HardBit ransomware tailors ransom to fit your cyber insurance payout

Ransomware authors are wading into the cybersecurity insurance debate in a somewhat peculiar way. Specifically: urging victims to disclose details of their insurance contract, in order to tailor a ransom which will be beneficial to the company under attack. HardBit 2.0: dismantling a device piece...

WordPress sites backdoored with ad fraud plugin

WordPress is an immensely popular content management system CMS powering over 43% of all websites. Many webmasters will monetize their sites by running ads and need to draw particular attention to search engine optimization SEO techniques to maximize their revenues. But some people will take a...

TrickBot gang members sanctioned after pandemic ransomware attacks

In a collaborative partnership, officials in the United States and the United Kingdom unmasked and imposed financial sanctions against seven members of the notorious Russian gang TrickBot alias "TrickLoader", a mainstream banking Trojan turned malware-as-a-service MaaS platform for other criminal...

One in nine online stores are leaking your data, says study

eCommerce security company Sansec has revealed it's found a number of online stores accidentally leaking highly sensitive data. After studying 2,037 online stores, the company found that 12.3 percent exposed compressed files in ZIP, SQL, and TAR archive formats, which BleepingComputer noted appea...

CISA issues alert with South Korean government about DPRK's ransomware antics

CISA and other federal agencies were joined by the National Intelligence Service NIS and the Defense Security Agency of the Republic of Korea ROK in releasing the latest cybersecurity advisory in the US government's ongoing StopRansomware effort. This alert highlights continuous state-sponsored...

Reddit breached, here's what you need to know

On Thursday, February 9, 2023, Reddit reported that it had experienced a security incident as a result of an employee being phished. What happened? According to Reddit, it "became aware of a sophisticated phishing campaign" late on February 5, 2023, that attempted to steal credentials and...

Beware fake Facebook emails saying "your page has been disabled"

Facebook users need to be on their guard for bogus emails claiming to be from Facebook, that tell users their account has been disabled. The emails make use of the classic "apply some pressure" tactics so beloved of scammers everywhere. A missive that makes you shrug wont get you clicking bogus...

Introducing Malwarebytes Application Block: How to block unauthorized software from executing on Windows endpoints

Malwarebytes is excited to announce Application Block, a new module for Nebula and OneView for MSPs which helps organizations easily thwart unwanted applications from launching on Windows endpoints. For as many applications out there that help you keep business running as usual, there are just as...

What privacy can get you

The fight for data privacy must be won in the middle. No declaration, no call to arms, will sway the worst offenders. No public swell, no great big hack, has changed how money gets made. Corporations will continue to reap our data, package it into ad-friendly profiles, and, for a price, deliver t...

"Untraceable" surveillance firm sued for scraping Facebook and Instagram data

Days after Meta achieved victory after suing the NSO Group for Computer Fraud and Abuse Act charges, Meta filed a lawsuit against surveillance company Voyager Labs for violations of its Terms and Policies and California law. According to court documents, Voyager Labs created 38,000 fake accounts ...

Okta breached last month, no customers compromised

Some of Oktas source code fell into the hands of an unauthorized party. The code was stolen from GitHub in the first part of December, according to a statement issued by the company. In the same statement the company reassured users that there was no impact to any customers. Okta Okta is an acces...

Lego's Bricklink steps on cross site scripting blocks

If you build it, they will come. In Legos case, they built it and certain security flaws meant someone could have taken it all apart. PCMag reports that flaws in Legos Bricklink service meant that it was open to potential data leakage or even account hijacking. Those flaws, now addressed,...

BEC scammers go after more than just money

In a joint Cybersecurity Advisory CSA the Federal Bureau of Investigation FBI, the Food and Drug Administration Office of Criminal Investigations FDA OCI, and the US Department of Agriculture USDA recently observed incidents of Business Email Compromise BEC with a new twist. In these incidents th...

Adult popunder campaign used in mainstream ad fraud scheme

This blog post was authored by Jerome Segura Online advertising is a multi billion dollar industry with projected spending to reach over 600 billion U.S. dollars for 2022. It's not surprising that criminals are trying their hardest to abuse this ecosystem in any way that they can. One of the...

Worldwide law enforcement action takes down major DDoS booter services

Criminals making use of booter services which execute Distributed Denial of Service DDoS attacks to take down websites will have to try a little bit harder today: A major international operation has taken no fewer than 48 of the most popular booter services offline. The operation, known as "Power...

Is an outsourced SOC worth it? Looking at the ROI of MDR

In the turbulent world of cybersecurity, one thing is for certain: Threats are evolving in ways that make them harder for organizations to predict--and stop. For businesses with scarce security staff resources and disconnected, complex toolsets, keeping up with todays cyberthreats is even harder...

iPhone user watches as stolen phone travels from UK to China

Have you ever wondered what happens to your phone if its stolen while on vacation or a business trip? The answer may surprise you, as it did one Mastodon user who graciously shared a tale of a smartphone gaining some serious air miles. Our intrepid business traveller was in London when their phon...

Epic Games introduces safer accounts for kids

Epic have made some alterations to how accounts for kids work, with multiple features disabled for what are now known as "Cabined Accounts". If your children are big fans of Epic games like Fortnite and Rocket League, you may well have worried about their gaming interactions with other players at...

SIM swapper jailed for 18 months over crypto heist

Nicholas Truglia 25 from Florida was sentenced to 18 months on Thursday for his involvement in a digital heist that cost Michael Terpin @michaelterpin, a renowned personality in the cryptocurrency space, $23.8M. The theft happened on January 2018, where Truglia and his co-conspirators targeted...

Watch out for this triple threat PayPal phish

ZDNet reports an interesting form of PayPal scam sent to one of their own writers. The scam is a so-called "triple threat" phish, in that it gives the scammer three different ways to potentially collect some ill gotten gains from potential victims. The idea is that if one of the three tactics...

Security advisories are falling short. Here's why, with Dustin Childs: Lock and Code S03E25

Decades ago, patching was, to lean into a corny joke, a bit patchy. In the late 90s, the Microsoft operating system OS Windows 98 had a supportive piece of software that would find security patches for the OS so that users could then download those patches and deploy them to their computers. That...

A gym heist in London goes cyber

A thief has been stalking London. This past summer, multiple women reported similar crimes to the police: While working out at their local gyms, someone snuck into the locker rooms, busted open their locks, stole their rucksacks and gym bags, and then, within hours, purchased thousands of pounds ...

Court rules webcam monitoring of remote employee was an invasion of privacy

A Dutch court has ruled that the decision to fire a remote employee because he refused to keep his webcam on during working hours was unjustified. The employee worked remotely for a Florida-based software development company with a Dutch office. The court ruled that the request to keep the webcam...

Data Access Agreement offers a new path for UK - US data requests

Requesting data for the purposes of law enforcement may be about to become a little easier for the British Government. The Data Access Agreement DAA went live on Monday this week. The DAA is authorised by something called the Clarifying Lawful Overseas Use of Data CLOUD Act, which itself has come...

Fast Company hacked to send obscene and racist messages

Yesterday, Apple News announced it had disabled the channel of Fast Company, a US-based business magazine, after surprised Twitter users reported it was tweeting offensive comments. An incredibly offensive alert was sent by Fast Company, which has been hacked. Apple News has disabled their channe...

TikTok faces $28m fine for failing to protect children's privacy

TikTok is no stranger to controversy where data usage is concerned. Back in 2021, the social media dance extravaganza platform agreed to pay $92m to settle dozens of lawsuits alleging harvesting of personal data. There has also been concern with regard to whether or not settings were enough to ke...

Malwarebytes recognized as endpoint security leader by G2

G2 has released their Fall 2022 reports, ranking Malwarebytes as the leader across a number of endpoint protection categories. Based on factual customer reviews, Malwarebytes has been ranked 1 over top EDR vendors for endpoint malware and antivirus protection, detection and remediation of web-bas...

A week in security (September 12 – 18)

Last week on Malwarebytes Labs: The North Face hit by credential stuffing attack Facebook engineers aren't sure where all user data is kept 6 patch management best practices for businesses The MSP playbook on deciphering tech promises and shaping security culture Apple puts the password on life...

School app Seesaw compromised to send shock NSFW image

On Wednesday, parents and teachers reported that student learning platform, Seesaw, had been hacked after some users received an infamous explicit photo known as "goatse" on private chats. Schools from districts in Colorado, Illinois, Kansas, Michigan, New York, Oklahoma, South Dakota, and Texas...

The MSP playbook on deciphering tech promises and shaping security culture

The in-person cybersecurity conference has returned. More than two years after Covid-19 pushed nearly every in-person event online, cybersecurity has returned to the exhibition hall. In San Francisco earlier this year, thousands of cybersecurity professionals walked the halls of Moscone Center at...

Phishers use verified status as bait for Instagram users

Another Instagram phish is doing the rounds, and will appeal to a wide variety of platform users. Bleeping Computer reports that verified status is once again being dangled as bait. The "importance" of being verified Being verified gives the impression of status, or importance, on social media...

Twilio data breach turns out to be more elaborate than suspected

Earlier this month, messaging service Twilio got compromised by a sophisticated social engineering attack. After deploying phishing attacks against company employees, hackers were able to access user data, but now it seems that the impact of the hack was more elaborate than originally assumed. In...

Criminals socially engineer their way to bank details with fake arrest warrants

When an organization experiences a massive data breach, it knows at least that it needs to inform the federal government about the cybersecurity incident, get law enforcement involved, and then inform its clients and affiliates. Seems simple enough, but this process, which countries from the West...

Reddit users crowdsourcing explicit images and identities

The BBC is warned of a large photograph trading ring which operated on popular group forum site Reddit. These warnings are in relation to stolen nude photographs and other content shared without permission. In this case, even non-explicit photos are being posted alongside frequently degrading and...

A week in security (August 15 - August 21)

Last week on Malwarebytes Labs: Donut breach: Lessons from pen-tester Mike Miller: Lock and Code S03E17 Introducing Malwarebytes Cloud Storage Scanning: How to scan for malware in cloud file storage repositories JSSLoader: the shellcode edition CISA and FBI issue alert about Zeppelin ransomware H...

Slack flaw exposed users' hashed passwords

Slack, the workplace communication platform, has notified some of its users that their hashed passwords have been subject to exposure for the last five years. The company wasnt specific in its notice, but Wired said that the flaw was in one of its "low-friction features". The flaw exposed hashed...

FCC warns of steep rise in phishing over SMS

After the FCC Federal Communications Commission made a huge splash weeks ago when it told Google and Apple to pull TikTok from their respective app stores, the federal agency is now warning Americans of an increased wave of SMS phishing attacks. SMS phishing, otherwise known as smishing or...

A week in security (July 25 - July 31)

Last week on Malwarebytes Labs: Update Google Chrome now! New version includes 11 important security patches Lightning Framework, modular Linux malware Malware spent months hoovering up credit card details from 300 US restaurants Lock down your Neopets account: Data breach being investigated Demo...

To settle with the DoJ, Uber must confess to a cover-up. And it did.

Uber covered up the 2016 data breach that affected its 57 million customers and drivers. The confession came as part of the settlement between the DOJ US Department of Justice and the taxi company, which will see it avoid criminal prosecution. In a press release from the DOJ, Uber "admits that it...

Facebook gets round tracking privacy measure by encrypting links

A form of individual tracking specific to your web browser is at the heart of a currently contested privacy battle, and one which Facebook has just got the upper hand to. This type of tracking involves adding additional parameters to the URLs that you click on a daily basis. When you click one of...

Roe v. Wade: How the cops can use your data: Lock and Code S03E15

On the evening of June 23, in the United States, millions of women went to bed with a Constitutional right to choose to have an abortion, and they went to bed with the many assurances that are tied to that right—to speak about getting an abortion, to organize and provide support to those seeking...

A week in security (July 11 – July 17)

Last week on Malwarebytes Labs: Elden Ring maker Bandai Namco hit by ransomware and data leaks Predatory Sparrow massively disrupts steel factories while keeping workers safe New variant of Android SpyJoker malware removed from Play Store after 3 million+ installs China’s Tonto Team increases...

Fake job offer leads to $600 million theft

Back in March, popular NFT battler Axie Infinity lay at the heart of a huge cryptocurrency theft inflicted on the Ronin network. From the Ronin newsletter: There has been a security breach on the Ronin Network. Earlier today, we discovered that on March 23rd, Sky Mavis’s Ronin validator nodes and...

Apple Lockdown Mode helps protect users from spyware

Apple has announced a new feature of iOS 16 called Lockdown Mode. This new feature is designed to provide a safer environment on iOS for people at high risk of what Apple refers to as "mercenary spyware." This includes people like journalists and human rights advocates, who are often targeted by...

“Free UK visa” offers on WhatsApp are fakes

A student friend recently shared a WhatsApp message, unsure if it was scam. The message claims to offer an easy to route to free visas, housing, accommodation, and medicine access. Heres how we know it was a scam, and where it lead. It read as follows: UK GOVERNMENT JOB RECRUITMENT 2022: This is...

My Body, My Data Act would lock down reproductive and sexual health data

A new bill entered into both the House of Representatives and the Senate proposes the strongest Federal data privacy protections yet for an increasingly scrutinized form of data in the United States—reproductive and sexual health data. The “My Body, My Data Act of 2022” was announced in early Jun...

YTStealer targets YouTube content creators

Researchers are reporting the discovery of malware targeting YouTub content creators. The aim is to compromise accounts and then take over the victims channels completely. The malware, dubbed YTStealer, has one game plan: Grabbing authentication cookies. A site gives you an authentication cookie...

RansomHouse claims to have stolen at least 450GB of AMD’s data

AMD is investigating the claim that the RansomHouse extortion group has its hands on more than 450GB of the companys data. AMDs breach revelation came to light after RansomHouse teased on Telegram about selling data belonging to a popular three-letter company that starts with the letter A. The...

Police seize and dismantle massive phishing operation

Europol has coordinated a joint operation to arrest members of a cybercrime gang and effectively dismantle their campaigns that netted million in Euros. This operation also led the Belgian Police Police Fédérale/Federale Politie and the Dutch Police Politie to nine arrests, 24 house searches, and...

Karakurt extortion group: Threat profile

The FBI Federal Bureau of Investigation, together with CISA Cybersecurity and Infrastructure Security Agency and other federal agencies, recently released a joint cybersecurity advisory CSA about the Karakurt data extortion group also known as Karakurt Team and Karakurt Lair. Like RansomHouse,...