4706 matches found
Massive DDoS attack washes over GitHub
There's been some huge DDoS distributed denial of service attacks over the years, but we've been…lucky?…enough to witness the latest raising of the stakes in the last couple of days. GitHub, an incredibly important code resource for major organisations around the world, fell victim to a colossal...
Update now! Google patches Android vulnerability that allows remote code execution over Bluetooth
In the Android security bulletin of December 5, 2022 you can find an overview of the security vulnerabilities affecting Android devices that are fixed in patch level 2022-12-05 or later. The most severe of these issues is a critical security vulnerability in the System component that could lead t...
Why Log4Text is not another Log4Shell
The Apache Software Foundation has acknowledged a vulnerability in Apache Commons Text, a library focused on algorithms for string manipulation. The vulnerability has been assigned CVE-2022- 42889, but security researchers have dubbed it Log4Text. The name provides an immediate association with...
GreenFlash Sundown exploit kit expands via large malvertising campaign
Exploit kit activity has been relatively quiet for some time, with the occasional malvertising campaign reminding us that drive-by downloads are still a threat. However, during the past few days we noticed a spike in our telemetry for what appeared to be a new exploit kit. Upon closer inspection ...
4 lessons to be learned from the DOE’s DDoS attack
Analysts, researchers, industry professionals, and pundits alike have all posited the dangers of the next-generation “smart grid,” particularly when it comes to cybersecurity. They warn that without the right measures in place, unscrupulous parties could essentially wreak havoc on the bulk of...
Android phones can be taken over remotely – update when you can
Android phones are vulnerable to attacks that could allow someone to takeover a device remotely without the device owner needing to do anything. Updates for these vulnerabilities and more are included in Googles Android security bulletin for December. In total, there are patches for 94...
Update now! Proof of concept code to be released for Zoho ManageEngine vulnerability
Users of multiple Zoho ManageEngine products are under urgent advice to install the patch issued October 27, 2022. The advice is urgent because on January 13, 2023 the Horizon3 Attack Team tweeted that Proof of Concept PoC code and a deep-dive blog will be released within a week. Mitigation A lon...
Update now! Apple fixes several serious vulnerabilities in iOS and macOS
Apple has released patches for macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4. In these security updates, released on March 14, 2022, Apple tackles 39 vulnerabilities, several of which could allow an attacker to execute arbitrary code on an affected device. One of the vulnerabilities can be...
Cars and hospital equipment running Blackberry QNX may be affected by BadAlloc vulnerability
Following an announcement by Blackberry the U.S. Food & Drug Administration FDA and the Cybersecurity & Infrastructure Security Agency CISA have put out alerts that vulnerabilities found in the Blackberry QNX real-time operating system RTOS may introduce risks for certain medical devices...
New Golang brute forcer discovered amid rise in e-commerce attacks
E-commerce websites continue to be targeted by online criminals looking to steal personal and payment information directly from unaware shoppers. Recently, attacks have been conducted via skimmer, which is a piece of code that is either directly injected into a hacked site or referenced externall...
The fake Elon Musk Bitcoin giveaway marathon will NOT make you rich
Today we look at a fakeout which begins with Elon Musk, and ends with a trip to Mars or, if youre really lucky, the Sun. One of the most annoying “features” of Twitter is being added to lists without permission. Its a theoretically useful way to keep track of certain topics. It’s often also used...
FormBook spam campaign targets citizens of Ukraine️
Our Threat Intelligence team has been closely monitoring cyber threats related to the war in Ukraine. Today, we discovered a malicious spam campaign dropping the Formbook stealer specifically targeting Ukrainians. Formbook is part of a long-running malspam operation that we observe on a regular...
Update now! VMWare patches critical vulnerabilities in several products
In a new critical security advisory, VMSA-2022-0021, VMWare describes multiple vulnerabilities in several of its products, one of which has a CVSS score of 9.8. Exploiting these vulnerabilities would enable a threat actor with network access to bypass authentication and execute code remotely...
Trojans, ransomware dominate 2018–2019 education threat landscape
Heading into the new school year, we know educational institutions have a lot to worry about. Teacher assignments. Syllabus development. Gathering supplies. Readying classrooms. But one issue should be worrying school administrators and boards of education more than most: securing their networks...
Compromising vital infrastructure: problems in education security continue
The educational system and many of its elements are targets for cybercriminals on a regular basis. While education is a fundamental human right recognized by the United Nations, the financial means of many schools and other entities in the global educational system are often limited. These limite...
Smart cities, difficult choices: privacy and security on the grid
All is not well in the land of smart city planning, as the latest major planned development from Google's sister company Sidewalk Labs continues to run into problems in Toronto, Canada. A groundswell of support? Building a city “From the ground up” is apparently no longer a thing: at least some...
Samba patches critical vulnerability that allows remote code execution as root
Samba developers have patched a vulnerability that allows remote attackers to execute arbitrary code as root on affected Samba installations that use the VFS module vfsfruit. Samba is a free software re-implementation of the SMB networking protocol that provides file and print services for variou...
Is it game over for VR advergaming?
We’ve been warning about advergaming—the combination of virtual reality VR and ads—for years on the Labs Blog. I’ve given a few talks on the subject too, and how ad networks will slowly work their way into enclosed spaces formerly reserved for your head. They still might, but thanks to a recent...
New social engineering toolkit draws inspiration from previous web campaigns
Some of the most common web threats we track have a social engineering component. Perhaps the more popular ones are those encountered via malvertising, or hacked websites that push fraudulent updates. We recently identified a website compromise with a scheme we had not seen before; it's part of a...
A week in security (June 17 – 23)
Last week on the Malwarebytes Labs blog, we took a look at the growing pains of smart cities, took a deep dive into AI, jammed along to Radiohead, and looked at the lessons learned from Chernobyl in relation to critical infrastructure. We also explored a new Steam phish attack, and pulled apart a...
MegaCortex continues trend of targeted ransomware attacks
MegaCortex is a relatively new ransomware family that continues the 2019 trend of threat actors developing ransomware specifically for targeted attacks on enterprises. While GandCrab apparently shut its doors, several other bespoke, artisanal ransomware families have taken its place, including...
A week in security (August 28 – September 3)
Last week, we looked at what actions Kronos can perform in the final installment of a 2-part post. We also dived into Locky, again, a ransomware that just made a comeback, and found that its latest variant as of this writing has anti-sandboxing capabilities. This means that once Locky has...
This Steam phish baits you with free Discord Nitro
Weeks ago, we talked about the one effective lure that could get a Discord user to consider clicking on a scam link they were generously given, either by a random user or a legitimate contact who also happened to have fallen for the same ploy: free Discord Nitro subscriptions. And similar to how...
Zoom zero-day discovery makes calls safer, hackers $200,000 richer
Two Dutch white-hat security specialists entered the annual computer hacking contest Pwn2Own, managed to find a Remote Code Execution RCE flaw in Zoom and are $200,000 USD better off than they were before. Pwn2Own Pwn2Own is a high profile event organized by the Zero Day Initiative that challenge...
Crack hunting: not all it’s cracked up to be
People sometimes ask us in the forums if a keygen or software crack is safe to use. Sometimes, these programs do what they say on the tin. Other times, they’re not what they say they are. In this post, I’ll describe what happened when I went crack hunting, and why it is often unsafe to carry out...
4 steps for improving employee trust while securing them
Earlier this month we held our quarterly Cybercrime Tactics and Techniques Q2 2017 webinar. This event gave thousands of security practitioners and leaders a chance to learn about the latest analysis of threats Malwarebytes Labs has seen around the globe. In case you missed it, you can watch an...
MOVEit Transfer fixes three new vulnerabilities
The Cybersecurity and Infrastructure Security Agency CISA has warned about three new vulnerabilities in Progress Software's MOVEit software. A cybercriminal could exploit some of these vulnerabilities to obtain sensitive information. In the advisory, CISA encouraged users to review Progress MOVEi...
Update now! Microsoft releases patches, including one for actively exploited zero-day
Microsoft has released patches for 74 security problems, including fixes for seven “critical” vulnerabilities, and an actively exploited zero-day vulnerability that affects all supported versions of Windows. First, well look at the actively exploited zero-day. Then well discuss two zero-days that...
Patch vCenter Server “right now”, VMWare expects CVE-2021-22005 exploitation within minutes of disclosure
VMware is urging users of vCenter server to patch no fewer than 19 problems affecting its products. These updates fix a variety of security vulnerabilities, but and one of them is particularly nasty. That would be CVE-2021-22005, a critical file upload vulnerability with a CVSS score of 9.8 out o...
Revisiting the NSIS-based crypter
This blog post was authored by hasherezade NSIS Nullsoft Scriptable Install System is a framework dedicated to creating software installers. It allows to bundle various elements of an application together i.e. the main executable, used DLLs, configs, along with a script that controls where are th...
New LNK attack tied to Higaisa APT discovered
This post was authored by Hossein Jazi and Jérôme Segura On May 29th, we identified an attack that we believe is part of a new campaign from an Advanced Persistent Threat actor known as Higaisa. The Higaisa APT is believed to be tied to the Korean peninsula, and was first disclosed by Tencent...
A deep dive into Phobos ransomware
Phobos ransomware appeared at the beginning of 2019. It has been noted that this new strain of ransomware is strongly based on the previously known family: Dharma a.k.a. CrySis, and probably distributed by the same group as Dharma. While attribution is by no means conclusive, you can read more...
A week in security (June 10 – 16)
Last week on Malwarebytes Labs, we revealed to readers the mindset of security pros as to why they lack confidence in their ability to prevent their organizations getting breached. We also reported on Maine Governor Janet Mills implementing the state’s own privacy protections, how Apple can bette...
Patch now! Microsoft fixes 71 Windows vulnerabilities in October Patch Tuesday
Yesterday we told you about Apple’s latest patches. Today we turn to Microsoft and its Patch Tuesday. Microsoft tends to provide a lot of information around its patches and, so, theres a lot to digest and piece together to give you an overview of the most important ones. In total, Microsoft has...
Business in the front, party in the back: backdoors in elastic servers expose private data
It seems like every day we read another article about a data breach or leak of cloud storage exposing millions of users' data. The unfortunate truth is that the majority of these leaks require no actual "hacking" on the part of the attacker. Most of the time, this highly confidential data is just...
Assessing the security of a portable router: a look inside its hardware, part deux
In part two of our blog assessing the security of a portable router, we will acquire the tools and equipment to make a copy of the firmware on our target router so that we can assess the full firmware. Sometimes, the manufacturer has an updated firmware that is available on their website. It coul...
August Patch Tuesday stops actively exploited attack chain and more
Augusts Patch Tuesday is a lot quieter than it was last month, when Microsoft patched a whopping 130 vulnerabilities. That number went down to 87 this month but it does include two actively exploited vulnerabilities. Lets start by looking at those two: CVE-2023-38180 CVSS score 7.5 out of 10: a...
Update Android now! Google patches three important vulnerabilities
In the April 2023 Android security bulletin, Google announced security updates which include fixes for two critical remote code execution RCE vulnerabilities and one vulnerability that has been exploited in the wild. The vulnerabilities are impacting Android systems running versions 11, 12, 12L,...
Vulnerabilities in GPS tracker could have “life-threatening” implications
Researchers at BitSight have discovered six vulnerabilities in the MiCODUS MV720 GPS tracker, a popular vehicle tracking device. The vulnerabilities are severe enough for the Cybersecurity & Infrastructure Security Agency CISA to publish a Security Advisory titled ICSA-22-200-01: MiCODUS MV720 GP...
Spectre attacks come back from the dead
Spectre is the name for a whole class of vulnerabilities discovered in January 2018 that affected huge numbers of modern computer processors that rely on a performance feature called speculative execution. Since then, some of the world’s most talented computer scientists from industry and academi...
Apple iOS 13 will better protect user privacy, but more could be done
Last week, Apple introduced several new privacy features to its latest mobile operating system, iOS 13. The Internet, predictably, expressed doubt, questioning Apple’s oversized influence, its exclusive pricing model that puts privacy out of reach for anyone who can’t drop hundreds of dollars on ...
New critical vulnerability discovered in open-source office suites
A great number of attack techniques these days are using Microsoft Office documents to distribute malware. In recent years, there has been serious development on document exploit kit builders, not to mention the myriad of tricks that red-teamers have come up with to bypass security solutions. In...
CISA Log4Shell warning: Patch VMware Horizon installations immediately
CISA and the United States Coast Guard Cyber Command CGCYBER are warning that the threat of Log4Shell hasnt gone away. Its being actively exploited and used to target organisations using VMware Horizon and Unified Access Gateway servers. Log4Shell: what is it? Log4Shell was a zero-day vulnerabili...
Everybody and their mother is blocking ads, so why aren’t you?
This post may ruffle a few feathers. But we’re not here to offer advice to publishers on how to best generate revenue for their brand. Rather, we’re here to offer the best advice on how to maintain a safe and secure environment. If you’re not blocking advertisements on your PC and mobile device,...
Fake ChatGPT download site infects Windows and Mac users with malware
A convincing fake website is impersonating OpenAI’s ChatGPT download page and infecting visitors with malware designed to steal passwords, browser data, cryptocurrency wallets, and other sensitive information. The site, openew.app, closely mimics OpenAI’s real ChatGPT download experience and offe...
GoAnywhere zero-day opened door to Clop ransomware
A semi-active ransomware group has claimed it is behind a string of attacks which have taken advantage of a zero-day vulnerability in GoAywhere MFT. The Russian-linked Clop ransomware group says it was able to remotely attack private systems using exposed GoAnywhere MFT administration consoles...
MSHTML attack targets Russian state rocket centre and interior ministry
Malwarebytes has reason to believe that the MSHTML vulnerability listed under CVE-2021-40444 is being used to target Russian entities. The Malwarebytes Intelligence team has intercepted email attachments that are specifically targeting Russian organizations. The first template we found is designe...
Malwarebytes Labs wins best cybersecurity vendor blog at InfoSec’s European Security Blogger Awards
Infosec Europe is now well underway, and last night was the annual EU Security Blogger Awards, where InfoSecurity Magazine: …recognises the best blogs in the industry as first nominated by peers and then judged by a panel of mostly respected industry experts. Malwarebytes Labs was announced as...
Zombie email rises from grave after eight years of radio silence
In a novel twist on “What happens to our accounts when we die,” we have “what happens to our abandoned accounts while we're still alive”. In this case, UK ISP TalkTalk kept an old customer’s email account alive some eight years after she closed it—which left it wide open for takeover by spammers...
Tomorrowland festival goers affected by data breach
Tomorrowland, a major international music festival, has revealed a data breach potentially affecting around 60,000 attendees. This one is a little different though, as the data accessed without permission isn't recent. In fact, it dates back four years to an event long since come and gone...