A week in security (August 8 - August 14)

Last week on Malwarebytes Labs: KMSpico explained: No, KMS is not "kill Microsoft" Twitter data breach affects 5.4M users Can your EDR handle a ransomware attack? 6-point checklist for an anti-ransomware EDR Twilio breached after social engineering attack on employees Summer of exploitation leads...

A week in security (August 1 - August 7)

Last week on Malwarebytes Labs: Have we lost the fight for data privacy? Lock and Code S03E16 Wrestling star Mick Foleys Twitter compromised, selling PS5 consoles Millions of Arris routers are vulnerable to path traversal attacks When a sextortion victim fights back How to protect yourself and yo...

Wrestling star Mick Foley’s Twitter compromised, selling PS5 consoles

One of the biggest wrestling stars around, Mick Foley, had his Twitter account hijacked in an attempt to legitimize a very popular scam. When a well known individual has their social media accounts compromised, disaster looms, as everything from phishing to malware distribution waits in the wings...

Have we lost the fight for data privacy? Lock and Code S03E16

At the end of 2021, Lock and Code invited the folks behind our news-driven cybersecurity and online privacy blog, Malwarebytes Labs, to discuss what upset them most about cybersecurity in the year prior. Today, we're bringing those same guests back to discuss the other, biggest topic in this spac...

Google delays Chrome third party cookie sunsetting…again

Weve seen many examples of third-party cookies being tackled by browsers recently. Its not so long ago that Firefox effectively locked down third-party tracking by isolating cookies into so-called jars. By doing so, their "Total Cookie Protection" seeks to prevent all those cookies on your PC...

T-Mobile agrees to pay customers $350 million in settlement over data breach

T-Mobile has agreed to pay $350 million to settle class action claims related to a 2021 cyberattack which impacted around 80 million US residents. Under the proposed settlement, T-Mobile would also commit to an aggregate incremental spend of $150 million for data security and related technology i...

Low-income consumers preyed on by fake ISP during pandemic, FCC says

The FCC Federal Communications Commission has proposed a fine of $220,210 against Kyle Traxler of Ohio for allegedly establishing the bogus internet provider, Cleo Communications, to scam low-income consumers. The victims believed they were receiving government-approved discounts on internet...

Ransomware review: June 2022

Malwarebytes Threat Intelligence builds a monthly picture of ransomware activity by monitoring the information published by ransomware gangs on their Dark Web leak sites. This information represents victims who were successfully attacked but opted not to pay a ransom. In June, LockBit was the mos...

Brave Search wants to replace Google’s biased search results with yours

Brave Search, Brave Softwares privacy search engine, just turned one. To celebrate, the company says it is moving the search engine out of its beta phase to become the default search engine for all Brave browser users. Goodbye, Google? Not entirely. In May 2015, Mozilla alumni Brendan Eich and...

7-Zip gets Mark of the Web feature, increases protection for users

One of the most popular zip programs around, 7-Zip, now offers support for "Mark of the Web" MOTW, which gives users better protection from malicious files. This is good news. But what does that actually mean? In the bad old days, opening up a downloaded document could be a fraught exercise...

Internet Safety Month: 7 tips for staying safe online while on vacation

Going on vacation has never been more talked about and anticipated. I mean—for many of us, its been a while. But before you get lost in dreamy thoughts of sun, sea, and sand, you might want to set aside some time to plan on how to keep your devices, and your data, safe while you are relaxing Your...

DDoS-for-hire service provider jailed

Matthew Gatrel, a 33-year-old man from St. Charles, Illinois, has been sentenced to two years in prison for running websites that provide powerful distributed denial-of-service DDoS attacks against internet users and websites. This sentencing resulted in the seizure of his websites, making the...

A week in security (June 13 – June 19)

Last week on Malwarebytes Labs: Serious vulnerabilities found in ITarian software, patches available for SaaS products Update Chrome now: Four high risk vulnerabilities found Taking down the IP2Scam tech support campaign Don’t panic! “Unpatchable” Mac vulnerability discovered Introducing...

Securing the software supply chain, with Kim Lewandowski: Lock and Code S03E13

At the start of the global coronavirus pandemic, nearly everyone was forced to learn about the "supply chain." Immediate stockpiling by an alarmed and from a smaller share, opportunistic public led to an almost overnight disappearance of hand sanitizer, bottled water, toilet paper, and face masks...

Photos of kids taken from spyware-ridden phones found exposed on the internet

A stalkerware-type app that boasts "the best free phone spying software on the market," has exposed the data it snooped on from the phones it was installed in. The data exposed by TheTruthSpy included GPS locations and photos on victims phones, and images of children and babies. This news, first...

Record breaking HTTPS DDoS attack

Last week, Cloudflare blocked the largest HTTPS DDoS attack on record. The attack amassed some 26 million requests per second rps. The previous record for a HTTPS DDoS attack was 15.3 million rps. The attack targeted an unnamed Cloudflare customer and originated mostly from Cloud Service Provider...

Coffee app in hot water for constant tracking of user location

A mobile app violated Canadas privacy laws via some pretty significant overreach with its tracking of device owners. The violation will apparently not bring the app owners, Tim Hortons, any form of punishment. However, the fallout from this incident may hopefully serve as a warning to others with...

FBI warns of education sector credentials on dark web forums

The FBI is warning academics to be on their guard, as an embattled education sector continues to experience attacks and breaches, with data spilling onto the so-called dark web. The government agencys Private Industry Notification PDF cites US academic credentials up for grabs from a variety of...

Twitter fined $150M after using 2FA phone numbers for marketing

The Federal Trade Commission FTC and the Department of Justice DOJ have ordered Twitter to pay a $150M penalty for using users account security data deceptively. The deception violates an FTC order from 2011, that bars Twitter from "misleading consumers about the extent to which it protects the...

ChromeLoader targets Chrome Browser users with malicious ISO files

If you’re on the hunt for cracked software or games, be warned. Rogue ISO archive files are looking to infect your systems with ChromeLoader. If you think campaigns such as this only target Windows users, you’d sadly be very much mistaken. The attack sucks in several operating systems and even us...

If you get an email saying “Item stopped due to unpaid customs fee”, it’s a fake

Our spam traps recently caught a phishing scam that neatly illustrates some of the tactics scammers use routinely to avoid both human intuition, and automatic detection. The scam starts with an unsolicited email, of course… The scam email is ostensibly from the Post Office, an instantly...

“Look what I found here” phish targets Facebook users

Facebook-themed messages are a frequent source of bogus links from both spam and compromised accounts. Whether you receive the messages via SMS, the Messenger app, or just inside regular web chat, it pays to be careful. A wide variety of attacks use bogus messages as their launchpad, and the risk...

How COVID-19 fuelled a surge in malware

2021 saw a massive surge in detections of malware, adware, and Potentially Unwanted Programs PUPs. It didnt matter what the computers were used for or what operating system they ran—across business and home computers, on Windows and on Mac, detections went up, enormously. Detections of malware on...

Cyberattacks on SATCOM networks attributed to Russian threat actors

The Cybersecurity & Infrastructure Security Agency CISA and the Federal Bureau of Investigation FBI have updated their joint cybersecurity advisory, Strengthening Cybersecurity of SATCOM Network Providers and Customers, originally released March 17, 2022, with US government attribution to Russian...

College closes down after ransomware attack

Lincoln College, one of the few rural schools in Illinois, said that it will permanently close on Friday, May 13, after 157 years, partly due to the impacts of the COVID-19 pandemic and partly due to a long recovery after a ransomware attack in December 2021. The institution notified the Illinois...

Watch out for these 3 small business cybersecurity mistakes

May 2 marks the start of National Small Business Week, a week that recognizes "the critical contributions of America’s entrepreneurs and small business owners", and promises to "celebrate the resiliency and tenacity of America’s entrepreneurs." That sounds good to us: Small business are a vital...

Beware scammers disguised as fraud busters

Fraudsters like confusing and disorienting people. Successful ones avoid obvious lines of approach and try things you wouldnt expect. A recent story highlights this, with a particularly devious method of parting someone from their money. The Daily Record reports scammers running off with an $11,0...

A week in security (April 18 – 24)

Last week on Malwarebytes Labs: Why you shouldn’t automate your VirusTotal uploads North Korean Lazarus APT group targets blockchain tech companies Watch out for Ukraine donation scammers in Twitter replies Beware tragic “my daughter died…” Facebook posts offering free PS5s US warns of APT groups...

North Korean Lazarus APT group targets blockchain tech companies

A new advisory issued by the Federal Bureau of Investigation FBI, the Cybersecurity and Infrastructure Security Agency CISA, and the US Treasury Department Treasury, highlights the cyberthreats associated with cryptocurrency thefts and tactics used by a North Korean state-sponsored advanced...

Stalkerware-type detections hit record high in 2021, but fell in second half

After having tracked stalkerware for years, Malwarebytes can reveal that in 2021, detections for apps that can non-consensually monitor another persons activity reached their highest peak ever, but that, amidst the record-setting numbers, the volume of detections actually began to significantly...

Successful operations against Russian Sandworm and Strontium groups targeting Ukraine revealed

The US Department of Justice DoJ and Microsoft have taken the sting out of two operations believed to be controlled by the Russian Federation’s Main Intelligence Directorate GRU. On Wednesday, the DOJ announced that it had disrupted GRU’s control over thousands of internet-connected firewall...

Attacks on Ukraine communications are a major part of the war

Since the start of the Russian invasion of Ukraine, the war on the battlefield has been accompanied by cyber attacks. Those attacks against critical infrastructure have knocked out banking and defense platforms, mostly by targeting several communication systems. In a timeline set up by NetBlocks,...

Telling stories securely, with Runa Sandvik: Lock and Code S03E07

In 2017, a former NSA contractor named Reality Winner was arrested for allegedly leaking an internal report to the online news outlet The Intercept. To verify the report itself, a journalist for The Intercept sent an image of the report to the NSA, but upon further inspection, it was revealed tha...

Tech support fraud is still very much alive, says latest FBI report

The FBI’s Internet Crime Complaint Center IC3 has released its annual report. In 2021, IC3 continued to receive a record number of complaints from the American public: 847,376 reported complaints, which was a 7% increase from 2020, with potential losses exceeding $6.9 billion. Among the complaint...

White House urges US businesses: Protect against potential Russian cyberattacks

On Monday, the White House told US business leaders to toughen up their cybersecurity defenses against a potential cyberattack from Russia. "The Biden-Harris Administration has warned repeatedly about the potential for Russia to engage in malicious cyber activity against the United States in...

Clouding the issue: what cloud threats lie in wait in 2022?

As more services move ever cloud-wards, so too do thoughts by attackers as to how best exploit them. With all that juicy data sitting on someone else’s servers, it’s essential that they run a tight ship. You’re offloading some of your responsibility onto a third party, and sometimes things can go...

Fake Royal Mail chatbot offers up…a new iPhone?

Royal Mail scams are always popular techniques for people up to no good. We’ve covered them several times over the last year or so. A quick reminder: Your parcel is waiting for delivery This is the go-to tactic for fake Royal Mail phishing attacks. You receive a text claiming there’s a parcel in...

Google takes on Docs notification spammers

Cloud-based document suites have always been a hot target for scammers. When it’s easy to dip in and out for collaboration purposes, or just share things generally, then its likely that bad people will want in on the action. In 2019, Google calendar users were wading through endless spam...

Cyclops Blink malware: US and UK authorities issue alert

According to a joint security advisory published yesterday by US and UK cybersecurity and law enforcement agencies, a new malware called Cyclops Blink has surfaced to replace the VPNFilter malware attributed to the Sandworm group, which has always been seen as a Russian state-sponsored group...

“Ethnicity recognition” tool listed on surveillance camera app store built by fridge-maker’s video analytics startup

The bizarre promotional video promises “Face analysis based on best of breed Artificial Intelligence algorithms for Business Intelligence and Digital Signage applications.” What follows is footage of a woman pushing her hair behind her ears, a man grimacing and baring his teeth, and an actor in a...

CISA Ransomware report warns “triple threat” attacks still on the prowl

Though we may be stuck with endless COVID-19 scams and a gradual visible rise in all manner of cryptocurrency hijinks, the old school attacks are as perilous as ever; CISA, the Cybersecurity & Infrastructure Security Agency, have released their 2021 report detailing the increasing globalised thre...

The world’s most coveted spyware, Pegasus: Lock and Code S03E04

Two years ago, the FBI reportedly purchased a copy of the worlds most coveted spyware, a tool that can remotely and silently crack into Androids and iPhones without leaving a trace, spilling device contents onto a console possibly thousands of miles away, with little more effort than entering a...

Actor’s verified Twitter profile hijacked to spam NFT giveaways

When we refer to hijacked verified profiles on Twitter, it’s most commonly some sort of Elon Musk themed scam. The hijackers compromise the account, switch the picture to Elon, and then start spamming cryptocurrency links. Alternatively, they may keep the account as it is and spam images claiming...

A week in security (January 17 — 23)

Last week on Malwarebytes Labs: CISA calls for urgent action against critical threats Red Cross begs attackers to “Do the right thing” after family reunion service compromised Update now! Chrome patches critical RCE vulnerability in Safe Browsing Combatting SMS and phone fraud: UK government issu...

New iPhone malware spies via camera when device appears off

When removing malware from an iOS device, it is said that users need to restart the device to clear the malware from memory. That is no longer the case. Security researchers from ZecOps have created a new proof-of-concept PoC iPhone Trojan capable of doing "fun" things. Not only can it fake a...

Purple Fox rootkit now bundled with Telegram installer

The Purple Fox rootkit is being spread as an installer for the popular Telegram instant messaging app for Windows, according to researchers. Its not clear how the installer in this case was distributed, although it seems like at least some were delivered via email. Common distribution methods for...

What angered us most about cybersecurity in 2021: Lock and Code S03E01

We are just three days into 2022, which means what better time for a 2021 retrospective? But rather than looking at the biggest cyberattacks of last year—which we already did—or the most surprising—like we did a couple of years ago—we wanted to offer something different for readers and listeners...

Police forces pipe 225 million pwned passwords into ‘Have I Been Pwned?’

On his blog, Troy Hunt has announced a major milestone in the ‘Have I Been Pwned?’ project, thanks to the contributions of two of the worlds foremost law enforcement agencies, the FBI and the NCA the UK equivalent of the FBI, the National Crime Agency. This enormous injection of used passwords ha...

Click “OK” to defeat MFA

Researchers have discovered that Nobelium—the threat actor behind the infamous SolarWinds supply-chain attack, the Sunburst backdoor, TEARDROP malware, GoldMax malware, and other malicious activities—has found a way to use stolen credentials even when they require multi-factor authentication that...

Massive faceprint scraping company Clearview AI hauled over the coals

Life must be hard for companies that try to make a living by invading people’s privacy. You almost feel sorry for them. Except I dont. The UK’s Information Commissioner’s Office ICO—an independent body set up to uphold information rights—has announced its provisional intent to impose a potential...