Update now! SysAid vulnerability is actively being exploited by ransomware affiliate

Users of SysAid on-premises should take action to deal with a vulnerability. SysAid is a widely used IT service management solution that allows IT teams to manage tasks. Microsoft discovered an ongoing exploitation of a zero-day vulnerability in the SysAid IT support software in limited attacks b...

Malvertiser copies PC news site to deliver infostealer

The majority of malvertising campaigns delivering malicious utilities that we have tracked so far typically deceive victims with pages that are almost the exact replica of the software vendor being impersonated. For example, we have seen fake websites appearing like the real Webex, AnyDesk or...

Introducing Advanced Device Control: Shielding businesses from USB threats

With experts noting a troubling threefold surge in USB drive malware incidents in early 2023, Device Control has just leveled up with a key addition: the Advanced Auto Scanning & Block Until Scan feature. Heres the breakdown: When a USB device is connected, ThreatDown now doesnt just control...

Introducing Security Advisor Site Scores for OneView: Easy assessment of client security for MSPs

In a world rife with cyber threats, it is crucial for Managed Service Providers MSPs to conduct thorough assessments of their clients’ security posture. Even minor misconfigurations, if overlooked, can leave clients vulnerable to attacks. Yet, lacking the necessary tools, many MSP IT teams are in...

Using ChatGPT to cheat on assignments? New tool detects AI-generated text with amazing accuracy

ChatGPT and similar Large language models LLMs can be used to write texts about any given subject, at any desired length at a speed unmatched by humans. So its not a surprise that students have been using them to "help" write assignments, much to the dismay of teachers who prefer to receive...

QNAP warns about critical vulnerabilities in NAS systems

QNAP has published a security advisory about two critical vulnerabilities that could allow remote attackers to execute commands via a network. One of the vulnerabilities affects the QTS and QuTS operating systems OS for QNAP’s network attached storage systems NAS. The second one can be found in...

ThreatDown powered by Malwarebytes: A 15 Year Journey

November marks a significant shift in our legacy. After 15 years as Malwarebytes, we are proud to introduce our rebranded identity, ThreatDown powered by Malwarebytes. Building off Malwarebytes’ initial recognition for removing every trace of viruses that others missed, ThreatDown powered by...

Introducing ThreatDown: A new chapter for Malwarebytes

Since I started Malwarebytes 15 years ago the threat landscape has changed. Our offerings have evolved. And now the next chapter of our journey begins today. How did we get here? My first cyber “combatant” was an early form of adware running amok on my family’s computer. Removing it was a team...

Okta breach happened after employee logged into personal Google account

Okta has revealed details about a recent breach which exposed files belonging to customers. As we explained in our article about 1Password being a victim of this breach, it’s normal for Okta support to ask customers to upload a file known as an HTTP Archive HAR file. Having this file allows the...

Medical research data Advarra stolen after SIM swap

Clinical research company Advarra has reportedly been compromised after a SIM swap on one of their executives. SIM swapping, also known as SIM jacking, is the act of illegally taking over a target’s cell phone number. This can be done in a number of ways, but one of the most common methods involv...

Defeating Little Brother requires a new outlook on privacy: Lock and Code S04E23

This week on the Lock and Code podcast… A worrying trend is cropping up amongst Americans, particularly within Generation Z—theyre spying on each other more. Whether reading someones DMs, rifling through a partners text messages, or even rummaging through the bags and belongings of someone else,...

A week in security (October 30 – November 5)

Last week on Malwarebytes Labs: Apache ActiveMQ vulnerability used in ransomware attacks YouTube launches "global effort" to block ad blockers Should you allow your browser to remember your passwords? Atlassian: "Take immediate action" to patch your Confluence Data Center and Server instances Wha...

Apache ActiveMQ vulnerability used in ransomware attacks

On the 27 October, the Apache Software Foundation ASF announced a very serious vulnerability in Apache ActiveMQ that can be used to achieve remote code execution RCE. The Cybersecurity and Infrastructure Security Agency has now added this vulnerability to its Known Exploited Vulnerabilities...

YouTube launches “global effort” to block ad blockers

The ongoing struggle between YouTube and ad blockers is turning users into the victims. YouTube has gone all out in its fight against the use of add-ons, extensions and programs that prevent it from serving ads to viewers around the world. It started out as just a small experiment, but it looks...

Should you allow your browser to remember your passwords?

At Malwarebytes weve been telling people for years not to reuse passwords, and that a password manager is a secure way of remembering all the passwords you need for your online accounts. But we also know that a password manager can be overwhelming, especially when youre just getting started. Once...

[updated] Atlassian: “Take immediate action” to patch your Confluence Data Center and Server instances

Atlassian has released an advisory about a critical severity authentication vulnerability in the Confluence Server and Data Center. All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. Atlassian Cloud sites are not impacted by this vulnerability, so if...

What Gen Z really cares about when it comes to privacy

It would be easy to think that Gen Z doesn’t care about privacy. They worry less about ad tracking, do little to stem the flow of their private information online, and, as Malwarebytes recently uncovered, monitor one another’s lives far more than other generations. But it isn’t that Gen Z,...

SolarWinds and its CISO accused of misleading investors before major cyberattack

The Securities and Exchange Commission SEC has announced charges against software company SolarWinds Corporation and its chief information security officer CISO, Timothy G. Brown, for “fraud and internal control failures relating to allegedly known cybersecurity risks and vulnerabilities.” In 202...

Patch now! BIG-IP Configuration utility is vulnerable for an authentication bypass

Tech company F5 has warned customers about a critical authentication bypass vulnerability impacting its BIG-IP product line that could result in unauthenticated remote code execution. F5 provides services focused on security, reliability, and performance. BIG-IP is a collection of hardware...

test post

...

OneView updates: Dive into Report 2.0 & the new Global Site Filter

Were rolling out two new features to enhance usability in OneView, our multi-tenant platform for Managed Service Providers: Report 2.0 and the Global Site Filter. Heres what you need to know: Report 2.0: Improved Reporting in OneView Report 2.0 offers a more streamlined approach to reporting with...

A week in security (October 23 – October 29)

Last week on Malwarebytes Labs: Malvertising via Dynamic Search Ads delivers malware bonanza Octo Tempest cybercriminal group is "a growing concern"—Microsoft Update now! Apple patches a raft of vulnerabilities Patch…later? Safari iLeakage bug not fixed Update vCenter Server now! VMWare fixes...

Malvertising via Dynamic Search Ads delivers malware bonanza

Most, if not all malvertising incidents result from a threat actor either injecting code within an existing ad, or intentionally creating one. Today, we look at a different scenario where, as strange as that may sound, malvertising was entirely accidental. The reason this happened was due to the...

Octo Tempest cybercriminal group is “a growing concern”—Microsoft

Octo Tempest is believed to be a group of native English speaking cybercriminals that uses social engineering campaigns to compromise organizations all over the world. Initially the group made a name for itself by SIM swapping. SIM swapping, also known as SIM jacking, is the act of illegally taki...

Update now! Apple patches a raft of vulnerabilities

Apple has released security updates for its phones, iPads, Macs, watches and TVs. Updates are available for these products: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th...

Patch…later? Safari iLeakage bug not fixed

Apple has released updates for its phones, Macs, iPads, watches, and TV streaming devices, fixing a bunch of security problems. But amid all that activity, one fix is notably absent—there is nothing to address the vulnerability dubbed iLeakage. iLeakage is a side-channel attack that can force the...

Update vCenter Server now! VMWare fixes critical vulnerability

VMWare has issued an update to address one out-of-bounds write and one information disclosure vulnerability in its server management software, vCenter Server. Since there are no in-product workarounds, customers are advised to apply the updates urgently. The affected products are VMware vCenter...

Cyberattack hits 5 hospitals

Canadian health service provider TransForm has published an update about the cyberattack at its member hospitals. TransForm is a not-for-profit, shared service organization founded by the five hospitals in Erie St. Clair to manage their hospital IT, supply chain, and accounts payable needs. The...

Face search engine PimEyes stops searches of children’s faces

In what may come as a surprise, subscription-based face search engine PimEyes seems to have realized that their service can be used for nefarious purposes. PimEyes’ CEO Giorgi Gobronidze told the New York Times that it has taken technical measures to block such searches as part of a “no harm...

Announcing NEW Malwarebytes Identity Theft Protection

We’ve always been committed to keeping you safe and secure online. But these days, cybersecurity isn’t just about defending you from malware; it’s about protecting your—and your family’s—entire digital identity. We know that people are worried. In fact, in our latest report, titled “Everyone’s...

Hong Kong residents targeted in malvertising campaigns for WhatsApp, Telegram

Malvertising is a powerful malware or scam delivery mechanism that makes it easy to target specific geographies or even users. A recent article from the South China Morning Post discussed an increase in malicious webpages for the popular WhatsApp communication tool, driven via malicious Google ad...

1Password reports security incident after breach at Okta

Password manager 1Password says it’s been affected by a breach at Okta, but it reports no user data has been stolen. In a security incident report, 1Password says that a member of its IT team received an unexpected email suggesting they had initiated an Okta report of a list of admins. They hadnt...

Google Chrome wants to hide your IP address

Google is working out some kinks in the project formerly known as Gnatcatcher, which will now be known under the more descriptive name “IP Protection.” Which means that Chrome is reintroducing a proposal to hide users IP addresses, to make cross-site tracking more difficult. An Internet Protocol ...

MGM attack is too late a wake-up call for businesses, says James Fair: Lock and Code S04E22

This week on the Lock and Code podcast… In September, the Las Vegas casino and hotel operator MGM Resorts became a trending topic on social media… but for all the wrong reasons. A TikTok user posted a video taken from inside the casino floor of the MGM Grand—the companys flagship hotel complex ne...

Battling a new DarkGate malware campaign with Malwarebytes MDR

First publicly reported in 2018, DarkGate is a Windows-based malware with a wide-range of capabilities including credential stealing and remote access to victim endpoints. Until recently, it was only seen being delivered through traditional email malspam campaigns. In late August 2023, however,...

A week in security (October 16 - October 22)

Last week on Malwarebytes Labs: Ragnar Locker ransomware group taken down IT administrators' passwords are awful too The hot topics from Europe's largest trade fair for IT security Clever malvertising attack uses Punycode to look like KeePass's official website 3 crucial security steps people...

A week in security (October 16 – October 22)

Last week on Malwarebytes Labs: Ragnar Locker ransomware group taken down IT administrators passwords are awful too The hot topics from Europes largest trade fair for IT security Clever malvertising attack uses Punycode to look like KeePasss official website 3 crucial security steps people should...

Ragnar Locker ransomware group taken down

Even though it had a long run for a ransomware group, it seems the bell might be tolling for Ragnar Locker. On October 19, 2023, the group’s leak site was seized by an international group of law enforcement agencies. The take down action was carried out between 16 and 20 October. During the actio...

IT administrators’ passwords are awful too

The key is under the doormat by the front door. The administrator password is "admin". These are easy to remember clues when you are providing entrance to someone you trust. The problem is that they are also enormously easy to guess. It’s where we would expect an unwanted visitor to check first,...

The hot topics from Europe’s largest trade fair for IT security

IT-SA Expo & Congress claims to be Europes largest trade fair for IT security. And it really covers a wide range of security and security-related products and services. The event takes place in Nuremberg, Germany and provides an opportunity for vendors to show themselves to the public, create new...

Clever malvertising attack uses Punycode to look like KeePass’s official website

Threat actors are known for impersonating popular brands in order to trick users. In a recent malvertising campaign, we observed a malicious Google ad for KeePass, the open-source password manager which was extremely deceiving. We previously reported on how brand impersonations are a common...

3 crucial security steps people should do, but don't

Cybersecurity could be as easy as 1-2-3. The problem, though, is that people have to want it. In new research conducted by Malwarebytes, internet users across the United States and Canada admitted to dismal cybersecurity practices, failing to adopt some of the most basic defenses for staying safe...

Cisco IOS XE vulnerability widely exploited in the wild

An authentication bypass affecting Cisco IOS X was disclosed on October 16, 2023. Researchers have found since then that the vulnerability is widely being exploited in the wild to help install implants on affected switches and routers. Cisco IOS XE is a universally deployed Internetworking...

The US wants governments to commit to not paying ransoms

As the White House prepares to host its annual International Counter Ransomware Initiative CRI summit, Bloomberg reports that the US is pushing other countries to stop paying ransoms to cybercriminals. The CRI wants to enhance international cooperation to combat the growth of ransomware, and its ...

The forgotten malvertising campaign

In recent weeks, we have noted an increase in malvertising campaigns via Google searches. Several of the threat actors we are tracking have improved their techniques to evade detection throughout the delivery chain. We believe this evolution will have a real world impact among corporate users...

Customer data stolen from gaming cloud host Shadow

Cloud infrastructure provider Shadow has warned of the data theft of over 500,000 customers. The customers were informed by a breach notification which was posted online. Cloud is known in the gaming world and, among other things, allows gamers to play resource heavy games on lower-end devices, T...

A week in security (October 9 - October 15)

Last week on Malwarebytes Labs: Explained: Quishing Update now! Atlassian Confluence vulnerability is being actively exploited Giant health insurer struck by ransomware didn't have antivirus protection Ransomware review: October 2023 Stalkerware activity drops as glaring spying problem is reveale...

Explained: Quishing

Quishing is phishing using QR Quick Response codes. QR codes are basically two-dimensional barcodes that hold encoded data, and they can be used to work as a link. Point your phone's camera at a QR code and it will ask you if you want to visit the link. The use of QR codes in malicious campaigns ...

Update now! Atlassian Confluence vulnerability is being actively exploited

Microsoft Threat Intelligence has revealed that it has been tracking the active exploitation of a vulnerability in Atlassian Confluence software since September 14, 2023. At the time the attacks were first observed the vulnerability was a zero-day, meaning that no update was available, so defende...

Giant health insurer struck by ransomware didn't have antivirus protection

The Philippine Health Insurance Corporation PhilHealth, has confirmed that it was unprotected by antivirus software when it was attacked by the Medusa ransomware group in September. Antivirus software--or more correctly, its modern descendents endpoint security and Endpoint Detection and Response...