Why you should act like your CEO’s password is “qwerty”

A poor password at the highest levels of an organisation can cost a company millions in losses. Recent findings show that half of IT leaders store passwords in shared documents. On top of that, it seems that folks at executive level are not picking good passwords either. Researchers from NordPass...

Long lost @ symbol gets new life obscuring malicious URLs

Threat actors have rediscovered an old and little-used feature of web URLs, the innocuous @ symbol we usually see in email addresses, and started using it to obscure links to their malicious websites. Researchers from Perception Point noticed it being used in a cyberattack against multiple...

Clearview AI banned from selling facial recognition data in the US

Clearview AI, a facial recognition software and surveillance company, is permanently banned from selling its faceprint database within the United States. The company also cannot sell its database to state and law enforcement entities in Illinois for five years. This is a historic win for the...

Cyberattacks on SATCOM networks attributed to Russian threat actors

The Cybersecurity & Infrastructure Security Agency CISA and the Federal Bureau of Investigation FBI have updated their joint cybersecurity advisory, Strengthening Cybersecurity of SATCOM Network Providers and Customers, originally released March 17, 2022, with US government attribution to Russian...

Steer clear of fake premium mobile app unlockers

A site has been bouncing around YouTube comments for the past couple of weeks. The site sometimes changes, the messages alter slightly, but the essence remains the same: In all cases, people acting in suspiciously automated fashion ask if everyone is using this "glitch" or generator without ever...

US healthcare billing services group hacked, affecting at least half a million individuals

According to the US Department of Health and Human Services, Adaptive Health Integrations AHI, a healthcare software and billing services firm in North Dakota, suffered a data breach that affected more than half a million individuals. According to the firm, the breach occurred in mid-October last...

Facebook phishers threaten users with Page Recovery Help Support

We’ve seen multiple hijacked profiles on Facebook recently claiming to be account recovery services. These bogus account recovery services arent here to help. Theyre actually just trying to scare users into falling for phishing attempts. The people behind these scams target Facebook pages belongi...

Emotet fixes bug in code, resumes spam campaign

Emotet threat actors resumed their email spam campaign on Monday after stopping it late last week to fix a bug. The bug—a flaw in how Emotet is installed onto a system after a victim opens a malicious email attachment—forced the actors to prematurely halt their campaign. Sample email of an Emotet...

“Your AppI‌e‌ ‌l‌D‌ ‌‌h‌‌a‌‌s‌‌ ‌‌b‌‌e‌‌e‌‌n‌‌ ‌‌l‌‌ocke‌‌d‌‌” spam email takes you on a website mystery tour

Spam which claims your account has been locked out and needs to be fixed are common. They drive people to phishing campaigns on a daily basis. The mail below follows the same pattern with one key difference. It looks like a phish, but goes somewhere else entirely. No, your Apple ID has not been...

Steer clear of this “TestNTrace” SMS spam

Yesterday I received an SMS from “TestNTrace”, with the message resembling an official NHS communication: The text reads as follows: NHS: You’ve been in close contact with a person who has contracted the Omicron variant. Please order a test kit via: URL redacted Well, that’s an alarming thing to...

Why identity management matters

Today is Identity Management Day, which aims to inform the public about the dangers of casually or improperly managing and securing digital identities. The day was started in 2021 and is hosted by the Identity Defined Security Alliance IDSA and National Cybersecurity Alliance. Digital identity A...

“Free easter chocolate basket” is a social media scam after your personal details

Holidays inspire fraudsters and scammers to create timely and effective ways to string people along and get them to give up either their money or their personal information. This is the case in this chocolate-themed scam. Cadbury UK has issued a warning to its 315,000 followers on Twitter about a...

A week in security (March 28 – April 3)

Last week on Malwarebytes Labs: New UAC-0056 activity: There’s a Go Elephant in the room Globant suffers network breach due to LAPSUS$ compromise Update now! Apple patches two zero-day vulnerabilities that may have been actively exploited Hive ransomware impacts California non-profit health...

Update now! Google launches Chrome version 100 and fixes 28 vulnerabilities

Google has launched Chrome version 100 which, among other things, fixes 28 vulnerabilities. Other new security features include Safety Check, Enhanced Safe Browsing, and the ability to control website access to your location and device. Of the 28 vulnerabilities, none have been marked as critical...

A week in security (March 14 – 20)

Last week on Malwarebytes Labs: Beware of this bogus and phishy “Instagram Support” email Meet Exotic Lily, access broker for ransomware and other malware peddlers Double header: IsaacWiper and CaddyWiper How to protect RDP Online Safety Bill’s provisions for “legal but harmful” content described...

Deepfake Zelenskyy video surfaces on compromised websites

It’s been a long time coming. The worry over deepfake technology being used during times of major upheaval has been alluded to frequently over the last couple of years. The buildup to the US election was peppered by “any moment now…” style warnings of dramatic and plausible deepfake deployment. I...

A week in security (March 7 – March 13)

Last week on Malwarebytes Labs: The struggle to reduce bug-fixing time is real Update now! Mozilla patches two actively exploited vulnerabilities Google takes on Docs notification spammers When fake dating profiles try the military approach Azure AutoWarp brings automation headaches RagnarLocker...

Twitter makes the leap to Tor

Tor is getting another visibility boost for people who may not otherwise come into contact with it. The reason: an attempt to navigate increasing amounts of censorship. What is Tor? The Tor network is something designed to keep communications anonymous. A variety of tools exist to make use of it,...

Deepfake study suggests fakes can run but not hide

I have long said that Deepfakes missed the boat on being stealthy, believable pieces of footage able to turn the tide of elections or other major events. We’ve seen time and again how suggested examples of use during important happenings have been terrible, whereas the smart use has tended to be...

How Crisis Text Line crossed the line in the public’s mind: Lock and Code S03E05

Last month, Politico reported that Crisis Text Line, a national mental health support nonprofit whose volunteers help people through text-based chats, was sharing those chats with a for-profit company that Crisis Text Line spun-off in an attempt to boost funding for itself. That for-profit ventur...

Apple accidentally kept some Siri recordings from iPhones, even for opted-out users

Apple’s release of iOS 15.4 beta 2 completes the fix for a bug that may have recorded interactions with Siri without permission on some devices. Apple has fixed this bug that was introduced in iOS 15 and accidentally kept some recordings, regardless of whether you opted out or not. The bug was...

IRS abandons facial recognition plans for online services

If you dislike the use of facial recognition technology in relation to essential services, youre in luck. One such proposition has been removed. Last year, the IRS announced it would be using facial recognition selfies to confirm identity. If you wanted the convenience of making payments online,...

Duo of Android dropper and payload target certain countries and app users

After making its first in-the-wild appearance in March 2021, Vultur—an information-stealing RAT that runs on Android—is back. And its dropper is equally nasty. Vultur Romanian for "vulture" is known to target banks, cryptocurrency wallets, social media Facebook, TikTok, and messaging services...

Apple fixes Mac bug that could have allowed takeover of webcams and browser tabs

A researcher has picked up a $100,500 bounty from Apple after discovering a rather nasty method of gaining control of other people’s Macs. The issue, discovered lurking in Safari by Ryan Pickren, could make use of rogue websites to perform a number of dubious actions. It begins, as so many attack...

Cyberinsurance companies don’t want to pay out for “acts of war”

Due to the evolving and growing impact of cybersecurity incidents there are some questions starting to arise about the way that insurance companies deal with the costs that are the results of such incidents. Cyber insurance is a form of cover designed to protect your business from threats in the...

Combatting SMS and phone fraud: UK government issues guidance

The UK’s National Cyber Secuity Centre NCSC has published a guide to help make your organizations SMS and telephone messages effective and trustworthy. SMS and telephone calls represent an extremely effective means of mass communication. As such they are essential tools for most organizations,...

Google and Facebook fined $240 million for making cookies hard to refuse

French privacy watchdog, the Commission Nationale de lInformatique et des Libertés CNIL, has hit Google with a 150 million euro fine and Facebook with a 60 million euro fine, because their websites—google.fr, youtube.com, and facebook.com—dont make refusing cookies as easy as accepting them. The...

When a deepfake “empire” continues to grow

I’ve been quite vocal on the impact of deepfakes, in terms of where the most harm takes place. Back in 2019, we looked at malign interference campaigns. I took the line that, other than revenge porn, this was where deepfakes were likely to have the most influence. Although people keep talking abo...

Click “OK” to defeat MFA

Researchers have discovered that Nobelium—the threat actor behind the infamous SolarWinds supply-chain attack, the Sunburst backdoor, TEARDROP malware, GoldMax malware, and other malicious activities—has found a way to use stolen credentials even when they require multi-factor authentication that...

Criminals exploited weak checks and old tech to pull off vast COVID benefit fraud

In life, when you encounter something momentuous—a sudden job loss, a routine check-up that revealed an illness you cant afford the medical bills for—you can be assured that the federal or state government has benefits you can apply for it. And where there are benefits, you can also be assured th...

Surviving college distance learning during the pandemic: a cybersecurity guide

Social distancing, the wearing of face masks, practicing hand hygiene, and disinfecting often-touched surfaces have become human necessities during the pandemic era. For schools, theyve also had to adapt quickly to incorporate distance learning methods that let students continue their studies. Bu...

Maze ransomware gang announces retirement

The threat actors behind Maze ransomware have announced their retirement. On November 1, they posted the retirement announcement on the website where they would normally name and shame their victims that were unwilling to pay the ransom. image courtesy of Graham Cluley "The Project is closed. Maz...

VideoBytes: Twitter gets hacked!

Hello dear readers, and welcome to the latest and greatest from VideoBytes: a brand new, video feature that we announced just yesterday. On our debut post today, were talking to you about the Twitter hack, in which hackers accessed the Twitter accounts of 130 high profile figures, like Barack...

The skinny on the Instacart breach

The COVID-19 outbreak has affected many facets of our lives—from how we visit our families, socialize with friends, meet with colleagues, to how we should be conducting ourselves outside of our homes. Ideally, a few meters apart from everyone else and with a mask on. These—on top of imposed...

A week in security (July 6 – 12)

Last week on Malwarebytes Labs, we took an in-depth look at card skimmers targeting ASP sites, we released another episode of Lock and Code exploring the Internet of Things, and we dug into a Mac mystery. We also examined some pre-installed malware, and put out a threat spotlight on some customiz...

The face of tomorrow’s cybercrime: Deepfake ransomware explained

While many countries are beginning to ease up on their respective pandemic lock downs—which, in turn, also means that everyone will soon ease into a life that is not quite post-COVID-19—we find ourselves once more on the cusp of change, an outlook that makes some feel anxious and others hopeful...

End of line: supporting IoT in the home

Trouble is potentially brewing in Internet of Things IoT land, even if the consequences may still be a little way off. System updates and issues surrounding expiring certificates will pose problems for manufacturers and headaches for consumers. System updates for fun and profit One of the first...

Hundreds of counterfeit online shoe stores injected with credit card skimmer

There's a well-worn saying in security: "If it's too good to be true, then it probably isn't." This can easily be applied to the myriad of online stores that sell counterfeit goods—and now attract secondary fraud in the form of a credit card skimmer. Allured by great deals on brand names, many...

PSA: Users with landlines are more vulnerable to scams

It’s time to have “the talk” with your parents, relatives, and loved ones. Anyone still using a landline must be warned: having a home phone makes you particularly vulnerable to scams. We know here at Malwarebytes that our readers are often the unofficial “IT” department for their families,...

Terdot Trojan likes social media

We usually advise people that have fallen victim to banker Trojans to change all their passwords, especially the ones that are related to their financial sites and apps. Besides the dangers of re-used passwords, there are other reasons why this is important. This advice is especially applicable t...

Tech support scammers abuse native ad and content provider Taboola to serve malvertising (updated)

A large number of publishers - big and small - are monetizing their sites by selling space for companies that provide so-called native advertising, cited as more effective and engaging than traditional banner ads. Indeed, on a news or entertainment site, users are more inclined to click on links...

The real problem with ransomware

Ransomware – a specialized form of malware that encrypts files and renders them inaccessible until the victim pays a ransom – is an extremely serious problem and it’s quickly getting worse. The FBI estimated that ransomware payments were $1 billion in 2016, up from “just” $24 million a year...

The smart, alert, strong, kind, and brave way to Internet awesome

Mom and Dad, do you know when to start talking to your kids about internet safety? Google’s new Be Internet Awesome program might just be the perfect topic to start off that conversation. Launched this National Internet Safety Month, Be Internet Awesome aims to teach kids to explore the internet...

Mobile Menace Monday: Fake WannaCry Scanner

With all the buzz around the PC ransomware WannaCry, it’s no surprise that a fake antivirus FakeAV has emerged on Google Play. Entitled WannaCry Ransomware Protector for Android, the bold claim it makes is right in its name. So how do we know this claim is false? Simple, there is no WannaCry...

Tackling the myths surrounding cyberbullying

Cyberbullying is an act most of us are familiar with. Knowing what it is, who're involved, and its harmful effects to targets are easy enough to identify; but do you know that cyberbullying is surrounded by misconceptions, too? In this post, we have identified six of these myths, explained why...

Scammers pretending to be Microsoft had help from US executives

A pop-up appears on your computer, warning of a virus. You call the "Microsoft technician" in the pop-up message, and they explain that they need remote access to fix it. Most of us know this script by now. It's a scam, operated by people intent on siphoning money from your account. A court case...

Firefox 151 packs big privacy upgrades into a small update

Mozilla has published release notes for Firefox browser version 151.0, and this update includes several genuinely meaningful privacy and security improvements. Three changes stand out in particular: Stronger anti‑fingerprinting Broader protection for local network access More control over private...

Microsoft is changing Edge’s plaintext password behavior

Microsoft said it will change Edge’s password handling as a “defense‑in‑depth” measure. Originally, Edge decrypted the entire saved‑password store on startup and kept all credentials resident in process memory in clear text for the whole browser session, regardless of whether a given credential w...

The ghosts of WhatsApp: How GhostPairing hijacks accounts

Researchers have found an active campaign aimed at taking over WhatsApp accounts. They've called this attack GhostPairing because it tricks the victim into completing WhatsApp’s own device-pairing flow, silently adding the attacker’s browser as an invisible linked device on the account. Ghost of...

A week in security (May 12 – May 18)

Last week on Malwarebytes Labs: Data broker protection rule quietly withdrawn by CFPB Meta sent cease and desist letter over AI training Google to pay $1.38 billion over privacy violations Android users bombarded with unskippable ads Last week on ThreatDown: ThreatDown introduces Firewall...