite what some may think, scams are for everybody, not just people unfamiliar with tech...
Apple puts the password on life support with passkey
The "passwordless future" is something many internet users--and a great majority of the cybersecurity industry--have hoped for. Now Apple is about to make those hopes a reality. With the release of iOS 16 yesterday, and macOS Ventura next month, Apple fans will be able to use passkeys, its passwo...
Sextortionists used mobile malware to steal nude videos, contact lists from victims
In an international police operation supported by Interpol, law enforcement agencies have uncovered and dismantled an international sextortion ring that managed to extract at least US$ 47,000 from victims. Sextortion is a form of cybercrime in which the victim is blackmailed by threatening to mak...
Spying on the spies. See what JavaScript commands get injected by in-app browsers
Developer and privacy expert Felix Krause aka KrauseFx announced this week that he had introduced a simple tool to list the JavaScript commands executed by iOS apps when they deployed an in-app web browser to render webpages. He already shared some eye-opening results on his Twitter feed. By...
$6 million heist targets video game skin trading site
An incredibly popular digital item trading site has suffered a spectacular loss at the hands of wily attackers. According to Bleeping Computer, CS Money lost out on $6 million via just 20,000 pilfered items. How did this happen, and why are digital items so popular in the first place? The digitiz...
How to secure a Windows PC for your kids
With the return to school fast approaching, it's time to ready the things your kids will need to pass the next year with flying colors. Increasingly, that means computing devices, which means you'll need to spend time thinking about the safety and security of what they will be using. In our "Back...
Demo: Your data has been encrypted! Stopping ransomware attacks with Malwarebytes EDR
It’s no secret that ransomware is one of the most pressing cyber threats of our day. What worse, ransomware gangs have increased their attacks on a range of vulnerable industries, with disruptions to business operations, million-dollar ransom demands, data exfiltration, and extortion. With...
The winding road to compliance
“Here are the keys. Buy milk and bread. Drive safely.” These are important instructions for a new driver tasked with running an errand. But unless the driver knows where they are going, a bit of guidance on how to get to the store can only help. Without it, the driver may complete the errand...
Endpoint security for Mac: 3 best practices
If you’re one of the 50% of small and medium-sized businesses SMBs that use Mac .devices today, chances are your IT and security teams have a ton of Mac endpoints to monitor. Securing that many endpoints can get really complex, really fast, especially when you consider that the common wisdom that...
Low-income consumers preyed on by fake ISP during pandemic, FCC says
The FCC Federal Communications Commission has proposed a fine of $220,210 against Kyle Traxler of Ohio for allegedly establishing the bogus internet provider, Cleo Communications, to scam low-income consumers. The victims believed they were receiving government-approved discounts on internet...
Europe threatens to ban Facebook over data transfers to the US
If regulators have their way, data transfers from Facebook and Instagram between Europe and the United States could stop this summer. WhatsApp, another Meta service, will not be affected by the decision as it has a different data controller within Meta. This could force Meta, Facebooks parent...
Microsoft appears to be rolling back Office Macro blocking
Were seeing several reports indicating that Microsoft may have rolled back its decision to block Macros in Office. Currently no official statement exists—the reports rely on a post by a Microsoft employee in the replies of the original article where the plan to block macros was announced. Earlier...
Verified Twitter accounts phished via hate speech warnings
Verified Twitter accounts are once again under attack from fraudsters, with the latest phish attempt serving up bogus suspension notices. Hijacking verified accounts on any platform is a big win for fraudsters. It gives credibility to their scams, especially when the accounts have large following...
Ransomware review: June 2022
Malwarebytes Threat Intelligence builds a monthly picture of ransomware activity by monitoring the information published by ransomware gangs on their Dark Web leak sites. This information represents victims who were successfully attacked but opted not to pay a ransom. In June, LockBit was the mos...
Raccoon Stealer returns with a new bag of tricks
The popular malware Raccoon stealer, which suspended operations after a developer allegedly died in the Ukraine invasion, has returned. Raccoon stealer is malware as a service, with the developers selling it to would-be users. The operation is a tightly-run ship, to the extent that customers have...
Stealthy Symbiote Linux malware is after financial institutions
Symbiote, a new "nearly impossible to detect" Linux malware, targeted financial sectors in Latin America—and the threat actors behind it might have links to Brazil. These findings were revealed in a recent report, a joint effort between the Blackberry Research Team and Dr. Joakim Kennedy, a...
It’s official, today you can say goodbye to Internet Explorer. Or can you?
Today, the Internet Explorer IE 11 desktop application goes out of support and will be retired for certain versions of Windows 10. The retirement consists of two phases. During the first phase—the redirection phase—devices will be progressively redirected from IE to Microsoft Edge over the...
Awful 4chan chat bot spouts racial slurs and antisemitic abuse
“A robot may not injure a human being or, through inaction, allow a human being to come to harm” Science fiction readers, and many others, will recognize Asimov’s first law of robotics. After reading about a bot called GPT-4chan I was wondering whether we should include: “A bot may not insult a...
Eerie GoodWill ransomware forces victims to publish videos of good deeds on social media
Ransomware does what the name implies: holds your files or network to ransom. Pay the authors, typically in cryptocurrency, and you may get your files back. Refuse, and the files could be lost forever or even leaked to the far corners of the net. Sometimes creators of ransomware try different...
A week in security (May 9 – 15)
Last week on Malwarebytes Labs: How to spot the signs of a virtual kidnap scam Virtual credit cards coming to Chrome: What you need to know Clearview AI banned from selling facial recognition data in the US Cyberattacks on SATCOM networks attributed to Russian threat actors F5 BIG-IP vulnerabilit...