Malwarebytes wins every Q2 MRG Effitas award & scores 100% on new phishing test

MRG Effitas, a world leader in independent IT research, published their anti-malware efficacy assessment results for Q2 2023. Malwarebytes Endpoint Protection EP achieved the highest possible score 100% and received certifications for Level 1, Exploit, Online Banking, and Ransomware. These result...

Watch out, this LastPass email with "Important information about your account" is a phish

The consequences of last year's LastPass breach continue to be felt, with the latest insult to users coming in the form of a highly convincing phishing email. Although the "unauthorized party" that compromised LastPass users' data was able to steal password vaults, it's likely that they are havin...

Upgrading your iPhone? Read this first

Apple's Wonderlust event on Tuesday saw the launch of the company's top-of-the-line iPhone 15 Pro Max with a titanium chassis and an improved telephoto camera, as well as other iPhone 15 models and new Apple Watches. Also this week, Apple was reportedly banned from selling the iPhone 12 in France...

iPhone 15 launch: Wonderlust scammers rear their heads

Yesterday, Apple launched its latest iPhone and Watch models at its massive Wonderlust event. As with many high profile launches like this, it attracted not just a mountain of press, but a whole load of scammers too. One site uses the Apple brand to host a cryptocurrency scam. The hook is a...

3 reasons why your endpoint security is not enough

Despite widespread deployment of endpoint protection solutions, cyberattacks continue to make headlines, affecting organizations of all sizes and sectors. Recent statistics reveal that 70% of companies were impacted by ransomware last year State of Malware Report 2023, Malwarebytes, and 83%...

Patch now! September Microsoft Patch Tuesday includes two actively exploited zero-days

Microsoft's September 2023 Patch Tuesday is another important one. Not because it's a busy one, but because we have some special cases. Patch Tuesday includes security updates for 59 bugs, two of which are known to be actively exploited. The Cybersecurity & Infrastructure Security Agency CISA has...

PSA: Ongoing Webex malvertising campaign drops BatLoader

A new malvertising campaign is targeting corporate users who are downloading the popular web conferencing software Webex. Threat actors have bought an advert that impersonates Cisco's brand and is displayed first when performing a Google search. We are releasing this blog to warn users about this...

Ransomware review: September 2023

This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, "known attacks" are those where the victim did not pay a ransom. This provides the best overall picture of...

Update Chrome now! Google patches critical vulnerability being exploited in the wild

Google has released an update for Chrome Desktop which includes one critical security fix. There is an active exploit for the patched vulnerability, according to Google, which means cybercriminals are aware of the vulnerability and are using it. If youre a Chrome user on Windows, Mac, or Linux, y...

Microsoft Teams used to deliver DarkGate Loader malware

Researchers have found a new method by which cybercriminals are spreading the DarkGate Loader malware. Until now, DarkGate was typically distributed via phishing emails. The malspam campaign used stolen email threads to lure victims into clicking a hyperlink, which downloaded the malware. But...

Two Apple issues added by CISA to its catalog of known exploited vulnerabilities

The Cybersecurity & Infrastructure Security Agency CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This means that Federal Civilian Executive Branch FCEB agencies need to remediate this vulnerability by October 2, 20...

Major cyberattack leaves MGM Resorts reeling

A major incident impacting MGM Resorts has caused computer shutdowns all over the US. The systems most impacted are tied to casinos and hotel computer systems. According to the AP, locations caught by this shutdown range from New York and Ohio to Michigan and Mississippi. At this point Id link to...

Re-air: What teenagers face growing up online: Lock and Code S04E19

This week on the Lock and Code podcast... In 2022, Malwarebytes investigated the blurry, shifting idea of "identity" on the internet, and how online identities are not only shaped by the people behind them, but also inherited by the internets youngest users, children. Children have always inherit...

Wyze home cameras temporarily show other people's security feeds

A mishap has resulted in security feeds and camera logs from home cameras being temporarily visible online. Users of Wyze, makers of smart products and home cameras, fell victim to this bizarre incident sometime around September 8. One of the first posts about this appeared on Reddit, where a use...

The main causes of ransomware reinfection

A few months ago, we wrote about a ransomware reinfection incident. Ransomware reinfection arguably could be even worse than being a first time victim. Unfortunately it happens more often than you may think. Research shows that in 2022, more than a third 38% of surveyed organizations fell victim ...

A week in security (September 4 - September 10)

Last week on Malwarebytes Labs: Supply chain related security risks, and how to protect against them Password-stealing Chrome extension smuggled on to Web Store Smart chastity device exposes sensitive user data X wants your biometric data Mac users targeted in new malvertising campaign delivering...

Chrome's "Enhanced Ad Privacy": What you need to know

Users of Google's Chrome web browser may wish to dig into their privacy settings as a new feature regarding advertising privacy slowly rolls out to the masses. Googles "Enhanced Ad Privacy" feature may soon appear in your browser, tied to choices regarding a new Chrome feature named Topics. This ...

How Microsoft's highly secure environment was breached

An investigation by Microsoft has finally revealed how China-based hackers circumvented the protections of a "highly isolated and restricted production environment" in May 2023 to unlock sensitive email accounts belonging to US government agencies. The attack was first reported by Microsoft in...

FreeWorld ransomware attacks MSSQL—get your databases off the internet

When we think of ransomware and brute force password guessing attacks, we normally think of RDP, but recent research from Securonix reminds us that anything secured with a password and exposed to the internet is of interest to cybercriminals. Microsoft's Remote Desktop Protocol has been a favouri...

A history of ransomware: How did it get this far?

Today's ransomware is the scourge of many organizations. But where did it start? If we define ransomware as malware that encrypts files to extort the owner of the system, then the first malware that could be classified as ransomware is the 1989 AIDS Trojan. However, while it encrypted filenames a...

Mac users targeted in new malvertising campaign delivering Atomic Stealer

Summary Malicious ads for Google searches are targeting Mac users Phishing sites trick victims into downloading what they believe is the app they want The malware is bundled in an ad-hoc signed app so it cannot be revoked by Apple The payload is a new version of the recent Atomic Stealer for OSX...

X wants your biometric data

Users of X formerly Twitter paying for a checkmark under what used to be called Twitter Blue now X Premium have some biometric related decisions to make. The BBC reports that Elon Musk, having dismantled the old checkmark system to replace it with the all new Premium, is reintroducing identity...

Smart chastity device exposes sensitive user data

A security breach or piece of inadvertent exposure can be a devastating thing, not just for the company impacted but also the people whose data is stolen or exposed to the world. The usual roll-call of "name, address, phone number and card details" is bad enough. If such things are tied to...

Password-stealing Chrome extension smuggled on to Web Store

Researchers at the University of Wisconsin-Madison have demonstrated that Chrome browser extensions can steal passwords from the text input fields in websites, even if the extension is compliant with Chrome's latest security and privacy standard, Manifest V3. To prove it, they created a proof of...

Supply chain related security risks, and how to protect against them

By definition, a supply chain is the network of all the individuals, organizations, resources, activities and technology involved in the creation and sale of a product. In only a few rare cases does one organization have full control over every step in the entire process. The links in such a supp...

A week in security (August 28 - September 3)

Last week on Malwarebytes Labs: 2.6 million DuoLingo users have scraped data released Google strengthens its Workplace suite protection Meal delivery service PurFoods announces major data breach Cisco VPNs without MFA are under attack by ransomware operator "An influx of Elons," a hospital visit,...

A firsthand perspective on the recent LinkedIn account takeover campaign

Not long ago I wrote about a recent campaign to hold LinkedIn users' accounts to ransom. Shortly after I published the article, a co-worker, Pearce, reached out to me told me he'd been a target of the campaign. His story begins with an SMS text from LinkedIn telling him to reset his password. He...

Prompt injection could be the SQL injection of the future, warns NCSC

The UK's National Cyber Security Centre NCSC has issued a warning about the risks of integrating large language models LLMs like OpenAIs ChatGPT into other services. One of the major risks is the possibility of prompt injection attacks. The NCSC points out several dangers associated with...

Qakbot botnet infrastructure suffers major takedown

The Qakbot botnet has suffered a major setback after its infrastructure was heavily disrupted by US and European law enforcement agencies. Operation DuckHunt, as it was codenamed, is possibly the largest US-led financial and technical disruption of a botnet infrastructure. Not only did the agenci...

How “EDR Extra Strength” simplifies traditional EDR complexity

Traditional Endpoint Detection and Response EDR today has a three-fold complexity problem--with big consequences. First, complexity in EDR deployment causes long delays, directly impacting ROI and leaving organizations vulnerable to breaches. In fact, almost 10 percent of small security teams cit...

Victim records deleted after spyware vendor compromised

Anonymous hackers have breached the servers of spyware app "WebDetetive", accessing the user database. However, this doesnt appear to be a typical compromise along the lines of stealing the data, according to Tech Crunch. Instead, its part of a slow move toward "spying" apps being attacked and...

Social Security Numbers leaked in ransomware attack on Ohio History Connection

The Ohio History Connection OHC has posted a breach notification in which it discloses that a ransomware attack successfully encrypted internal data servers. During the attack, the cybercriminals may have had access to names, addresses, and Social Security Numbers SSNs of current and former OHC...

FBI confirms Barracuda patch is not effective for exploited ESG appliances

In an FBI Flash about a Barracuda ESG vulnerability, listed as CVE-2023-2868, the FBI has stated that the patches released by Barracuda in response to this CVE were ineffective for anyone previously infected. Although both Barracude and Mandiant have already made this determination, the agency sa...

"An influx of Elons," a hospital visit, and magic men: Becky Holmes shares more romance scams: Lock and Code S04E18

Becky Holmes is a big deal online. Hugh Jackman has invited her to dinner. Prince William has told her she has "such a beautiful name." Once, Ricky Gervais simply needed her photos "I want you to take a snap of yourself and then send it to me on here...Send it to me on here!" he messaged on...

Cisco VPNs without MFA are under attack by ransomware operator

The Cisco Product Security Incident Response Team PSIRT has posted a blog about Akira ransomware targeting VPNs without Multi-Factor Authentication MFA. The Cisco team states that it is aware of reports of the Akira ransomware group going specifically after Cisco VPNs that are not configured for...

Meal delivery service PurFoods announces major data breach

An organisation that provides home delivery meals has revealed that around 1.2 million people's personal data may be at risk, after the company suffered a ransomware attack earlier in the year. PurFoods, which offers up a service called Moms Meals, helps to provide meals for folks in a variety of...

Google strengthens its Workplace suite protection

Google has announced the strengthening of safeguard measures for its Workspace customers. You may well be using Workspace without realising it. If youre using a Google product such as Gmail, Calendar, Drive, or Google Docs Editors Suite among other apps, then congratulations: you are fully inside...

2.6 million DuoLingo users have scraped data released

An unknown party has released the scraped data of 2.6 million DuoLingo users on a hacking forum. While they offered the data set for sale in January for $1,500, it's now been released on a new version of the Breached hacking forum for 8 site credits, worth only $2.13. DuoLingo is an educational...

A week in security (August 21 - August 27)

Last week on Malwarebytes Labs: Teenage members of Lapsus$ ransomware gang convicted Update now! Google Chrome's first weekly update has arrived Smart lightbulb and app vulnerability puts your Wi-Fi password at risk Malwarebytes acquires Cyrus Security Ivanti Sentry critical vulnerability--don't...

Teenage members of Lapsus$ ransomware gang convicted

A wave of video game developer compromises has come to a court-based conclusion for those responsible, with several convictions the end result. Arion Kurtaj, and a second teen who cannot be named due to their age, are finding themselves to be in quite a lot of trouble after repeated and sustained...

Update now! Google Chrome's first weekly update has arrived

Google has published details about the first weekly update for the Chrome browser. Recently Google announced that it would start shipping weekly security updates for the Stable channel the version most of us use. Regular Chrome releases will still come every four weeks, but to get security fixes...

Smart lightbulb and app vulnerability puts your Wi-Fi password at risk

New research highlights another potential danger from IoT devices, with a popular make of smart light bulbs placing your Wi-Fi network password at risk. Researchers from the University of London and Universita di Catania produced a paper explaining the dangers of common IoT products. In this case...

Malwarebytes acquires Cyrus Security

Today, I am absolutely thrilled to share some exciting news: Malwarebytes is officially welcoming Cyrus Security into our family. This acquisition signifies an exciting chapter in our journey, and I wanted to share why this development is so special, and what it means for the millions who trust...

[updated] Ivanti Sentry critical vulnerability—don't play dice, patch

Ivanti has published a security blog post about a vulnerability in Ivanti Sentry, formerly MobileIron Sentry. Successful exploitation of the vulnerability would enable an unauthenticated attacker to access some sensitive APIs that are used to configure Ivanti Sentry on the administrator portal...

DarkGate reloaded via malvertising and SEO poisoning campaigns

In July 2023, we observed a malvertising campaign that lured potential victims to a fraudulent site for a Windows IT management tool. Unlike previous similar attacks, the final payload was packaged differently and not immediately recognizable. The decoy file came as an MSI installer containing an...

Adobe ColdFusion vulnerability exploited in the wild

The Cybersecurity and Infrastructure Security Agency CISA has added a critical Adobe ColdFusion vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This means that Federal Civilian Executive Branch FCEB agencies need to remediate this...

Alert Prioritization and Guided Remediation: The future of EDR

Sleepless nights, missed threats, a deluge of notifications--the common symptoms of the bane of IT teams everywhere: Alert fatigue. Out of the litany of problems IT teams face every day, alert fatigue might be among the most pressing--especially considering that 30 percent of EDR alerts are ignor...

Update now! WinRAR files can be abused to run malware

A new version of the file archiving software WinRAR fixes two vulnerabilities that could allow an attacker to execute code on a target system. All the victim has to do is to open a specially crafted archive. After receiving a report about the vulnerability in June, a new version of the software w...

Trusted Advisor puts you in the security driving seat

Malwarebytes' new Trusted Advisor dashboard provides an easy to understand assessment of your security with a single comprehensive protection score, and clear, expert-driven advice. Computer security can be difficult and time consuming. Getting it right means knowing what software needs to be...

Chrome will soon start removing extensions that may be unsafe

Retroactive removals are finally on the way for malicious Chrome browser extensions. Beginning with Chrome 117, Chrome will "proactively highlight to users when an extension they have installed is no longer in the Chrome web store". Previously, if you installed an extension which was subsequently...