4662 matches found
A week in security (August 7 - August 13)
Last week on Malwarebytes Labs: Zoom clarifies user consent requirement when training its AI Several hospitals still counting the cost of widespread ransomware attack Old exploit kits still kicking around in 2023 YouTube makes sweeping changes to tackle spam on Shorts videos Googles "browse...
TikTok facing fines for violating childrenās privacy
The European Data Protection Board is expected to fine TikTok for violating the privacy of young children within the next four weeks. The European Data Protection Board said a binding decision has been reached over TikTok's processing of childrens data, after the ByteDance-owned app submitted leg...
Docker Hub images found to expose secrets and private keys
Numerous Docker images shared on Docker Hub are exposing sensitive data, according to a study conducted by researchers at the German university RWTH Aachen. Needless to say, this poses a significant security risk. In traditional software development, programmers code an application in one computi...
Google plans to scrape everything you post online to train its AI
Additions to Googles Privacy Policy are making some observers worry that all of your content is about to be fed into Google's AI tools. Alterations to the T&Cs now explicitly state that your "publicly available information" will be used to train in-house Google AI models alongside other products...
Phishing scam takes $950k from DoorDash drivers
A particularly nasty slice of phishing, scamming, and social engineering is responsible for DoorDash drivers losing a group total of around $950k. DoorDash drivers are contractors who pick up food deliveries from stores and restaurants and deliver the products to the customer. A 21 year old man...
Fake security researchers push malware files on GitHub
Researchers from VulnCheck have observed a campaign using real security researchers as bait for malware. The campaign goes to some lengths to appear genuine, using fake profiles, downloads, websites, and bogus GitHub profiles, to paint a convincing picture of security professionals offering up...
Malwarebytes achieves perfect score in latest AVLab assessment
Malwarebytes has once again earned a perfect score in AVLabs March 2023 real-world malware detection tests, marking the sixth consecutive quarter achieving this feat. Let's delve into the details of the test and how both consumer and business products outperformed competitors in exhaustive testin...
New Discord username policy raises user privacy fears
Discord, the Voice over IP VoIP and instant message communications tool, is changing how usernames function in a major way soon. Many users are not keen on this change at all. What is going on over there, and why are so many people concerned about the upcoming alterations? When Discord launched...
AI-powered content farms start clogging search results with ad-stuffed spam
A recent study by NewsGuard, trackers of online misinformation, makes some alarming discoveries about the role of artificial intelligence AI in content farm generation. If youve previously held your nose at the content mill grind, its probably going to become a lot more unpleasant. Content farms...
Upcoming webinar: Is EDR or MDR better for your business?
Don't miss our upcoming webinar on EDR vs. MDR! In the webinar, Marcin Kleczynski, CEO and co-founder of Malwarebytes, and guest speaker Joseph Blankenship, Vice President and research director at Forrester, discuss topic such as: The difference between EDR and MDR, how EDR solutions can be...
Magecart threat actor rolls out convincing modal forms
To ensnare new victims, criminals will often devise schemes that attempt to look as realistic as possible. Having said that, it is not every day that we see the fraudulent copy exceed the original piece. While following up on an ongoing Magecart credit card skimmer campaign, we were almost fooled...
Fileless attacks: How attackers evade traditional AV and how to stop them
When you hear about malware, theres a good chance you think of sketchy executables or files with extensions like .DOCX or .PDF that, once opened, execute malicious code. These are examples of file-based attacks--and while they can be bad, theyre nothing compared to their fileless cousins. As the...
Ransomware in France, April 2022āMarch 2023
This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their dark web sites. In this report, "known attacks" are attacks where the victim opted not to pay a ransom. This provides the best overall picture ...
Uber data theft: Driver info stolen after law firm breached
Uber, yet again, has become a victim of data theft following a third-party breach. This time, threat actors have aimed at the company's law firm, Genova Burns. Data of Uber's drivers may have been swiped during the security incident. According to the letter sent to affected drivers, the firm beca...
New tool allows you to opt out of Facebook's targeted advertising
After Meta Facebook and Instagram switched the legal basis for targeting advertising from automatic consent to opt-out, privacy watchdog noyb has built a tool for users to opt out of targeted advertising and various other claims made by Meta in an easy and legally sound way. After losing several...
TikTok misused children's data, faces $15.6M fine
TikTok has been ordered to pay a fine of $15.6M Ā£12.7M for failing to protect 1.4 million UK children under the age of 13 from accessing its platform in 2020. The Information Commissioner's Office ICO, the UK's data protection watchdog, imposed the fine after finding the company used children's...
Fake ransomware demands payment without actually encrypting files
Fake it till you make it ransomware groups are trying to get rich off the backs of genuine ransomware authors. Why are they "fake it till you make it"? Because they dont actually create ransomware or compromise networks in any way. Theyre simply lying through their teeth and hoping that recipient...
New macOS malware steals sensitive info, including a user's entire Keychain database
A new macOS malware--called MacStealer--that is capable of stealing various files, cryptocurrency wallets, and details stored in specific browsers like Firefox, Chrome, and Brave, was discovered by security researchers from Uptycs, a cybersecurity company specializing in cloud security. It can al...
Ransomware gunning for transport sector's OT systems next
ENISA the European Union Agency for Cybersecurity has reason to believe that ransomware gangs will begin targeting transportation operational technology OT systems in the foreseeable future. This finding is further explored in the agency's 50-page report entitled ENISA Threat Landscape: Transport...
USB bombs sent to news organizations
We've warned about the possible dangers arising from plugging in unknown USB sticks before, but the dangers we're concerned with are normally confined to your data. However, this week we learned a far more serious threat. No fewer than five different news agencies in Ecuador were sent parcels...
The NBA tells fans about data breach
The National Basketball Association NBA has notified its fans they may be affected by a data breach in a third-party service the organization uses. For now, it is safe to assume that the attacker only obtained names and email addresses, but the NBA has hired the services of external cybersecurity...
8 cybersecurity tips to keep you safe when travelling
The best way to keep your devices safe when you're travelling is to be unplugged. If you don't need it, don't take it with you. But since that is not always an option, here are some tips to keep you safe while you travel. 1. Backup before you go The consequences of losing your device or having it...
Fighting online censorship, or, encryption's latest surprise use-case, with Mallory Knodel: Lock and Code S04E05
Government threats to end-to-end encryption--the technology that secures your messages and shared photos and videos--have been around for decades, but the most recent threats to this technology are unique in how they intersect with a broader, sometimes-global effort to control information on the...
TikTok probed over child privacy practices
The privacy protection authorities for Canada, Quebec, British Columbia, and Alberta have announced they will start an investigation into TikTok's privacy practices, especially in relation to its younger users. The investigation will include whether the company obtained valid and meaningful conse...
The 5 most dangerous cyberthreats facing businesses this year
Which of the myriad, extant cyberthreats should your business be paying the most attention to in 2023? Thats the question we set out to answer in this years annual State of Malware report, and the answers might surprise you. To understand why, you need to know what makes this years report so...
Twitter and two-factor authentication: What's changing?
Twitter is making some dramatic shake ups to its currently available security settings. From March 19, users of Twitter wont be able to use SMS-based two-factor authentication 2FA unless they have a subscription to the paid Twitter Blue service. If you use text-based 2FA, the important thing here...
Two Supreme Court cases could change the Internet as we know it
The Supreme Court is about to reconsider Section 230, a law thats been the foundation of the way we have used the Internet for decades. The court will be handling a few cases that at first glance are about online platforms' liability for hosting accounts from foreign terrorists. But at a deeper...
French law to report cyberincidents within 3 days to become effective soon
The pressure on victims of cybercrime to notify authorities in a timely manner is increasing from many sides and for multiple reasons. On January 24, 2023 France passed a law Article L12-10-1 of the Insurance Code that victims of cybercrime are required to report the incident within 72 hours afte...
Ryuk ransomware laundering leads to guilty plea
Ryuk, a mainstay of the ransomware scene for some years until it transformed into Conti and then split off into other groups after that, is back in the news again... though not in the way you might have imagined. Its not a compromise, or a surprise comeback. What we have is a guilty plea, as a...
Update now! GoAnywhere MFT zero-day patched
An emergency patch 7.1.2 has been released for an actively exploited zero-day vulnerability found in the GoAnywhere MFT administrator console. GoAnywhere MFT, which stands for managed file transfer, is a software solution that allows businesses to manage and exchange files in a secure and complia...
On the 20th Safer Internet Day, what was security like back in 2004?
Today is the 20th Safer Internet Day. Since 2004, there's been an annual event designed to "Promote safer and more responsible use of online technology and mobile phones, especially amongst children and young people across the world." 2004 was a key year for several safety activities, encompassin...
GitHub revokes several certificates after unauthorized access
In a call to action, GitHub warned users of GitHub Desktop for Mac and Atom that it will revoke certificates which were exposed during unauthorized access to a set of repositories used in the planning and development of GitHub Desktop and Atom. Revoking these certificates will invalidate some...
Google sponsored ads malvertising targets password manager
We have recently written about malvertising campaigns that leverage Google paid advertisements to try and trick people into downloading malware instead of the software they were looking for. This malware then stole login credentials from the affected system. Now, our researchers found that the...
Ransomware revenue significantly down over 2022
According to blockchain data platform Chainalysis, ransomware revenue "plummeted" from $765.6 in 2021 to at least $456.8 in 2022. The data is based on an analysis of the cryptocurrency addresses known to be controlled by ransomware attackers. Precision While the real numbers are likely much highe...
Accountant ordered to pay ex-employer after bossware shows "time theft"
The case of Karlee Besse, an accountant in British Colombia, was recently dismissed by the Civil Resolution Tribunal CRT in Canada, with a judge ordering her to pay back her former employer, Reach CPA, for "engaging in time theft"--a revelation that wouldn't have been possible if not for software...
Pokemon NFT card game malware chooses you
Pokemon fans are urged to be on their guard after bogus card game portals have been offering up malware under the guise of NFTs. The sites in question offer up an enticing looking mix of card gaming with a splash of money making on the side. Digital card games are big business in gaming circles,...
Slack private code on GitHub stolen
Online collaboration platform Slack reported on New Year's Eve it had suffered a "security incident" where some of its code stored on GitHub was stolen. According to the post from the company's security team, Slack's private code repositories were accessed using swiped employee tokens. No custome...
A week in security (December 19 - 25)
Last week on Malwarebytes Labs: 4 over-hyped security vulnerabilities of 2022 Chasing cryptocurrency through cyberspace, with Brian Carter: Lock and Code S03E26 Restaurant platform SevenRooms confirms data breach Adult popunder campaign used in mainstream ad fraud scheme Malwarebytes earns AV-TES...
Virtual kidnapping scam strikes again. Spot the signs
Warnings abound of a major new piece of fraud doing the rounds which uses your relatives voice as part of a blackmail scam. What happens is the victim receives a call from said relatives number, and theyre cut off by blackmailers who have them held hostage. The only way to get them back safely is...
Uber data stolen via third-party vendor
Uber is facing a new cybersecurity incident after threat actors stole some of its data from Teqtivity, a third-party vendor that provides asset management and tracking services. "We are aware of customer data that was compromised due to unauthorized access to our systems by a malicious third...
LinkedIn introduces new security features to combat fake accounts
LinkedIn knows it has a problem with bots and fake accounts, and has acknowledged this on more than one occasion. For years, it has been aware of spam, fake job offers, phishing, fraudulent investments, and at times malware, and has been trying to combat those issues. In 2018, LinkedIn rolled out...
Police warn of fake law enforcement arrest warrant calls
Brownsville Police Department is warning about scammers impersonating law enforcement in order to extract money from potential victims. The scam involves pressure from an immediate threat, several ways to extract yourself from this non-existent claim of wrongdoing, and multiple levels of...
Point-of-sale malware used to steal 167,000 credit cards
In the 19 months between February 2021 and September 2022, two point-of-sale POS malware operators have stolen more than 167,000 payment records, mainly from the US, according to researchers at Group-IB. The researchers were able to retrieve information about infected machines and compromised...
Venus ransomware targets remote desktop services
Its time for another tale of remote desktop disaster, as a newish form of ransomware carves out a name for itself. Bleeping Computer reports that individuals behind Venus ransomware are breaking into "publicly exposed Remote Desktop services", with the intention of encrypting any and all Windows...
Local government cybersecurity: 5 best practices
It seems like not a day goes by where we dont hear about a local government cyberattack. Indeed, from 911 call centers to public schools, cyberattacks on local governments are as common as they are devastating. Just how often do threat actors attack local governments? A survey of 14 mainly larger...
4 times students compromised school cybersecurity
For many students school can be a tough time, and we've all heard stories about bored or frustrated kids compromising school cybersecurity to change grades. Sometimes the students are celebrated, and other times it ends in them being expelled from school, or even prosecuted. Of course, these acts...
Twitter fixes bug that left devices logged in after password reset
Twitter says it has fixed a bug that meant users weren't logged out of active sessions on all devices after manually resetting their passwords. Writing on its blog, Twitter said: "We want to let you know that we recently fixed a bug that allowed Twitter accounts to stay logged in from multiple...
Vulnerable children's identities used in tax fraud scheme
Fraudster Ariel "Melo" Jimenez has been sentenced to 12 years in prison for leading a "tax fraud and identity theft conspiracy" that resulted in the fraudulent claiming of tax credits, earning him millions of dollars. "Ariel Jimenez was the leader of a long-running fraudulent tax business that...
3 ways MDR can drive business growth for MSPs
The managed service provider market is growing rapidly. As cyberattacks continue to increase worldwide, more and more small-and-medium-sized businesses SMBs are looking to MSPs to take the load off when it comes to securing their business. With more business, of course, comes more competition--an...
Vulnerability response for SMBs: The Malwarebytes approach
The intel you need to secure your business--delivered straight to your inbox From industry tips and best practices to the latest Malwarebytes product releases and how-tos, our Business newsletter is chock-full with the best of our business blog. Subscribe to our Business newsletter today. At...