A week in security (December 25 – December 31)

Last week on Malwarebytes Labs: How to recognize AI-generated phishing mails How ransomware operators try to stay under the radar 4 sneaky scams from 2023 The top 4 ransomware gang failures of 2023 Have a safe 2024! Our business solutions remove all remnants of ransomware and prevent you from...

ALPHV ransomware gang returns, sorta

The ALPHV ransomware gang, arguably the second most dangerous "big game" ransomware operator, appears to be back in business after its infrastructure went down for five days. But all does not appear to be going well for group. ALPHVs dark web leak site may be back but it is only showing a single...

How to choose a free vulnerability scanner: Insights from an industry veteran

The cybersecurity market is awash with expensive, high-end solutions for detecting vulnerabilities in third-party applications. However, for smaller security teams, free vulnerability scanners offer a practical alternative. But of course, free doesn’t always mean better—it’s crucial to thoroughly...

The sound of you typing on your keyboard could reveal your password

As if password authentications coffin needed any more nails, researchers in the UK have discovered yet another way to hammer one in. The technique, developed at Durham University, the University of Surrey, and Royal Holloway University of London, builds on previous work to produce a more accurate...

How IT teams can conduct a vulnerability assessment for third-party applications

Google Chrome, Adobe Acrobat Reader, TeamViewer, you name it—there’s no shortage of third-party apps that IT teams need to constantly check for vulnerabilities. But to get a better picture of the problem, lets bust out some napkin math. The average company uses about 200 applications overall...

Why a ransomware gang tattled on its victim, with Allan Liska: Lock and Code S04E24

This week on the Lock and Code podcast… Like the grade-school dweeb who reminds their teacher to assign tonights homework, or the power-tripping homeowner who threatens every neighbor with an HOA citation, the ransomware group ALPHV can now add itself to a shameful roster of pathetic, little...

Face search engine PimEyes stops searches of children’s faces

In what may come as a surprise, subscription-based face search engine PimEyes seems to have realized that their service can be used for nefarious purposes. PimEyes’ CEO Giorgi Gobronidze told the New York Times that it has taken technical measures to block such searches as part of a “no harm...

The US wants governments to commit to not paying ransoms

As the White House prepares to host its annual International Counter Ransomware Initiative CRI summit, Bloomberg reports that the US is pushing other countries to stop paying ransoms to cybercriminals. The CRI wants to enhance international cooperation to combat the growth of ransomware, and its ...

Meta is using your public Facebook and Instagram posts to train its AI

Post anything publicly on Facebook and Instagram? Meta has likely been using those posts to train its AI, according to the company's top policy executive. In an interview with Reuters, Meta President of Global Affairs Nick Clegg said the company used the public posts to train the LLM large langua...

A week in security (September 25 - October 1)

Last week on Malwarebytes Labs: Dependabot impersonators cause trouble on GitHub Update Chrome now! Google patches another actively exploited vulnerability Googles Bard conversations turn up in search results Malicious ad served inside Bing's AI chatbot Pegasus spyware and how it exploited a WebP...

Cisco VPNs without MFA are under attack by ransomware operator

The Cisco Product Security Incident Response Team PSIRT has posted a blog about Akira ransomware targeting VPNs without Multi-Factor Authentication MFA. The Cisco team states that it is aware of reports of the Akira ransomware group going specifically after Cisco VPNs that are not configured for...

Chrome will soon start removing extensions that may be unsafe

Retroactive removals are finally on the way for malicious Chrome browser extensions. Beginning with Chrome 117, Chrome will "proactively highlight to users when an extension they have installed is no longer in the Chrome web store". Previously, if you installed an extension which was subsequently...

A new type of "freedom," or, tracking children with AirTags, with Heather Kelly: Lock and Code S04E17

"Freedom" is a big word, and for many parents today, it's a word that includes location tracking. Across America, parents are snapping up Apple AirTags, the inexpensive location tracking devices that can help owners find lost luggage, misplaced keys, and--increasingly so--roving toddlers setting...

Old exploit kits still kicking around in 2023

The year is 2023 and there still are some people using Internet Explorer on planet Earth. More shocking perhaps, is the fact there are still threat actors maintaining exploit kit infrastructure and dropping new malware. In this quick blog post, we review two well-known toolkits from the past,...

Voter data stolen in UK Electoral Commission systems breach

The UK's Electoral Commission has revealed it suffered a compromise which has the potential to expose aspects of registered voters' data. While much of this data may already be public, there are some privacy and safety concerns to consider. First of all, lets take a look at whats been affected. T...

FCC comes down hard on robocallers with record $300m fine

Robocallers are in the news after the FCC issued a $300 million forfeiture to a persistent offender and shut down their operation. A robocall network makes use of automated software diallers to spam out large numbers of cold calls to unsuspecting recipients. These calls promise much but give very...

Estée Lauder targeted by Cl0p and BlackCat ransomware groups

Estee Lauder is currently at the heart of a compromise storm, revealing a major security issue via a Security Exchange Commission SEC filing on Tuesday. Although no detailed explanation of what has taken place is given, there is confirmation that an attack allowed access to some systems and...

A week in security (June 26 - July 2)

Last week on Malwarebytes Labs: A proxyjacking campaign is looking for vulnerable SSH servers New technique can defeat voice authentication "after only six tries" "Free" Evil Dead Rise movie scam lurks in Amazon listings Spyware app LetMeSpy hacked, tracked user data posted online Online safety...

Why blocking ads is good for your digital health

Online content is largely powered and paid for by advertising. Almost every site you visit, every forum you browse, and even the online stores you buy things from is an advert extravaganza, and they dont just stop at showing cool offers for shirts at 50% off. The scaffolding the adverts sit on go...

OpenSSH trojan campaign targets Linux systems and IoT devices

Poorly configured Linux and Internet of Things IoT devices are at risk of compromise from a cryptojacking campaign, according to researchers at Microsoft. The attacks, which involve brute forcing a way into a system, are designed to profit from mining in illicit fashion for cryptocurrency. Once t...

Baby monitor safety: What you need to know

Do you have an impending new arrival in your family of the small and very noisy variety? If so, youre probably going to invest in a baby monitor for peace of mind both at night and during the day. But do you know what kind of monitor youre going to buy? Will it be audio only, or have images? Will...

Black Cat ransomware group wants $4.5m from Reddit or will leak stolen files

The ramifications of a Reddit breach which occurred back in February are now being felt, with the attackers threatening to leak the stolen data. The February attack, billed as a "sophisticated phishing campaign" by Reddit, involved an attempt to swipe credentials and two-factor authentication...

CISA issues warning to US businesses: Beware of China's state-sponsored cyber actor

The US Cybersecurity and Infrastructure Security Agency CISA has an urgent message for US businesses: watch out for Volt Typhoon, a threat actor sponsored by the Peoples Republic of China PRC. The agency's joint Cybersecurity Advisory CSA published last week highlights a cluster of tactics,...

3 reasons to use a VPN

There are many good reasons to use a Virtual Private Network VPN, even if you are just casually scrolling. Privacy is a right that is yours to value and defend, and if you want to increase your online privacy then a VPN is one of the possible solutions. A VPN works like this: When youre connected...

YouTube is testing ad blocker detection

YouTube is dipping a toe into the muddy waters of ad-blocker blocking, with ad-blocker using Redditors complaining about a popup that warns "Ad blockers are not allowed on YouTube," when they visit the site. Image source: Reddit user Sazk100 The popup message explains that "Ads allow YouTube to...

Google Passkeys: How to create one and when you shouldn't

Google has just brought users closer to a passwordless future. In a recent blog post, the tech giant introduced the option to create and use a safer, more convenient alternative to passwords: Passkeys, a form of digital credential. So, how do they work? Passkeys are generated using public-key...

ChatGPT writes insecure code

Research by computer scientists associated with the Universite du Quebec in Canada has found that ChatGPT, OpenAI's popular chatbot, is prone to generating insecure code. "How Secure is Code Generated by ChatGPT?" is the work of Raphael Khoury, Anderson Avila, Jacob Brunelle, and Baba Mamadou...

Fake Flipper Zero sellers are after your money

Thanks to Malwarebytes' Stefan Dasic who provided the research and screenshots for this article. Flipper Zero, a "multi-tool device for hackers", is frequently out of stock due to its popularity in hardware circles. Flipper Zero combines research and penetration hardware tools into a single unit...

What your peers said: G2 comparison of top Endpoint Security vendors

Navigating the world of endpoint security is challenging, with numerous vendors stoking FUD and making bold claims that are difficult to verify. In times like these, the honest opinions of real users are invaluable for busy IT teams. Enter G2, an industry-leading peer-to-peer review site. Each...

Introducing the Malwarebytes Admin app: Endpoint security at your fingertips

If youre on the beach sipping piña coladas, the last thing you probably want to do is rush to your desktop and address a critical security issue. And yet, this is the reality for many IT security professionals today. Regardless of the time or current location, security pros are expected to drop...

Massive malvertising campaign targets seniors via fake Weebly sites

Knowing their audience is something scammers excel at, and for very good reason. This is particularly true for tech support scammers whose prime targets are seniors. By understanding what retirees are searching for and abusing various online platforms, crooks can precisely go after the demographi...

Sextortion "assistance" scammers con victims further

The FBI is warning of a particular aspect of sextortion scams: Supposed organisations that offer "help" to remove stolen images, often at a significant financial cost and no guarantee of success. Sextortion, the act of blackmailing individuals for cash in return for not leaking sensitive imagery...

Pre-ransomware notifications are paying off right from the bat

CISA Cybersecurity and Infrastructure Security Agency has published the first results of its pre-ransomware notifications that were introduced at the start of 2023. Even though this initiative is relatively young, CISA says it has notified over 60 entities across the energy, healthcare,...

3 tips for creating backups your organization can rely on when ransomware strikes

Backups are an organization's last line of defense against ransomware, because comprehensive, offline, offsite backups give you a chance to restore or rebuild your computers without paying a criminal for a decryption key. Unfortunately, many organizations don't realize how important it is to make...

Solving the password’s hardest problem with passkeys, featuring Anna Pobletts

How many passwords do you have? If you're at all like our Lock and Code host David Ruiz, that number hovers around 200. But the important follow up question is: How many of those passwords can you actually remember on your own? Prior studies suggest a number that sounds nearly...

Bogus Chat GPT extension takes over Facebook accounts

If youre particularly intrigued by the current wave of interest in AI, take care. Theres some bad things lurking in search engine results waiting to compromise your Facebook account. A rogue Chrome extension deployed in a campaign targeting Facebook users is "hitting thousands a day" according to...

A week in security (March 13 - 19)

Last week on Malwarebytes Labs: "Brad Pitt," a still body, ketchup, and a knife, or the best trick ever played on a romance scammer, with Becky Holmes: Lock and Code S04E06 Breast cancer photos published by ransomware gang WhatsApp refuses to weaken encryption, would rather leave UK "Just awful"...

"Just awful" experiment points suicidal teens at chatbot

After getting in hot water for using an AI chatbot to provide mental health counseling, non-profit startup Koko has now been criticized for experimenting with young adults at risk of harming themselves. Worse, the young adults were unaware they were test subjects. Motherboard reports the experime...

WhatsApp refuses to weaken encryption, would rather leave UK

WhatsApp will not comply with the UK's Online Safety Bill when it passes legislation as is. In fact, WhatsApp would rather cease serving UK users, which make up 2% of its global market, than weaken its end-to-end encryption E2EE. Will Cathcart, head of WhatsApp at parent company Meta, made these...

Warning issued over Royal ransomware

As part of its StopRansomware effort, the Cybersecurity and Infrastructure Security Agency CISA has published a Cybersecurity Advisory CSA about Royal ransomware. Royal ransomware is a Ransomware-as-a-service Raas that first made an appearance in January 2022. In September of that year, it began...

National Cybersecurity Strategy Document: What you need to know

The US Government has been working on the National Cybersecurity Strategy Document 2023 for some time now, and its finally been released. The strategy document, which replaces the last such piece of work from 2018, attempts to indicate the general direction of the US approach to cybercrime and...

YouTube under fire for allegedly gathering children's data

The UKs childrens code, introduced three years ago by the Information Commissioner's Office ICO, is all about ensuring that companies make childrens privacy a primary consideration when creating sites and services, games, and toys. The code, also known as the Age Appropriate Design Code AADC, may...

A week in security (February 20 - 26)

Last week on Malwarebytes Labs: GoAnywhere zero-day opened door to Clop ransomware Chip company loses $250m after ransomware hits supply chain GoDaddy says it's a victim of multi-year cyberattack campaign Twitter and two-factor authentication: What's changing? How to set up two-factor...

A week in security (February 6 - 12)

Last week on Malwarebytes Labs: Two year old vulnerability used in ransomware attack against VMware ESXi On the 20th Safer Internet Day, what was security like back in 2004? Florida hospital takes entire IT systems offline after 'ransomware attack' Introducing Malwarebytes Mobile Security for...

Video game playing FISH live streams credit card 'theft'

A fish is in hot water metaphorically speaking after having performed some incredible antics on a video game live stream. The fish, known for playing popular video game titles to completion on live streams, decided to take that whole gamer lifestyle thing a little too far and went on a rip-roarin...

Identity thieves bypass security questions to access Experian credit reports

After a tip from a Telegram user who frequented identity theft channels, Brian Krebs tested and confirmed that anyone who knew your name, address, social security number SSN, and birthday could view your full credit report at Experian. Skipping security questions The method to get access did not...

US school district sues Facebook, Instagram, Snapchat, TikTok over harm to kids

Public schools in a Seattle district filed a lawsuit on Friday against parent companies of the biggest social networks on the internet, alleging social media is to blame for "a youth mental health crisis", and saying these companies have purposefully designed, refined, and operated their platform...

Microsoft ends extended support for Windows 7 and Windows Server 2008 today

Time has finally run out for Windows 7 Professional and Enterprise users. Microsoft will stop providing its Extended Security Updates ESU program for the OS version today, January 10. When the company ended its mainstream support for Windows 7 three years ago, it also offered an ESU program to...

Security vulnerabilities in major car brands revealed

Your car potentially hasnt "just" been a car for a long time. With multiple digital systems, vehicles are increasingly plugged into web applications and digital processes. These systems tie into everything from passwords and web chat systems for car company employees, to file repositories and oth...

LA housing authority is latest LockBit ransomware victim

The Housing Authority of the City of Los Angeles HACLA, established in 1938 to provide affordable housing in Los Angeles, confirmed in a statement that it was a victim of a ransomware cyberattack. This is the second major attack against an agency in LA after the Los Angeles United School District...