4706 matches found
Indiana sues TikTok, describes it as "Chinese Trojan Horse"
On Wednesday, the State of Indiana filed two lawsuits against TikTok, Inc, the company behind the same name app, and its parent company, ByteDance. The first suit alleges TikTok's 12+ rating on the Apple App Store and a "T" for "Teen" rating in the Google Play Store and the Microsoft Store are...
Update your OptinMonster WordPress plugin immediately
WordPress, the incredibly popular content management platform, is currently dealing with a nasty plugin bug which allows redirects. What is a WordPress plugin? Like most blogging platforms, WordPress allows you to change up its default functionality. This is done by adding bits of kit called...
Spectre, Google, and the Universal Read Gadget
Spectre, a seemingly never ending menace to processors, is back in the limelight once again thanks to the Universal Read Gadget. First seen at the start of 2018, Spectre emerged alongside Meltdown as a major potential threat to people’s system security. Meltdown and Spectre Meltdown targeted Inte...
The lazy person’s guide to cybersecurity: minimum effort for maximum protection
Are you tired of that acquaintance who keeps bugging you with computer questions? Do you avoid visiting certain people because you know you will spend most of the evening cleaning up their machine? My uncle Bob is one of those people. He’s a nice guy, but with computers, he’s not just an accident...
Ryuk ransomware attacks businesses over the holidays
While families gathered for food and merriment on Christmas Eve, most businesses slumbered. Nothing was stirring, not even a mouse—or so they thought. For those at Tribune Publishing and Data Resolution, however, a silent attack was slowly spreading through their networks, encrypting data and...
Enemy at the gates: Reviewing the Magnitude exploit kit redirection chain
Over the last few months, we have been keeping an eye on the Magnitude exploit kit which is mainly used to deliver the Cerber ransomware to specific countries in Asia. Our telemetry shows that South Korea is most impacted via ongoing malvertising campaigns. When a visitor goes to a website that...
Google Pixel: Cropped or edited images can be recovered
Most of us have a camera on us at all times, and so photo taking and image sharing has become almost ubiquitous. But when sharing an image, you want to have control over what you share. And that might lead you to crop images, or redact parts of them. Maybe you cropped out a person that didn't wan...
[updated] Thousands of Zimbra mail servers backdoored in large scale attack
Researchers at Volexity have discovered that a known vulnerability has been used in a large scale attack against Zimbra Collaboration Suite ZCS email servers. But the vulnerability was supposed to be hard to exploit since it required authentication. So they decided to dig deeper. An incomplete fi...
Something else is phishy: How to detect phishing attempts on mobile
In a report published in 2011, IBM revealed that mobile users are three times more likely to fall for phishing scams compared to desktop users. This claim was based on accessed log files found on Web servers used to host websites involved in phishing campaigns. Almost a decade later, we continue ...
Malwarebytes is a champion of National Cybersecurity Awareness Month
October is here. For most of us in the US cybersecurity industry, it’s the month when we commemorate National Cybersecurity Awareness Month NCSAM. For those who are unfamiliar with this campaign, NCSAM generally aims at driving awareness for safe Internet use, whether you're a regular consumer or...
A week in security (July 03 – July 09)
Last week, we released our second quarter Cybercrime Tactics & Techniques report, where we revealed that ransomware outbreaks were dominant during this quarter. You can read the full report on the post below: Report: Second quarter dominated by ransomware outbreaks Our researchers continue to sha...
Microsoft patches bug that could have allowed an attacker to revert your computer back to an older, vulnerable version
Microsoft has released a patch for a bug for a "downgrade attack" that was recently revealed by researchers at security conferences Black Hat and Def Con. What does that mean in layman terms? You: Let me check whether my system is fully updated Windows: Sure, all’s well Attacker: Chuckles and...
Playstation 5 hacked—twice!
Over the weekend, hackers revealed that the Playstation 5 PS5, Sony’s latest darling, has been broken into—not just once but twice. Fail0verflow, the hacking group notorious for breaking Playstation consoles, and Andy "TheFlow" Nguyen, a security engineer at Google and widely known in the...
5 simple steps to securing your remote employees
As remote working has become standard practice, employees are working from anywhere and using any device they can to get the job done. That means repeated connections to unsecured public Wi-Fi networks—at a coffee shop or juice bar, for example—and higher risks for data leaks from lost, misplaced...
Tackling the shortage in skilled IT staff: whole team security
Is your IT department understaffed, overworked, and are you looking for reinforcements in vain? Maybe these hard-to-hire reinforcements can be hired from within, rather than having to outsource or hire expensive, short-term extra help. While this was usually only done if your own staff was fallin...
Update now! Patch Tuesday January 2023 includes one actively exploited vulnerability
The first Microsoft Patch Tuesday of 2023 is an important one to start of the year with. In total 98 vulnerabilities were patched, including 11 that were labelled critical and one that is being actively exploited in the wild. This is also the last time we expect to see fixes for Windows 8.1...
Anti-war open-source software developer targets Russians and Belarussians with “protestware”
Russia is in the midst of its fourth week of attack against Ukraine. People worldwide have been increasingly and passionately showing support for Ukrainians since day one while condemning the atrocities of Russian President Vladimir Putin, the Russian military, and Belarus, its allied country...
SAP customers are urged to patch critical vulnerabilities in multiple products
German enterprise software maker SAP has patched three critical vulnerabilities affecting Internet Communication Manager ICM, a core component of SAP business applications. Customers are urged by both SAP and CISA to address these critical vulnerabilities as soon as possible. On February 8, SAP...
When can we get rid of passwords for good?
Or perhaps I should have asked, "Can we ever get rid of passwords for good?" The security world knows passwords are a problem. Products ship with default passwords that are never changed. People reuse old passwords or adopt easy-to-guess passwords that hackers easily defeat via brute force. Or...
Radiohead’s ransom response shows novel approach for ransomware victims
Last week, British rock band Radiohead thwarted an attempted digital ransom, in which unnamed hackers stole roughly 18 hours of unreleased music dating back to the band’s recording of its studio album OK, Computer, revealing some less-than-ok computer security sorry. Instead of paying a ransom to...
Say hello to Baldr, a new stealer on the market
By William Tsing, Vasilios Hioureas, and Jérôme Segura Over the past few months, we have noticed increased activity and development of new stealers. Unlike many banking Trojans that wait for the victim to log into their bank's website, stealers typically operate in grab-and-go mode. This means th...
What does ‘consent to tracking’ really mean?
Thanks to Jerome Boursier for contributions. Post GDPR, many social media platforms will ask end users to consent to some form of tracking as a condition of using the service. It's easy to make assumptions as to what that means, especially when the actual terms of service or data policy for the...
A week in security (October 29 – November 4)
Last week on Malwarebytes Labs, we looked at a rogue cryptocurrency app installing backdoors, took a dive into the world of printer security, explored browser privacy tweaks, highlighted a music festival–themed breach, and introduced Malwarebytes for Chromebook. Other cybersecurity news Memory...
Malicious gaming extensions: a child’s play to infection
Did you ever lend your laptop to a child to play a video game, only to get it back filled with advertisements? Our CEO knows a little bit about that predicament, having unknowingly infected his parents' computer when he was a kid. But times have changed since then. Let us play for you a modern-da...
Stripchat bot spells block
Here at Malwarebytes, we spent a lot of time and effort scouring the Internet looking for malicious websites that we can protect our users from. Sometimes, these websites are pushing malware or some kind of scam. Other times it comes down to bad advertising practices that are used to fool the use...
Malware vaccination tricks: blue pills or red pills
First, let me explain what I mean by malware vaccination tricks. Most of you will have heard about some of these. Vaccination tricks are in fact techniques that use safety checks done by malware against that same malware. The malware checks for the presence of certain files or registry keys as a...
EternalPetya – yet another stolen piece in the package?
Since June 27th we have been investigating the outbreak of the new Petya-like malware armed with an infector similar to WannaCry. Since day one, various contradicting theories started popping up. Some believed that this malware is a rip-off of the original Petya, while others think that it is...
Google patches critical vulnerability for Androids with Qualcomm chips
In April’s update for the Android operating system OS, Google has patched 28 vulnerabilities, one of which is rated critical for Android devices equipped with Qualcomm chips. You can find your device’s Android version number, security update level, and Google Play system level in your Settings ap...
Insights into your unpatched vulnerabilities
Every day, nearly 70 brand-new vulnerabilities are discovered in software products around the world. That’s almost 25,550 new problems each year, of which roughly 4,250 or every one-in-six will be classified as “critical.” But with little guidance beyond “critical” classifications—and with the...
Update now! Microsoft patches 3 actively exploited zero-days
Another important update round for this months Patch Tuesday. Microsoft has patched a total of 63 vulnerabilities in its operating systems. Five of these vulnerabilities qualify as zero-days, with three listed as being actively exploited. Microsoft considers a vulnerability to be a zero-day if it...
VMware patches critical vulnerabilities in Aria Operations for Networks
VMware has released security updates to fix three vulnerabilities in Aria Operations for Networks which could result in information disclosure and remote code execution. The vulnerabilities were found in Aria Operations for Networks which was formerly known as vRealize Network Insight. Users of...
Patch now! Apple fixes in-the-wild iPhone vulnerabilities
Apple has fixed two vulnerabilities in Safaris WebKit component, announcing it is aware of a report that they may have been actively exploited. Both vulnerabilities could be abused by maliciously crafted web content that could lead to arbitrary code execution: In other words, the bugs let rogue...
No man’s land: How a Magecart group is running a web skimming operation from a war zone
Our Threat Intelligence team has been monitoring the activities of a number of threat actors involved in the theft of credit card data. Often referred to under the Magecart moniker, these groups use simple pieces of JavaScript code skimmers typically injected into compromised e-commerce websites ...
Social engineering attacks: What makes you susceptible?
We now live in a world where holding the door open for someone balancing a tray of steaming hot coffee—she can’t seem to get her access card out to place it near the reader—is something we need to think twice about. Courtesy isn’t dead, mind you, but in this case, you'd almost wish it were. Becau...
Update now! Apple patches a raft of vulnerabilities
Apple has released security updates for its phones, iPads, Macs, watches and TVs. Updates are available for these products: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th...
New Mac cryptominer Malwarebytes detects as Bird Miner runs by emulating Linux
A new Mac cryptocurrency miner Malwarebytes detects as Bird Miner has been found in a cracked installer for the high-end music production software Ableton Live. The software is used as an instrument for live performances by DJs, as well as a tool for composing, recording, mixing, and mastering. A...
Labs report: Malicious AI is coming—is the security world ready?
Imagine a world in which artificial intelligence has gone rogue—the robots have revolted against their masters and have now enslaved all of humanity. There's no more natural beauty in the world and everything is awful. Get that out of your system? Good. The reality of malicious AI, at least in th...
The top six takeaways for user privacy
Last week, Malwarebytes Labs began closing out our data privacy and cybersecurity law blog series, a two-month long exploration spanning five continents, 50 states, just as many data breach notification laws, three non-universal definitions of personal information and personal data, five pending ...
What to do when you discover a data breach
Your cell phone goes off in the middle of your well-deserved sleep and you try to find it before your partner wakes up as well. “What could be wrong? Why would they page me in the middle of the night?” More asleep than awake, you stumble down the stairs and call the number on the screen, which yo...
How to browse the Internet safely at work
This Safer Internet Day, we teamed up with ethical hacking and web application security company Detectify to provide security tips for both workplace Internet users and web developers. This article is aimed at employees of all levels. If you’re a programmer looking to create secure websites, visi...
A week in security (November 12 – 18)
Last week on Malwarebytes Labs, we found out that TrickBot became a top business threat, so we took a deeper look at what's new with it. With Christmas just around the corner, the Secret Sister scam returned. We also touched on the security and privacy or lack thereof in smart jewelry, air traffi...
Assessing the security of a portable router: a look inside its hardware
Network administrators should perform security assessments of hardware that they will provide their users, or particularly paranoid users might want to poke at their devices just to be extra sure. In this blog post, we will demonstrate the techniques used to assess security on a generic portable...
DEFCON 25
After a few days in Las Vegas and after BlackHat, DEFCON 25 is finally over! It was an amazing time around awesome people. I didn't attend all the talks, but most of the ones I saw were interesting: There's no place like 127.0.0.1 - Achieving reliable DNS rebinding in modern browsers, by Luke...
BackupBuddy WordPress plugin vulnerable to exploitation, update now!
Users of WordPress may need to perform an urgent update related to the popular BackupBuddy plugin. BackupBuddy is a plugin which offers backup solutions designed to combat "hacks, malware, user error, deleted files, and running bad commands". Unfortunately, running an older version of BackupBuddy...
Exploits and TrickBot disrupt manufacturing operations
September 2021 saw a huge spike of exploit detections against the manufacturing industry, with a distributed spread between California, Florida, Ohio, and Missouri. This is combined with heavy detections of unseen malware, identified through our AI engine, spiking in May as well as September 2021...
Unusual sign-in activity mail goes phishing for Microsoft account holders
We’ve received an interesting spam email which deliberately or not could get people thinking about the current international crisis. Being on your guard will pay dividends over the coming days and weeks, as more of the below is sure to follow. Unusual sign-in activity detected? The emails subject...
QR code scam can clean out your bank account
“Excuse me sir, can I ask you for a favor? I want to pay for parking my car in this spot, but there are no machines around that accept cash. If I give you five dollars in cash, can you pay the parking for me? All you need to do is scan this QR code with your banking app.” Of course, John felt the...
A week in security (August 27 – September 2)
Last week, we looked at dubious antics in mobile land, a peculiar case of spam on the official Cardi B website, and we deep dived into fileless malware. We also explored the inner workings of Hidden Bee, and gave an explainer of Regex. Other cybersecurity news: Huge data breach affects Chinese...
[updated] Important update! iPhones, Macs, and more vulnerable to zero-day bug
On Monday, Apple released a long list of patched vulnerabilities to its software, including a new zero-day flaw affecting Macs and iPhones. The company revealed it's aware that threat actors may have been actively exploiting this vulnerability, which is tracked as CVE-2022-32917. As it's a...
Lenovo issues fixes for laptop backdoors
Researchers have discovered three vulnerabilities affecting various Lenovo consumer laptop models. The vulnerabilities were found in UEFI firmware drivers originally meant to be used only during the manufacturing process, along with a vulnerability in the SW SMI handler function. The list of...