4706 matches found
Google fixes two critical Pixel vulnerabilities: Get your updates when you can!
Google has made updates available for Android 10, 11, 12 and 12L. The May Android Security Bulletin contains details of security vulnerabilities affecting Android devices. The Pixel Update Bulletin contains details of security vulnerabilities and functional improvements affecting supported Pixel...
Update now! Firefox and Adobe updates are more critical than Microsoft’s
The most critical updates for this “Patch Tuesday” come from Firefox and Adobe. While Microsoft addresses 70 vulnerabilities in its February 2022 Patch Tuesday release, none of them are ranked as critical. Firefox and Adobe however have fixed a few issues that could be qualified as critical...
Hi, honey. It’s mom. My phone is acting funny again.
Whether it’s setting up access to a Netflix account on a smart TV or enabling personal email on an iPhone, some people—of all ages—have a hard time figuring out user-friendly technology. However, often times it's older generations that have to turn to their progeny for everything from uploading...
How does macOS protect against malware?
Mac users often are told that "Macs don't get viruses." This is not really true, of course. Macs can and do get infected. However, it is true that macOS provides some basic protection against malware. This protection can be quite effective in some ways, but, unfortunately, quite ineffective in...
Update now! ASUS fixes nine security flaws
ASUS has released firmware updates for several router models fixing two critical and several other security issues. The new firmware with accumulated security updates is available for the models GT6, GT-AXE16000, GT-AX11000 PRO, GT-AXE11000, GT-AX6000, GT-AX11000, GS-AX5400, GS-AX3000, XT9, XT8,...
Steam users: Don’t fall for the “I accidentally reported you” scam
Suppose that, out of the blue, a Steam user tells you theyve accidentally reported you for something you didn’t do, like making an illegal purchase, and that your Steam account is going to be suspended. They ask you to message a Steam admin, whose profile they kindly provide, to help you sort out...
TinyCheck: Stalkerware detection that doesn’t leave a trace
In 2019, when Malwarebytes helped found the Coalition Against Stalkerware, which brings together cybersecurity vendors and nonprofits to detect and raise awareness about stalkerware, we encountered a significant roadblock in our fight: For some users, the very detection of these potentially...
Arris router vulnerability could lead to complete takeover
Security researcher Yerodin Richards has found an authenticated remote code execution RCE vulnerability in Arris routers. This is the type of router that ISPs typically provide in loan for customers telephony and internet access. After responsible disclosure Richards has published a...
Latest iPhone exploit, FORCEDENTRY, used to launch Pegasus attack against Bahraini activists
Researchers from Citizen Lab, an academic research and development lab based in the University of Toronto in Canada, has recently discovered that an exploit affecting iMessage is being used to target Bahraini activists with the Pegasus spyware. The Bahrain government and groups linked to them—suc...
Update now! Patch against vulnerabilities in Meeting Owl Pro and Whiteboard Owl devices
After a decent amount of pressure, Owl Labs has finally released updates for vulnerabilities in Meeting Owl, and Whiteboard Owl cameras. The vulnerabilities were reported to Owl Labs in January, One of the vulnerabilities, CVE-2022-31460 has been added to the Known exploited vulnerabilities catal...
BadRabbit: a closer look at the new version of Petya/NotPetya
Petya/NotPetya aka EternalPetya, made headlines in June, due to it's massive attack on Ukraine. Today, we noted an outbreak of a similar-looking malware, called BadRabbit, probably prepared by the same authors. Just like the previous edition, BadRabbit has an infector allowing for lateral...
Ransomware turncoat leaks Conti data, lifts the lid on the ransomware business
Last week, The Record broke the news that a self-described "pen tester" for the infamous Conti ransomware gang, who goes by the handle m1Geelka, had leaked manuals, technical guides, and software on the underground forum XSS. According to the screenshot of m1Geelkas original forum post—and...
RDP brute force attacks explained
While you read these words, the chances are that somebody, somewhere, is trying to break in to your computer by guessing your password. If your computer is connected to the Internet it can be found, quickly, and if it can be found, somebody will try to break in. And it isnt like the movies. The...
Amazon Sidewalk starts sharing your WiFi tomorrow, thanks
Amazon smart device owners only have until June 8 to opt out of a new program that will group their Echo speakers and Ring doorbells into a shared wireless network with their neighbors, a new feature that the shopping giant claims will provide better stability for smart devices during initial set...
[Update: CISA issues Log4j vulnerabilities scanner] Log4j zero-day “Log4Shell” arrives just in time to ruin your weekend
If youre running a service that relies on Apache Struts or uses the popular Apache Log4j utility we hope you havent made plans for the weekend. An exploit listed as CVE-2021-44228 was made public on December 9, 2021. The exploit is simple, easy to trigger, and can be used to perform remote code...
Why Data Privacy Day matters
Our Lock and Code special episode on Data Privacy Day, featuring guests from Mozilla, DuckDuckGo, and Electronic Frontier Foundation can be listened to here. Today, January 28, is Data Privacy Day, the annual, multinational event in which governments, companies, and schools can inform the public...
Key considerations for building vs. buying identity access management solutions
Time and time again, organizations learn the hard way that no matter which security solutions they have in place, if they haven’t properly secured the end user, their efforts can be easily rendered moot. The classic slip-up most often associated with end-user-turned-insider-threat is falling for ...
Browser push notifications: a feature asking to be abused
“I’m seeing a lot of ads popping up in the corner of my screen, and the Malwarebytes scan does not show there is anything wrong. It says my computer is clean. So what's happening?” Our support team runs into questions like this regularly, but the volume seems to be increasing lately. In most of...
Oracle releases massive Critical Patch Update containing 520 security patches
Oracle has issued a Critical Patch Update which contains 520 new security patches across various product families. A few of these updates may need your urgent attention if you are a user of the affected product. Publicly disclosed computer security flaws are listed in the Common Vulnerabilities a...
Houzz data breach: Why informing your customers is the right call
Houzz is an online platform dedicated to home renovation and design. Today February 1, 2019, they notified their customers about a data breach that reportedly happened in December 2018. Data breaches unfortunately have become a common event. In fact, we dubbed 2018 the year of the data breach...
The forgotten malvertising campaign
In recent weeks, we have noted an increase in malvertising campaigns via Google searches. Several of the threat actors we are tracking have improved their techniques to evade detection throughout the delivery chain. We believe this evolution will have a real world impact among corporate users...
"TootRoot" Mastodon vulnerabilities fixed: Admins, patch now!
One of Twitters big rivals, Mastodon, recently finished fixing four issues which in the worst case allowed for the creation of files on the instances server. Mastodon, whose main selling point is lots of separate communities living on different servers yet still able to communicate, was notified ...
Update now! Two critical flaws in Git's code found, patched
In a sponsored security source code audit, security experts from X41 D-SEC GmbH Eric Sesterhenn and Markus Vervier and GitLab Joern Schneeweisz found two notable critical flaws in Git's code. A vulnerability on Git could generally compromise source code repositories and developer systems, but...
Has Facebook leaked your phone number?
Unless you keep your social media at a pole’s distance, you have probably heard that an absolutely enormous dataset—containing over 500 million phone numbers—has been made public. These phone numbers have been in the hands of some cybercriminals since 2019 due to a vulnerability in Facebook that...
Has two-factor authentication been defeated? A spotlight on 2FA’s latest challenge
Multiple news reports about the defeat of two-factor authentication 2FA have been making rounds lately. In November 2018, our friends at ESET discovered a purported Android battery utility tool called “Optimization Android” from a third-party app store. This app was designed to steal money from a...
Realtek-based routers, smart devices are being gobbled up by a voracious botnet
A few weeks ago we blogged about a vulnerability in home routers that was weaponized by the Mirai botnet just two days after disclosure. Mirai hoovers up vulnerable Internet of Things IoT devices and adds them to its network of zombie devices, which can then be used to launch huge Distributed...
What role does data destruction play in cybersecurity?
When organization leaders think about cybersecurity, it's usually about which tools and practices they need to add to their stack—email protection, firewalls, network and endpoint security, employee awareness training, AI and machine-learning technology—you get the idea. What's not often consider...
The Hidden Bee infection chain, part 1: the stegano pack
About a year ago, we described the Hidden Bee miner delivered by the Underminer Exploit Kit. Hidden Bee has a complex and multi-layered internal structure that is unusual among cybercrime toolkits, making it an interesting phenomenon on the threat landscape. That's why we're dedicating a series o...
A coin miner with a “Heaven’s Gate”
You might call the last two years the years of ransomware. Ransomware was, without a doubt, the most popular type of malware. But at the end of last year, we started observing that ransomware was losing its popularity to coin miners. It is very much possible that this trend will grow as 2018...
Update now! Microsoft patches three zero-day vulnerabilities on Patch Tuesday
The updates for Microsofts March 2022 Patch Tuesday should fix 92 vulnerabilities, including three zero-day vulnerabilities. Of the 92 vulnerabilities, 21 are for Microsoft Edge and originate from the Chromium Project. Of the 71 others, three are classified as Critical because they allow remote...
Google patches zero-day vulnerability, and others, in Android
Google has issued security patches for the Android Operating System. In total, the patches address 39 vulnerabilities. There are indications that one of the patched vulnerabilities may be under limited, targeted exploitation. The most severe of these issues is a critical security vulnerability in...
Inter skimming kit used in homoglyph attacks
As we continue to track web threats and credit card skimming in particular, we often rediscover techniques weve encountered elsewhere before. In this post, we share a recent find that involves what is known as an homoglyph attack. This technique has been exploited for some time already, especiall...
Study explores clickjacking problem across top Alexa-ranked websites
Clickjacking has been around for a long time, working hand-in-hand with the unwitting person doing the clicking to send them to parts unknown—often at the expense of site owners. Scammers achieve this by hiding the page object the victim thinks they’re clicking on under a layer or layers of...
How gamers can protect against increasing cyberthreats
A few years ago, cybersecurity scryers predicted that the video gaming industry would be the next big target of cybercriminals. Whether this will come true in the future or not, the average gamer may have little to no idea of what awaits them, much less be prepared for it. In fact, while generall...
A week in security (November 5 – 11)
Last week on Malwarebytes Labs, we looked at browser lockers that fly under the radar with complete obfuscation, transport and logistics in our series about compromising vital infrastructure, Google logins now requiring JavaScript, how to create a sticky cybersecurity training program, and an...
Update now—July Patch Tuesday patches include fix for exploited zero-day
It’s time to triage a lot of patching again. Microsoft’s July Patch Tuesday includes an actively exploited local privilege escalation vulnerability in the Windows Client/Server Runtime Subsystem CSRSS. This vulnerability immediately made it to the Cybersecurity & Infrastructure Security Agency CI...
Research claims Google Pixel phones share 20 times more data than iPhones
If youre an Android phone user, now might be a good time to invest in a good pair of ear plugs. Fans of iPhones arent known for being shy when it comes to telling Android users that Apple products are superior, and things may be about to get worse, thanks to a new research paper pdf. Researchers ...
APC warns about critical vulnerabilities in online UPS monitoring software
In a security notification, APC has warned home and corporate users about critical vulnerabilities in the software used to monitor and control their UPS systems online. APC, which started as the American Power Conversion in 1981, today is a part of Schneider Electric™. APC is an industry leader i...
Remcos RAT delivered via Visual Basic
This blog post was authored by Erika Noerenberg Introduction Over the past months, Malwarebytes researchers have been tracking a unique malspam campaign delivering the Remcos remote access trojan RAT via financially-themed emails. Remcos is often delivered via malicious documents or archive files...
VMWare vulnerabilities are actively being exploited, CISA warns
The Cybersecurity & Infrastructure Security Agency has issued an Emergency Directive ED 22-03 and released a Cybersecurity Advisory CSA about ongoing, and expected exploitation of multiple vulnerabilities in several VMware products. Chaining unpatched VMware vulnerabilities The title of the...
[updated] You can update now: Microsoft patches 97 bugs including 6 zero-days and a wormable one
How time flies sometimes. Microsoft yesterday released the first patch Tuesday security updates of the year 2022. The update includes fixes for six zero-day vulnerabilities and a total of 97 bugs. This includes two Remote Code Execution RCE vulnerabilities affecting open source libraries. None of...
After Log4j, December’s Patch Tuesday has snuck up on us
For anyone about to sit back after checking their environment for the Log4j vulnerabilities and applying patches where needed, here are some more things that need patching. Microsoft In 2021’s final Patch Tuesday, Microsoft included a total of 67 fixes for security vulnerabilities. The total set ...
SonicWall warns users to patch critical vulnerability “as soon as possible”
SonicWall has issued a security notice about its SMA 100 series of appliances. The vulnerability could potentially allow a remote unauthenticated attacker the ability to delete arbitrary files from a SMA 100 series appliance and gain administrator access to the device. SonicWall SonicWall is a...
Researchers go hunting for Netflix’s Bandersnatch
A new research paper from the Indian Institute of Technology Madras explains how popular Netflix interactive show Bandersnatch could fall victim to a side-channel attack. In 2016, Netflix began adding TLS Transport Layer Security to their video content to ensure strangers couldn’t eavesdrop on...
Week in Security (August 7 – August 13)
Last week, we explained how security certificates work and how malware authors have used them to block security software from being downloaded and executed. We also showed how the Magnitude exploit kit is spreading a Cerber ransomware variant that uses binary padding in an attempt to get skipped,...
Update now! VMWare patches critical vulnerabilities in several products
In a new critical security advisory, VMSA-2022-0021, VMWare describes multiple vulnerabilities in several of its products, one of which has a CVSS score of 9.8. Exploiting these vulnerabilities would enable a threat actor with network access to bypass authentication and execute code remotely...
How to block ads like a pro
In part one of this series, we had a look at a few reasons why you should be blocking online advertisements on your network and devices. From malvertising attacks and privacy-invading tracking systems to just being an outright annoyance, online ads and trackers are a nuisance that provides an...
Explained: YARA rules
YARA rules are a way of identifying malware or other files by creating rules that look for certain characteristics. YARA was originally developed by Victor Alvarez of Virustotal and is mainly used in malware research and detection. It was developed with the idea to describe patterns that identify...
TrickBot comes with new tricks – attacking Outlook and browsing data
Last year we reported about a new modular malware using a network protocol similar to Dyreza - you can read about it here. The malware was not very stealthy and some parts were looking to be under development, but we noticed its potential and capability to be easily extended. Indeed, authors of...
Own an older iPhone? Check you're on the latest version to avoid this bug
In December, 2022, we warned our readers about an actively exploited vulnerability in Apples WebKit. Back then we wondered why Apple specifically stated that the issue may have been actively exploited against versions of iOS released before iOS 15.1. At the time, our resident Apple expert Thomas...