4658 matches found
Compromising vital infrastructure: transport and logistics
Back when I was a dispatcher for a courier and trucking company, we used to joke that it only took a few strategically-placed accidents to cause a traffic jam that could completely stop circulation around the city of Rotterdam. Rotterdam is one of the major ports in the world and consequently,...
Assessing the security of a portable router: a look inside its hardware
Network administrators should perform security assessments of hardware that they will provide their users, or particularly paranoid users might want to poke at their devices just to be extra sure. In this blog post, we will demonstrate the techniques used to assess security on a generic portable...
Social engineering attacks: What makes you susceptible?
We now live in a world where holding the door open for someone balancing a tray of steaming hot coffee—she can’t seem to get her access card out to place it near the reader—is something we need to think twice about. Courtesy isn’t dead, mind you, but in this case, you'd almost wish it were. Becau...
2K games helpdesk abused to spread RedLine malware
On September 20, 2022, the official Twitter account for 2K Support tweeted an important message from the Customer Support team. The tweet said an unauthorized party illegally accessed the credentials of one of the vendors of the helpdesk platform. The attacker then used that access to send out...
How much personalization is too much?
This story originally ran in The Parallax on January 25, 2019, and was written by Dan Tynan. In 2012, when Target used data analytics to identify customers who were expecting a baby, then mailed them coupons for maternity clothing and nursery furniture, it inadvertently revealed a teenage girl’s...
Say hello to Baldr, a new stealer on the market
By William Tsing, Vasilios Hioureas, and Jérôme Segura Over the past few months, we have noticed increased activity and development of new stealers. Unlike many banking Trojans that wait for the victim to log into their bank's website, stealers typically operate in grab-and-go mode. This means th...
6 security concerns to consider when automating your business
Automation is an increasingly-enticing option for businesses, especially when those in operations are in a perpetual cycle of "too much to do and not enough time to do it." When considering an automation strategy, business representatives must be aware of any security risks involved. Here are six...
Obfuscated Coinhive shortlink reveals larger mining operation
During the past several months, in-browser mining has continued to affect a large number of websites, predominantly relying on Coinhive's infamous API. We documented several campaigns on this blog, in particular Drupalgeddon, where attackers are taking advantage of vulnerabilities in popular...
[updated] Important update! iPhones, Macs, and more vulnerable to zero-day bug
On Monday, Apple released a long list of patched vulnerabilities to its software, including a new zero-day flaw affecting Macs and iPhones. The company revealed it's aware that threat actors may have been actively exploiting this vulnerability, which is tracked as CVE-2022-32917. As it's a...
Unusual sign-in activity mail goes phishing for Microsoft account holders
We’ve received an interesting spam email which deliberately or not could get people thinking about the current international crisis. Being on your guard will pay dividends over the coming days and weeks, as more of the below is sure to follow. Unusual sign-in activity detected? The emails subject...
Malwarebytes is a champion of National Cybersecurity Awareness Month
October is here. For most of us in the US cybersecurity industry, it’s the month when we commemorate National Cybersecurity Awareness Month NCSAM. For those who are unfamiliar with this campaign, NCSAM generally aims at driving awareness for safe Internet use, whether you're a regular consumer or...
Update now! February's Patch Tuesday tackles three zero-days
The Patch Tuesday roundup from Microsoft for February 2023 includes three zero-days. Not exactly what we had in mind for Valentine's Day. Microsoft classifies a vulnerability as a zero-day if it is publicly disclosed or actively exploited with no official fix available. As far as we can tell, onl...
Cisco warns of ISE vulnerability with no fixed release or workaround
Cisco has published a security advisory for a vulnerability in the web-based management interface of Cisco Identity Services Engine ISE that could allow an authenticated, remote attacker to read and delete files on an affected device. The bug, with a CVSS score of 7.1 has no patch and no...
Patch now! Microsoft fixes 71 Windows vulnerabilities in October Patch Tuesday
Yesterday we told you about Apple’s latest patches. Today we turn to Microsoft and its Patch Tuesday. Microsoft tends to provide a lot of information around its patches and, so, theres a lot to digest and piece together to give you an overview of the most important ones. In total, Microsoft has...
MSHTML attack targets Russian state rocket centre and interior ministry
Malwarebytes has reason to believe that the MSHTML vulnerability listed under CVE-2021-40444 is being used to target Russian entities. The Malwarebytes Intelligence team has intercepted email attachments that are specifically targeting Russian organizations. The first template we found is designe...
Update now! Google Chrome fixes two in-the-wild zero-days
Google announced on Monday that it will be issuing patches for 11 high severity vulnerabilities found in Chrome, including two that are currently being exploited in the wild. The patch, which is part of the Stable Channel Update for Chrome 93 93.0.4577.82, will be released for Windows, Mac, and...
Going dark: encryption and law enforcement
UPDATE, 05/22/2020: In the advent of the EARN IT Act, the debate on government subversion of encryption has reignited. Given that the material conditions of the technology have not changed, and the arguments given in favor of the bill are not novel, we've decided to republish the following blog...
Magecart criminals caught stealing with their poker face on
Earlier in June, we documented how Magecart credit card skimmers were found on Amazon S3. This was an interesting development, since threat actors weren't actively targeting specific e-commerce shops, but rather were indiscriminately injecting any exposed S3 bucket. Ever since then, we've monitor...
Merging Facebook Messenger, WhatsApp, and Instagram: a technical, reputational hurdle
Secure messaging is supposed to be just that—secure. That means no backdoors, strong encryption, private messages staying private, and, for some users, the ability to securely communicate without giving up tons of personal data. So, when news broke that scandal-ridden, online privacy pariah...
Google logins: JavaScript now required
Google users: In news that may sound alarming, it is now a requirement for you to enable JavaScript. Why? When your username and password are entered on Google’s sign-in page, Google runs a risk assessment and only allows the sign-in if nothing looks suspicious. Recently, Google went about...
Partnerstroka: Large tech support scam operation features latest browser locker
Tech support scams continue to be one of the top consumer threats in 2018, despite actions from security vendors and law enforcement. Scammers are constantly looking for new ways to reel in more victims, going beyond cold calls impersonating Microsoft to rogue tech support ads using the good name...
Nigerian scams without the Nigerians
Users in English speaking countries are quite familiar with the Nigerian scam: an important guy in Nigeria needs your help getting his money out of the country and if you assist with some transaction fees, a chunk of his fortune could be yours. But what about non-English speaking countries? What...
Google patches zero-day vulnerability, and others, in Android
Google has issued security patches for the Android Operating System. In total, the patches address 39 vulnerabilities. There are indications that one of the patched vulnerabilities may be under limited, targeted exploitation. The most severe of these issues is a critical security vulnerability in...
What should a US federal data privacy law ideally include?
In the constant David-and-Goliath struggle between digital privacy advocates and corporate privacy invaders, the question of how to legally protect Americans with a comprehensive, federal data privacy law provides conflicting answers. Advocates want protections, which Big Tech interprets as...
Browlock flies under the radar with complete obfuscation
Browlocks are the main driving force behind tech support scams, using a combination of malvertising and clever browser locker tricks to fool users. In fact, the effects can be so convincing that people call the rogue Microsoft support number for help because they believe their computer has been...
Malwarebytes CrackMe 2: try another challenge
Last November, we released the first edition of the Malwarebytes CrackMe. Encouraged by the positive response we received from the security community, we decided to repeat the game, hopefully making it even more interesting and entertaining. As before, the CrackMe is dedicated to malware analysts...
Update now! Proof of concept code to be released for Zoho ManageEngine vulnerability
Users of multiple Zoho ManageEngine products are under urgent advice to install the patch issued October 27, 2022. The advice is urgent because on January 13, 2023 the Horizon3 Attack Team tweeted that Proof of Concept PoC code and a deep-dive blog will be released within a week. Mitigation A lon...
[updated] Thousands of Zimbra mail servers backdoored in large scale attack
Researchers at Volexity have discovered that a known vulnerability has been used in a large scale attack against Zimbra Collaboration Suite ZCS email servers. But the vulnerability was supposed to be hard to exploit since it required authentication. So they decided to dig deeper. An incomplete fi...
Sodinokibi ransomware gang auctions off stolen data
Is it legal to buy stolen data from criminals? In most countries the answer would be no. But will it lead to a penalty or a fine? That is a different question and I’m afraid some companies and organizations will be inclined to seriously consider the last question even when they know the answer to...
SMBs lack resources to defend against cyberattacks, plus pay more in the aftermath
Cyberattacks, many have noted, are the fastest growing economic crime not only in the United States, but also around the world. This upward trend has been observed since 2014, according to PricewaterhouseCoopers PwC, and won’t likely be slowing down anytime soon. Cyberattacks—much like the...
How to get your Equifax money and stay safe doing it
UPDATE August 2, 2019: The US Federal Trade Commission has warned consumers that, due to the high number of claims made for a cash payout regarding the Equifax data breach, the actual value that will be paid out might be "far less" than the originally-stated $125. You can read the FTC's full...
Sophisticated phishing: a roundup of noteworthy campaigns
Phishing is a problem nearly as old as the Internet. Yet, criminals continue to reach into their bag of phishing tricks in 2019 because, in a nutshell, it just works. Dialing into the human psyche and capitalizing on emotions such as fear, anxiety, or plain laziness, phishing attacks are successf...
Hacker destroys VFEmail service, wipes backups
An email service called VFEmail was essentially put out of business after a hack intended to delete everything in and out of sight. "Yes, @VFEmail is effectively gone. It will likely not return. I never thought anyone would care about my labor of love so much that they’d want to completely and...
All the reasons why cybercriminals want to hack your phone
When people think of hacking, most imagine desktop computers, laptops, or perhaps even security cameras. However, in recent years, cybercriminals have expanded their repertoire to include smartphones, too. Here are 10 reasons why they may be looking to hack your phone. 1. To infect it with malwar...
Facebook spammers making things worse
Facebook's having a bad couple of weeks. Between Congressional testimony and new information coming forward about Cambridge Analytica's use of user data, the tech giant is having problems keeping its users aboard. Unfortunately, misery loves company. We noticed a few Facebook spam campaigns this...
WebNavigator Chromium browser published by search hijackers
A mystery Chromium browser recently made a sudden appearance, and is certainly proving popular. But what is it, and where did it come from? Malwarebytes detects the browser as PUP.Optional.WebNavigator, and we found several clues that this browser was brought to you by a notorious family of searc...
Hat trick for Google as it patches two more zero-days in Chrome
Slightly over a week ago we advised you to update your Chrome browser. That warning came only a week or so after we advised you to update your Chrome browser. Things are getting a bit repetitive round here. Today, we are compelled to repeat that statement as Google has issued patches for two new...
How to tighten security and increase privacy on your browser
Is my browser making an effort to keep my system safe and my online behavior private? This is usually not the first question we ask ourselves when we choose our default browser. But maybe it should be. These days, threats to your privacy and security come at your from all angles, but browser-base...
Learning PowerShell: basic programs
In the previous posts we have looked at some elementary PowerShell concepts and we have constructed some basic commands to export and compare data. We did this by using an example of certificates being dumped in the “Untrusted” category by some malware. This time we will try to write a program th...
Fake ChatGPT download site infects Windows and Mac users with malware
A convincing fake website is impersonating OpenAI’s ChatGPT download page and infecting visitors with malware designed to steal passwords, browser data, cryptocurrency wallets, and other sensitive information. The site, openew.app, closely mimics OpenAI’s real ChatGPT download experience and offe...
Google fixes two critical Pixel vulnerabilities: Get your updates when you can!
Google has made updates available for Android 10, 11, 12 and 12L. The May Android Security Bulletin contains details of security vulnerabilities affecting Android devices. The Pixel Update Bulletin contains details of security vulnerabilities and functional improvements affecting supported Pixel...
If a QR code leads you to a Bitcoin ATM at a gas station, it’s a scam
Rogue QR code antics have been back in the news recently. They’re not exactly a mainstay of fakery, but they do tend to enjoy small waves of popularity as events shaped by the real world remind everyone they still exist. The most notable example where this is concerned is of course the pandemic...
Another one bites the dust: Avaddon ransomware group shuts down operation
Are you seeing some pattern here? In what could be a called "shocking news" on Friday, BleepingComputer revealed that the gang behind the Avaddon ransomware shut down its operations after releasing more than 2,000 decryption keys to the technology news site. BleepingComputer claimed they received...
Mobile stalkerware: a long history of detection
Recently, we have received an alarming question from many Malwarebytes users, asking, “Do you detect stalkerware?” The answer is an overwhelming, “Absolutely, and for good reason!” Moreover, we have been doing so for a long time, and are expanding our efforts in the months to come. Going back mor...
What K–12 schools need to shore up cybersecurity
Crumbling infrastructure. Gaps in curriculum. Antiquated devices. Difficult COPPA laws. Lack of funding. Those are just a few of the obstacles facing K–12 schools looking to adopt technology into their 21st century learning initiatives. Now add security concerns to the list, and you can see why...
Businesses: It’s time to implement an anti-phishing plan
Businesses: phishers aren’t just coming for you. They’re coming for your employees and your customers, too. Phishing attacks are on the rise this year, thanks in part to massive Emotet and TrickBot campaigns, which make use of phishing emails to deliver their payloads. If you don't already have o...
Australia’s Early Warning Network compromised
An early warning network designed to notify subscribers about dangerous weather in Australia has been compromised. The hacker sent many bogus messages via phone, SMS, and email, telling users that the service had been hacked. Early Warning Network, a service used by local governments to send...
Fileless malware: part deux
In part one of this series, we focused on an introduction to the concepts fileless malware, providing examples of the problems that we in the security industry face when dealing with these types of attacks. In part two, I will be walking through a few demonstrations of fileless malware attacks th...
Update now! Atlassian Confluence vulnerability is being actively exploited
Microsoft Threat Intelligence has revealed that it has been tracking the active exploitation of a vulnerability in Atlassian Confluence software since September 14, 2023. At the time the attacks were first observed the vulnerability was a zero-day, meaning that no update was available, so defende...
Update now! Apple patches another actively used zero-day
Apple has released patches for iOS 15.3, iPadOS 15.3, and macOS Monterey 12.2 and is urging users to update. The most significant reasons are two actively exploited zero-day vulnerabilities, one of which has a publicly disclosed Proof-of-Concept PoC. Using this vulnerability, designated...