4662 matches found
Karakurt extortion group: Threat profile
The FBI Federal Bureau of Investigation, together with CISA Cybersecurity and Infrastructure Security Agency and other federal agencies, recently released a joint cybersecurity advisory CSA about the Karakurt data extortion group also known as Karakurt Team and Karakurt Lair. Like RansomHouse,...
FBI warns of scammers soliciting donations for Ukraine
The FBI recently issued an announcement about a fraudulent scheme that proves there is no low thats too low for scammers. "Criminal actors are taking advantage of the crisis in Ukraine by posing as Ukrainian entities needing humanitarian aid or developing fundraising efforts, including monetary a...
Double-whammy attack follows fake Covid alert with a bogus bank call
The BBC has revealed details of how a food bank in the UK was conned out of about $63,000 £50,000 by scammers who used two separate attacks to fleece their victims. A food bank is a way for people to ensure they dont starve. They are a backstop during times of economic uncertainty, and have been...
How the Saitama backdoor uses DNS tunnelling
Thanks to the Malwarebytes Threat Intelligence Team for the information they provided for this article. Understandably, a lot of cybersecurity research and commentary focuses on the act of breaking into computers undetected. But threat actors are often just as concerned with the act of breaking o...
10 ways attackers gain access to networks
A joint multi-national cybersecurity advisory has revealed the top ten attack vectors most exploited by cybercriminals in order to gain access to organisation networks, as well as the techniques they use to gain access. The advisory cites five techniques used to gain leverage: 1. Public facing...
Over 50 countries sign the “Declaration for the Future of the Internet”
Governments of the US, EU member states, and 32 other countries have announced the launch of the "Declaration for the Future of the Internet," a "political commitment" among endorsers "to advance a positive vision for the internet and digital technologies." "We are united by a belief in the...
Hackers fool major tech companies into handing over data of women and minors to abuse
Some major tech companies have unwittingly opened harassment and exploitation opportunities to the women and children who they have pledged to protect. This happened because they provided information in response to emergency data requests from legitimate law enforcement accounts that hackers had...
Pegasus spyware found on UK government office phone
“When we found the No. 10 case, my jaw dropped." John Scott-Railton recalled after finding out on July 7, 2020 that Pegasus, the highly sophisticated flagship spyware of Israels NSO Group, was used to infect a phone linked to the network at 10 Downing Street, the UK Prime Ministers home and offic...
Watch out for fake WhatsApp “New Incoming Voicemessage” emails
Thanks to the Threat Intelligence team for their help with this article. Security researchers from Armorblox, a cybersecurity company specializing in email-based threats, have encountered a fake WhatsApp email with the subject "New Incoming Voicemessage." The spoofed WhatsApp voicemail notificati...
Cash App breached by a former employee could affect millions
In December last year, the customer information of Cash App users was accessed by a former employee of Block, the company behind the popular mobile payment service app. This was revealed in a very recent filing to the Securities and Exchange Commission SEC, which shows that the former employee...
5 ways to spring clean your security
It is now officailly spring in the Northern Hemisphere, and with spring and the longer days comes the inescapable urge to shake off the lethargy of Winter and embrace the need to go through your stuff, throw a bunch of it out, and give the rest of it a shiny new lustre. And in our increasingly...
“A little gift for you” SMS spam appears to come from your own phone number
If youve received a spam SMS message sent from your own phone number, dont panic. No, you werent hacked. And youre not the only one who has received such a message, which looks a bit like this: A colleague received this same spam SMS message that has been going around more frequently these past f...
Beware of this bogus (and phishy) “Instagram Support” email
Recently, a fake Instagram email successfully bypassed Googles email filters and made it into hundreds of employee inboxes used by a prominent US life insurance company based in New York. This was revealed in a report by Armorblox, a cybersecurity company specializing in stopping business email...
Ransomware: February 2022 review
The Malwarebytes Threat Intelligence team continuously monitors the threat landscape to stay on top of existing and emerging attacks. In this February 2022 ransomware review, we go over some the most successful ransomware incidents based on both open source and dark web intelligence. BlackByte...
A week in security (February 28 – March 6)
Last week on Malwarebytes Labs: Beware of malware offering “Warm greetings from Saudi Aramco” Update now! Cisco fixes several vulnerabilities HermeticWiper: A detailed analysis of the destructive malware that targeted Ukraine Tips to protect your data, security, and privacy from a hands-on expert...
Don’t fall for the “Donate to help children in Ukraine” scam
Earlier this week, we spotted a Microsoft sign-in phish that appeared to be taking advantage of the Ukraine crisis in order to scam people. The email warned of unauthorized log in attempts to the recipients account, and the location of those attempts was listed as "Russia/Moscow". We probably won...
Yik Yak “cyberbullying”: What can be done?
In August 2021, Yik Yak, the once-popular anonymous social media platform on Android and iOS, made a comeback after shutting its doors in 2017. Six months after its return, its started to gain attention once more, as a result of cyberbullying—the main reason why it declined years ago. However, th...
City: Skylines developers warn of rogue mod
Players of the popular city-building simulator and video game City: Skylines need to check devices for rogue code lurking in mods related to a rework of something called Harmony, essential for modding across several titles. The threat arrives in a broader landscape—video game modding—already know...
Ransomware gang hits 49ers’ network before Super Bowl kick off
The San Francisco 49ers has confirmed that it has been hit by a ransomware attack. The announcement came just hours before the biggest football game of the year, Sundays Super Bowl between the Cincinnati Bengals and the Los Angeles Rams. In a boilerplate statement to BleepingComputer, the 49ers...
Dark Souls servers taken offline over hacking fears
There’s been trouble brewing over the weekend for players of the smash-hit Dark Souls series. PvP player vs player servers were temporarily shut down by the developers after a hack. Dark Souls says that PvP servers for console versions PlayStation, Xbox were not affected, and that it is a...
CISA calls for urgent action against critical threats
In a CISA Insights bulletin the Cybersecurity & Infrastructure Security Agency CISA warns that every organization in the United States is at risk from cyber threats that can disrupt essential services and potentially result in impacts to public safety. The warning specifically reminds readers of...
Campaign launched to delay social media end-to-end encryption
The many issues surrounding end-to-end encryption E2EE are ever-present. They usually spring up when something that could potentially affect the safety of those who are vulnerable comes to light. Back in November, Meta announced it had delayed plans to roll out E2EE on its Facebook and Instagram...
Cybercriminals’ friend VPNLab.net shut down by law enforcement
Europol has announced that law enforcement has seized or disrupted the 15 servers that hosted VPNLab.net’s service, rendering it no longer available. Led by the Central Criminal Office of the Hannover Police Department in Germany, the coordinated operation took place in Germany itself, the...
Some Android users can disable 2G now and why that is a good thing
The Electronic Frontier Foundation EFF has happily informed people that Google has quietly pushed a new feature to its Android operating system allowing users to optionally disable 2G at the modem level in their phones. This is beneficial because 2G uses weak encryption between the tower and devi...
FIFA 22 phishers tackle customer support with social engineering
Players of smash hit gaming title FIFA 22 have become the target of a wave of attacks focused on account compromise. Up to 50 “high profile” accounts were hijacked by what may have been the same group. FIFA games are, traditionally, a big draw for scammers and phishers. Many sports titles offer...
Intimate photo hacker spared from jail, said he “liked the detective work”
Michael Grime, a British games programmer, has escaped jail after using stolen credentials to access several womens personal email accounts and social media accounts in order to steal their private and intimate photos. Grime was caught by the National Crime Agency NCA as part of an operation...
Careful! Uber flaw allows anyone to send an email from uber.com
On New Years Eve, Seif Elsallamy @0x21SAFE on Twitter, a bug bounty hunter and security researcher, pointed out a phish-worthy security flaw he found on Uber’s email system. The flaw allowed anyone to send emails on behalf of Uber, meaning they would end with "@uber.com", just like the one below:...
A week in security (Dec 13 – 19)
Last week on Malwarebytes Labs: Spear phish, whale phish, regular phish: What’s the difference? Kronos crippled by ransomware, service may be out for weeks 5 security lessons from 18 months of working from home What SMBs can do to protect against Log4Shell attacks After Log4j, December’s Patch...
5 security lessons from 18 months of working from home
A little more than 20 months ago, many people around the world were asked or instructed to work from home to help slow the spread of COVID-19. It caused a seismic change to the way we all do business. Now, our latest research reveals how IT decision makers security concerns have been changed by...
Fake job interviews plague major game developers like Riot Games and Rockstar
If you’re job hunting at the moment, be on your guard. The pandemic is still around. Lots of people are in need of employment. Scammers are all too happy to string folks along with bogus employment offers, as is the case here. How have they managed to snare prospective job hunters? Riding on the...
BlackMatter ransomware group announces shutdown. But for how long?
The BlackMatter ransomware gang has announced they are going to shut down their operation, citing pressure from local authorities. And pressure there is. Only two weeks ago, we wrote about a warning that the Federal Bureau of Investigation FBI, the Cybersecurity and Infrastructure Security Agency...
Celebrity jewelry house Graff falls victim to ransomware
Data on countless celebrities, including politicians, is apparently now in the hands of ransomware attackers after a group using the Conti variant compromised systems of one of the world’s most exclusive jewelry houses, Graff. Despite what mathematicians like to think, there is an exception to...
Phone screenshots accidentally leaked online by stalkerware-type company
pcTattleTale hasnt been very careful about securing the screenshots it sneakily takes from its victims phones. pcTattleTale markets itself as "employee and child monitoring software" that is undetectable by the device user, but it can also be used to spy on spouses and partners. It allows its...
A week in security (August 30 – September 5)
Last week on Malwarebytes Labs ProxyToken: another nail-biter from Microsoft Exchange Macs turn on apps signed by Symantec, treat them as malware Google Play sign-ins can be abused to track another person’s movements FTC bans SpyFone and its CEO from continuing to sell stalkerware BrakTooth...
New Android P includes several security improvements
According to the Android developer Program Overview, the next major version of Android, Android 9.0 or P, is set to arrive soon. Their plans show a final release within the next three months Q3 2018. The end of the Android P beta program is approaching, with the first release candidate built and...
Online security tips for Valentine’s Day: how to beat the cheats
Valentine's Day is upon us once more, and so are lots of dating-friendly security tips. Read on and secure your profile, alongside one hopes the love of your life. 1. Not so hot singles in your area Many dating apps have geotagging enabled, regardless of whether you created your profile on a...
Drive-by cryptomining campaign targets millions of Android users
Malvertising and online fraud through forced redirects and Trojanized apps—to cite the two most common examples—are increasingly plaguing Android users. In many cases, this is made worse by the fact that people often don't use web filtering or security applications on their mobile devices. A...
A state of constant uncertainty or uncertain constancy? Fast flux explained
Last August, WireX made headlines. For one thing, it was dubbed the first-known DDoS botnet that used the Android platform. For another, it used a technique that—for those who have been around in the industry for quite a while now—rung familiar in the ears: fast flux. In the context of...
Phishes, pseudophishes, and bad email
Everyone knows about phishing. We’ve all heard that the solution to phishing is to educate the user as, after all, it must be the user’s fault for stupidly clicking on the thing. But what about when perverse incentives make clicking the phish seem logical? What about the enterprise pseudophish—wh...
Explained: security certificates
As a result of my PowerShell series 1,2,3, where I used the handling of certificates as an example, mainly because I wanted a method to keep track easier of which certificates were being added by malware, I've have received some questions about how security certificates work and how they stopped...
Adware the series, part 6
In this series of posts, we will be using the flowchart below to follow the process of determining which adware we are dealing with. Our objective is to give you an idea of how many different types of adware are around for Windows systems. Though most are classified as PUPs, you will also see the...
Travel scams are everywhere. Here’s how to avoid them
Planning a holiday should be exciting, fun, and not a cybersecurity risk. But booking flights, hotels, and rental properties often means sharing sensitive personal and financial information across multiple platforms. Combined with frequent travel scams and recurring data breaches in the travel an...
Infostealers are becoming the go-to phishing payload
Phishing has changed. Slowly but surely, cybercriminals are turning to infostealers instead. Traditional phishing hasn't gone away. Far from it. But many attackers are no longer focused solely on tricking victims into entering usernames and passwords on fake login pages. Instead, they are using...
A week in security (May 25 – May 31)
Last week on Malwarebytes Labs: Payment apps are watching what you say Lock and Code S07E11 Scammers pretending to be Microsoft had help from US executives 700+ education and tech websites hijacked in huge ClickFix malware campaign Fake software on GitHub and SourceForge distribute Deno RAT Fake...
Your Windows PC has a security deadline in June 2026
A Secure Boot certificate refresh is rolling out across supported Windows devices through Windows Update. In June 2026, the Secure Boot certificates that have shipped inside Windows since 2011 begin to expire, and Microsoft is replacing them with new 2023-dated certificates. The good news: If you...
Fake LinkedIn emails abuse Adobe to track victims
Cybercriminals are abusing Adobe infrastructure in a LinkedIn phishing campaign that steals passwords and redirects victims to the legitimate LinkedIn site afterward. The phishing email masquerades as a business inquiry designed to look like it's come via LinkedIn and includes a fake “contract”...
Update Chrome now: Critical bugs could let attackers run code
Google has issued updates for the Chrome browser patching a number of high‑severity vulnerabilities. The update includes fixes for two critical vulnerabilities that can be used for remote code execution just by visiting a malicious website. The stable channel has been updated to 148.0.7778.178/17...
Researchers left AI agents alone in a virtual town and watched it all unravel
Tech leaders have spent the past year telling everyone that AI agents are about to run financial systems, file your tax returns, and quietly buy your groceries. Just leave them alone, the rhetoric goes; they'll handle it. But a New York startup left ten of them alone in a virtual town for two...
The 2026 World Cup scam economy is already running before the first whistle
The FIFA World Cup 2026 is scheduled to begin June 11 across the US, Canada, and Mexico. The web is filling with sites impersonating ticket vendors, telecoms, sticker publishers, toy manufacturers, immigration services, and crypto projects, all linked to the World Cup brand. Together, they map ou...
Age verification vendor Persona left frontend exposed, researchers say
Researchers investigating Discord’s age-verification checks say they discovered an exposed frontend belonging to Persona, the identity-verification vendor used by Discord. It revealed a far more expansive surveillance and financial intelligence stack than a simple “teen safety” tool. A short whil...