4708 matches found
BreachForums to be shut down after all for fear of law enforcement infiltration
On March 15, 2023 US law enforcement arrested a man from New York who was accused of being the administrator of BreachForums, a well-known and probably the largest Dark Web marketplace for stolen data to be leaked and sold. At first, a new administrator rose to the occasion and said they were...
Facebook illegally processed user data, says court
The Amsterdam court has ruled that Facebook illegally processed user data in a case started by the Dutch Data Privacy Stichting DPS, a foundation that acts on behalf of victims of privacy violations in the Netherlands. According to the ruling, Facebook used personal data for advertising purposes ...
A week in security (March 6 - 12)
Last week on Malwarebytes Labs: 8 cybersecurity tips to keep you safe when travelling National Cybersecurity Strategy Document: What you need to know Intel CPU vulnerabilities fixed. But should you update? Warning issued over Royal ransomware Play ransomware gang leaks City of Oakland data...
National Cybersecurity Strategy Document: What you need to know
The US Government has been working on the National Cybersecurity Strategy Document 2023 for some time now, and its finally been released. The strategy document, which replaces the last such piece of work from 2018, attempts to indicate the general direction of the US approach to cybercrime and...
Fighting online censorship, or, encryption's latest surprise use-case, with Mallory Knodel: Lock and Code S04E05
Government threats to end-to-end encryption--the technology that secures your messages and shared photos and videos--have been around for decades, but the most recent threats to this technology are unique in how they intersect with a broader, sometimes-global effort to control information on the...
Twitter and two-factor authentication: What's changing?
Twitter is making some dramatic shake ups to its currently available security settings. From March 19, users of Twitter wont be able to use SMS-based two-factor authentication 2FA unless they have a subscription to the paid Twitter Blue service. If you use text-based 2FA, the important thing here...
Malwarebytes recognized as endpoint security leader by G2
G2 has released their Winter 2023 reports, ranking Malwarebytes as the leader across a number of endpoint protection categories. Based on verified customer reviews, Malwarebytes has been ranked 1 over top EDR vendors for endpoint malware and antivirus protection, detection and remediation of...
A week in security (January 30 - February 5)
Last week on Malwarebytes Labs: A private moment, caught by a Roomba, ended up on Facebook. Eileen Guo explains how: Lock and Code S04E03 New data wipers deployed against Ukraine Update your LearnPress plugins now! Riot Games refuses to pay ransom to avoid League of Legends leak Analyzing and...
Cyberthreats facing UK finance sector "a national security threat"
As the reports covering all of 2022 start trickling in, we can see that cybercrime and other types of fraud had a major impact last year. Take for example the 2022 half year fraud update by UK Finance, which tells us that criminals stole a total of £609.8 million roughly $750 million through...
GitHub revokes several certificates after unauthorized access
In a call to action, GitHub warned users of GitHub Desktop for Mac and Atom that it will revoke certificates which were exposed during unauthorized access to a set of repositories used in the planning and development of GitHub Desktop and Atom. Revoking these certificates will invalidate some...
Video game playing FISH live streams credit card 'theft'
A fish is in hot water metaphorically speaking after having performed some incredible antics on a video game live stream. The fish, known for playing popular video game titles to completion on live streams, decided to take that whole gamer lifestyle thing a little too far and went on a rip-roarin...
What privacy can get you
The fight for data privacy must be won in the middle. No declaration, no call to arms, will sway the worst offenders. No public swell, no great big hack, has changed how money gets made. Corporations will continue to reap our data, package it into ad-friendly profiles, and, for a price, deliver t...
A week in security (January 9—15)
Last week on Malwarebytes Labs: Slack private code on GitHub stolen Crypto-inspired Magecart skimmer surfaces via digital crime haven Security vulnerabilities in major car brands revealed Microsoft ends extended support for Windows 7 and Windows Server 2008 today Pokemon NFT card game malware...
Cyberattack halts Royal Mail's overseas post
If youre looking to send letters or parcels outside of the UK using Royal Mail, youll want to hold off for a little while. Royal Mail is suffering from "severe disruption" after an unnamed cyber incident. While no specifics are currently available, Royal Mail has disclosed enough to let us know...
Microsoft ends extended support for Windows 7 and Windows Server 2008 today
Time has finally run out for Windows 7 Professional and Enterprise users. Microsoft will stop providing its Extended Security Updates ESU program for the OS version today, January 10. When the company ended its mainstream support for Windows 7 three years ago, it also offered an ESU program to...
Security vulnerabilities in major car brands revealed
Your car potentially hasnt "just" been a car for a long time. With multiple digital systems, vehicles are increasingly plugged into web applications and digital processes. These systems tie into everything from passwords and web chat systems for car company employees, to file repositories and oth...
LA housing authority is latest LockBit ransomware victim
The Housing Authority of the City of Los Angeles HACLA, established in 1938 to provide affordable housing in Los Angeles, confirmed in a statement that it was a victim of a ransomware cyberattack. This is the second major attack against an agency in LA after the Los Angeles United School District...
A week in security (December 19 - 25)
Last week on Malwarebytes Labs: 4 over-hyped security vulnerabilities of 2022 Chasing cryptocurrency through cyberspace, with Brian Carter: Lock and Code S03E26 Restaurant platform SevenRooms confirms data breach Adult popunder campaign used in mainstream ad fraud scheme Malwarebytes earns AV-TES...
Worldwide law enforcement action takes down major DDoS booter services
Criminals making use of booter services which execute Distributed Denial of Service DDoS attacks to take down websites will have to try a little bit harder today: A major international operation has taken no fewer than 48 of the most popular booter services offline. The operation, known as "Power...
Uber data stolen via third-party vendor
Uber is facing a new cybersecurity incident after threat actors stole some of its data from Teqtivity, a third-party vendor that provides asset management and tracking services. "We are aware of customer data that was compromised due to unauthorized access to our systems by a malicious third...
Dormant Colors browser hijackers could be used for more nefarious tasks, report says
Researchers from Guardio, a cybersecurity company specializing in web browser protection, recently revealed a campaign involving a trove of popular yet malicious extensions programmed to steal user searches, browsing data, and affiliation to thousands of targeted sites. Nicknamed "Dormant Colors,...
Chrome users, you have 3 months to say goodbye to Windows 7 and 8.1
After keeping Chrome running on early Windows versions for two extra years, giving IT administrators time to update, Google has decided it won't delay any further: Unless organizations upgrade to Windows 10 or 11 next year, they won't be able to use Chrome. Browsers based on Chrome, such as Brave...
Man scammed IRL for a phone he sold online
If youre looking to sell an item which youve advertised online, be on your guard. Even when everything looks to be working as it should, things can go wrong very quickly as one unfortunate IT graduate recently discovered. You would think that theres no way the in-person sale of an expensive devic...
FBI, CISA warn of disinformation ahead of midterms
In less than four weeks, the balance of power in the US House of Representatives and Senate will be up for grabs, along with a host of gubernatorial seats, and positions at the state and municipal levels. With everyone preparing to cast their ballots, the FBI and the Cybersecurity and...
White House unveils Blueprint for an AI Bill of Rights
On Tuesday, the Biden-Harris Administration's Office of Science and Technology Policy OSTP unveiled a new Blueprint for an AI Bill of Rights, which lists five principles to guide the design, use, and development of intelligence-based automated systems "to protect the American public in the age of...
Data Access Agreement offers a new path for UK - US data requests
Requesting data for the purposes of law enforcement may be about to become a little easier for the British Government. The Data Access Agreement DAA went live on Monday this week. The DAA is authorised by something called the Clarifying Lawful Overseas Use of Data CLOUD Act, which itself has come...
Kim Kardashian gets huge fine for crypto ad
The Securities and Exchange Commission SEC announced in a recent press release that it's charging celebrity influencer Kim Kardashian for violating Section 17b of the Securities Act of 1933, or the anti-touting provision. Kardashian was paid to promote EthereumMax or EMAX, a crypto asset security...
Local government cybersecurity: 5 best practices
It seems like not a day goes by where we dont hear about a local government cyberattack. Indeed, from 911 call centers to public schools, cyberattacks on local governments are as common as they are devastating. Just how often do threat actors attack local governments? A survey of 14 mainly larger...
Spyware disguises itself as Zoom downloads
Zoom video call software continues to be a staple in work environments. Despite a slow, post-lockdown easing back to the "old normal," many businesses still have remote workers, or people working in different geographies. It's no surprise then to see criminals continuing to abuse Zoom's popularit...
FCC moves to block robotexts
The American people are fed up with scam texts, and we need to use every tool we have to do something about it. This is what Jessica Rosenworcel, Chairwoman of the US Federal Communications Commission FCC said after releasing a plan that will require mobile carriers to block "robotext" text...
Malwarebytes recognized as endpoint security leader by G2
G2 has released their Fall 2022 reports, ranking Malwarebytes as the leader across a number of endpoint protection categories. Based on factual customer reviews, Malwarebytes has been ranked 1 over top EDR vendors for endpoint malware and antivirus protection, detection and remediation of web-bas...
A week in security (September 12 – 18)
Last week on Malwarebytes Labs: The North Face hit by credential stuffing attack Facebook engineers aren't sure where all user data is kept 6 patch management best practices for businesses The MSP playbook on deciphering tech promises and shaping security culture Apple puts the password on life...
Vulnerability response for SMBs: The Malwarebytes approach
The intel you need to secure your business--delivered straight to your inbox From industry tips and best practices to the latest Malwarebytes product releases and how-tos, our Business newsletter is chock-full with the best of our business blog. Subscribe to our Business newsletter today. At...
6 reasons MSPs need a patch management platform
Weve all heard the stories: Organizations getting breached like there's no tomorrow thanks to threat actors exploiting unpatched vulnerabilities. Likewise, weve also all heard the familiar refrain: Patch regularly! But for many businesses--including the Managed Service Providers MSPs that serve...
Ransomware protection with Malwarebytes EDR: Your FAQs, answered!
We get a few questions about ransomware protection and how our Endpoint Detection and Response software can protect you from ransomware. In this post, our security experts answer some of your most frequently asked questions about ransomware and how our EDR can help--lets get started. Q: When...
Bank fraud scammers trick victims with claims of bogus Zelle transfers
It pays to be careful where cold calls from someone claiming to work for your bank are concerned. Scam callers are impersonating bank staff, with suggestions of dubious payments made to your account. One unfortunate individual has already lost around $1,000 to this slice of telephone-banking base...
Facebook gets round tracking privacy measure by encrypting links
A form of individual tracking specific to your web browser is at the heart of a currently contested privacy battle, and one which Facebook has just got the upper hand to. This type of tracking involves adding additional parameters to the URLs that you click on a daily basis. When you click one of...
RansomHouse claims to have stolen at least 450GB of AMD’s data
AMD is investigating the claim that the RansomHouse extortion group has its hands on more than 450GB of the companys data. AMDs breach revelation came to light after RansomHouse teased on Telegram about selling data belonging to a popular three-letter company that starts with the letter A. The...
7-Zip gets Mark of the Web feature, increases protection for users
One of the most popular zip programs around, 7-Zip, now offers support for "Mark of the Web" MOTW, which gives users better protection from malicious files. This is good news. But what does that actually mean? In the bad old days, opening up a downloaded document could be a fraught exercise...
Internet Safety Month: 7 tips for staying safe online while on vacation
Going on vacation has never been more talked about and anticipated. I mean—for many of us, its been a while. But before you get lost in dreamy thoughts of sun, sea, and sand, you might want to set aside some time to plan on how to keep your devices, and your data, safe while you are relaxing Your...
Instagram scam steals your selfies to trick your friends
What would you do if a friend of yours set up a NSFW account, and then used it to follow you on Instagram? Would you check it out? We recently learned of a group of friends who had to ask themselves exactly that. Fortunately, they realised that something was off. The account wasnt the real owners...
Coffee app in hot water for constant tracking of user location
A mobile app violated Canadas privacy laws via some pretty significant overreach with its tracking of device owners. The violation will apparently not bring the app owners, Tim Hortons, any form of punishment. However, the fallout from this incident may hopefully serve as a warning to others with...
Internet Safety Month: Parental controls—what they can and can’t do for you
Parental controls can be useful to limit the risks your children run into online, but you should know up front that they cannot eliminate every risk out there. Parents and adults everywhere are understandably having a hard time keeping up with the favored social networks of children and...
Introducing EDR for Linux: Remediating and isolating threats on Linux servers
We’re excited to announce our new EDR for Linux offering, which extends our advanced protection and response capabilities to Linux devices via Nebula and OneView. In this post, we show you what remediating and isolating threats on Linux servers looks like with Malwarebytes EDR for Linux. Let’s ge...
Double-whammy attack follows fake Covid alert with a bogus bank call
The BBC has revealed details of how a food bank in the UK was conned out of about $63,000 £50,000 by scammers who used two separate attacks to fleece their victims. A food bank is a way for people to ensure they dont starve. They are a backstop during times of economic uncertainty, and have been...
How the Saitama backdoor uses DNS tunnelling
Thanks to the Malwarebytes Threat Intelligence Team for the information they provided for this article. Understandably, a lot of cybersecurity research and commentary focuses on the act of breaking into computers undetected. But threat actors are often just as concerned with the act of breaking o...
“Reject All” cookie consent button is coming to European Google Search and YouTube
Google will soon be giving European countries a "Reject All" button in the Search and YouTube cookie consent banner. This change, which was revealed by Googles Product Manager for Privacy, Safety & Security Sammit Adhya in a blog post, has already been rolled out in France and will be cascaded to...
It’s legal to scrape public data—US appeals court
Web scraping—the automated extraction of data from websites—has been around for a long time. Simultaneously cursed and praised, with nobody being able to quite land the decisive blow about whether it should be allowed, one way or another. This may have changed, thanks to a recent US appeals court...
North Korean Lazarus APT group targets blockchain tech companies
A new advisory issued by the Federal Bureau of Investigation FBI, the Cybersecurity and Infrastructure Security Agency CISA, and the US Treasury Department Treasury, highlights the cyberthreats associated with cryptocurrency thefts and tactics used by a North Korean state-sponsored advanced...
Watch out for fake WhatsApp “New Incoming Voicemessage” emails
Thanks to the Threat Intelligence team for their help with this article. Security researchers from Armorblox, a cybersecurity company specializing in email-based threats, have encountered a fake WhatsApp email with the subject "New Incoming Voicemessage." The spoofed WhatsApp voicemail notificati...