A week in security (November 13 – November 19)

Last week on Malwarebytes Labs: Signal is testing usernames so you don’t have to share your phone number State of Maine data breach impacts 1.3 million people Credit card skimming on the rise for the holiday shopping season Update now! Microsoft patches 3 actively exploited zero-days Ransomware...

A week in security (October 23 – October 29)

Last week on Malwarebytes Labs: Malvertising via Dynamic Search Ads delivers malware bonanza Octo Tempest cybercriminal group is "a growing concern"—Microsoft Update now! Apple patches a raft of vulnerabilities Patch…later? Safari iLeakage bug not fixed Update vCenter Server now! VMWare fixes...

Cyberattack hits 5 hospitals

Canadian health service provider TransForm has published an update about the cyberattack at its member hospitals. TransForm is a not-for-profit, shared service organization founded by the five hospitals in Erie St. Clair to manage their hospital IT, supply chain, and accounts payable needs. The...

Hong Kong residents targeted in malvertising campaigns for WhatsApp, Telegram

Malvertising is a powerful malware or scam delivery mechanism that makes it easy to target specific geographies or even users. A recent article from the South China Morning Post discussed an increase in malicious webpages for the popular WhatsApp communication tool, driven via malicious Google ad...

The hot topics from Europe’s largest trade fair for IT security

IT-SA Expo & Congress claims to be Europes largest trade fair for IT security. And it really covers a wide range of security and security-related products and services. The event takes place in Nuremberg, Germany and provides an opportunity for vendors to show themselves to the public, create new...

A week in security (October 9 - October 15)

Last week on Malwarebytes Labs: Explained: Quishing Update now! Atlassian Confluence vulnerability is being actively exploited Giant health insurer struck by ransomware didn't have antivirus protection Ransomware review: October 2023 Stalkerware activity drops as glaring spying problem is reveale...

Involved in a data breach? Here’s what you need to know

If you've received a message from a company saying your data has been caught up in a breach, you might be unsure what to do next. We've put together some tips which should help you when the more or less inevitable happens. 1. Check the companys advice Every breach is different, so check the...

DoppelPaymer ransomware group suspects identified

The German police in cooperation with the US Secret Service have executed search warrants against suspected members of the DoppelPaymer ransomware group in Germany and Ukraine. In March of 2023, we reported how the German Regional Police and the Ukrainian National Police, with support from Europo...

X wants your biometric data

Users of X formerly Twitter paying for a checkmark under what used to be called Twitter Blue now X Premium have some biometric related decisions to make. The BBC reports that Elon Musk, having dismantled the old checkmark system to replace it with the all new Premium, is reintroducing identity...

Victim records deleted after spyware vendor compromised

Anonymous hackers have breached the servers of spyware app "WebDetetive", accessing the user database. However, this doesnt appear to be a typical compromise along the lines of stealing the data, according to Tech Crunch. Instead, its part of a slow move toward "spying" apps being attacked and...

The end looms for Meta's behavioural advertising in Europe

The EU is going toe to toe with Meta once more, with the social network giant conceding defeat yet again. After having taken Meta to task for various privacy violations and data breaches, Meta is now having to provide European users with a way to opt out of behavioural advertising. The threat of...

Hey, are you REALLY ready to go on vacation? (No, you aren't)

Are you ready for a challenge? A real challenge? Do you laugh in the face of shark cages, scoff at the Marathon des Sables, and waft a dismissive finger in the direction of the Everest ascent? Are you ready to conquer the impossible? If so, then you might be ready for the ultimate challenge--taki...

How Apple fixed what Microsoft hasn't, with Thomas Reed: Lock and Code S04E16

Earlier this month, a group of hackers was spotted using a set of malicious tools--that originally gained popularity with online video game cheaters--to hide their Windows-based malware from being detected. Sounds unique, right? Frustratingly, it isn't, as the specific security loophole that was...

Plane sailing for ticket scammers: How to keep your flight plans safe

You may be getting ready to jump on a plane and head off for a few days or weeks of rest and relaxation. So the last thing you need before flying is a technology related horror show. Sadly, scammers are aware of families getting ready to hit the skies, and have tailored their threats accordingly...

A week in security (May 29 - June 4)

Last week on Malwarebytes Labs: Barracuda Networks patches zero-day vulnerability in Email Security Gateway CISA issues warning to US businesses: Beware of China's state-sponsored cyber actor Microsoft gives Apple a migraine Financial services company OneMain fined $4.25 million for security laps...

A week in security (May 22-28)

Last week on Malwarebytes Labs: Update now: 9 vulnerabilities impact Cisco Small Business Series ChatGPT: Cybersecurity friend or foe? Webinar recap: EDR vs MDR for business success Identity crisis: How an anti-porn crusade could jam the Internet, featuring Alec Muffett: Lock and Code S04E11...

Ransomware attack on MSI led to compromised Intel Boot Guard private keys

On April 7, 2023 MSI Micro-Star International released a statement confirming a cyberattack on part of its information systems. While the statement does not reveal a lot of tangible information, this snippet is important: "MSI urges users to obtain firmware/BIOS updates only from its official...

Google and Apple cooperate to address unwanted tracking

Google and Apple have announced that they are looking for input from industry participants and advocacy groups on a draft specification to alert users in the event of suspected unwanted tracking. Samsung, Tile, Chipolo, eufy Security, and Pebblebee have stated that they will support the...

FTC tackles tech support scams by chasing payment processor firms

A multinational payment processing company and two of its executives are facing a potential $650k fine as a result of allegedly processing credit card payments for tech support scammers. While this fine isnt exactly massive in comparison to some of the privacy breaches and other incidents seen do...

Instagram scam promises money in exchange for your image

Were seeing a number of complaints on Reddit and elsewhere regarding a scam which flares up every so often. Its called the "Muse scam", and targets users of Instagram. Let's hear from one of the Reddit posters impacted: An artist approached me on Instagram asking if they could use one of my photo...

LockBit ransomware on Mac: Should we worry?

One of the big headlines over the weekend is LockBit, the high-profile Russian ransomware gang, decided to expand its portfolio of potential victims by creating and releasing its first macOS payload, potentially triggering members of the Apple community to panic. But have no fear: Apple security...

Woman tracks down and turns table on Airbnb scammer

The internet is full of Airbnb scams and accounts told by victims. But there is a twist in this latest story-gone-viral that is usually lacking in most narratives: The victim evens the score. Airbnb host and scammer "Mr. Tyler" met his match when his would-be guest, TikTok user Olivia @livvoogus,...

IoT garage door exploit allows for remote opening attack

A popular and reasonably cheap garage door controller is making waves in the news, and not in a good way. Ars Technica reports that the $80 devices created by Nexx are suffering from a number of security issues which could compromise the safety of your home. A Medium post by researcher Sam Sabeta...

iPhone calendar spam: What it is, and how to remove it

If you open up your iPhone and see a variety of messages claiming that youve been hacked, your phone is not protected, that viruses have damaged your phone, or, my personal favourite, "Click to get rid of annoying ads", fear not. Its quite possible youve accidentally wandered into a common form o...

Consent to gather data is a "misguided" solution, study reveals

When researchers from the University of Pennsylvania's Annenberg School for Communication conducted a survey to see if "informed consent" practices are working online with regard to user data gathering, the results revealed weaknesses in a framework that, for decades, has served as the basis for...

Malwarebytes recognized as endpoint security leader by G2

G2 has released their Winter 2023 reports, ranking Malwarebytes as the leader across a number of endpoint protection categories. Based on verified customer reviews, Malwarebytes has been ranked 1 over top EDR vendors for endpoint malware and antivirus protection, detection and remediation of...

$800,000 recovered from Business Email Compromise attack

We continue to see the damaging repercussions of business email compromise BEC impacting organisations across the US and elsewhere. The Houston Chronicle reports that law enforcement seized $800,000 from a bank account used for pillaging funds from a construction management company. The attack BE...

How the CISA catalog of vulnerabilities can help your organization

The Cybersecurity and Infrastructure Security Agency CISA maintains a "known exploited vulnerabilities catalog" which can be useful if you need help prioritizing the patching of vulnerabilities. In essence it is a long list of vulnerabilities that are actually being used by criminals to do harm,...

Cyberthreats facing UK finance sector "a national security threat"

As the reports covering all of 2022 start trickling in, we can see that cybercrime and other types of fraud had a major impact last year. Take for example the 2022 half year fraud update by UK Finance, which tells us that criminals stole a total of £609.8 million roughly $750 million through...

Grand Theft Auto 5 exploit allows cheaters to tamper with your data

Yesterday I spent some time helping to fix a relatives gaming PC. Their gaming data tied to Rockstars Grand Theft Auto 5 GTAV had somehow become corrupted and was no longer functional. I managed to repair the account and restore everything back to the way it was, but this isnt the end of the stor...

Microsoft to end direct sale of Windows 10 licenses at the end of January

Windows 10 is slowly coming to an end, with one more way to purchase the operating system riding off into the sunset. Microsoft is posting notices in a variety of locations to confirm it will no longer sell Windows 10 licenses directly. Support remains in place for the time being, as is the usual...

LastPass updates security notice with information about a recent incident

The password management company LastPasss notified customers in late December about a recent security incident. The notice was posted as an update of the security incident previously reported in August of 2022, which also was updated and covered on November 30, 2022. According to LastPass, an...

Vehicle Identification Numbers reveal driver data via telematics

There are many ways that data collection, and data availability, make less sense as the years pass by. This is frequently accompanied by a resistance to change, to improve these processes, because "thats how weve always done it". Sadly this is often the case even when those data collectors have...

A week in security (November 28 - December 4)

Last week on Malwarebytes Labs: Fraudster site iSpoof shut down, 142 arrested internationally 3 threats to watch out for this Cyber Monday Twitter user data leaks continue to drip from the faucet China-made equipment banned by FCC due to national security threat Sensitive police records stolen an...

BOD 23-01: Improving asset visibility and vulnerability detection on federal networks

On October 3, 2022, the Cybersecurity and Infrastructure Security Agency CISA issued Binding Operational Directive 23-01 BOD 23-10. This directive requires all Federal Civilian Executive Branch FCEB entities to maintain an inventory of all IPv4- and IPv6-networked assets, perform regular, periodi...

Romance scammer deepfakes Mark Ruffalo to con elderly artist

Deepfakes have settled into a groove, as most scam techniques do. It seems most deepfakers have decided to make as much cash as possible from unsuspecting victims instead of doing anything particularly earth-shattering with their technology. One curious twist we may not have seen coming is the...

Facebook users sue Meta for allegedly building "secret workaround" to Apple privacy safeguards

Last week, two Facebook users filed a class-action complaint against Meta in San Francisco's federal court, alleging the company built a "secret workaround" to Apple's safeguards that protect iPhone users from tracking. Facebook circumvents Apple's privacy rules by opening in-app browsers within...

How to set up an Android for your kids

Last week, we gave you some tips on how you can set up a new iPhone for your child to use as they start this school year. Today, we'll look at doing the same for Android phones. Setting up an Android isn't very different from setting up an iPhone as both platforms follow a similar logic to making...

Warning issued about Vice Society ransomware targeting the education sector

The Federal Bureau of Investigation FBI, the Cybersecurity and Infrastructure Security Agency CISA, and the Multi-State Information Sharing and Analysis Center MS-ISAC have released a joint Cybersecurity Advisory CSA after observing Vice Society threat actors disproportionately targeting the...

Source code of password manager LastPass stolen by attacker

In a security incident notice from LastPass the company informed the public know that an unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account. There is no evidence that this incident involved any access to customer dat...

The ransomware landscape changes as fewer victims decide to pay

Fewer victims are choosing to pay their ransomware extorters, especially among large enterprises, according to a recent investigation from Coveware. As a result of this, and other circumstances, we can see some shifts in the way that ransomware groups and their affiliates work. Large organization...

Criminals using compromised social media accounts to "post indecent images of children" says UK cybercrime organization

Action Fraud, the UK's national reporting center for fraud and cybercrime, is warning of a very disturbing scam involving social media and "indecent images of children." Details are light, but social media fans should take this as a warning to lock down their accounts immediately...

To settle with the DoJ, Uber must confess to a cover-up. And it did.

Uber covered up the 2016 data breach that affected its 57 million customers and drivers. The confession came as part of the settlement between the DOJ US Department of Justice and the taxi company, which will see it avoid criminal prosecution. In a press release from the DOJ, Uber "admits that it...

Hospitals taken offline after cyberattack

The GHT Coeur Grand Est has become a victim of a cyberattack on the hospital centers of Vitry-le-François and Saint-Dizier. The hospital’s administration has warned French that data have been exfiltrated and might be used for phishing in the future. As a consequence, the GHT Cœur Grand Est has cu...

Watch out for this SMS phish promising a tax refund

Imagine logging into your bank’s website after responding to a text message claiming you’re due a refund, only to see a warning to watch out for bogus texts: Beware of SMS phishing! For those who dont read Dutch, the warning reads: Never respond to unusual emails or texts! Fraudsters often send...

Watch out for Ukraine donation scammers in Twitter replies

The invasion of Ukraine has been a money making opportunity for scammers since the moment it began: Fake donation sites, bogus Red Cross portals, phishing pages, the works. These scams can also be found on social media. Faking donations on Twitter Some users of social media have become very...

“Threatening and coercive” cold-callers who targeted the elderly hit with big fines

Every so often, fines hit the news as a result of phone/communication spam. Much of it targets older members of society. Sometimes folks say these calls are “just” irritants and nothing to particularly worry about. But it can be really serious, resulting in big chunks of people’s savings being...

A week in security (January 17 – 23)

Last week on Malwarebytes Labs: CISA calls for urgent action against critical threats Red Cross begs attackers to “Do the right thing” after family reunion service compromised Update now! Chrome patches critical RCE vulnerability in Safe Browsing Combatting SMS and phone fraud: UK government issu...

Steer clear of gift card balance scams

Rogue ads are a problem-causing menace which can strike in many ways. Malvertising often uses a combination of exploits to drop malware. Phishing campaigns get the job done with social engineering and bogus websites. This particular incident is an example of the latter, and a good reminder to be...

Grindr fined for selling user data to advertisers

Dating network Grindr has been slapped with a US$7.7 million fine by Norwegian regulator Datatilsynet for sharing data with advertisers. Grindr—which call itself the worlds largest social networking app for gay, bi, trans, and queer people—sold data which includes GPS, IP address, age, and gender...