Digital assets continue to be prime target for malvertisers

Cyber-criminals continue to impersonate brands via well-crafted phishing websites. We previously covered attacks on both consumers and businesses via online searches for popular brands leading to scams or malware. Digital assets such as cryptocurrencies or NFTs are highly coveted by threat actors...

New Security Advisor amps up security in minutes

Malwarebytes Security Advisor, a transformation of the Nebula customer experience, enables organizations to visualize and improve their organization's security posture in just a few minutes. "If youre not fully configured, you arent fully protected," says Jonny Rivera, Director, Customer Experien...

How to protect your child's identity

As we have mentioned before, identity theft is a serious problem, especially when it affects children. Identity thieves love preying on minors, simply because it usually takes longer before the theft is noticed. A persons identity represents a certain value. If it is stolen and abused, it can cau...

60,000 Androids have stalkerware-type app Spyhide installed

Stalkerware-type app Spyhide is coded so badly that its possible to gain access to the back-end databases and retrieve data about everyone that has the app on their device. And it's not a small number. Hacktivist maia arson crimew told TechCrunch she'd found 60,000 compromised Android devices,...

Accidental VirusTotal upload is a valuable reminder to double check what you share

A document accidentally uploaded to Googles VirusTotal service has resulted in the potential exposure of defence and intelligence agency names and email addresses. The service, used to scan files for signs of potential malicious activity, is used by security professionals and folks just intereste...

A week in security (July 10 - 16)

Last week on Malwarebytes Labs: Tax preparation firms shared sensitive information with Meta Ransomware making big money through "big game hunting" Malwarebytes stops 100% of Advanced Threats in latest AV-Test assessment From Malvertising to Ransomware: A ThreatDown webinar recap Ransomware revie...

Self-driving cars are a privacy issue, says security expert

Self-driving cars peel off an extra layer from our privacy, says security expert Bruce Schneier. Theoretically, if you know the location of all the closed-circuit television CCTV cameras in a neighborhood, you might be able to move around without one of them ever catching a glimpse of your face...

New technique can defeat voice authentication "after only six tries"

Voice authentication is back in the news with another tale of how easy it might be to compromise. University of Waterloo scientists have discovered a technique which they claim can bypass voice authentication with "up to a 99% success rate after only six tries". In fact this method is apparently ...

Spyware app LetMeSpy hacked, tracked user data posted online

Stalkerware-type app LetMeSpy says it has been hacked, with the attacker taking user data with it. From the message posted to the login screen on the LetMeSpy website: On June 21, 2023, a security incident occurred involving obtaining unauthorized access to the data of website users. As a result ...

Criminal secure messaging system takedown: 6500+ arrests and €900 million+ seized

In 2020, we reported on how law enforcement managed to compromise a secure communications system set up by and for criminals. Now, Europol has published a progress report showing the enormous impact the infiltration of the encrypted communications tool EncroChat made. EncroChat, a company based i...

US dangles $10 million reward for information about Cl0p ransomware gang

The US Department of States national security rewards program, Rewards for Justice RFJ, is offering a reward of up to $10 million for information linking the Cl0p ransomware gang, or any other malicious cyber actors targeting US critical infrastructure, to a foreign government. Advisory from...

LockBit ransomware advisory from CISA provides interesting insights

The US Cybersecurity and Infrastructure Security Agency CISA, Federal Bureau of Investigation FBI, Multi-State Information Sharing and Analysis Center MS-ISAC, and the cybersecurity authorities of Australia, Canada, United Kingdom, Germany, France, and New Zealand CERT NZ, NCSC-NZ have all...

Edge browser feature sends images you view back to Microsoft

A relatively new service provided by Microsofts browser Edge sends images you've viewed online back to Microsoft. A new feature labelled Enhance images in Microsoft Edge has raised some privacy concerns. The feature is designed to upscale low resolution images, making them sharper, and improving...

How Coffee County Schools safeguards 7500 students and 1200 staff

We're excited to announce that our much-anticipated 4th edition of the Byte Into Security webinar series is now available on-demand. Originally aired on May 31st, this session is a goldmine for those facing the unique challenges of K-12 cybersecurity. The webinar is free, and you can watch it rig...

Microsoft illegally collected and retained children's data, says FTC

Microsoft is counting the cost of privacy violations, with $20m in fines related to illegal data collection from childrens Xbox accounts. The Xbox manufacturer has reached a settlement with the Federal Trade Commision FTC, a result which promises to have other console developers looking closely a...

The 2023 State of Ransomware in Education: 84% increase in attacks over 6-month period

This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, "known attacks" are those where the victim didn't pay a ransom. This provides the best overall picture of...

"Beautiful Cookie Consent Banner" WordPress plugin vulnerability: Update now!

WordPress plugins are under fire once more, and youre advised to update your version of Beautiful Cookie Consent Banner as soon as possible. The plugin, which is installed on more than 40,000 sites, has been impacted by a "bizarre campaign" being actively used since at least February 5 of this...

AI generated Pentagon explosion photograph goes viral on Twitter

Twitters recent changes to checkmark verification continue to cause chaos, this time in the realm of potentially dangerous misinformation. A checkmarked account claimed to show images of explosions close to important landmarks like the Pentagon. These images quickly went viral despite being AI...

Google to pay $40m for "deceptive and unfair" location tracking practices

Google is going to pay $39.9 million to Washington State to put to rest a lawsuit about its location tracking practices which has been in play since last year. Google was accused of "misleading consumers" by State Attorney General Bob Ferguson. From the AG press release: Attorney General Bob...

Leaked Babuk ransomware builder code lives on as RA Group

The bones of long gone ransomware group Babuk continue to rattle in the breeze, in the form of reused code. Researchers from Cisco Talos have named this new team the "RA Group", a ransomware collective which may have only been up and running since last month. Babuk famously threatened to leak law...

Why we should be more open about ransomware attacks

The UKs National Cyber Security Centre NCSC has published an article that reflects on why its so concerning when cyberattacks go unreported, saying: ...we are increasingly concerned about what happens behind the scenes of the attacks we dont hear about, particularly the ransomware ones. One of th...

How to spot and avoid a tech support scam

Despite the occasional arrests and FTC fines for tech support scammers TSS and their henchmen, there are still plenty of cybercriminals active in this field. Scams range from unsolicited calls offering help with your "infected" computer to fully-fledged websites where you can purchase heavily...

Fake system update drops Aurora stealer via Invalid Printer loader

Malvertising seems to be enjoying a renaissance as of late, whether it is from ads on search engine results pages or via popular websites. Because browsers are more secure today than they were 5 or 10 years ago, the attacks that we are seeing all involve some form of social engineering. A threat...

The rise of "Franken-ransomware," with Allan Liska: Lock and Code S04E11

Ransomware is becoming bespoke, and that could mean trouble for businesses and law enforcement investigators. It wasn't always like this. For a few years now, ransomware operators have congregated around a relatively new model of crime called "Ransomware-as-a-Service." In the...

Microsoft vs Google spat sees users rolling back security updates to fix browser issues

We like to imagine were in total control of our desktop experience, carefully curated to look and work the way we want it to. However, every so often a story comes along which reminds us how little control we have when the big players notice one another's existence. A recent Windows update really...

Google Authenticator WILL get end-to-end encryption. Eventually.

Following criticism, Google has decided to bring end-to-end encryption E2EE to its Google Authenticator cloud backups. The search giant recently introduced a feature that allows users back up two-factor authentication 2FA tokens to the cloud, but the lack of encryption caused some commentators to...

QBot changes tactic, remains a menace to business networks

QBot, an infostealer-turned-dropper that aids criminal gangs in their malicious campaigns, is now being distributed as part of a phishing campaign using PDFs and Windows Script Files WSF, according to recent discoveries by malware hunter Proxylife @pr0xylife and the Cryptolaemus group...

Living Off the Land (LOTL) attacks: Detecting ransomware gangs hiding in plain sight

Regular readers of our monthly ransomware review read our April edition here know that Ransomware-as-a-Service RaaS gangs have been making headlines globally with their disruptive attacks on organizations. Sometimes, though, its not enough to merely know about of the problem. In order to truly...

A week in security (April 10 - 16)

Last week on Malwarebytes Labs: How the cops buy a "God view" of your location data, with Bennett Cyphers: Lock and Code S04E09 Apple releases emergency updates for two known-to-be-exploited vulnerabilities Don't plug your phone into a free charging station, warns FBI KFC, Pizza Hut owner employe...

Ransomware in the UK, April 2022–March 2023

This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their dark web sites. In this report, "known attacks" are attacks where the victim opted not to pay a ransom. This provides the best overall picture ...

A week in security (April 3 - 9)

Last week on Malwarebytes Labs: TikTok: Whats going on and should I be worried? Super FabriXss: an RCE vulnerability in Azure Service Fabric Explorer Big changes to Twitter verification: How to spot a verified account New macOS malware steals sensitive info, including a user's entire Keychain...

LastPass was undone by an attack on a remote employee

Last August, LastPass suffered a well publicised breach: Developer systems were compromised and source code stolen. This resulted in a second breach in November, which was revealed by LastPass in December. The company has now revealed that the individuals responsible for the attack also compromis...

How to set up two-factor authentication on Twitter using a hardware key

If you use text based authentication as an additional level of security for your Twitter account, you may be aware that this option will be reserved for paying Twitter Blue subscribers come mid-March. This post explains how to enable hardware key authentication instead. Enabling a hardware securi...

Four EU telco giants will start asking users if they want personalized targeted ads

They say you can't have too much of a good thing. Unfortunately, this applies to ads, too, whether you think they're a good thing or not. Soon, Europes four biggest telecommunication companies--Germany's Deutsche Telekom DK, France's Orange, Spain's Telefonica, and the UK's Vodafone Group--will...

A week in security (January 23—29)

Last week on Malwarebytes Labs: T-Mobile reports data theft of 37 million customers in the US Ransomware revenue significantly down over 2022 Microsoft to end direct sale of Windows 10 licenses at the end of January TikTok CEO told to "step up efforts to comply" with digital laws 4 ways to protec...

What happened in privacy in 2022

Annual reviews of any years developments in privacy rarely lend themselves to pithy wrap-ups, but 2022 was different, providing the clearest example yet for so many people--American women in particular--that their privacy was not theirs to determine, and that the often-repeated refrain that priva...

Credit card fraud group member could get up to 30 years in jail

Card fraud, a staple diet of scammers online, is currently featuring heavily on the US Department of Justice portal. The reason? A story which has rumbled on for a few years finally seems to be pulling into its final destination, as a man admits his role in a slice of fraud which impacted thousan...

WhatsApp lawsuit against NSO Group greenlit by Supreme Court

On Monday, the US Supreme Court denied the NSO Group's petition for a writ of certiorari, a request to the high court to review its case, signaling that Meta's WhatsApp can go ahead with its case against the Israeli-based company behind the Pegasus spyware. The court didn't explain why it refused...

Cyberattack halts Royal Mail's overseas post

If youre looking to send letters or parcels outside of the UK using Royal Mail, youll want to hold off for a little while. Royal Mail is suffering from "severe disruption" after an unnamed cyber incident. While no specifics are currently available, Royal Mail has disclosed enough to let us know...

Maternal & Family Health Services discloses ransomware attack months after discovery

Maternal & Family Health Services MFHS, a nonprofit healthcare giant based in Pennsylvania, said in an advisory and press release that it has suffered a ransomware attack which led to the potential exposure of sensitive data of patients, employees, and vendors. That data includes names, addresses...

Software provider denied insurance payout after ransomware attack

The Supreme Court of Ohio issued a ruling days before the New Year that a software and service provider shouldn't be covered by insurance against a ransomware attack as it didn't cause direct or physical harm to tangible components of software, as it doesnt have any. "When insurance policy covers...

Chasing cryptocurrency through cyberspace, with Brian Carter: Lock and Code S03E26

On June 7, 2021, the US Department of Justice announced a breakthrough: Less than one month after the oil and gas pipeline company Colonial Pipeline had paid its ransomware attackers roughly $4.4 million in bitcoin in exchange for a decryption key that would help the company get its systems back ...

A week in security (December 12 - 18)

Last week on Malwarebytes Labs: Indiana sues TikTok, describes it as "Chinese Trojan Horse" Iranian hacking group uses compromised email accounts to distribute MSP remote access tool Electronic Sales Suppression Tools are cooking the books Silence is golden partner for Truebot and Cl0p ransomware...

Is Apple about to embrace third-party app stores?

On Tuesday, Bloomberg reported that Apple is preparing to allow access to third-party app stores on all iPhone and iPad devices owned by EU users, in anticipation of a new EU competition law coming into force in mid-2024. If the reporting is correct, then in future users in the EU will no longer ...

Microsoft fixes driver blocklist placing users at risk from BYOVD attacks

There may be an all-new acronym for you to try and remember, as a result of Microsoft fixing a lingering issue. This issue is called Bring Your Own Vulnerable Driver BYOVD, and BYOVD has been popping up in various forms for the last few months. These attacks may have been less impactful if a...

5 essential security tips for SMBs

In any business, the security of each computer is intimately connected to the security of every other computer. Interconnectedness allows attackers to turn a breach, a fault, or an oversight on one machine into access on all the machines its connected to. That means any attack on any computer is ...

Man scammed IRL for a phone he sold online

If youre looking to sell an item which youve advertised online, be on your guard. Even when everything looks to be working as it should, things can go wrong very quickly as one unfortunate IT graduate recently discovered. You would think that theres no way the in-person sale of an expensive devic...

Teen talk: What it's like to grow up online, and the role of parents: Lock and Code S03E21

Growing up is different for teens today. Issues with identity, self-expression, bullying, fitting in, and trusting your friends and family--while all those certainly existed decades ago, they were never magnified in quite the same way that they are today, and that's largely because of one enormou...

Ransomware review: September 2022

Malwarebytes Threat Intelligence builds a monthly picture of ransomware activity by monitoring the information published by ransomware gangs on their Dark Web leak sites. This information represents victims who were successfully attacked but opted not to pay a ransom. This article is also availab...

FCC moves to block robotexts

The American people are fed up with scam texts, and we need to use every tool we have to do something about it. This is what Jessica Rosenworcel, Chairwoman of the US Federal Communications Commission FCC said after releasing a plan that will require mobile carriers to block "robotext" text...