Chrome starts the countdown to the end of tracking cookies

Google has announced that it will start rolling its Chrome web browsers new Tracking Protection feature from January of 2024. Tracking Protection is part of Google’s Privacy Sandbox initiative to phase out third-party cookies. The Tracking Protection feature aims to disable third-party cookies...

A week in security (December 4 – December 10)

Last week on Malwarebytes Labs: Meta’s Purple Llama wants to test safety risks in AI models US government is snooping on people via phone push notifications, says senator Android phones can be taken over remotely – update when you can How IT teams can conduct a vulnerability assessment for...

Meta’s Purple Llama wants to test safety risks in AI models

Meta has announced Purple Llama, a project that aims to "bring together tools and evaluations to help the community build responsibly with open generative AI models." Generative Artificial Intelligence AI models have been around for years and their main function, compared to older AI models is th...

Roblox and Twitch provider Tipalti breached by ransomware [updated]

As a response to this post, Tipalti reached out to us and asked us to post the following statement: Tipalti takes the security of our systems and data very seriously and has strong security protocols and tools in place. The Tipalti cybersecurity team and third-party forensic experts have been...

Will ChatGPT write ransomware? Yes.

This morning I decided to write some ransomware, and I asked ChatGPT to help. Not because I wanted to turn to a life of crime, but because I wanted to see if anything had changed since March, when I last tried the same exact thing. In short: ChatGPT has helped me, worryingly so. But more on that...

A week in security (November 20 – November 26)

Last week on Malwarebytes Labs: Windows Hello fingerprint authentication can be bypassed on popular laptops Citrix Bleed widely exploitated, warn government agencies Chrome pushes forward with plans to limit ad blockers in the future $19 Stanley cup deal is a Black Friday scam Malwarebytes consum...

Face search engine PimEyes stops searches of children’s faces

In what may come as a surprise, subscription-based face search engine PimEyes seems to have realized that their service can be used for nefarious purposes. PimEyes’ CEO Giorgi Gobronidze told the New York Times that it has taken technical measures to block such searches as part of a “no harm...

Announcing NEW Malwarebytes Identity Theft Protection

We’ve always been committed to keeping you safe and secure online. But these days, cybersecurity isn’t just about defending you from malware; it’s about protecting your—and your family’s—entire digital identity. We know that people are worried. In fact, in our latest report, titled “Everyone’s...

Stalkerware activity drops as glaring spying problem is revealed

North America has a spying problem. Its perpetrators are everyday people. According to recent research from Malwarebytes, 62 percent of people in the United States and Canada admitted to monitoring their romantic partners online in one form or another, from looking through a spouses or significan...

CISA catalog passes 1,000 known-to-be-exploited vulnerabilities. Celebration time, or is it?

On September 18, 2023, the Cybersecurity & Infrastructure Security Agency CISA announced that its Known Exploited Vulnerabilities KEV catalog has reached the milestone of covering more than 1,000 vulnerabilities since its launch in November 2021. This may seem like a lot, but with over 25,000 new...

Multi-factor authentication has proven it works, so what are we waiting for?

Recently, Amazon announced that it will require all privileged Amazon Web Services AWS accounts to use multi-factor authentication MFA, starting in mid-2024. Our regular readers will know that we feel that passwords alone are not adequate protection, especially not for your important accounts. So...

Malicious ad served inside Bing's AI chatbot

In February 2023, Microsoft disclosed its new AI-assisted search engine, Bing Chat, powered by OpenAI's GPT-4. Even though Google has been dominating the search industry for years, this event was significant enough to generate not only interest but also plant the seed for a possible change in the...

PSA: Ongoing Webex malvertising campaign drops BatLoader

A new malvertising campaign is targeting corporate users who are downloading the popular web conferencing software Webex. Threat actors have bought an advert that impersonates Cisco's brand and is displayed first when performing a Google search. We are releasing this blog to warn users about this...

How Microsoft's highly secure environment was breached

An investigation by Microsoft has finally revealed how China-based hackers circumvented the protections of a "highly isolated and restricted production environment" in May 2023 to unlock sensitive email accounts belonging to US government agencies. The attack was first reported by Microsoft in...

FreeWorld ransomware attacks MSSQL—get your databases off the internet

When we think of ransomware and brute force password guessing attacks, we normally think of RDP, but recent research from Securonix reminds us that anything secured with a password and exposed to the internet is of interest to cybercriminals. Microsoft's Remote Desktop Protocol has been a favouri...

Google’s “browse privately” is nothing more than a word play, lawyers say

Google will have to appear in court after a judge denied their request for summary judgment in a lawsuit filed by users alleging the company illegally invaded the privacy of millions of people. Lawsuits against big tech over privacy issues are not much of a surprise these days, unfortunate as tha...

Server breach could be fatal blow for LetMeSpy

A mobile app designed to let people spy on others will shortly be going out of business after a server breach and mass deletion incident. The app, LetMeSpy, sits silently and invisibly on a phone and collects call logs, location data, and even text messages. This kind of program is commonly...

Global ransomware attacks at an all-time high, shows latest 2023 State of Ransomware report

Ransomware attacks have shown no signs of slowing down in 2023. A new report from the Malwarebytes Threat Intelligence team shows 1,900 total ransomware attacks within just four countries--the US, Germany, France, and the UK--in one year. The findings, compiled together in the 2023 State of...

Phishing campaigns are using AMP URLs to avoid detection

Researchers have found a new phishing tactic which uses Google Accelerated Mobile Pages AMP to make URLs look trustworthy. The tactic is designed to slip past both software and users on the lookout for strange and untrustworthy domain names. AMP is an open-source HTML framework designed to make w...

A week in security (July 24 - July 30)

Last week on Malwarebytes Labs: Zimbra issues awaited patch for actively exploited vulnerability Patch now! Ivanti Endpoint Manager Mobile Authentication vulnerability used in the wild 60,000 Androids have stalkerware-type app Spyhide installed Ransomware groups claim responsibility for...

Proposed Massachusetts law to ban sale of your mobile location data

Cellular location phone data may be banned from sale in the state of Massachusetts, under a proposed law set to ruffle some data broker feathers. The selling of location data has long been a point of contention for privacy experts. As with so much bulk user data, claims of anonymity from the...

How kids pay the price for ransomware attacks on education

Modern ransomware attacks are as much about stealing data and threatening to leak it as they are about encrypting data. Which means that when a school or hospital is attacked, it's often students' and patients' data that's leaked if the ransom demand isn't met. We have to wonder how greedy any...

Software company accused of illegally profiling millions of mobile phone users

A digital rights and privacy organization has filed a complaint against software company TeleSign for gathering and selling information on millions of mobile phone users. The organization that filed the complaint is nyob. nyob is an Austrian based digital right organization that focusses on...

81% concerned about ChatGPT security and safety risks, Malwarebytes survey shows

Seven months after ChatGPT burst into our lives, it seems the lustre of the chatbot-that's-going-to-change-everything is starting to fade. A new survey by Malwarebytes exposes deep reservations about ChatGPT, with optimism in startlingly short supply. Of the respondents familiar with ChatGPT: 81%...

Ransomware attackers email bemused students as leverage for a payout

The University of Manchester has fallen victim to a ransomware gang, who are currently applying an interesting twist to their attack. Blackmail and pressure are two ways to extract funds from potential victims. We see this in sextortion cases, as well as in social engineering. Here, the fraudster...

Ticket scammers target Taylor Swift tour

Taylor Swift fans are being warned to be cautious when buying tickets for her current "Eras" tour, with scammers waiting in the wings to trick would-be gig goers. The Better Business Bureau says it has received somewhere in the region of 200 complaints from residents of Michigan, and theres bound...

Facebook clickbait leads to money scam for users

Online criminals are notorious for lurking on social media sites and tricking users into visiting malicious links. We recently observed a scheme where Facebook users are clicking on posts that lead to external websites set up for the sole purpose of scamming them out of hundreds of dollars via fa...

Update now! MOVEit Transfer vulnerability actively exploited

On May 31, 2023, Progress Software released a security bulletin about a critical vulnerability in MOVEit Transfer. The security bulletin states: "a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an un-authenticated attacker to gain unauthorized...

US hospital forced to divert ambulances after cyberattack

The Idaho Falls Community Hospital fell victim to a cyberattack on Monday May 29, 2023. As a result, the hospital had to divert ambulances to other nearby hospitals and close some of its clinics. The hospital is keeping the public updated through its website and Facebook page. "Our commitment to...

Tracking down a trojan: An inside look at threat hunting in a corporate network

At Malwarebytes, we talk a lot about the importance of threat hunting for SMBs--and not for no good reason, either. Just consider the fact that, when a threat actor breaches a network, they dont attack right away. The median amount of time between system compromise and detection is 21 days. By th...

Zip domains, a bad idea nobody asked for

If you heard a strange and unfamiliar creaking noise on May 3, it may have been the simultaneous rolling of a million eyeballs. The synchronised ocular rotation was the less than warm welcome that parts of the IT and security industries--this author included--gave to Google's decision to put .zip...

Child safety app riddled with vulnerabilities: Update now!

An app designed to restrict screen time and add a "kids' mode" for children on smart devices has been found to have a broad range of security issues. The app, "Parental Control - Kids Place" is an Android app which is incredibly popular, sporting 5M+ downloads on its Google Play page. In terms of...

Apple releases first Rapid Security Response update for iOS, iPadOS, and macOS users

On Monday, Apple released its first batch of Rapid Security Response RSR patches, iOS 16.4.1 a, iPadOS 16.4.1 a, and macOS 13.3.1 a, for iPhone and iPad, and macOS devices, respectively. RSR is a new type of software patch delivered between Apple's regular, scheduled software updates. Previously,...

How to keep your ChatGPT conversations out of its training data

Last week, OpenAI announced it had given ChatGPT users the option to turn off their chat history. ChatGPT is a "generative AI", a machine learning algorithm that can understand language and generate written responses. Users can interact with it by asking questions, and the conversations users hav...

iOS Lockdown Mode effective against NSO zero-click exploit

Apples Lockdown Mode feature alerted a victim to one of the latest NSO exploits, according to a report by Citizen Lab. image courtesy of Citizen Lab This is a huge deal since it shows how useful Lockdown Mode can be, even against exploits developed by one of the worlds most notorious commercial...

Introducing the Malwarebytes Admin app: Endpoint security at your fingertips

If youre on the beach sipping piña coladas, the last thing you probably want to do is rush to your desktop and address a critical security issue. And yet, this is the reality for many IT security professionals today. Regardless of the time or current location, security pros are expected to drop...

Fake Chrome updates spread malware

Compromised websites are causing big headaches for Chrome users. A campaign running since November 2022 is using hacked sites to push fake web browser updates to potential victims. Researcher Rintaro Koike says this campaign has now expanded to also target those who speak Korean, Spanish, and...

Port scan attacks: Protecting your business from RDP attacks and Mirai botnets

Compromised IP addresses and domains--otherwise legitimate sites that are exploited by hackers without the owner's knowledge--are frequently utilized to conduct port scanning attacks. Port scanning involves systematically scanning a computer network for open ports, which can then be exploited by...

Ransomware review: April 2023

This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, "known attacks" are those where the victim didn't pay a ransom. This provides the best overall picture of...

Stop! Are you putting sensitive company data into ChatGPT?

Helping to reduce costs and enhance productivity are both things that your employer will look kindly upon. But what if you use an external tool for those tasks and the tasks involve confidential data that ended up on a server outside of the control of your company? Thats a problem. As a news writ...

9 vital criteria for effective endpoint security: Insights from the 'Endpoint Security Evaluation Guide' eBook

Endpoint security has never been more important, and with the increasing complexity of the security stack, choosing the right solution can be confusing. The good news is that there is a guide available to help organizations navigate this complex landscape: the "Endpoint Security Evaluation Guide"...

A week in security (March 27 - April 2)

Last week on Malwarebytes Labs: Solving the passwords hardest problem with passkeys, featuring Anna Pobletts Food giant Dole reveals more about ransomware attack Bogus Chat GPT extension takes over Facebook accounts Ransomware gunning for transport sector's OT systems next GitHub accidentally...

ChatGPT leaks bits of users' chat history

New gadgets and software come with new bugs, especially if they're rushed. We can see this very clearly in the race between tech giants to push large language models LLMs like ChatGPT and its competitors out the door. In the most recently revealed LLM bug, ChatGPT allowed some users to see the...

BreachForums to be shut down after all for fear of law enforcement infiltration

On March 15, 2023 US law enforcement arrested a man from New York who was accused of being the administrator of BreachForums, a well-known and probably the largest Dark Web marketplace for stolen data to be leaked and sold. At first, a new administrator rose to the occasion and said they were...

How to avoid potentially unwanted programs

If youve ever downloaded software onto your computer, chances are youve unknowingly cluttered your machine with PUPs. Heres what you need to know about these sneaky programs. What are PUPs? If you're thinking baskets of doe-eyed baby dogs, then you're sadly mistaken. PUPs is the acronym for...

A week in security (March 6 - 12)

Last week on Malwarebytes Labs: 8 cybersecurity tips to keep you safe when travelling National Cybersecurity Strategy Document: What you need to know Intel CPU vulnerabilities fixed. But should you update? Warning issued over Royal ransomware Play ransomware gang leaks City of Oakland data...

Play ransomware gang leaks City of Oakland data

The Play ransomware gang has begun partially publishing data they stole from the City of Oakland, California. The data were in multiple archive files with a collective file size of 10GB. According to the ransomware gang, the files contain "private and personal information data, financial...

How to work from home securely, the NSA way

People working remotely is no longer unusual, so the National Security Agency NSA has produced a short Best Practices PDF document detailing how remote workers can keep themselves safe from harm. In fact, the guide can also be applied to people using computers at home generally and is written in ...

Arrested: Fearmongering data thieves who victimized thousands of businesses

The Dutch police have announced the arrest of three more suspects in one of the biggest data extortion cases to date. The men, all aged between 18 and 21, were allegedly involved in extorting businesses and selling stolen data to other criminals. During a two-year investigation the police learned...

Malwarebytes wins 2023 CRN 'Coolest Endpoint And Managed Security Companies' award

CRN, a trusted source for IT channel news and analysis, has named Malwarebytes one of the "Coolest Endpoint And Managed Security Companies" on the 2023 CRN Security 100 list. The CRN Security 100 highlights channel-friendly cybersecurity vendors across a number of market segments including Endpoi...