4709 matches found
Microsoft got hacked by state sponsored group it was investigating
In a spy-vs-spy type of scenario, Microsoft has acknowledged that a group called Midnight Blizzard also known as APT29 or Cozy Bear, gained access to a Microsoft legacy non-production test tenant account. According to Microsoft, the group managed to access the account in November after subjecting...
US government is snooping on people via phone push notifications, says senator
Many people don’t realize that the instant alert push notifications you get on your phone are routed through Google or Apples servers, depending on which device you use. So if you have an iPhone or iPad, any push notifications can be seen by Apple, and if you use an Android, they can be seen by...
How IT teams can conduct a vulnerability assessment for third-party applications
Google Chrome, Adobe Acrobat Reader, TeamViewer, you name it—there’s no shortage of third-party apps that IT teams need to constantly check for vulnerabilities. But to get a better picture of the problem, lets bust out some napkin math. The average company uses about 200 applications overall...
Windows 10 gets its own extended security updates program
The day that Windows 10 machines will get their last security updates is set for October 14, 2025. So if you want to stay secure, you’d have to upgrade to a newer version. Either to Windows 11, which is not all that different, but more demanding when it comes to system requirements. Or to the...
Roblox and Twitch provider Tipalti breached by ransomware [updated]
As a response to this post, Tipalti reached out to us and asked us to post the following statement: Tipalti takes the security of our systems and data very seriously and has strong security protocols and tools in place. The Tipalti cybersecurity team and third-party forensic experts have been...
Social media giants to testify over failing to protect kids
US senators have urgently invited the CEOs of five of the major social media giants to testify about their failure to protect children online. The Senate Judiciary Committee said it will hear from Meta CEO Mark Zuckerberg, X formerly Twitter CEO Linda Yaccarino, TikTok CEO Shou Zi Chew, Snap CEO...
A week in security (November 06 – November 12)
Last week on Malwarebytes Labs: Defeating Little Brother requires a new outlook on privacy: Lock and Code S04E23 Medical research data Advarra stolen after SIM swap Okta breach happened after employee logged into personal Google account Introducing ThreatDown: A new chapter for Malwarebytes...
Patch…later? Safari iLeakage bug not fixed
Apple has released updates for its phones, Macs, iPads, watches, and TV streaming devices, fixing a bunch of security problems. But amid all that activity, one fix is notably absent—there is nothing to address the vulnerability dubbed iLeakage. iLeakage is a side-channel attack that can force the...
Explained: Quishing
Quishing is phishing using QR Quick Response codes. QR codes are basically two-dimensional barcodes that hold encoded data, and they can be used to work as a link. Point your phone's camera at a QR code and it will ask you if you want to visit the link. The use of QR codes in malicious campaigns ...
Microsoft Teams used to deliver DarkGate Loader malware
Researchers have found a new method by which cybercriminals are spreading the DarkGate Loader malware. Until now, DarkGate was typically distributed via phishing emails. The malspam campaign used stolen email threads to lure victims into clicking a hyperlink, which downloaded the malware. But...
Re-air: What teenagers face growing up online: Lock and Code S04E19
This week on the Lock and Code podcast... In 2022, Malwarebytes investigated the blurry, shifting idea of "identity" on the internet, and how online identities are not only shaped by the people behind them, but also inherited by the internets youngest users, children. Children have always inherit...
Prompt injection could be the SQL injection of the future, warns NCSC
The UK's National Cyber Security Centre NCSC has issued a warning about the risks of integrating large language models LLMs like OpenAIs ChatGPT into other services. One of the major risks is the possibility of prompt injection attacks. The NCSC points out several dangers associated with...
Chrome will soon start removing extensions that may be unsafe
Retroactive removals are finally on the way for malicious Chrome browser extensions. Beginning with Chrome 117, Chrome will "proactively highlight to users when an extension they have installed is no longer in the Chrome web store". Previously, if you installed an extension which was subsequently...
New Security Advisor amps up security in minutes
Malwarebytes Security Advisor, a transformation of the Nebula customer experience, enables organizations to visualize and improve their organization's security posture in just a few minutes. "If youre not fully configured, you arent fully protected," says Jonny Rivera, Director, Customer Experien...
Ransomware making big money through "big game hunting"
Ransomware generates big money for the groups behind it, with new research confirming some of the scale of the problem. Chainalysis, a blockchain research firm, looked at data from monitored cryptocurrency wallets, concluding that around $449 million has been taken from victims in the last six...
Google plans to scrape everything you post online to train its AI
Additions to Googles Privacy Policy are making some observers worry that all of your content is about to be fed into Google's AI tools. Alterations to the T&Cs now explicitly state that your "publicly available information" will be used to train in-house Google AI models alongside other products...
Phishing scam takes $950k from DoorDash drivers
A particularly nasty slice of phishing, scamming, and social engineering is responsible for DoorDash drivers losing a group total of around $950k. DoorDash drivers are contractors who pick up food deliveries from stores and restaurants and deliver the products to the customer. A 21 year old man...
A week in security (June 5 - 11)
Last week on Malwarebytes Labs: Trusting AI not to lie: The cost of truth: Lock and Code S04E12 5 unusual cybersecurity tips that actually work The 2023 State of Ransomware in Education: 84% increase in attacks over 6-month period Information stealer compromises legitimate sites to attack other...
Employee guilty of joining ransomware attack on his own company
A 28-year old IT Security Analyst pleaded guilty and will consequently be convicted of blackmail and unauthorized access to a computer with intent to commit other offences. It all started when the UK gene and cell therapy company Oxford BioMedica fell victim to a cybersecurity incident which...
Google adds unwanted tracker detection to Find My Device network
Last week we reported that Google and Apple were looking for input on a draft specification to alert users in the event of suspected unwanted tracking. Apple and Google said other tracker makers like Samsung, Tile, Chipolo, eufy Security, and Pebblebee have expressed interest in their draft. Now,...
Fake system update drops Aurora stealer via Invalid Printer loader
Malvertising seems to be enjoying a renaissance as of late, whether it is from ads on search engine results pages or via popular websites. Because browsers are more secure today than they were 5 or 10 years ago, the attacks that we are seeing all involve some form of social engineering. A threat...
Would-be hitman busted after being fooled by parody website
A member of the Air National Guard is facing federal charges after applying for a job online as an assassin. According to a Justice Department press release, Josiah Ernesto Garcia from Hermitage, Tennessee, was arrested by an undercover federal agent at a park on April 12, 2023. The FBI affidavit...
What your peers said: G2 comparison of top Endpoint Security vendors
Navigating the world of endpoint security is challenging, with numerous vendors stoking FUD and making bold claims that are difficult to verify. In times like these, the honest opinions of real users are invaluable for busy IT teams. Enter G2, an industry-leading peer-to-peer review site. Each...
WhatsApp introduces new security features
WhatsApp has announced several new security features which include an extra check when an account is transferred to a new device. This check asks that users confirm the transfer on their old device. This should warn users in case there is a transfer in progress started by somebody trying to hijac...
Western Digital confirms breach, affects My Cloud and SanDisk users
Western Digital, a big brand in digital storage, says it has suffered a "network security incident--potentially ransomware--which resulted in a breach and some system disruptions in its business operations. The company identified the incident on March 26 and said an unnamed third party unlawfully...
New macOS malware steals sensitive info, including a user's entire Keychain database
A new macOS malware--called MacStealer--that is capable of stealing various files, cryptocurrency wallets, and details stored in specific browsers like Firefox, Chrome, and Brave, was discovered by security researchers from Uptycs, a cybersecurity company specializing in cloud security. It can al...
Ransomware gunning for transport sector's OT systems next
ENISA the European Union Agency for Cybersecurity has reason to believe that ransomware gangs will begin targeting transportation operational technology OT systems in the foreseeable future. This finding is further explored in the agency's 50-page report entitled ENISA Threat Landscape: Transport...
LockBit ransomware demands $2 million for Pierce Transit data
The Pierce County Public Transportation Benefit Area Corporation Pierce Transit has fallen victim to a cyberattack using LockBit ransomware. Pierce Transit is a public transit operator in Washington state. The attack began on February 14, 2023, and required Pierce Transit to implement temporary...
Internet Explorer users still targeted by RIG exploit kit
Despite a very slim browser market share, Internet Explorer IE is still being exploited by exploit kits like the RIG exploit kit EK. One major advantage for the malware distributors behind the exploit kit is that the outdated browser has reached end-of-life EOL, which means it no longer receives...
Two Supreme Court cases could change the Internet as we know it
The Supreme Court is about to reconsider Section 230, a law thats been the foundation of the way we have used the Internet for decades. The court will be handling a few cases that at first glance are about online platforms' liability for hosting accounts from foreign terrorists. But at a deeper...
WordPress sites backdoored with ad fraud plugin
WordPress is an immensely popular content management system CMS powering over 43% of all websites. Many webmasters will monetize their sites by running ads and need to draw particular attention to search engine optimization SEO techniques to maximize their revenues. But some people will take a...
Update now! GoAnywhere MFT zero-day patched
An emergency patch 7.1.2 has been released for an actively exploited zero-day vulnerability found in the GoAnywhere MFT administrator console. GoAnywhere MFT, which stands for managed file transfer, is a software solution that allows businesses to manage and exchange files in a secure and complia...
New data wipers deployed against Ukraine
As war in Ukraine rages, new destructive malware continues to be discovered. In a recent tweet, the Ukrainian Computer Emergency Response Team CERT-UA named five wipers used against Ukrinform, Ukraines national news agency. It suspects a link to the Sandworm group. UPDATE: UAC-0082 suspected...
CISA releases advice on how to safeguard K–12 organizations
To help K-12 schools and school districts in their struggle against cybercrime the Cybersecurity & Infrastructure Security Agency CISA has released the report, Protecting Our Future: Partnering to Safeguard K-12 organizations from Cybersecurity Threats. A cybersecurity incident can significantly...
"Untraceable" surveillance firm sued for scraping Facebook and Instagram data
Days after Meta achieved victory after suing the NSO Group for Computer Fraud and Abuse Act charges, Meta filed a lawsuit against surveillance company Voyager Labs for violations of its Terms and Policies and California law. According to court documents, Voyager Labs created 38,000 fake accounts ...
2023 prediction: Security workforce shortage will lead to nationally significant cyberattack
If 2022 was any indication, businesses are about to face an unprecedented volume, frequency, and sophistication of cyberthreats in 2023. Global cyberattacks have increased by 483 percent over the last two years, and at the current rate of growth, damage from such attacks will amount to $10.5...
Pokemon NFT card game malware chooses you
Pokemon fans are urged to be on their guard after bogus card game portals have been offering up malware under the guise of NFTs. The sites in question offer up an enticing looking mix of card gaming with a splash of money making on the side. Digital card games are big business in gaming circles,...
The pitfalls of blocking IP addresses
In August 2022, the Austrian court ordered the block of 11 IP addresses for copyright violations on 14 websites. Sadly, there was an undesirable side-effect--thousands of websites were rendered inaccessible to internet users in Austria for two days. There are many possible reasons why governments...
A week in security (October 24 - 30)
Last week on Malwarebytes Labs: Lock and Code: A gym heist in London goes cyber Healthcare site leaks personal health information via Google and Meta tracking pixels An odd kind of cybercrime: Gift vouchers, medical records, and...food Cisco warns of ISE vulnerability with no fixed release or...
Point-of-sale malware used to steal 167,000 credit cards
In the 19 months between February 2021 and September 2022, two point-of-sale POS malware operators have stolen more than 167,000 payment records, mainly from the US, according to researchers at Group-IB. The researchers were able to retrieve information about infected machines and compromised...
Microsoft breach reveals some customer data
Microsoft customers find themselves in the middle of a data breach situation. The Microsoft Security Response Center blog reports that researchers reported a misconfigured Microsoft endpoint on September 24. This miscongifuration resulted in the possibility of "unauthenticated access to some...
Android and Chrome start showing passwords the door
Google has announced that it's bringing passkey support to both Android and Chrome. On May 5, 2022, it said it would implement passwordless support in Android and Chrome and the latest annoncement about passkeys is an important step in that journey. Passkeys Passkeys are a replacement for...
Only half of teens agree they "feel supported online" by parents
Not enough children and teenagers trust their parents to support them online, and not enough parents know exactly how to give the support their children need. Those are some of the latest findings from joint research conducted this summer by Malwarebytes and 1Password, which we have published tod...
TikTok's "secret operation" tracks you even if you don't use it
Consumer Reports CR, a US-based nonprofit consumer organization, has revealed that TikTok gathers data on people who don't even use the app itself. If this sounds familiar, it's because it's happened before. Meta's near-omnipresence wherever you are online enabled it to gather data on users, even...
5 things to teach your kids about social media
With children now back at school, its time to think about social media, and their use of it. Are they already firing out tweets, chatting in Discord channels, or even just looking to set up a Tik-Tok account? Now is the time to consider giving your kids some security and privacy tips for all thei...
Facebook engineers aren't sure where all user data is kept
If it takes a village to raise a child, apparently it takes Facebook a team to tell you what data the company keeps about you and where they keep it. In the recently unsealed transcript of a hearing led by "Discovery Special Master" Daniel Garrie, an expert appointed by the court, two Facebook...
The North Face hit by credential stuffing attack
The North Face clothing brand, which specialises in outdoor and heavy weather outerwear, has experienced a "large-scale" credential stuffing attack. This has resulted in no fewer than 194,905 accounts being compromised. What is credential stuffing, and how did it affect The North Face customers?...
Nearly 2,000 Signal users affected by Twilio phishing attack
New findings following the Twilio phishing attack revealed that Signal, one of its high-value clients and a popular encrypted messaging platform, was particularly affected. 1,900 of its users had their phone numbers and SMS registration codes exposed. However, Signal reassured users that the...
A week in security (August 8 - August 14)
Last week on Malwarebytes Labs: KMSpico explained: No, KMS is not "kill Microsoft" Twitter data breach affects 5.4M users Can your EDR handle a ransomware attack? 6-point checklist for an anti-ransomware EDR Twilio breached after social engineering attack on employees Summer of exploitation leads...
Ransomware review: July 2022
Malwarebytes Threat Intelligence builds a monthly picture of ransomware activity by monitoring the information published by ransomware gangs on their Dark Web leak sites. This information represents victims who were successfully attacked but opted not to pay a ransom. In July, LockBit maintained...