Hackers all over the world are targeting Tasmania’s emergency services

Emergency services—under which the police, fire, and emergency medical services departments fall—is an infrastructure vital to any country or state. But when those services come under threat from either physical or cyber entities, it’s as good as putting the lives of citizens at risk as well...

FBI server hijacked to send up to 100,000 bogus attack mails

If you received a scary missive from what appears to be from the FBI over the last few days, youre not alone. The emails, which may have reached as many as 100,000 people, blamed a fictitious cyberattack on an innocent party. The mail read as follows: Our intelligence monitoring indicates...

Instagram’s memorialize feature abused to memorialize…Instagram’s boss

The mechanisms for memorialising the social network accounts of people who’ve died haven’t really suffered a lot of scrutiny up until now. I’ve done a fair amount of research on the processes and perils we face in the digitally deceased age. Traditionally, the biggest issues in this space tended ...

Zuckerberg’s Metaverse, and the possible privacy and security concerns

The news is currently jam-packed with tales of Facebooks Meta project. Of particular interest to me is Facebook’s long-stated desire to introduce adverts into the VR space, and what this may mean for Meta too. I’ve talked about the privacy and legal aspects of adverts in gaming and other tech...

A week in security (Oct 18 – Oct 24)

Last week on Malwarebytes Labs Multiple vulnerabilities in popular WordPress plugin WP Fastest Cache. “Killware”: Is it just as bad as it sounds? REvil ransomware disappears after Tor services hijacked. Protect yourself from BlackMatter ransomware: Advice issued. q-logger skimmer keeps Magecart...

Making better cybersecurity training: Q&A with Malwarebytes expert Kelsey Prichard

If you hadn’t noticed by now, we are in the first week of National Cybersecurity Awareness Month, which, according to the Cybersecurity Infrastructure and Security Agency in the United States, means that we should all consider how people, organizations, and businesses can “be cyber smart” this ye...

Google to auto-enrol users, YouTubers into 2SV

Googles announced some changes to how its helping millions of its users stay safe and secure. The biggest of those changes is that it plans to auto-enrol its users in to two-step verification, or 2SV. 2SV adds an extra layer when logging into your account and the additional step happens after you...

What are SSL certificates?

Secure Sockets Layer SSL certificates are what cause your browser to display a padlock icon, indicating that your connection to a websites is secure. Although the padlock may soon be hidden from view, certificates arent going anywhere. Lets start with some definitions and explain some of the...

New evasion techniques found in web skimmers

For a number of years, criminals have been able to steal credit card details from unaware online shoppers without attracting too much attention. Few people in the security industry were talking about these credit card web skimmers, both server-side and client-side, before the latter became largel...

Kotlin-based malicious apps penetrate Google market

An open-source programming language, Kotlin is a fully-supported official programming language for Android. Google boasts that Kotlin contains safety features in order to make apps "healthy by default." Many apps are already built with Kotlin, from the hottest startups to Fortune 500 companies...

Facebook phishers want you to “Connect with Facebook”

As we edge toward Christmas, scammers are throwing their own party—in the form of Facebook phishing pages linked to and from bogus landing pages hosted on sitesdotgoogledotcom URLs. These landing pages, adorned with very large and very fake "Login with Facebook" buttons, may be extra convincing t...

Tech support scammer tries to sell free software

AmericaGeeks is your typical tech support scam company, but with an extra warming glow of attitude, greed, and complete all-around rudeness. Most scams will gladly take your money by buttering up the victim while simultaneously scaring them into thinking that they are in a dangerous situation wit...

Explained: the cloud

Even if you are reading this post because you have no idea what the cloud is, you might be using it more often than you realize. Twitter, LinkedIn, Dropbox, Google Drive, and Microsoft Office 365 are some of the most well-known cloud apps. Let’s start with a definition of the cloud to get a grip ...

A week in security (June 19 – June 25)

Last week, we expanded on all the different technologies that Malwarebytes uses to break the attack chain and our Incident Response solution. We also warned you about a Roblox Robux generator scam and a phish targeting customers of Barclays Bank. Below are notable news stories and security-relate...

Payment apps are watching what you say (Lock and Code S07E11)

This week on the Lock and Code podcast … In the United States today, you can have your bank account closed, your credit cards cancelled, and your online payments revoked for any number of crimes, like funding terrorism, engaging in money laundering, or violating sanctions. Sensible, right? Well,...

A week in security (May 11 – May 17)

Last week on Malwarebytes Labs: Attackers replaced JDownloader installer downloads with malware Meta’s confusing new approach to chat privacy Why Malwarebytes blocks some Yahoo Mail redirects Fake Claude search results lure Mac users into ClickFix attack Deepfake sextortion forces schools to remo...

Microsoft says Edge’s plaintext password behavior is “by design”

Some time ago, we discussed whether you should allow your browser to remember your passwords. In that article we mentioned the importance of encryption. “ With a browser password manager, someone with access to your browser could see your passwords in clear text, although Windows can be set to as...

Stalkerware apps go dark after data breach

A stalkerware company that recently leaked millions of users' personal information online has taken all of its assets offline without any explanation. Now Malwarebytes has learned that the company has taken down other apps too. Back in February, news emerged of a stalkerware app compromise...

Android users bombarded with unskippable ads

Researchers have discovered a very versatile ad fraud network—known as Kaleidoscope—that bombards users with unskippable ads. Normally, ad fraud is not a concern for users of infected devices. They might experience some sluggish behavior on their device, but often that’s the extent of it. Ad frau...

Did DOGE “breach” Americans’ data? (Lock and Code S06E08)

This week on the Lock and Code podcast … If you don't know about the newly created US Department of Government Efficiency DOGE, there's a strong chance they already know about you. Created on January 20 by US President Donald Trump through Executive Order, DOGE's broad mandate is “modernizing...

A week in security (March 24 – March 30)

Last week on Malwarebytes Labs: Vulnerability in most browsers abused in targeted attacks "This fraud destroyed my life." Man ends up with criminal record after ID was stolen Moving from WhatsApp to Signal: A good idea? Security expert Troy Hunt hit by phishing attack Booking.com phish uses fake...

AMOS and Lumma stealers actively spread to Reddit users

We were alerted to Mac and Windows stealers currently distributed via Reddit posts targeting users engaging in cryptocurrency trading. One of the common lures is a cracked software version of the popular trading platform TradingView. The crooks are posting links to both Windows and Mac installers...

SecTopRAT bundled in Chrome installer distributed via Google Ads

Criminals are once again abusing Google Ads to trick users into downloading malware. Ironically, this time the bait is a malicious ad for Google Chrome, the world's most popular browser. Victims who click the ad land on a fraudulent Google Sites page designed as a intermediary portal, similar to...

Dental group lied through teeth about data breach, fined $350,000

A US chain of dental offices known as Westend Dental LLC denied a 2020 ransomware attack and its associated data breach, instead telling their customers that data was lost due to an “accidentally formatted hard drive.” Unfortunately for the organization, the truth was found out. Westend Dental...

Data breaches in 2024: Could it get any worse?

It may sound weird when I say that I would like to remember 2024 as the year of the biggest breaches. That’s mainly because that would mean we’ll never see another year like it. To support this nomination, I will remind you of several high-profile breaches, some of a size almost beyond imaginatio...

Crypto’s rising value likely to bring new wave of scams

With the value of cryptocurrencies going to the roof, you can expect several attempts to get defrauded if you even show the slightest interest in the topic or not. Since most cybercriminals lack creativity and are notoriously lazy, we expect to see only slight variations of old tricks. So, we...

San Francisco’s fight against deepfake porn, with City Attorney David Chiu (Lock and Code S05E20)

This week on the Lock and Code podcast … On August 15, the city of San Francisco launched an entirely new fight against the world of deepfake porn—it sued the websites that make the abusive material so easy to create. “Deepfakes,” as they’re often called, are fake images and videos that utilize...

Planned Parenthood partly offline after ransomware attack

In late August, Intermountain Planned Parenthood of Montana suffered a cyberattack which is still under investigation. The attack has been claimed by a ransomware group. Intermountain Planned Parenthood Inc., doing business as Planned Parenthood Of Montana, is a nonprofit organization that provid...

Hundreds of online stores hacked in new campaign

Whenever you shop online and enter your payment details, you could be at risk of being a victim of fraud. Digital skimmers are snippets of code that have been injected into online stores and they can steal your credit card number, expiration date and CVV/CVC as you type it in. We recently detecte...

Google Manifest V3 and Malwarebytes Browser Guard

We wanted to update you on some changes that Google’s making, and what we’re doing in Browser Guard to keep you protected. Some of our customers have recently reported seeing messages that say Browser Guard may soon no longer be supported in their browser. Luckily, theres no need for you to worry...

Apple fixes Siri vulnerabilities that could have allowed sensitive data theft from locked device. Update now!

Apple has released security updates for many of its products in order to patch several vulnerabilities that could allow an attacker to steal sensitive information from a locked device. Included in the patches for Apple Watch, iOS, and iPadOS are four vulnerabilities in Siri. While your device is...

Dangerous monitoring tool mSpy suffers data breach, exposes customer details

In a new episode of Spy vs Spy, the mobile monitoring app mSpy has suffered a data breach that exposed information about millions of its customers. As Malwarebytes Labs has reported before, the types of companies that make mobile applications that enable users to non-consensually spy and monitor ...

‘RockYou2024’: Nearly 10 billion passwords leaked online

On a popular hacking form, a user has leaked a file that contains 9,948,575,739 unique plaintext passwords. The list appears to be a compilation of passwords that were obtained during several old and more recent data breaches. The list is referred to as RockYou2024 because of its filename,...

Ticketmaster hackers release stolen ticket barcodes for Taylor Swift Eras Tour [updated]

The cybercriminals who claimed responsibility for the Ticketmaster data breach say theyve stolen 440,000 tickets for Taylor Swift’s Eras Tour. As proof, an entity using the handle Sp1d3rHunters, a merger of Sp1d3r and ShinyHunters who are both aliases associated with the breach, leaked 170k...

Neiman Marcus confirms breach. Is the customer data already for sale?

Luxury retail chain Neiman Marcus has begun to inform customers about a cyberattack it discovered in May. The attacker compromised a database platform storing customers personal information. The letter tells customers: “Promptly after learning of the issue, we took steps to contain it, including ...

Google’s Chrome changes make life harder for ad blockers

Despite protests, Google is rolling out changes in the Chrome browser that make it harder for ad blockers to do their job. Starting last Monday, June 3, 2024, Chrome Beta, Dev, and Canary channels will see the effects of the implementation of the new extension platform Manifest V3. The gradual...

How to turn off location tracking on Android

Android devices come with location services. Some apps need access to location services to function properly. However, there may be reasons why you don’t want your device to be located, often because you don’t want to be found and the device is always with you. Depending on who you are trying to...

[updated] Deleted iPhone photos show up again after iOS update

iPhone owners are reporting that photos theyd deleted are now back on their phones, after updating to iOS 17.5. With so many users reporting similar oddities, it would seem something went wrong, or at least different than to be expected. Here are some examples from Reddit: “When in conversation...

Scammers can easily phish your multi-factor authentication codes. Here’s how to avoid it

More and more websites and services are making multi-factor-authentication MFA mandatory, which makes it much harder for cybercriminals to access your accounts. Thats a great thing. But as security evolves, so do cybercriminals who are always looking for new ways to scam us. A type of phishing we...

A week in security (April 8 – April 14)

Last week on Malwarebytes Labs: How to change your Social Security Number Apple warns people of mercenary attacks via threat notification system How to check if your data was exposed in the AT&T breach Microsoft’s April 2024 Patch Tuesday includes two actively exploited zero-day vulnerabilities H...

Bing ad for NordVPN leads to SecTopRAT

Most of the malicious search ads we have seen have originated from Google, but threat actors are also abusing other search engines. Microsoft Bing is probably the second best target due to its close ties to the Windows ecosystem and Edge browser. In this blog post, we look at a very recent...

Google Chrome gets ‘Device Bound Session Credentials’ to stop cookie theft

Google has announced the introduction of Device Bound Session Credentials DBSC to secure Chrome users against cookie theft. In January we reported how hackers found a way to gain unauthorized access to Google accounts, bypassing multi-factor authentication MFA, by stealing authentication cookies...

Stopping a K-12 cyberattack (SolarMarker) with ThreatDown MDR

In early 2024, a large K-12 school district partnered with ThreatDown MDR to strengthen its cybersecurity posture. Shortly after onboarding, ThreatDown MDR analysts detected unusual patterns of activity subsequently identified as the work of SolarMarker, a sophisticated backdoor. It became eviden...

Webinar recap: 6 critical cyberthreats in 2024 and how to counter them

Our webinar on the 2024 State of Malware report is now available on-demand. Featuring cybersecurity experts Mark Stockley and Jérôme Segura, this webinar unpacks 2024’s most critical cyberthreats, including big game ransomware, malvertising, and emerging challenges to mobile and Mac security. Key...

Raccoon Infostealer operator extradited to the United States

A Ukrainian national, Mark Sokolovsky, has been indicted for crimes related to fraud, money laundering and aggravated identity theft and extradited to the United States from the Netherlands, the US Attorney’s Office of the Western District of Texas has announced. In March 2022, around the same ti...

ChatGPT accused of breaking data protection rules

Italys Data Protection Authority GPDP has uncovered data privacy violations related to collecting personal data and age protections after an inquiry into OpenAI’s ChatGPT. OpenAI has 30 days to respond with a defense. ChatGPT is an artificial intelligence AI chatbot that can engage in conversatio...

A true tale of virtual kidnapping: Lock and Code S05E02

This week on the Lock and Code podcast… On Thursday, December 28, at 8:30 pm in the Utah town of Riverdale, the city police began investigating what they believed was a kidnapping. 17-year-old foreign exchange student Kai Zhuang was missing, and according to Riverdale Police Chief Casey Warren,...

Webinar recap: Ransomware gangs and Living Off The Land attacks (LOTL)

Discover the intersection of Ransomware-as-a-Service RaaS gangs and Living Off The Land LOTL attacks in our latest webinar, now available on-demand, led by cybersecurity experts Ian Thomas, Mark Stockley, and Bill Cozens. The webinar revealed how RaaS gangs use LOTL tactics, leveraging legitimate...

FBI issues advisory over Play ransomware

The Federal Bureau of Investigation FBI, Cybersecurity and Infrastructure Security Agency CISA, and the Australian Signals Directorate’s Australian Cyber Security Centre ACSC have released a joint Cybersecurity Advisory CSA about Play ransomware. According to the FBI, Play made around 300 victims...

A week in security (December 11 – December 17)

Last week on Malwarebytes Labs: PikaBot distributed via malicious search ads Chrome starts the countdown to the end of tracking cookies Apple to introduce new feature that makes life harder for iPhone thieves Recently-patched Apache Struts vulnerability used in worldwide attacks ALPHV ransomware...