4662 matches found
New device? Here's how to safely dispose of your old one
Until recently I had two old phones, one tablet and about 20 hard drives in storage that I was afraid to give up for recycling, or to pass on to someone that could use them. I wanted to dispose of them, but knowing how easy it is to retrieve data--such as personally identifiable information--even...
"Baby dumped at the gate" post is a Facebook hoax
Every so often, bizarre but oddly believable scams do the rounds on Facebook. And so we have the latest: A tragic tale of a lost baby left outside the gate of someones house. The abandoned baby Facebook hoax springs into action A post made to Facebook December 1st by someone claiming to be in the...
Hive Social pulls the plug on itself after security flaws found
You may well have changed your social media site of choice recently, but that doesnt mean the security implications of less familiar sites and services can be ignored. For the sites themselves, coping with an influx of new users can be nothing short of a large headache. And even the more...
Google sues "harassing and deceptive" impersonator
After receiving many complaints, Google has announced it has filed a lawsuit against a company that has made it its business to impersonate Google. The company going by the name of "G Verifier" deployed telemarketing and website tactics that were intended to persuade people they were doing busine...
Dormant Colors browser hijackers could be used for more nefarious tasks, report says
Researchers from Guardio, a cybersecurity company specializing in web browser protection, recently revealed a campaign involving a trove of popular yet malicious extensions programmed to steal user searches, browsing data, and affiliation to thousands of targeted sites. Nicknamed "Dormant Colors,...
Chrome users, you have 3 months to say goodbye to Windows 7 and 8.1
After keeping Chrome running on early Windows versions for two extra years, giving IT administrators time to update, Google has decided it won't delay any further: Unless organizations upgrade to Windows 10 or 11 next year, they won't be able to use Chrome. Browsers based on Chrome, such as Brave...
FBI, CISA warn of disinformation ahead of midterms
In less than four weeks, the balance of power in the US House of Representatives and Senate will be up for grabs, along with a host of gubernatorial seats, and positions at the state and municipal levels. With everyone preparing to cast their ballots, the FBI and the Cybersecurity and...
Introducing Malwarebytes Managed Detection and Response (MDR)
With our Managed Detection and Response MDR service now generally available for businesses and MSPs, you may be wondering: What is MDR, how does Malwarebytes MDR work, and do I need it? Underpinned by our award-winning EDR technology, Malwarebytes MDR offers powerful and affordable threat...
Meta accuses apps of stealing WhatsApp accounts
Meta is attempting to clamp down on rogue WhatsApp-styled applications which originate from China. Bleeping Computer reports that no fewer than one million WhatsApp accounts have been compromised, allegedly as a result of using these apps which are claimed to bundle malware. Dubious apps The apps...
Credential stuffers take aim at Final Fantasy XIV players
Square Enix, the company behind video games like Final Fantasy XIV, reports that a third party is attempting to gain access to its Account Management System. How is this happening, and what are the risks? More importantly, what do you need to do to ensure your accounts are safe from harm?...
White House unveils Blueprint for an AI Bill of Rights
On Tuesday, the Biden-Harris Administration's Office of Science and Technology Policy OSTP unveiled a new Blueprint for an AI Bill of Rights, which lists five principles to guide the design, use, and development of intelligence-based automated systems "to protect the American public in the age of...
Ransomware-affected school district refuses to pay, gets stolen data released
Data stolen from Los Angeles Unified School District has been leaked online, after staff refused to pay the ransom related to a ransomware attack. The attackers threatened to release the data if the ransom wasn't paid, and so release it they did. The double extortion tactic Threatening to release...
A week in security (September 26 – October 2)
Last week on Malwarebytes Labs: Why almost everything we told you about passwords was wrong Two new Exchange Server zero-days in the wild Local government cybersecurity: 5 best practices Optus data breach "attacker" says sorry, it was a mistake Fast Company hacked to send obscene and racist...
Spyware disguises itself as Zoom downloads
Zoom video call software continues to be a staple in work environments. Despite a slow, post-lockdown easing back to the "old normal," many businesses still have remote workers, or people working in different geographies. It's no surprise then to see criminals continuing to abuse Zoom's popularit...
InterContinental Hotels' booking systems disrupted by cyberattack
In a statement filed at the London Stock Exchange, InterContinental Hotels Group PLC reports that parts of the company's technology systems have been subject to unauthorized activity. The activity significantly disrupted IHG's booking channels and other applications. The InterContinental Hotels...
YouTube transparency report shows battle against misinformation
Statistics for YouTube community guidelines enforcement are now available for the period April to June 2022, via Googles Transparency Report. YouTube channels are terminated if they accrue three community guideline strikes in 90 days, have a case of severe abuse predatory behaviour, for example, ...
Data broker sued for allegedly selling individuals' sensitive location data
The Federal Trade Commission FTC has sued data broker Kochava for allegedly selling information that would allow for individuals whereabouts to be traced to sensitive locations. The information included location data from hundreds of millions of phones, including sensitive locations that could be...
Malwarebytes receives highest rankings in recent third-party tests
Malwarebytes Endpoint Protection continues to receive outstanding results in third-party testing. Our recent participation in two highly-regarded industry evaluations, namely MRG-Effitas and Info-Techs Data Quadrant Report, reflects our belief that continual testing and unbiased validation are...
6 reasons MSPs need a patch management platform
Weve all heard the stories: Organizations getting breached like there's no tomorrow thanks to threat actors exploiting unpatched vulnerabilities. Likewise, weve also all heard the familiar refrain: Patch regularly! But for many businesses--including the Managed Service Providers MSPs that serve...
Donut breach: Lessons from pen-tester Mike Miller: Lock and Code S03E17
When Mike Miller was hired by a client to run a penetration test on one of their offices, he knew exactly where to start: Krispy Kreme. Equipped with five dozen donuts the boxes stacked just high enough to partially obscure his face, Miller said, Miller walked briskly into a side-door of his...
DHS says to update your Emergency Alert Systems immediately
The Department of Homeland Security has issued an advisory after vulnerabilities were found in its Emergency Alert Systems EAS. EAS technology is designed to fire out warning messages during times of national emergency. It can be used to warn of coastal flooding, earthquakes, child abduction,...
Ransomware protection with Malwarebytes EDR: Your FAQs, answered!
We get a few questions about ransomware protection and how our Endpoint Detection and Response software can protect you from ransomware. In this post, our security experts answer some of your most frequently asked questions about ransomware and how our EDR can help--lets get started. Q: When...
Bank fraud scammers trick victims with claims of bogus Zelle transfers
It pays to be careful where cold calls from someone claiming to work for your bank are concerned. Scam callers are impersonating bank staff, with suggestions of dubious payments made to your account. One unfortunate individual has already lost around $1,000 to this slice of telephone-banking base...
NetStandard attack should make Managed Service Providers sit up and take notice
Managed Service Providers MSPs, organizations that allow companies to outsource a variety of IT and security functions, are a growing market. Because they are a potential gateway to lots of company networks they make a very attractive target for cybercriminals. In a recent threat advisory Huntres...
For months, JusTalk messages were accessible to everyone on the Internet
JusTalk, a popular mobile video calling and messaging app with 20 million global users, exposed a massive database of supposedly private messages to the public Internet for months. According to security researcher Anurag Sen, who discovered the open database, the messages were stored unencrypted,...
How to protect yourself and your kids against device theft
In no time at all, kids will be going back to school or starting college. And while gearing up for this, its very important to be aware of the threat from device loss in the school environment. Maybe you are away at university for the first time and have a new place to live, or maybe your kids ha...
How the FBI quietly added itself to criminals’ instant message conversations
Motherboard has disclosed some information about Operation Trojan Shield, in which the FBI intercepted messages from thousands of encrypted phones around the world. These messages are now used in courts across the world as corroborating evidence. Operation Trojan Shield The US Federal Bureau of...
Google to delete location data of trips to abortion clinics
The historical overturning of Roe v. Wade in June prompted lawmakers and technology companies to respond with deep concern over the future of data. Google is one of those companies. In a post to "The Keyword" blog last week, Google said it will act further in protecting its users privacy by...
Email compromise leads to healthcare data breach at Kaiser Permanente
At least 69,000 people have been impacted by a data breach at Kaiser Permanente, a long-running managed healthcare consortium. The latest in a long-running series of healthcare attacks, the road to stolen data began on April 5 this year with an email compromise. The direct path to data A...
Instagram scam steals your selfies to trick your friends
What would you do if a friend of yours set up a NSFW account, and then used it to follow you on Instagram? Would you check it out? We recently learned of a group of friends who had to ask themselves exactly that. Fortunately, they realised that something was off. The account wasnt the real owners...
Internet Safety Month: Parental controls—what they can and can’t do for you
Parental controls can be useful to limit the risks your children run into online, but you should know up front that they cannot eliminate every risk out there. Parents and adults everywhere are understandably having a hard time keeping up with the favored social networks of children and...
Introducing EDR for Linux: Remediating and isolating threats on Linux servers
We’re excited to announce our new EDR for Linux offering, which extends our advanced protection and response capabilities to Linux devices via Nebula and OneView. In this post, we show you what remediating and isolating threats on Linux servers looks like with Malwarebytes EDR for Linux. Let’s ge...
A special browser designed for online banking. Good idea, or not so much?
The German Sparkasse bank has launched a browser that is especially designed to do your online banking. The browser called S-Protect is available for macOS and Windows users. The idea is interesting, since having a separate browser for banking can certainly add an extra layer of security. Separat...
Steer clear of these Instagram “Get rich with Bitcoin” scams
I don’t know about you, but I open Instagram to look at cool photos of pets, not to make a fortune via suspicious claims of riches by strangers. Despite this, following someone whose photos I liked resulted in a very peculiar message. It’s possible I waved goodbye to a path to untold riches. Mayb...
State-backed hacking group from China is targeting the Russian military
In an unexpected turn of events, research has surfaced about a Chinese APT advanced persistent threat group targeting the Russian military in recent cyberattacks. Tracked as Bronze President, Mustang Panda, RedDelta, and TA416, the group has focused mainly on Southeast Asian targets—and more...
Why you should be taking security advice from your grandmother
We tend to accept that younger folks are supposed to be more tech savvy, given they’ve grown up with computers and the Internet pretty much their whole lives. If you go back about 15 or so years, a lot of security advice focused on the “warning your grandmother away from scams” routine. The defau...
What’s happening in the world of personal cyber insurance?
Youve likely only seen cybercrime insurance primarily mentioned in relation to attacks on businesses. Most commonly, it’s cited with regard to ransomware attacks in the workplace, or associated data loss. Some folks think the mere presence of insurance simply encourages more attacks, and is hurti...
“Reject All” cookie consent button is coming to European Google Search and YouTube
Google will soon be giving European countries a "Reject All" button in the Search and YouTube cookie consent banner. This change, which was revealed by Googles Product Manager for Privacy, Safety & Security Sammit Adhya in a blog post, has already been rolled out in France and will be cascaded to...
CafePress faces $500,000 fine for data breach cover up
The US Federal Trade Commission FTC has announced that it took action against online customized merchandise platform CafePress over allegations that it failed to secure consumers’ sensitive personal data and covered up a major breach. CafePress is a popular online custom T-shirt and merchandise...
Azure AutoWarp brings automation headaches
Azure is Microsoft’s cloud computing service providing a wide range of features for businesses worldwide. It’s particularly popular for its virtual machines and IaaS infrastructure as a service. One useful Azure feature is Automation, which has been around for some years now. Management tasks can...
Ransomware author releases decryption keys, says goodbye forever
Update 12th February: An earlier version of this post incorrectly stated that the decryption tool used to unlock files existed prior to the keys being released - this has now been corrected. If you’re unfortunate enough to be caught out by ransomware, the consequences can be devastating. You may ...
Meta blows safety bubble around users after reports of sexual harassment
There’s trouble brewing in the Metaverse, but the trouble isnt a particularly new problem. In fact, it’s been an issue for years - and so have many of the solutions. Strangely, Meta is having to play catch-up where some basic security and safety settings are concerned in the virtual realm. At...
Dark Souls servers taken offline over hacking fears
There’s been trouble brewing over the weekend for players of the smash-hit Dark Souls series. PvP servers player vs player were temporarily shut down by the developers after a hack. PvP servers for Dark Souls 3, Dark Souls 2, and Dark Souls: Remastered have been temporarily deactivated to allow t...
Why we don’t patch, with Jess Dodson: Lock and Code S03E02
In 2017, the largest ransomware attack ever recorded hit the world, infecting more than 230,000 computers across more than 150 countries in just 24 hours. And it could have been solved with a patch that was released nearly two months prior. This was the WannaCry ransomware attack, and its final,...
Card skimmers strike Sotheby’s in Brightcove supply chain attack
Over 100 real estate websites have been compromised by the same web skimmer in a supply chain attack. So what happened? On Monday, January 3, Palo Alto said it had found a supply chain attack that used a cloud video platform to distribute skimmer campaigns. The attacker injected the skimmer’s...
CronRAT targets Linux servers with e-commerce attacks
There’s an interesting find over at the Sansec blog, wrapping time and date manipulation up with a very smart RAT attack. The file, named CronRAT, isn’t an e-commerce attack compromising payment terminals in physical stores. Rather, it looks to swipe payment details by going after vulnerable web...
SharkBot Android banking Trojan cleans users out
Researchers have discovered and analyzed a new Android banking Trojan that allows attackers to steal sensitive banking information such as user credentials, personal information, current balance, and even to perform gestures on the infected device. According to the researchers, SharkBot...
Could Apple’s new MacBooks signal a change in direction on security?
Apple recently announced a new line of completely overhauled MacBook Pros. Much has been written about their new design, new chips, new displays, new keyboards etc, but I thought I detected something else that might be new about these MacBooks too: A new approach. The updated laptops may be the...
Why we fail at getting the cybersecurity basics right, with Jess Dodson: Lock and Code S02E21
The cybersecurity basics should be just that—basic. Easy to do, agreed-upon, and adopted at a near 100 percent rate by companies and organizations everywhere, right? Youd hope. But the reality is that basic cybersecurity blunders continue to affect businesses of all sizes, which has led to...
Inside Apple: How Apple’s attitude impacts security
Last week saw the fourth occurrence of the Objective by the Sea OBTS security conference, which is the only security conference to focus exclusively on Apples ecosystem. As such, it draws many of the top minds in the field. This year, those minds, having been starved of a good security conference...