Would-be hitman busted after being fooled by parody website

A member of the Air National Guard is facing federal charges after applying for a job online as an assassin. According to a Justice Department press release, Josiah Ernesto Garcia from Hermitage, Tennessee, was arrested by an undercover federal agent at a park on April 12, 2023. The FBI affidavit...

WhatsApp introduces new security features

WhatsApp has announced several new security features which include an extra check when an account is transferred to a new device. This check asks that users confirm the transfer on their old device. This should warn users in case there is a transfer in progress started by somebody trying to hijac...

Google aims to reduce data theft with app data and account deletions

Google has made multiple security improvements to the general operation of apps over the last 12 months or so. Its now a little easier to understand what apps want from you. Labels which indicate a level of trustworthiness for developers. Changes made to ensure old, abandoned apps will no longer...

Do cyber regulations actually make K–12 schools safer? Navigating compliance while securing school and student data

Over the last decade, K-12 schools have made great strides in employing technologies that facilitate learning--especially since the onset of pandemic-induced distance education. While students have long since returned to the classroom, digital platforms for instruction, collaboration, and homewor...

Western Digital confirms breach, affects My Cloud and SanDisk users

Western Digital, a big brand in digital storage, says it has suffered a "network security incident--potentially ransomware--which resulted in a breach and some system disruptions in its business operations. The company identified the incident on March 26 and said an unnamed third party unlawfully...

ChatGPT happy to write ransomware, just really bad at it

This morning I decided to write some ransomware. I've never done it before, and I can't code in C, the language ransomware is mostly commonly written in, but I have a reasonably good idea of what ransomware does. Previously, this lack of technical skills would have served as something of a barrie...

A week in security (March 20 - 26)

Last week on Malwarebytes Labs: How to avoid potentially unwanted programs "ViLE" members posed as police officers and extorted victims Google reveals 18 chip vulnerabilities threatening mobile, wearables, vehicles A look at a Magecart skimmer using the Hunter obfuscator The NBA tells fans about...

A look at a Magecart skimmer using the Hunter obfuscator

Threat actors are notorious for trying to hide their code in various ways, from binary packers to obfuscators. On their own, these tools are not always malicious as they can also be be used by companies or individuals who wish to keep their work safe from piracy, but overall they tend to be large...

"ViLE" members posed as police officers and extorted victims

Two men have been charged with wire fraud and conspiracy to commit computer intrusions after they allegedly extorted victims by threatening to publish their personal information online--a practice known as doxxing. In a press release, the US Attorney's Office in the Eastern District of New York...

Malware targeting SonicWall devices could survive firmware updates

Researchers at Mandiant have identified a malware campaign targeting SonicWall SMA 100 Series appliances, thought to be of Chinese origin. The malware was likely deployed in 2021, and was able to persist on the appliances tenaciously, even surviving firmware upgrades. The malware was able to stea...

Cybersecurity and privacy tips you can teach your 5+-year-old

Everything we teach our kids starts at home--we parents are their first teachers, after all. So, why wait for them to start going to school to start learning about cybersecurity and online privacy? Though it's hardly news that more and more children are being introduced to mobile computing device...

40% of online shops tricking users with “dark patterns”

The European Commission has been looking at retail websites to see if they're misleading consumers with "dark patterns". Spoiler: Yes, they are. The Commission, along with the national consumer protection authorities of 23 EU member states, plus Norway and Iceland, have released the results of...

CISA releases advice on how to safeguard K–12 organizations

To help K-12 schools and school districts in their struggle against cybercrime the Cybersecurity & Infrastructure Security Agency CISA has released the report, Protecting Our Future: Partnering to Safeguard K-12 organizations from Cybersecurity Threats. A cybersecurity incident can significantly...

TikTok CEO told to "step up efforts to comply" with digital laws

EU Commissioner Thierry Breton, the EU's digital policy chief, "explicitly conveyed" to TikTok CEO Shou Zi Chew that the company must "step up efforts to comply" with the European Union's rules on copyright, data protection, and the Digital Services Act DSA--an EU regulation setting out "an...

Mailchimp breach feels like deja vu

A threat actor successfully used compromised employee credentials to gain access to 133 accounts on Mailchimp, the mainstream Intuit-owned email marketing platform, in a security incident that recently came to light. "On January 11, the Mailchimp Security team identified an unauthorized actor...

5 must-haves for K-12 cybersecurity

Over the years, cyberattacks on K-12 schools and districts have steadily increased, and in 2022 that trend only continued. In the first half of 2022 alone, the education sector saw an average of almost 2,000 attacks every week--a 114% increase compared to two years ago. The tight budgets of many...

2023 prediction: Security workforce shortage will lead to nationally significant cyberattack

If 2022 was any indication, businesses are about to face an unprecedented volume, frequency, and sophistication of cyberthreats in 2023. Global cyberattacks have increased by 483 percent over the last two years, and at the current rate of growth, damage from such attacks will amount to $10.5...

Open redirect on government website sends users to adult content

Fake websites and open redirects have conspired to make things awkward for a UKGOV website. The site in question, riverconditionsdotenvironment-agencydotgovdotuk, was being abused in search engine results to redirect to various sites which arent associated with UKGOV--most of which were adult...

New Twitter data dump is a cleaned up version of old Twitter dump

News of data dumps is often scary as the possibilities of identity theft, account takeovers, user de-anonymization, and other online data-driven threats rear their ugly heads. Reading about the latest reports of a new Twitter dump, however, is like opening up an already-healed wound, as the dump...

FBI warns of imposter ads in search results

The FBI has issued a public notice which includes advice to block adverts. Why? Lets take a look. The bogus advert tightrope Its no secret that rogue ads have been a particular plague on the Internet for as far back as we can remember. From irritating pop ups and spinning "Youve won a prize"...

Electronic Sales Suppression Tools are cooking the books

When you see point of sale software in the news, its usually because the terminal has been compromised and is now stealing payment details used in the device. Insecure stores, whether compromised as part of an inside job or a phishing attack, are a big problem for both buyers and the store itself...

Apple announces 3 new security features

Apple has announced three new security features focused on protecting user data in the cloud: iMessage Contact Key Verification, Security Keys for Apple ID, and Advanced Data Protection for iCloud. iMessage Contact Key Verification and Security Keys for Apple ID will be available globally in 2023...

Gas, a positive social network for teens (no, really)

A new social network is currently in the news, billed as a positive space for teens to enjoy themselves. Im all for positive spaces online, but what is it, and will teens really be happier there than say Instagram, or even just hanging out in WhatsApp groups? Pump the gas Launched in August of th...

Third-party application patching: Everything you need to know for your business

Patch management that is consistent and efficient has never been more critical in keeping your security infrastructure up to date and secure. Although todays endpoint management solutions include patch management functionalities, third-party patching is an area that shouldnt be forgotten. In this...

Suspected LAPSUS$ group member arrested in Brazil

The Brazilian Federal Police have arrested a suspect after an investigation into last year's breach of the Brazilian Ministry of Health. Responsibility for the breach was claimed by the LAPSUS$ group, when users found a message stating that system data had been copied and deleted and was in the...

New PHP-based Ducktail infostealer is now after crypto wallets

A phishing campaign known to specifically target employees with access to their company's Facebook Business and Ads accounts has significantly widened its net and begun using a first-of-its-kind information-stealing malware to go after crypto wallets. The Ducktail Woo-ooh! campaign was first made...

DeadBolt ransomware gang tricked into giving victims free decryption keys

Dutch police and other law enforcement agencies have managed to trick the DeadBolt ransomware operators into releasing 150 decryption keys for free. The method of obtaining decryption keys was found by a Dutch incident response company called Responders.NU, who shared the method with the police...

How to spot a scam

Unfortunately, scams are a fact of life online. The virtual ties that bind us are international now: Our public telephone numbers, social media accounts, email addresses, messaging apps, dating profiles, and even our physical mailboxes, can all be reached by any criminal and con artist from...

Android and Chrome start showing passwords the door

Google has announced that it's bringing passkey support to both Android and Chrome. On May 5, 2022, it said it would implement passwordless support in Android and Chrome and the latest annoncement about passkeys is an important step in that journey. Passkeys Passkeys are a replacement for...

Security awareness campaign highlights things your bank will never say

If you like anti-phishing efforts, hashtags, and confusing but colourful video games, youll be interested to know that a security initiative involving all three is now live. The American Bankers Association and other banks in the US are involved in an awareness campaign tied in with National...

Admin from hell facing 10 years for sabotaging ex-employer's network

The perils of the insider threats are often talked about in abstract terms, probably because most organisations want to keep a lid on internally-based bad actors. Every so often, concrete details emerge to highlight what a thoroughly rotten day a rogue employee can inflict on everybody else thoug...

TikTok's "secret operation" tracks you even if you don't use it

Consumer Reports CR, a US-based nonprofit consumer organization, has revealed that TikTok gathers data on people who don't even use the app itself. If this sounds familiar, it's because it's happened before. Meta's near-omnipresence wherever you are online enabled it to gather data on users, even...

Medtronic's MiniMed 600 series insulin pumps potentially at risk of compromise, says FDA

The US FDA Food and Drug Administration has warned users of Medtronic's MiniMed 600 Series Insulin Pump System--specifically, models for MiniMed 630G and MiniMed 670G--that their medical devices have a cybersecurity issue with its communication protocol. If compromised, attackers could gain...

TikTok vulnerability could have allowed hijackers to take over accounts

Microsoft has released a detailed rundown of an issue, now fixed, which was potentially dangerous for users of TikTok. The problem, flagged as a "high-severity vulnerability" by Microsoft, required several steps chained together in order to function. Attackers making use of it could have...

Explained: Steganography

Steganography is the prime example of effectively hiding something in plain sight. The word steganography comes from the Greek words "stegos" meaning "cover" and "grafia" meaning "writing." Steganography, then, is defined as "covered writing." In essence, we use the name steganography for every...

Nearly 2,000 Signal users affected by Twilio phishing attack

New findings following the Twilio phishing attack revealed that Signal, one of its high-value clients and a popular encrypted messaging platform, was particularly affected. 1,900 of its users had their phone numbers and SMS registration codes exposed. However, Signal reassured users that the...

Twilio breached after social engineering attack on employees

Cloud-based communication platform provider Twilio has announced a breach via a social engineering attack on employees. On August 4, 2022, Twilio says it became aware of unauthorized access to information related to a limited number of Twilio customer accounts, through the social engineering atta...

Can your EDR handle a ransomware attack? 6-point checklist for an anti-ransomware EDR

Most cybersecurity experts agree that having Endpoint Detection and Response software is essential to fighting ransomware today--but not every EDR is equal. Businesses, especially small-to-medium sized ones with limited budget or IT resources, need to make sure that their EDR is cost-effective,...

Ransomware review: July 2022

Malwarebytes Threat Intelligence builds a monthly picture of ransomware activity by monitoring the information published by ransomware gangs on their Dark Web leak sites. This information represents victims who were successfully attacked but opted not to pay a ransom. In July, LockBit maintained...

When a sextortion victim fights back

When Katie Yates suddenly started receiving nude photos of her friend, Natalie Claus, over on Snapchat, she instantly recognized that Claus had just become a victim of a sextortion attack. She also knew how Claus should respond. This happened in December 2019 when Claus was a sophomore. Both were...

TikTok owner ByteDance pushed a pro-China agenda to Americans, say former employees

Controversy over supposed pro-China messaging in apps from TikTok owner Bytedance continues to grow. Tales are emerging relating to a now shelved app called TopBuzz. Former employees have spoken to BuzzFeed, making claims of both pro-China content promotion and forms of censorship elsewhere...

Anti-vaxxer dating site exposes user data

An anti-vax dating site has been revealed as shockingly easy to compromise by security researchers. Many major aspects of the site, from membership subscriptions to support tickets, were found to be vulnerable. The site, called Unjected, has been around since last year. It functions as a sort of...

Cloud-based malware is on the rise. How can you secure your business?

There’s a lot of reasons to think the cloud is more secure than on-prem servers, from better data durability to more consistent patch management — but even so, there are many threats to cloud security businesses should address. Cloud-based malware is one of them. Indeed, while cloud environments...

When good-faith hacking gets people arrested, with Harley Geiger: Lock and Code S03E14

When Lock and Code host David Ruiz talks to hackers—especially good-faith hackers who want to dutifully report any vulnerabilities they uncover in their day-to-day work—he often hears about one specific law in hushed tones of fear: the Computer Fraud and Abuse Act. The Computer Fraud and Abuse Ac...

Immigration organisations targeted by APT group Evilnum

Organisations working in the immigration sector are advised to be on high alert for Advanced Persistent Threat APT attacks. Bleeping Computer reports that European organisations, specifically, are under threat from the Evilnum hacking group. Evilnum, on the APT scene since 2018 at the earliest an...

Internet Safety Month: Everything you need to know about Omegle

Omegle reached the heady heights of fame when everyone least expected it. Thanks to TikTok influencers, children flocked to this 13-year-old platform during the pandemic, unaware of the dangers already there. The concept of talking to strangers online is Omegles main selling point, but its not ne...

City worker loses USB stick containing data on every resident after day of drinking

A person working in the city of Amagasaki, in Western Japan, has mislaid a USB stick which contained data on the citys 460,000 residents. The USB drive was in a bag that went missing during a reported day of drinking and dining at a restaurant last Tuesday. The person reported it to the police th...

Facebook users targeted in massive phishing campaign

Facebook is once again the launchpad for a large-scale phishing campaign, according to researchers at PIXM. The campaign, which first shows signs of life back in September 2021, has generated millions of page views and ad referral revenue "estimated to be millions of USD at this scale of...

Microsoft Autopatch is here…but can you use it?

Updating endpoints on a network can be a daunting task. Testing before rollout can take time. Delays to patches going live can cause all manner of headaches. Windows Autopatch aims to tackle some of these issues, and is now live for public preview. The release comes with a few caveats which youll...

A week in security (May 23 – 29)

Last week on Malwarebytes Labs: Update now! Nvidia released fixes for 10 flaws in Windows GPU drivers Chicago students lose data to ransomware attackers Hunting down your data with Whitney Merrill: Lock and Code S03E11 Unknown APT group has targeted Russia repeatedly since Ukraine invasion Zero-d...