4709 matches found
TikTok CEO told to "step up efforts to comply" with digital laws
EU Commissioner Thierry Breton, the EU's digital policy chief, "explicitly conveyed" to TikTok CEO Shou Zi Chew that the company must "step up efforts to comply" with the European Union's rules on copyright, data protection, and the Digital Services Act DSA--an EU regulation setting out "an...
Ransomware revenue significantly down over 2022
According to blockchain data platform Chainalysis, ransomware revenue "plummeted" from $765.6 in 2021 to at least $456.8 in 2022. The data is based on an analysis of the cryptocurrency addresses known to be controlled by ransomware attackers. Precision While the real numbers are likely much highe...
Fighting technology's gender gap with TracketPacer: Lock and Code S04E02
Last month, the TikTok user TracketPacer posted a video online called "Network Engineering Facts to Impress No One at Zero Parties." TracketPacer regularly posts fun, educational content about how the Internet operates. The account is run by a network engineer named Lexie Cooper, who has worked i...
5 must-haves for K-12 cybersecurity
Over the years, cyberattacks on K-12 schools and districts have steadily increased, and in 2022 that trend only continued. In the first half of 2022 alone, the education sector saw an average of almost 2,000 attacks every week--a 114% increase compared to two years ago. The tight budgets of many...
Electronic Sales Suppression Tools are cooking the books
When you see point of sale software in the news, its usually because the terminal has been compromised and is now stealing payment details used in the device. Insecure stores, whether compromised as part of an inside job or a phishing attack, are a big problem for both buyers and the store itself...
An odd kind of cybercrime: Gift vouchers, medical records, and...food
Someone with a gift for technology but a nasty habit of using it for very bad things has been spared from going to jail with a suspended sentence. Peter Foy, 18 at the time of his antics, racked up a remarkable, and slightly peculiar, list of compromises before being brought before the court. A...
Former cop abused unrevoked system access to extort women
When Bryan Wilson, a former Louisville Metropolitan Police Department LMPD officer in Kentucky, pleaded guilty to cyberstalking charges in June, details of his crime weren't revealed. Now they have. A new court document discloses facts about how he stole sexually explicit photos and videos from...
What is a keylogger?
A blog post published earlier this year posed the question "Is Grammarly a keylogger?" I have personally had people reference that post and ask me to add detection of Grammarly to Malwarebytes. The answer has always been, "no." Whether or not you like what Grammarly does, Grammarly is not a...
James Webb telescope images used to hide malware
A rather unique approach to spread malware using the popularity of the James Webb telescope images has been identified by the Securonix threat research team. The malware is being spread by a phishing campaign that includes a Microsoft Office attachment. Similar to traditional Office macros, the...
CISA and FBI issue alert about Zeppelin ransomware
The Federal Bureau of Investigation FBI and the Cybersecurity and Infrastructure Security Agency CISA have released a joint Cybersecurity Advisory CSA about Zeppelin ransomware. The advisory contains indicators of compromise IOCs and tactics, techniques, and procedures TTPs associated with...
Viral video drives malvertising on social media platform
This blog post was authored by Jerome Segura Viral content shared on social media is highly coveted since it gets a lot of impressions and engagement. Unfortunately, the people who push this kind of content don't always have the best of intentions. We recently identified a malvertising campaign o...
A week in security (August 1 – 7)
Last week on Malwarebytes Labs: Have we lost the fight for data privacy? Lock and Code S03E16 Wrestling star Mick Foley’s Twitter compromised, selling PS5 consoles Millions of Arris routers are vulnerable to path traversal attacks When a sextortion victim fights back How to protect yourself and...
Radioactivity monitoring and warning system hacked, disabled by attackers
The Spanish police arrested two people under the accusation of tampering with the Red de Alerta a la Radiactividad RAR. The RAR is part of the Spanish national security systems and in use to monitor gamma radiation levels across the country. The network is managed, operated and maintained by the...
T-Mobile agrees to pay customers $350 million in settlement over data breach
T-Mobile has agreed to pay $350 million to settle class action claims related to a 2021 cyberattack which impacted around 80 million US residents. Under the proposed settlement, T-Mobile would also commit to an aggregate incremental spend of $150 million for data security and related technology i...
Microsoft appears to be rolling back Office Macro blocking
Were seeing several reports indicating that Microsoft may have rolled back its decision to block Macros in Office. Currently no official statement exists—the reports rely on a post by a Microsoft employee in the replies of the original article where the plan to block macros was announced. Earlier...
4 ways businesses can save money on cyber insurance
So, your business has just suffered a data breach and it’s time to dig deep in your pockets to pay all the resulting expenses. Without cyber insurance, you can expect to pay a dizzying amount of cash. In 2022 alone, the average cost of a data breach for businesses under 1,000 employees was close ...
North Korean APT targets US healthcare sector with Maui ransomware
State-sponsored North Korean threat actors have been targeting the US Healthcare and Public Health HPH sector for the past year using the Maui ransomware, according to a joint cybersecurity advisory CSA from the FBI, Cybersecurity and Infrastructure Security Agency CISA, and the Department of the...
HackerOne insider fired for trying to claim other people’s bounties
The vulnerability disclosure platform HackerOne has revealed that one of their staff members had improperly accessed security reports for personal gain. The—now former—staff member approached HackerOne customers with vulnerabilities that belonged to users of the platform. HackerOne HackerOne acts...
ZuoRAT is a sophisticated malware that mainly targets SOHO routers
Researchers have analysed a campaign leveraging infected SOHO routers to target predominantly North American and European networks of interest. The so-called ZuoRAT campaign, which very likely started in 2020, is so sophisticated that the researchers suspect that there is a state sponsored threat...
Criminals are applying for remote work using deepfake and stolen identities, says FBI
The FBI has warned businesses of an uptick in reports of criminals applying for remote work using deepfake and stolen PII personally identifiable information. A deepfake is essentially created or modified media image, video, or audio, often with the help of artificial intelligence AI and machine...
Conti ransomware group’s pulse stops, but did it fake its own death?
The dark web leak site used by the notorious Conti ransomware gang has disappeared, along with the chat function it used to negotiate ransoms with victims. For as long as this infrastructure is down the group is unable to operate and a significent threat is removed from the pantheon of ransomware...
Interpol’s First Light operation smashes crime on a global scale
A large-scale Interpol operation has resulted in arrested and ill-gotten gains seizures galore. Operation First Light took place between March and May of this year. It involved 76 countries taking social engineers and telecommunications fraudsters to task, with multiple wins for those involved...
Karakurt extortion group: Threat profile
The FBI Federal Bureau of Investigation, together with CISA Cybersecurity and Infrastructure Security Agency and other federal agencies, recently released a joint cybersecurity advisory CSA about the Karakurt data extortion group also known as Karakurt Team and Karakurt Lair. Like RansomHouse,...
Runescape phish claims your email has been changed
A Runescape-themed missive landed in our email inbox today, claiming action is required to secure our account. The malicious email and the scam behind it are perfect examples of one of the more reliable tactics in the world of phishing—fooling a victim into thinking they need to take some action ...
Intuit phish says “we have put a temporary hold on your account”
Intuit released a warning about a phishing email being sent to its customers. The phishing emails tell recipients that their account has been put on hold, and try to trick users into “validating their account” to release it again. Intuit Intuit Inc. is an American business software company that...
Hunting down your data with Whitney Merrill: Lock and Code S03E11
Depending on where you live, you can ask a company to hand over all the data it has collected about you and, in a matter of weeks as mandated by law, that company has to fork that information over. Whether the company will abide on time, however, is a different story. In the European Union, the...
Custom PowerShell RAT targets Germans seeking information about the Ukraine crisis
This blog post was authored by Hossein Jazi and Jérôme Segura Populations around the world—and in Europe in particular—are following the crisis in Ukraine very closely, and with events unfolding on a daily basis, people are hungry for information. Although all countries have reasons to be...
Virtual credit cards coming to Chrome: What you need to know
When youre buying things online, reducing the exposure of payment details during transactions is one way to help reduce the risk of data theft. If you can hide this payment data and switch it out for something else entirely, even better. Google is proposing to do just that for customers in the US...
A week in security (April 18 – 24)
Last week on Malwarebytes Labs: Why you shouldn’t automate your VirusTotal uploads North Korean Lazarus APT group targets blockchain tech companies Watch out for Ukraine donation scammers in Twitter replies Beware tragic “my daughter died…” Facebook posts offering free PS5s US warns of APT groups...
Stalkerware-type detections hit record high in 2021, but fell in second half
After having tracked stalkerware for years, Malwarebytes can reveal that in 2021, detections for apps that can non-consensually monitor another persons activity reached their highest peak ever, but that, amidst the record-setting numbers, the volume of detections actually began to significantly...
Colibri Loader combines Task Scheduler and PowerShell in clever persistence technique
This blog post was authored by Ankur Saini, with contributions from Hossein Jazi and Jérôme Segura 2022-04-07: Added MITRE ATT&CK mappings 2022-04-07: Changed the name of the final payload from Vidar to Mars Stealer Colibri Loader is a relatively new piece of malware that first appeared on...
A week in security (March 28 – April 3)
Last week on Malwarebytes Labs: New UAC-0056 activity: There’s a Go Elephant in the room Globant suffers network breach due to LAPSUS$ compromise Update now! Apple patches two zero-day vulnerabilities that may have been actively exploited Hive ransomware impacts California non-profit health...
Gh0stCringe RAT makes database servers squeal for protection
Researchers have found that the Gh0stCringe RAT is infecting Microsoft SQL and MySQL, and seems to focus on servers with weak protection. The Gh0stCringe RAT communicates with a command and control C&C server to receive instructions and is capable of exfiltrating information. SQL SQL is short for...
Biden wants stronger privacy protections, no targeted ads for children
On March 1, US President Joe Biden gave his first State of the Union Address SOTU speech to Congress. In it, Biden highlighted the dire need to get help for teens with mental health issues. He demanded tech companies implement more robust privacy protections for kids and teens using their online...
Meta blocks Russia-Ukraine disinformation campaigns on Facebook, Instagram
Meta says it has detected and removed two disinformation campaigns regarding the current Russia-Ukraine war. These campaigns, it says, were run by groups in Russia and Ukraine to target Ukraine users. In the post, Nathaniel Gleicher, Metas head of security policy, and David Agranovich, Metas...
Toyota’s just in time manufacturing faced with disruptive cyberattack
Toyota suspended the operation of 28 lines at 14 plants in Japan on Tuesday, March 1, after a cyberattack on supplier Kojima Industries Corp. Some plants operated by Toyotas affiliates Hino Motors and Daihatsu are included in the shutdown. Hino suspended all operations at its Koga facility, which...
“We absolutely do not care about you”: Sugar ransomware targets individuals
Ransomware tends to target organizations. Corporations not only house a trove of valuable data they cant function without, but they are also expected to cough up a considerable amount of ransom money in exchange for their encrypted files. And while corporations struggle to keep up with attacks,...
Google sued over deceptive location tracking
Four Attorneys General AG from the District of Columbia and the states of Indiana, Texas, and Washington have filed separate lawsuits agains Google for allegedly misleading its users into believing that they are no longer tracking their location when they deliberately pause the "Location History"...
Microsoft warns of phishy OAuth apps
Microsoft is warning Office 365 users to watch out for a phishy emails asking you to install an app called Upgrade. The app requests multiple permissions which could cause problems on a network if granted: Creating inbox rules Read and write emails and calendar items Read contacts This is only th...
Combatting SMS and phone fraud: UK government issues guidance
The UK’s National Cyber Secuity Centre NCSC has published a guide to help make your organizations SMS and telephone messages effective and trustworthy. SMS and telephone calls represent an extremely effective means of mass communication. As such they are essential tools for most organizations,...
A week in security (January 10 – 16)
Last week on Malwarebytes Labs: Ransomware cyberattack forces New Mexico jail to lock down Some Android users can disable 2G now and why that is a good thing Phishers on the prowl with fake parking meter QR codes Update now: Microsoft patches 97 bugs including 6 zero-days and a wormable one...
Attackers are mailing USB sticks to drop ransomware on victims’ computers
Physical objects as security threats are in the news at the moment. The oft-touched upon tale of rogue USB sticks is a common one. Being wary of random devices found on the floor, or handed out at events is a smart move. You simply don’t know what’s lurking, and it’s hard to find out safely witho...
Intercepting 2FA: Over 1200 man-in-the-middle phishing toolkits detected
Two-factor authentication 2FA has been around for a while now and for the majority of tech users in the US and UK, it has became a security staple. Indeed, wake up calls brought about by data breaches have stirred others out of their comfort zones into finally adopting 2FA and making it part of...
FBI traces and grabs back $150 million theft that was turned into bitcoins
On December 1, 2021, the Tokyo police arrested an employee of Sony Life Insurance on suspicion of fraudulently obtaining 17 billion yen through an illegal money transfer from an overseas unit. On the same day 3,879 bitcoins, worth about $150 million, were seized by law enforcement, and on the...
How to check for Windows updates and install them
Keeping Windows up to date is an important part of warding off malware, exploits, and other attacks. If you’re not running the latest version of your OS, it can give cybercriminals the leverage they need to compromise your system. Unfortunately not all machines are running automatic updates by...
NSO Group spyware found on iPhones of US State Department employees
iPhones of at least nine US State Department employees are said to have been hacked using the Pegasus spyware developed by the Israeli technology company, NSO Group. Pegasus is a proprietary and sophisticated spyware capable of the remote surveillance of smartphones. The employees targeted by an...
Emotet’s back and it isn’t wasting any time
Emotet is one of the best known, and most dangerous, malware threats of the past several years. On several occasions it appeared to take an early retirement, but it has always came back. In January of this year, a global police operation dismantled Emotets botnet. Law enforcement then used their...
“Free Steam games” videos promise much, deliver malware
Gamers are a hot target for scammers, especially in the run up to Christmas. Major games are released throughout the last few months of any year, and the FOMO fear of missing out is strong. Especially if said titles offer pre-order exclusive bonuses, or deals and discounts for a few weeks after t...
What is facial recognition?
Facebook recently announced it would give up on its facial recognition system. Facebook, or Meta, was using software to automatically identify people in images posted to its social network. Since facial recognition has become an increasingly toxic concept in many circles and Facebook was having...
FBI server hijacked to send up to 100,000 bogus attack mails
If you received a scary missive from what appears to be from the FBI over the last few days, youre not alone. The emails, which may have reached as many as 100,000 people, blamed a fictitious cyberattack on an innocent party. The mail read as follows: Our intelligence monitoring indicates...