Chrome will soon start removing extensions that may be unsafe

Retroactive removals are finally on the way for malicious Chrome browser extensions. Beginning with Chrome 117, Chrome will "proactively highlight to users when an extension they have installed is no longer in the Chrome web store". Previously, if you installed an extension which was subsequently...

QR codes used to phish for Microsoft credentials

Researchers have published details about a phishing campaign that uses QR codes to phish for Microsoft credentials. A QR Quick Response code is a kind of two-dimensional barcode that holds encoded data in a graphical black-and-white pattern. The data that a QR code stores can include URLs, email...

A week in security (August 14 - August 20)

Last week on Malwarebytes Labs: Attackers demand ransoms for stolen LinkedIn accounts Patch now! Citrix Sharefile joins the list of actively exploited file sharing software Exchange Server security updates updated Catching up with WoofLocker, the most elaborate traffic redirection scheme to tech...

Attackers demand ransoms for stolen LinkedIn accounts

An ongoing campaign targeting LinkedIn accounts has led to victims losing control of their accounts, or being locked out following repeated login attempts. Whether the attackers are using brute force methods or credential stuffing isn't known, but because some victims are being being locked out...

Patch now! Citrix Sharefile joins the list of actively exploited file sharing software

The Cybersecurity and Infrastructure Security Agency CISA has added a vulnerability to its catalog of know exploited vulnerabilities, based on evidence of active exploitation. This means that Federal Civilian Executive Branch FCEB agencies need to remediate this vulnerability by September 6, 2023...

Exchange Server security updates updated

Microsoft has re-released the August 2023 Security Updates SUs for Exchange Server. The original release of the SUs, from August 8 2023, had a localization issue with Exchange Server running on a non-English Operating Systems OSes that caused Setup to stop unexpectedly, leaving Exchange services ...

Catching up with WoofLocker, the most elaborate traffic redirection scheme to tech support scams

Back in January 2020, we blogged about a tech support scam campaign dubbed WoofLocker that was by far using the most complex traffic redirection scheme we had ever seen. In fact, the threat actor had started deploying infrastructure in earnest as early as 2017, about 3 years prior to our...

Citrix NetScalers backdoored in widespread exploitation campaign

Fox-IT has uncovered a large-scale exploitation campaign of Citrix NetScalers in a joint effort with the Dutch Institute of Vulnerability Disclosure DIVD. Over 1900 instances were found to have a backdoor in the form of a web shell. These backdoored NetScalers can be taken over at will by an...

Discord.io confirms theft of 760,000 members' data

Discord.io was/is a third party service that enables owners of Discord servers to create customized, personal Discord invites. After a preview of Discord.io's users database was posted on BreachForums, the owners have decided to shut down all Discord.io services "for the foreseeable future."...

Malvertisers up their game against researchers

Threat actors constantly take notice of the work and takedown efforts initiated by security researchers. In this constant game of cat and mouse chasing, tactics and techniques keep evolving from simple to more complex, and more covert. This is a trend we have observed time and time again, no matt...

Beware malware posing as beta versions of legitimate apps, warns FBI

The FBI has issued a warning that cybercriminals are embedding malicious code in mobile beta-testing apps in attempts to defraud potential victims. The victims are typically contacted on dating sites and social media, and in some cases they are promised incentives such as large financial payouts...

PCMag ranks Malwarebytes #1 cybersecurity vendor

PCMag, one of the most trusted publications by IT professionals, named Malwarebytes the 1 most-recommended security software vendor on its list of Best Tech Brands for 2023. The ranking is based on a Net Promoter Score NPS, a composite rating based on customer reviews from PCMag's Readers Choice...

Ford says it’s safe to drive its cars with a WiFi vulnerability

Ford has released information about a buffer overflow vulnerability in its SYNC 3 infotainment system. Ford learned from a supplier that a security researcher had discovered a vulnerability in the Wi-Fi software driver supplied for use in the SYNC 3 infotainment system available on some Ford and...

25 most popular websites vs Malwarebytes Browser Guard

Do you know how many see-everything-you're-doing-on-the-web trackers get loaded into your browser when you watch a YouTube video? Would you care to guess? It's about sixty. Sixty. Six zero. Sixty trackers when you load one video. I know this because I decided to take Browser Guard, the...

A new type of "freedom," or, tracking children with AirTags, with Heather Kelly: Lock and Code S04E17

"Freedom" is a big word, and for many parents today, it's a word that includes location tracking. Across America, parents are snapping up Apple AirTags, the inexpensive location tracking devices that can help owners find lost luggage, misplaced keys, and--increasingly so--roving toddlers setting...

A week in security (August 7 - August 13)

Last week on Malwarebytes Labs: Zoom clarifies user consent requirement when training its AI Several hospitals still counting the cost of widespread ransomware attack Old exploit kits still kicking around in 2023 YouTube makes sweeping changes to tackle spam on Shorts videos Googles "browse...

Zoom clarifies user consent requirement when training its AI

Changes in the terms of service TOS of the Zoom video-conferencing software have caused some turmoil. Since the pandemic, Zoom Video Conferencing has become a household name. Zoom came up as the big winner in the video conferencing struggle that enabled us to work from home. Now that things are...

Several hospitals still counting the cost of widespread ransomware attack

The 16 hospitals struck down by ransomware last week are still dealing with the fallout from the attack. The healthcare facilities located in Connecticut, Pennsylvania, Rhode island, and California had the ransomware attack confirmed by the FBI. Issues started to emerge last Thursday with patient...

Old exploit kits still kicking around in 2023

The year is 2023 and there still are some people using Internet Explorer on planet Earth. More shocking perhaps, is the fact there are still threat actors maintaining exploit kit infrastructure and dropping new malware. In this quick blog post, we review two well-known toolkits from the past,...

YouTube makes sweeping changes to tackle spam on Shorts videos

YouTube is rolling out unclickable links. Video portals like YouTube have had to deal with spam comments and bogus links for many years. With new additions to a platform come new places for scammers to go about their business. YouTube is now cracking down on links posted to the comments section o...

Google’s “browse privately” is nothing more than a word play, lawyers say

Google will have to appear in court after a judge denied their request for summary judgment in a lawsuit filed by users alleging the company illegally invaded the privacy of millions of people. Lawsuits against big tech over privacy issues are not much of a surprise these days, unfortunate as tha...

Ransomware review: August 2023

This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, "known attacks" are those where the victim did not pay a ransom. This provides the best overall picture of...

August Patch Tuesday stops actively exploited attack chain and more

Augusts Patch Tuesday is a lot quieter than it was last month, when Microsoft patched a whopping 130 vulnerabilities. That number went down to 87 this month but it does include two actively exploited vulnerabilities. Lets start by looking at those two: CVE-2023-38180 CVSS score 7.5 out of 10: a...

Facial recognition tech lands innocent woman with bogus carjacking charge

Detroit law enforcement wrongly arrested a 32 year old woman for a robbery and carjacking she did not commit. She was detained for 11 hours and had her phone taken as evidence before finally being allowed to leave. The reason for the false arrest is down to a facial recognition error, the kind th...

Cloudflare Tunnel increasingly abused by cybercriminals

Cloudflare Tunnel provides you with a secure way to connect your resources to Cloudflare without a publicly routable IP address. Cybercriminals are increasingly using this service to keep their activities from being detected. Cloudflare Tunnel, also known by its executable name, Cloudflared,...

Voter data stolen in UK Electoral Commission systems breach

The UK's Electoral Commission has revealed it suffered a compromise which has the potential to expose aspects of registered voters' data. While much of this data may already be public, there are some privacy and safety concerns to consider. First of all, lets take a look at whats been affected. T...

Server breach could be fatal blow for LetMeSpy

A mobile app designed to let people spy on others will shortly be going out of business after a server breach and mass deletion incident. The app, LetMeSpy, sits silently and invisibly on a phone and collects call logs, location data, and even text messages. This kind of program is commonly...

Digital assets continue to be prime target for malvertisers

Cyber-criminals continue to impersonate brands via well-crafted phishing websites. We previously covered attacks on both consumers and businesses via online searches for popular brands leading to scams or malware. Digital assets such as cryptocurrencies or NFTs are highly coveted by threat actors...

TikTok facing fines for violating children’s privacy

The European Data Protection Board is expected to fine TikTok for violating the privacy of young children within the next four weeks. The European Data Protection Board said a binding decision has been reached over TikTok's processing of childrens data, after the ByteDance-owned app submitted leg...

FCC comes down hard on robocallers with record $300m fine

Robocallers are in the news after the FCC issued a $300 million forfeiture to a persistent offender and shut down their operation. A robocall network makes use of automated software diallers to spam out large numbers of cold calls to unsuspecting recipients. These calls promise much but give very...

2022's most routinely exploited vulnerabilities—history repeats

The Cybersecurity and Infrastructure Security Agency CISA, National Security Agency NSA, Federal Bureau of Investigation FBI, and international partners have released a joint Cybersecurity Advisory CSA called the 2022 Top Routinely Exploited Vulnerabilities. We went over the list and it felt like...

New Security Advisor amps up security in minutes

Malwarebytes Security Advisor, a transformation of the Nebula customer experience, enables organizations to visualize and improve their organization's security posture in just a few minutes. "If youre not fully configured, you arent fully protected," says Jonny Rivera, Director, Customer Experien...

A week in security (July 31 - August 6)

Last week on Malwarebytes Labs: The end looms for Meta's behavioural advertising in Europe Microsoft Teams used in phishing campaign to bypass multi-factor authentication Film companies lose battle to unmask Reddit users FAQ: How does Malwarebytes ransomware rollback work? How to protect your...

The end looms for Meta's behavioural advertising in Europe

The EU is going toe to toe with Meta once more, with the social network giant conceding defeat yet again. After having taken Meta to task for various privacy violations and data breaches, Meta is now having to provide European users with a way to opt out of behavioural advertising. The threat of...

Microsoft Teams used in phishing campaign to bypass multi-factor authentication

Attackers believed to have ties to Russia's Foreign Intelligence Service SVR are using Microsoft Teams chats as credential theft phishing lures. Microsoft Threat Intelligence has posted details about the perceived attacks targeted at fewer than 40 unique global organizations. The targeted...

Film companies lose battle to unmask Reddit users

An interesting case marking the limits of what data big business can expect to dig up has concluded its day or to be more accurate, many days in court. Ars Technica reports that film companies have lost their battle to make social site Reddit identify anonymous users discussing piracy. No fewer...

FAQ: How does Malwarebytes ransomware rollback work?

As the old cybersecurity saying goes: "Its not if, but when." Everyone and their grandma have repeated this foreboding maxim about the nature of ransomware attacks, but sadly, that doesn't make it any less true. Time and again were reminded that ransomware can slip past even the best defenses...

How to protect your child's identity

As we have mentioned before, identity theft is a serious problem, especially when it affects children. Identity thieves love preying on minors, simply because it usually takes longer before the theft is noticed. A persons identity represents a certain value. If it is stolen and abused, it can cau...

Hey, are you REALLY ready to go on vacation? (No, you aren't)

Are you ready for a challenge? A real challenge? Do you laugh in the face of shark cages, scoff at the Marathon des Sables, and waft a dismissive finger in the direction of the Everest ascent? Are you ready to conquer the impossible? If so, then you might be ready for the ultimate challenge--taki...

Global ransomware attacks at an all-time high, shows latest 2023 State of Ransomware report

Ransomware attacks have shown no signs of slowing down in 2023. A new report from the Malwarebytes Threat Intelligence team shows 1,900 total ransomware attacks within just four countries--the US, Germany, France, and the UK--in one year. The findings, compiled together in the 2023 State of...

Phishing campaigns are using AMP URLs to avoid detection

Researchers have found a new phishing tactic which uses Google Accelerated Mobile Pages AMP to make URLs look trustworthy. The tactic is designed to slip past both software and users on the lookout for strange and untrustworthy domain names. AMP is an open-source HTML framework designed to make w...

Minecraft fans beware: Players and servers at risk from BleedingPipe vulnerability

Minecraft players interested in modding are potentially at risk of compromise. A Remote Code Execution RCE vulnerability in certain Minecraft mods allows for malicious commands on both servers and clients. The vulnerability, named BleedingPipe, allows attackers to take over a targeted server...

Ivanti patches second zero-day vulnerability being used in attacks

Ivanti has issued a patch to address a second critical zero-day vulnerability that is under active attack. The vulnerability is said to be used in combination with the first vulnerability we discussed some days ago. The Cybersecurity and Infrastructure Security Agency CISA has added the new...

Public companies must now disclose breaches within 4 days

Public organisations in the US impacted by a cyberattack will now have to disclose it within four days…with some caveats attached. On Wednesday, new rules were approved by the US Securities and Exchange Commission SEC. These rules mean that publicly traded companies will need to reveal said attac...

Meta subsidiaries must pay $14m over misleading data collection disclosure

Meta has run into yet another bout of court related issues--two subsidiaries have been ordered to pay $14 million regarding undisclosed data collection. The Australian case, which has rumbled on for the best part of two and a half years, has focused on claims related to a now discontinued Virtual...

Supply chain attacks disrupt emergency services communications

A supply chain attack rendered two ambulance trusts incapable of accessing electronic patient records in the UK. The two services, which operate in a region of 12 million people, were not targeted directly. Instead, the attack was aimed at a third-party technology provider used by both the South...

Compromised Barracuda appliances equipped with persistent backdoors by attackers

The Cybersecurity and Infrastructure Security Agency CISA has published three malware analysis reports based on malware variants associated with the exploitation of a known vulnerability in Barracuda ESG appliances. The Common Vulnerabilities and Exposures CVE database lists publicly disclosed...

A week in security (July 24 - July 30)

Last week on Malwarebytes Labs: Zimbra issues awaited patch for actively exploited vulnerability Patch now! Ivanti Endpoint Manager Mobile Authentication vulnerability used in the wild 60,000 Androids have stalkerware-type app Spyhide installed Ransomware groups claim responsibility for...

Zimbra issues awaited patch for actively exploited vulnerability

Two weeks ago, we urged readers to apply a workaround for an actively exploited vulnerability in Zimbra Collaboration Suite ZCS email servers. Zimbra has released ZCS 10.0.2 that fixes two security issues, including the known bug that could lead to exposure of internal JSP and XML files. Zimbra i...

How Apple fixed what Microsoft hasn't, with Thomas Reed: Lock and Code S04E16

Earlier this month, a group of hackers was spotted using a set of malicious tools--that originally gained popularity with online video game cheaters--to hide their Windows-based malware from being detected. Sounds unique, right? Frustratingly, it isn't, as the specific security loophole that was...