4661 matches found
GoDaddy says it's a victim of multi-year cyberattack campaign
Hosting and domain name company GoDaddy says it believes a "sophisticated threat actor group" has been subjecting the company to a multi-year attack campaign, the most recent of which occurred in December 2022. In December, it received complaints about customer websites being periodically...
Encrypted messaging service eavesdropped on by police, users arrested
After eavesdropping on yet another encrypted messaging service for five months, law enforcement agencies decided to shut down the service that was popular among members of organized crime groups. The service called Exclu claims to use the "most secure encryption protocols", as well as end-to-end...
Introducing Malwarebytes Mobile Security for Business: How to find malware and stop phishing attacks on smartphones and ChromeOS
Malwarebytes is excited to announce Malwarebytes Mobile Security for Business, which extends our award-winning endpoint protection to mobile devices. Dont get it twisted: mobile devices may be small, but they have huge implications for your security posture. In fact, 73% of organizations...
A week in security (January 30 - February 5)
Last week on Malwarebytes Labs: A private moment, caught by a Roomba, ended up on Facebook. Eileen Guo explains how: Lock and Code S04E03 New data wipers deployed against Ukraine Update your LearnPress plugins now! Riot Games refuses to pay ransom to avoid League of Legends leak Analyzing and...
Louisiana wants your ID if you're looking at adult-only websites
The state of Louisiana introduced a law on January 1, 2023, that holds sites that specialize in pornographic content accountable if they do not check their visitors' ages. A website is obliged to check whether a visitor is of the legal age required to access pornographic content if a substantial...
Play ransomware group claims to have stolen hotel chain data
H-Hotels, a large hospitality chain with 60 hotels across several countries including Germany and Switzerland has announced it has fallen victim to a ransomware attack. The incident, which took place on December 11, is allegedly a double whammy of hijacked devices and data theft…if a ransomware...
A week in security (December 5 - 11)
Last week on Malwarebytes Labs: Security advisories are falling short. Here's why, with Dustin Childs: Lock and Code S03E25 Eufy "no cloud" security cameras streaming data to the cloud Snapchat gives Californians more power over their personal data Update now! Emergency fix for Google Chrome's V8...
A cyber threat hunter talks about what he’s learned in his 16+ year cybersecurity career
Hiep Hinh is a Principal MDR Analyst at Malwarebytes, where he supports 24/7/365 Managed Detection and Response MDR efforts. Hiep has over 16 years of experience in the cybersecurity and intelligence fields, including for the US Army as an intelligence analyst and for the Airforce Computer...
UK government sounds alarm on tax scams
The UK government has issued a warning for people to be on their guard against fake tax rebate scams as they gearing up to fill out their 2021/22 tax returns. Ensuring your self-employed documents are correct and accurate can be a complicated business at the best of times. Having to worry about...
A week in security (October 3 – 9)
Last week on Malwarebytes Labs: Romance scammer deepfakes Mark Ruffalo to con elderly artist Actively exploited vulnerability in Bitbucket Server and Data Center Ransomware-affected school district refuses to pay, gets stolen data released Ransomware review: September 2022 Huge increase in smishi...
Cyberstalking, pig masks, and cockroaches: Former eBay execs are sentenced
The former Senior Director of Safety & Security at eBay, and the companys former Director of Global Resiliency, have been sentenced to prison for their roles in a cyberstalking campaign. The targets of the campaign were the editor and publisher of a newsletter that eBay executives viewed as...
Kim Kardashian gets huge fine for crypto ad
The Securities and Exchange Commission SEC announced in a recent press release that it's charging celebrity influencer Kim Kardashian for violating Section 17b of the Securities Act of 1933, or the anti-touting provision. Kardashian was paid to promote EthereumMax or EMAX, a crypto asset security...
Huge increase in smishing scams, warns IRS
The Internal Revenue Service IRS has issued a warning for taxpayers about a recent increase in IRS-themed smishing scams aimed at stealing personal and financial information. Smishing is short for SMS phishing, where the phishes are sent via text message. The IRS has identified and reported...
Cyber threat hunting for SMBs: How MDR can help
When you hear the words "cyber threat hunting", you just may picture an elite team of security professionals scouring your systems for malware. Sounds like something only huge businesses or nation states would need to do, right? Not quite. Threat hunting is just as essential for...
How to help your child manage their online reputation
Whether your child has been socially active online for a while now or you just handed your young one their first ever smartphone, now is an excellent time to think about managing their online reputation. The concept may sound overwhelming, but doing it is easy. Since you're no doubt talking to yo...
Ransomware review: August 2022
Malwarebytes Threat Intelligence builds a monthly picture of ransomware activity by monitoring the information published by ransomware gangs on their Dark Web leak sites. This information represents victims who were successfully attacked but opted not to pay a ransom. As expected, LockBit remaine...
YouTuber on the run after allegedly swiping $55m from followers
We mostly hear about bogus advertising and offers via compromised accounts on Instagram or Facebook. Strict advertising rules on social media involve making it clear that someone is promoting an ad or offering up a risky venture. However, sometimes things go wrong on other platforms like YouTube...
Chromium browsers can write to the system clipboard without your permission
If you are a user of Google Chrome or any other Chromium-based web browser, then websites may push anything they want to the operating system's clipboard without your permission or any user interaction. This means that by simply visiting a website, the data on your clipboard may be overwritten...
Google flags man as sex abuser after he sends photos of child to doctor
Mark noticed something was wrong with his son. His penis was hurting and appeared to be swollen. Since it was a Saturday during the pandemic, an emergency consultation was scheduled by video. So the doctor could assess the problem ahead of time, the parents were advised to send photos of their...
Anti-tracking tool tells you if you're being followed
If there is one thing we know about the people around us, even the perfect strangers, it's that they almost all have smartphones. And those smartphones aren't merely passive receivers, they're broadcasting constantly, looking for things you might want to connect to. Advertisers have exploited the...
Now it's BlenderBot's turn to make shocking, inappropriate, and untrue remarks
Last Friday, Meta unveiled its new BlenderBot 3 AI chatbot, a conversational AI prototype. The company said its chatbot is designed to learn by having natural conversations with people online. It also improves its skills via human feedback. Meta also asserts with confidence that the more the AI...
Phishy calls and emails play on energy cost increase fears
Gas and electricity price concerns are rife at the moment, with spiralling costs and bigger increases waiting down the line. Sadly this makes the subject valuable material for fraudsters, playing into people's fears with a dash of social engineering to make them worse off than they were previousl...
Wrestling star Mick Foley's Twitter compromised, selling PS5 consoles
One of the biggest wrestling stars around, Mick Foley, had his Twitter account hijacked in an attempt to legitimize a very popular scam. When a well known individual has their social media accounts compromised, disaster looms, as everything from phishing to malware distribution waits in the wings...
Another ransomware payment recovered by the Justice Department
The Justice Department today announced a complaint filed in the District of Kansas to forfeit cryptocurrency paid as ransom to North Korean hackers or otherwise used to launder such ransom payments. The seized funds amounting to half a million US dollars, include ransoms paid by health care...
The FTC will go after companies misusing location, health, and other sensitive data
After the overturning of Roe V Wade, many feared that using, having access to, and sharing reproductive and sexual health data—once done freely—would be outlawed with the practice of abortion in many states. To protect such data from falling into the wrong hands, Congresswoman Sara Jacobs D-CA...
YouTube AI wrongfully flags horror short “Show for Children” as suitable for children
When content creators flag one of their own videos as inappropriate for children, we expect YouTubes AI moderator to accept this and move on. But the video streaming bot doesnt seem to get it. Not only can it prevent creators from correcting a miscategorization, its synthetic will is also final—n...
Apple’s passkeys attempt to solve the password problem
The recent Apple Worldwide Developers Conference WWDC revealed another teasing of what has been referred to as "the end of passwords forever". Passkeys are a "new biometric sign-in standard". Biometrics in security circles are used for things like identity cards, building access, and so on. This...
The Quad commits to strengthening cybersecurity in software, supply chains
The United States, Australia, and its Asian partners—India and Japan—have agreed to work on several cybersecurity initiatives on software, supply chain, and user data. The countries leaders, who convened in Tokyo on May 24, 2022, have met annually four times since the revival of the...
Watch out! Tinder and Grindr users targeted by cruel scammers using real abuse photos
A horrible catfishing scam is using real abuse photos in order to lure in unsuspecting victims on sites like Tinder and Grindr. Recently unearthed by Bleeping Computer, it works like this: Boy meets good-looking girl on dating site. The longer they talk, boy notices the conversation turning into ...
$600 a week to wrap your car? It’s a scam
A friend of mine recently received a text message which they described as "intriguing, but nonsensical". They were convinced it was some sort of scam, but they werent sure what the scammers were up to. Would it turn out to be some sort of phishing attempt? A telephone scam? Banking fraud? That on...
A week in security (May 2 – 8)
Last week on Malwarebytes Labs: Google, Apple, and Microsoft step hand in hand into a passwordless future OpenSea warns of Discord channel compromise Avoid these Instagram “Get rich with Bitcoin” scams Steer clear of fake premium mobile app unlockers How Instagram scammers talk users out of their...
Craft fair vendors targeted by fake event scammers on Facebook
A real world scam which sucks the fun out of craft fairs has caused nothing but stress for victims. It may sound bizarre, but it’s actually a fairly popular attack focused on small/self-run business owners selling their own creations. Are you ready for a trip to the craft fair? You’re a small...
Why MITRE matters to SMBs
Running a small- to medium-sized business SMB requires expertise in everything, from marketing and sales to management and hiring, but in the ever-expanding list of executive responsibilities, one particular item demands attention: Cybersecurity. Cyberattacks can—and have—shuttered entire...
Filing your taxes? Be wary of help found through search engines
The deadline for filing your taxes in the US is nearly upon us. April 18 is the very last date that you can afford to hand your tax returns in to the IRS. People will naturally gravitate toward all manner of filing tools to get the job done. But it’s worth noting that sites are lurking in search...
Hive ransomware impacts California non-profit health organisation
Ransomware authors are once again targeting health services, holding important files to ransom and impacting potentially vital services. On this occasion, the victims are a non-profit organisation assisting people with their healthcare needs in California. When Hive ransomware strikes The victim,...
Watch out for LinkedIn fakes who want to get connected
Despite continued warnings of deepfake chaos during major events, things haven’t worked out the way some thought. Those video deepfakes are bad, and they remain bad. Quite simply, nobody is fooled - or at least, nobody able to make a mistaken snap judgement in a way that matters. As much as we ov...
Satellites are critical infrastructure and need to be cybersecured
In the context of this article we will use the term satellite for a machine that is launched into space and moves around Earth. And there might be a lot more of them than you would expect—this live map tracks a huge number of satellites. Originally most of earth’s satellites were launched for...
Four key cybersecurity practices during geopolitical upheaval
Russia’s continued invasion of Ukraine has altered the landscape of cybersecurity threats facing organizations both near and far from the physical threat of war. Disinformation is spreading and being actively fought. The old hacker group Anonymous promised “cyber war” against Russia. One ransomwa...
How to update your drivers and when you need to
Many software vendors have a driver updater in their arsenal. But is it really that important to have the latest computer drivers? Where do you get them? And how do you go about updating? Driver updates fix security and compatibility problems, errors, broken code, and sometimes even add features ...
Hive ransomware: Researchers figure out a method to decrypt files
Files encrypted by ransomware cant be recovered without obtaining the decryption key, if the encryption has been done properly. But that doesnt seem to be the case for Hive ransomware. Researchers from the Kookmin University in Korea have published a method for decrypting the data scrambled by...
CISA offers guidance on dealing with information manipulation
Malicious actors use influence operations, like spreading false information, to shape public opinion, undermine trust, amplify division, and create dissension. In response, the Cybersecurity & Infrastructure Security Agency CISA has released CISA Insights: Preparing for and Mitigating Foreign...
A week in security (February 7 – February 13)
Last week on Malwarebytes Labs: Securitas breached, 3TB of airport employee records exposed How to avoid being scammed this Valentine’s Day News Corp falls victim to cyberattack “We absolutely do not care about you”: Sugar ransomware targets individuals Microsoft takes macros out of the equation...
Android malware BRATA can wipe devices
Cleafy, a cybersecurity firm specializing in online fraud, has published new details about banking Trojan BRATA Brazilian Remote Access Tool, Android, a known malware strain that first became widespread in 2019. BRATA is now being used to perform factory resets on victims machines. Its rare for...
Red Cross begs attackers to “Do the right thing” after family reunion service compromised
Restoring Family Links is a program most commonly associated with The Red Cross. It’s been around since 1870, and aims to reunite lost family members, repatriate individuals, prevent folks from disappearing, and much more. You may have seen them in the news during times of disaster, war, and othe...
Browsers on iOS, iPadOS and Mac leak your browsing activity and personal identifiers
Researchers at FingerprintJS, a Chicago-based firm that specializes in online fraud prevention, have published a software bug introduced in Safari 15’s implementation of the IndexedDB API that lets any website track your internet activity and may even reveal your identity. They found that in Safa...
REvil ransomware gang busted by Russian Federal Security Service
Eight members of the REvil ransomware group have been arrested in Russia and will be pressed with criminal charges. Russias intelligence bureau, the FSB, announced on Friday that it had conducted an operation together with the Interior Ministry in Moscow, St. Petersburg, and the regions of Moscow...
Ransomware cyberattack forces New Mexico jail to lock down
Five days after the new year, the Metropolitan Detention Center MDC in Bernalillo County, New Mexico suddenly went on lockdown. The reason? A ransomware cyberattack has knocked the jails internet connection offline, rendering most of their data systems, security cameras, and automatic doors...
Most people aren’t upgrading to Windows 11: Not the end of the world
Windows 11 is experiencing an apparent lack of uptake among Windows users. If this survey is accurate, less than 1% of 10 million PCs surveyed are running the new operating system. In fact, more machines are using Windows XP. That may surprise you. It might even seem like a bit of an embarrassing...
“Free Steam games” videos promise much, deliver malware
Gamers are a hot target for scammers, especially in the run up to Christmas. Major games are released throughout the last few months of any year, and the FOMO fear of missing out is strong. Especially if said titles offer pre-order exclusive bonuses, or deals and discounts for a few weeks after t...
Watch out for the Steam skin “free knife” scam
Have you ever had someone run up to you in the street and insist you take their free knife? I hope not, because that’s a good way to wind up in a 60-minute police procedural drama. In video game land, however, anything goes. A certain type of scam is showing signs of activity at the moment and it...