4658 matches found
FormBook spam campaign targets citizens of Ukraine️
Our Threat Intelligence team has been closely monitoring cyber threats related to the war in Ukraine. Today, we discovered a malicious spam campaign dropping the Formbook stealer specifically targeting Ukrainians. Formbook is part of a long-running malspam operation that we observe on a regular...
Smart cities, difficult choices: privacy and security on the grid
All is not well in the land of smart city planning, as the latest major planned development from Google's sister company Sidewalk Labs continues to run into problems in Toronto, Canada. A groundswell of support? Building a city “From the ground up” is apparently no longer a thing: at least some...
GoAnywhere zero-day opened door to Clop ransomware
A semi-active ransomware group has claimed it is behind a string of attacks which have taken advantage of a zero-day vulnerability in GoAywhere MFT. The Russian-linked Clop ransomware group says it was able to remotely attack private systems using exposed GoAnywhere MFT administration consoles...
Meet Extenbro, a new DNS-changer Trojan protecting adware
Recently, we uncovered a new DNS-changer called Extenbro that comes with an adware bundler. These DNS-changers block access to security-related sites, so the adware victims can’t download and install security software to get rid of the pests. From our viewpoint, this might be like sending in an...
Zombie email rises from grave after eight years of radio silence
In a novel twist on “What happens to our accounts when we die,” we have “what happens to our abandoned accounts while we're still alive”. In this case, UK ISP TalkTalk kept an old customer’s email account alive some eight years after she closed it—which left it wide open for takeover by spammers...
Tomorrowland festival goers affected by data breach
Tomorrowland, a major international music festival, has revealed a data breach potentially affecting around 60,000 attendees. This one is a little different though, as the data accessed without permission isn't recent. In fact, it dates back four years to an event long since come and gone...
Enemy at the gates: Reviewing the Magnitude exploit kit redirection chain
Over the last few months, we have been keeping an eye on the Magnitude exploit kit which is mainly used to deliver the Cerber ransomware to specific countries in Asia. Our telemetry shows that South Korea is most impacted via ongoing malvertising campaigns. When a visitor goes to a website that...
Everybody and their mother is blocking ads, so why aren’t you?
This post may ruffle a few feathers. But we’re not here to offer advice to publishers on how to best generate revenue for their brand. Rather, we’re here to offer the best advice on how to maintain a safe and secure environment. If you’re not blocking advertisements on your PC and mobile device,...
Spectre, Google, and the Universal Read Gadget
Spectre, a seemingly never ending menace to processors, is back in the limelight once again thanks to the Universal Read Gadget. First seen at the start of 2018, Spectre emerged alongside Meltdown as a major potential threat to people’s system security. Meltdown and Spectre Meltdown targeted Inte...
The lazy person’s guide to cybersecurity: minimum effort for maximum protection
Are you tired of that acquaintance who keeps bugging you with computer questions? Do you avoid visiting certain people because you know you will spend most of the evening cleaning up their machine? My uncle Bob is one of those people. He’s a nice guy, but with computers, he’s not just an accident...
Ryuk ransomware attacks businesses over the holidays
While families gathered for food and merriment on Christmas Eve, most businesses slumbered. Nothing was stirring, not even a mouse—or so they thought. For those at Tribune Publishing and Data Resolution, however, a silent attack was slowly spreading through their networks, encrypting data and...
Update now! Patch Tuesday January 2023 includes one actively exploited vulnerability
The first Microsoft Patch Tuesday of 2023 is an important one to start of the year with. In total 98 vulnerabilities were patched, including 11 that were labelled critical and one that is being actively exploited in the wild. This is also the last time we expect to see fixes for Windows 8.1...
CISA Log4Shell warning: Patch VMware Horizon installations immediately
CISA and the United States Coast Guard Cyber Command CGCYBER are warning that the threat of Log4Shell hasnt gone away. Its being actively exploited and used to target organisations using VMware Horizon and Unified Access Gateway servers. Log4Shell: what is it? Log4Shell was a zero-day vulnerabili...
macOS 11’s hidden security improvements
A deep dive into macOS 11s internals reveals some security surprises that deserve to be more widely known. Contents 1. Introduction 1. Disclaimers 2. macOS 11s better known security improvements 1. Secret messages revealed? 3. CPU security mitigation APIs 1. The NOSMT mitigation 2. The TECS...
5 simple steps to securing your remote employees
As remote working has become standard practice, employees are working from anywhere and using any device they can to get the job done. That means repeated connections to unsecured public Wi-Fi networks—at a coffee shop or juice bar, for example—and higher risks for data leaks from lost, misplaced...
Malwarebytes Labs wins best cybersecurity vendor blog at InfoSec’s European Security Blogger Awards
Infosec Europe is now well underway, and last night was the annual EU Security Blogger Awards, where InfoSecurity Magazine: …recognises the best blogs in the industry as first nominated by peers and then judged by a panel of mostly respected industry experts. Malwarebytes Labs was announced as...
Malicious gaming extensions: a child’s play to infection
Did you ever lend your laptop to a child to play a video game, only to get it back filled with advertisements? Our CEO knows a little bit about that predicament, having unknowingly infected his parents' computer when he was a kid. But times have changed since then. Let us play for you a modern-da...
Update now! Microsoft releases patches, including one for actively exploited zero-day
Microsoft has released patches for 74 security problems, including fixes for seven “critical” vulnerabilities, and an actively exploited zero-day vulnerability that affects all supported versions of Windows. First, well look at the actively exploited zero-day. Then well discuss two zero-days that...
Spectre attacks come back from the dead
Spectre is the name for a whole class of vulnerabilities discovered in January 2018 that affected huge numbers of modern computer processors that rely on a performance feature called speculative execution. Since then, some of the world’s most talented computer scientists from industry and academi...
Radiohead’s ransom response shows novel approach for ransomware victims
Last week, British rock band Radiohead thwarted an attempted digital ransom, in which unnamed hackers stole roughly 18 hours of unreleased music dating back to the band’s recording of its studio album OK, Computer, revealing some less-than-ok computer security sorry. Instead of paying a ransom to...
Tackling the shortage in skilled IT staff: whole team security
Is your IT department understaffed, overworked, and are you looking for reinforcements in vain? Maybe these hard-to-hire reinforcements can be hired from within, rather than having to outsource or hire expensive, short-term extra help. While this was usually only done if your own staff was fallin...
Assessing the security of a portable router: a look inside its hardware, part deux
In part two of our blog assessing the security of a portable router, we will acquire the tools and equipment to make a copy of the firmware on our target router so that we can assess the full firmware. Sometimes, the manufacturer has an updated firmware that is available on their website. It coul...
Update now! Microsoft fixes two zero-days in August's Patch Tuesday
Microsoft has published fixes for 141 separate vulnerabilities in its batch of August updates, fixing a total of 118 CVEs in multiple products. This is a new monthly record if you look at the CVE count. Publicly disclosed computer security flaws are listed in the Common Vulnerabilities and...
When can we get rid of passwords for good?
Or perhaps I should have asked, "Can we ever get rid of passwords for good?" The security world knows passwords are a problem. Products ship with default passwords that are never changed. People reuse old passwords or adopt easy-to-guess passwords that hackers easily defeat via brute force. Or...
What to do when you discover a data breach
Your cell phone goes off in the middle of your well-deserved sleep and you try to find it before your partner wakes up as well. “What could be wrong? Why would they page me in the middle of the night?” More asleep than awake, you stumble down the stairs and call the number on the screen, which yo...
A week in security (October 29 – November 4)
Last week on Malwarebytes Labs, we looked at a rogue cryptocurrency app installing backdoors, took a dive into the world of printer security, explored browser privacy tweaks, highlighted a music festival–themed breach, and introduced Malwarebytes for Chromebook. Other cybersecurity news Memory...
This Steam phish baits you with free Discord Nitro
Weeks ago, we talked about the one effective lure that could get a Discord user to consider clicking on a scam link they were generously given, either by a random user or a legitimate contact who also happened to have fallen for the same ploy: free Discord Nitro subscriptions. And similar to how...
Patch vCenter Server “right now”, VMWare expects CVE-2021-22005 exploitation within minutes of disclosure
VMware is urging users of vCenter server to patch no fewer than 19 problems affecting its products. These updates fix a variety of security vulnerabilities, but and one of them is particularly nasty. That would be CVE-2021-22005, a critical file upload vulnerability with a CVSS score of 9.8 out o...
New Mac cryptominer Malwarebytes detects as Bird Miner runs by emulating Linux
A new Mac cryptocurrency miner Malwarebytes detects as Bird Miner has been found in a cracked installer for the high-end music production software Ableton Live. The software is used as an instrument for live performances by DJs, as well as a tool for composing, recording, mixing, and mastering. A...
The top six takeaways for user privacy
Last week, Malwarebytes Labs began closing out our data privacy and cybersecurity law blog series, a two-month long exploration spanning five continents, 50 states, just as many data breach notification laws, three non-universal definitions of personal information and personal data, five pending ...
What does ‘consent to tracking’ really mean?
Thanks to Jerome Boursier for contributions. Post GDPR, many social media platforms will ask end users to consent to some form of tracking as a condition of using the service. It's easy to make assumptions as to what that means, especially when the actual terms of service or data policy for the...
Malware vaccination tricks: blue pills or red pills
First, let me explain what I mean by malware vaccination tricks. Most of you will have heard about some of these. Vaccination tricks are in fact techniques that use safety checks done by malware against that same malware. The malware checks for the presence of certain files or registry keys as a...
EternalPetya – yet another stolen piece in the package?
Since June 27th we have been investigating the outbreak of the new Petya-like malware armed with an infector similar to WannaCry. Since day one, various contradicting theories started popping up. Some believed that this malware is a rip-off of the original Petya, while others think that it is...
Update now! VMWare patches critical vulnerabilities in several products
In a new critical security advisory, VMSA-2022-0021, VMWare describes multiple vulnerabilities in several of its products, one of which has a CVSS score of 9.8. Exploiting these vulnerabilities would enable a threat actor with network access to bypass authentication and execute code remotely...
No man’s land: How a Magecart group is running a web skimming operation from a war zone
Our Threat Intelligence team has been monitoring the activities of a number of threat actors involved in the theft of credit card data. Often referred to under the Magecart moniker, these groups use simple pieces of JavaScript code skimmers typically injected into compromised e-commerce websites ...
Something else is phishy: How to detect phishing attempts on mobile
In a report published in 2011, IBM revealed that mobile users are three times more likely to fall for phishing scams compared to desktop users. This claim was based on accessed log files found on Web servers used to host websites involved in phishing campaigns. Almost a decade later, we continue ...
DEFCON 25
After a few days in Las Vegas and after BlackHat, DEFCON 25 is finally over! It was an amazing time around awesome people. I didn't attend all the talks, but most of the ones I saw were interesting: There's no place like 127.0.0.1 - Achieving reliable DNS rebinding in modern browsers, by Luke...
A week in security (July 03 – July 09)
Last week, we released our second quarter Cybercrime Tactics & Techniques report, where we revealed that ransomware outbreaks were dominant during this quarter. You can read the full report on the post below: Report: Second quarter dominated by ransomware outbreaks Our researchers continue to sha...
Indiana sues TikTok, describes it as "Chinese Trojan Horse"
On Wednesday, the State of Indiana filed two lawsuits against TikTok, Inc, the company behind the same name app, and its parent company, ByteDance. The first suit alleges TikTok's 12+ rating on the Apple App Store and a "T" for "Teen" rating in the Google Play Store and the Microsoft Store are...
Patch now! Apple fixes in-the-wild iPhone vulnerabilities
Apple has fixed two vulnerabilities in Safaris WebKit component, announcing it is aware of a report that they may have been actively exploited. Both vulnerabilities could be abused by maliciously crafted web content that could lead to arbitrary code execution: In other words, the bugs let rogue...
How not to buy drugs on the Internet
Disclaimer: This post is satirical in nature and meant to educate on the proliferation of scams, misinformation, and traps set up to trick those engaging in illicit or illegal activities online. Malwarebytes does not condone buying drugs on the Internet. Perhaps you're sitting at work one day whe...
QR code scam can clean out your bank account
“Excuse me sir, can I ask you for a favor? I want to pay for parking my car in this spot, but there are no machines around that accept cash. If I give you five dollars in cash, can you pay the parking for me? All you need to do is scan this QR code with your banking app.” Of course, John felt the...
Labs report: Malicious AI is coming—is the security world ready?
Imagine a world in which artificial intelligence has gone rogue—the robots have revolted against their masters and have now enslaved all of humanity. There's no more natural beauty in the world and everything is awful. Get that out of your system? Good. The reality of malicious AI, at least in th...
How to browse the Internet safely at work
This Safer Internet Day, we teamed up with ethical hacking and web application security company Detectify to provide security tips for both workplace Internet users and web developers. This article is aimed at employees of all levels. If you’re a programmer looking to create secure websites, visi...
A week in security (November 12 – 18)
Last week on Malwarebytes Labs, we found out that TrickBot became a top business threat, so we took a deeper look at what's new with it. With Christmas just around the corner, the Secret Sister scam returned. We also touched on the security and privacy or lack thereof in smart jewelry, air traffi...
Stripchat bot spells block
Here at Malwarebytes, we spent a lot of time and effort scouring the Internet looking for malicious websites that we can protect our users from. Sometimes, these websites are pushing malware or some kind of scam. Other times it comes down to bad advertising practices that are used to fool the use...
QNAP customers urged to disable AFP to protect against severe vulnerabilities
MacOS users that have a network-attached storage NAS device made by QNAP are being advised to disable the Apple Filing Protocol AFP on their devices until some severe vulnerabilities have been fixed. But QNAP is not the only vendor that needed to fix these vulnerabilities. Others have already don...
How to protect RDP
You didn’t really think that the ransomware wave was coming to an end, did you? You may be tempted to think so, given the decline in reports about massive ransomware campaigns. Dont be fooled. Over the last five years, one of the primary attack vectors for ransomware attacks has been the Remote...
[updated] Patch now! Microsoft plugs actively exploited zero-days and other updates
On what might seem a relatively calm Patch Tuesday with 55 vulnerabilities being patched, the fact that six of them were rated “Critical” and two of them actively exploited spoils the Zen factor somewhat. Publicly disclosed computer security flaws are listed in the Common Vulnerabilities and...
Business email compromise scam costs Pathé $21.5 million
Recently released court documents show that European-based cinema chain Pathé lost a small fortune to a business email compromise BEC scam in March 2018. How much? An astonishing US$21.5 million roughly 19 million euros. The attack, which ran for about a month, cost the company 10 percent of its...