Spyware app LetMeSpy hacked, tracked user data posted online

Stalkerware-type app LetMeSpy says it has been hacked, with the attacker taking user data with it. From the message posted to the login screen on the LetMeSpy website: On June 21, 2023, a security incident occurred involving obtaining unauthorized access to the data of website users. As a result ...

Online safety tips for LGBTQIA+ communities

The internet is great for bringing people together, helping you feel part of a community, and staying in touch with your nearest and dearest. But it can also be a nasty place - from malware to scammers, to people just being plain awful to others. It's probably not surprising to read that recent...

Top contenders in Endpoint Security revealed: G2 Summer 2023 results

Navigating the world of endpoint security is challenging, with numerous vendors stoking "Fear, Uncertainty, and Doubt" FUD and making bold claims that are difficult to verify. In times like these, the honest opinions of real users are invaluable for busy IT teams. Enter G2, an industry-leading...

Criminal secure messaging system takedown: 6500+ arrests and €900 million+ seized

In 2020, we reported on how law enforcement managed to compromise a secure communications system set up by and for criminals. Now, Europol has published a progress report showing the enormous impact the infiltration of the encrypted communications tool EncroChat made. EncroChat, a company based i...

Why blocking ads is good for your digital health

Online content is largely powered and paid for by advertising. Almost every site you visit, every forum you browse, and even the online stores you buy things from is an advert extravaganza, and they dont just stop at showing cool offers for shirts at 50% off. The scaffolding the adverts sit on go...

Surveillance camera insecurities argument comes to one inevitable conclusion: Always update

Chinese-made surveillance cameras find themselves in a spot of controversy, after a BBC investigation uncovered flaws in devices during several brand tests. Surveillance and webcam vulnerabilities are common, and weve covered them many times on our blog. Whats interesting with this story is that...

Understanding ransomware reinfection: An MDR case study

Ransomware is like that stubborn cold that you thought you kicked, but creeps back up determined to run amok again. The question is what medicine is available to kick this nasty infection for good. In this post, we'll break down the idea of ransomware reinfection and share a real-life episode whe...

Company finds lost SSD—and confidential data—for sale on eBay

Major software company SAP is putting the pieces of a story involving missing SSD disks back together. Four SSD disks are alleged to have gone on an adventure last November, making their way out of a Walldorf, Germany, datacenter with one of them ending up on eBay. An investigation revealed that...

Software company accused of illegally profiling millions of mobile phone users

A digital rights and privacy organization has filed a complaint against software company TeleSign for gathering and selling information on millions of mobile phone users. The organization that filed the complaint is nyob. nyob is an Austrian based digital right organization that focusses on...

81% concerned about ChatGPT security and safety risks, Malwarebytes survey shows

Seven months after ChatGPT burst into our lives, it seems the lustre of the chatbot-that's-going-to-change-everything is starting to fade. A new survey by Malwarebytes exposes deep reservations about ChatGPT, with optimism in startlingly short supply. Of the respondents familiar with ChatGPT: 81%...

SupremeBot and Mario cross the finish line together

Researchers have reported how popular game installers like Super Mario Games are being used to deliver malware. The malicious components include cryptominers, the SupremeBot mining client, and the open-source Umbral stealer. The game installers route offers some very distinct advantages to the...

9 basic security tips for seniors

Before we get into the tips: a caveat. We know many seniors who are digitally more up to date than people 20 years younger, but for those who aren't, this guide is for you. If youre offended by the word seniors in the title, feel free to replace it with "computer illiterate people." And keep in...

Malvertising: A stealthy precursor to infostealers and ransomware attacks

This article is based on research by Jerome Segura, Senior Director of Threat Intelligence at Malwarebytes, who oversees data collection from spam feeds and telemetry to identify the most relevant threats. Malvertising, the practice of using online ads to spread malware, can have dire...

OpenSSH trojan campaign targets Linux systems and IoT devices

Poorly configured Linux and Internet of Things IoT devices are at risk of compromise from a cryptojacking campaign, according to researchers at Microsoft. The attacks, which involve brute forcing a way into a system, are designed to profit from mining in illicit fashion for cryptocurrency. Once t...

A week in security (June 19 - 25)

Last week on Malwarebytes Labs: Microsoft Azure AD flaw can lead to account takeover 5 facts to know about the Royal ransomware gang Malwarebytes only vendor to win every MRG Effitas award in 2022 & 2023 UPS warns customers of phishing attempts after data accessed 6 tips for a cybersecure honeymo...

Microsoft Azure AD flaw can lead to account takeover

Researchers have found that a flaw in Microsoft Azure AD can be used by attackers to take over accounts that rely on pre-established trust. In a nutshell, Microsoft Azure AD allows you to change the email address associated with an account without verification of whether you are in control of tha...

5 facts to know about the Royal ransomware gang

When we first introduced the Royal ransomware gang in our November 2022 review, little did we know they'd rapidly evolve into one of the most potent threats in our ongoing monthly threat intelligence briefings. In fact, the Malwarebytes Threat Intelligence team has tracked down a staggering 195...

Malwarebytes only vendor to win every MRG Effitas award in 2022 & 2023

MRG Effitas, a world leader in independent IT research, published their anti-malware efficacy assessment results for Q1 2023. Malwarebytes Endpoint Protection EP achieved the highest possible score 100% and received certifications for Level 1, Exploit, Online Banking, and Ransomware. These result...

UPS warns customers of phishing attempts after data accessed

UPS Canada is warning customers in Canada of potential data exposure and the risk of phishing. People have started to receive letters like the one below from UPS, which some have assumed were "just" regular phishing alerts. As it turns out, the letter is specifically about the potential exposure ...

Update now! Apple fixes three actively exploited vulnerabilities

Apple has released security updates for several products to address a set of flaws that it says are being actively exploited. Updates are available for these products: Safari 16.5.1 | macOS Big Sur and macOS Monterey ---|--- iOS 16.5.1 and iPadOS 16.5.1 | iPhone 8 and later, iPad Pro all models,...

Reducing your attack surface is more effective than playing patch-a-mole

On June 13, 2023 the Cybersecurity and Infrastructure Security Agency CISA issued Binding Operational Directive BOD 23-02. BOD 23-02 is titled Mitigating the Risk from Internet-Exposed Management Interfaces, and requires federal civilian agencies to remove specific networked management interfaces...

6 tips for a cybersecure honeymoon

You've done it, you've got married. The big day is over, and while you're relaxing on honeymoon you definitely don't want to get distracted by security problems. So, we rounded up some quick tips to keep you safe. Refrain from posting on social media about your honeymoon. This is good practice...

Ransomware attackers email bemused students as leverage for a payout

The University of Manchester has fallen victim to a ransomware gang, who are currently applying an interesting twist to their attack. Blackmail and pressure are two ways to extract funds from potential victims. We see this in sextortion cases, as well as in social engineering. Here, the fraudster...

DNA testing company failed to protect sensitive genetic and health data, says FTC

DNA testing has long been a hot-button issue for security and privacy. Concerns about everything from law enforcement and data retention to job offers and insurance have all been examined at great length. With millions of people signing up to use these services, it was only a matter of time befor...

Why businesses need a disinformation defense plan, with Lisa Kaplan: Lock and Code S04E13

When you think about the word "cyberthreat," what first comes to mind? Is it ransomware? Is it spyware? Maybe it's any collection of the infamous viruses, worms, Trojans, and botnets that have crippled countless companies throughout modern history. In the future, though, what many businesses migh...

Update now! ASUS fixes nine security flaws

ASUS has released firmware updates for several router models fixing two critical and several other security issues. The new firmware with accumulated security updates is available for the models GT6, GT-AXE16000, GT-AX11000 PRO, GT-AXE11000, GT-AX6000, GT-AX11000, GS-AX5400, GS-AX3000, XT9, XT8,...

Baby monitor safety: What you need to know

Do you have an impending new arrival in your family of the small and very noisy variety? If so, youre probably going to invest in a baby monitor for peace of mind both at night and during the day. But do you know what kind of monitor youre going to buy? Will it be audio only, or have images? Will...

Black Cat ransomware group wants $4.5m from Reddit or will leak stolen files

The ramifications of a Reddit breach which occurred back in February are now being felt, with the attackers threatening to leak the stolen data. The February attack, billed as a "sophisticated phishing campaign" by Reddit, involved an attempt to swipe credentials and two-factor authentication...

US dangles $10 million reward for information about Cl0p ransomware gang

The US Department of States national security rewards program, Rewards for Justice RFJ, is offering a reward of up to $10 million for information linking the Cl0p ransomware gang, or any other malicious cyber actors targeting US critical infrastructure, to a foreign government. Advisory from...

Phishing scam takes $950k from DoorDash drivers

A particularly nasty slice of phishing, scamming, and social engineering is responsible for DoorDash drivers losing a group total of around $950k. DoorDash drivers are contractors who pick up food deliveries from stores and restaurants and deliver the products to the customer. A 21 year old man...

A week in security (June 12 - 18)

Last week on Malwarebytes Labs: MOVEit discloses THIRD critical vulnerability Fake security researchers push malware files on GitHub LockBit ransomware advisory from CISA provides interesting insights Microsoft fixes six critical vulnerabilities in June Patch Tuesday Update Chrome now! Google fix...

MOVEit discloses THIRD critical vulnerability

In chess, the threefold repetition rule states that a player may claim a draw if the same position occurs three times during the game. Whether this means that customers of the popular file transfer utility MOVEit Transfer can ask for their money back remains to be seen, but we do hope it signals...

Fake security researchers push malware files on GitHub

Researchers from VulnCheck have observed a campaign using real security researchers as bait for malware. The campaign goes to some lengths to appear genuine, using fake profiles, downloads, websites, and bogus GitHub profiles, to paint a convincing picture of security professionals offering up...

LockBit ransomware advisory from CISA provides interesting insights

The US Cybersecurity and Infrastructure Security Agency CISA, Federal Bureau of Investigation FBI, Multi-State Information Sharing and Analysis Center MS-ISAC, and the cybersecurity authorities of Australia, Canada, United Kingdom, Germany, France, and New Zealand CERT NZ, NCSC-NZ have all...

Microsoft fixes six critical vulnerabilities in June Patch Tuesday

Its that time of the month again: We're looking at June's Patch Tuesday roundup. Microsoft has released its monthly update, and compared to previous months, its actually not so bad. No actively exploited zero-days and only six critical vulnerabilities. So, well have the luxury of going over those...

Update Chrome now! Google fixes critical vulnerability in Autofill payments

Google has released a Chrome update which includes five security fixes. One of these security fixes is for a critical vulnerability in Autofill payments. Google labels vulnerabilities as critical if they allow an attacker to run arbitrary code on the underlying platform with the user's privileges...

Ticket scammers target Taylor Swift tour

Taylor Swift fans are being warned to be cautious when buying tickets for her current "Eras" tour, with scammers waiting in the wings to trick would-be gig goers. The Better Business Bureau says it has received somewhere in the region of 200 complaints from residents of Michigan, and theres bound...

Edge browser feature sends images you view back to Microsoft

A relatively new service provided by Microsofts browser Edge sends images you've viewed online back to Microsoft. A new feature labelled Enhance images in Microsoft Edge has raised some privacy concerns. The feature is designed to upscale low resolution images, making them sharper, and improving...

Strava heatmap loophole may reveal users' home addresses

Researchers at NC State University have outlined potential privacy issues with popular fitness app Strava which could lead to users' homes being pinpointed. The researchers' findings are detailed in a paper called Heat marks the spot: de-anonymising users' geographical data on the Strava heat map...

More MOVEit vulnerabilities found while the first one still resonates

In early June, we reported on the discovery of a critical vulnerability in MOVEit Transfer--known as CVE-2023-34362. After the first vulnerability was discovered, MOVEit's owner Progress Software partnered with third-party cybersecurity experts to conduct further detailed code reviews of the...

Public and free WiFi: Can I safely use it?

We've got into the habit of expecting internet access wherever we go. But data costs can be expensive, and out of your own home often the only WiFi available is public, passwordless and free. In security, we've been trained to carefully contemplate anything that's free, because, well, often when...

A week in security (June 5 - 11)

Last week on Malwarebytes Labs: Trusting AI not to lie: The cost of truth: Lock and Code S04E12 5 unusual cybersecurity tips that actually work The 2023 State of Ransomware in Education: 84% increase in attacks over 6-month period Information stealer compromises legitimate sites to attack other...

Former TikTok exec: Chinese Communist Party had "God mode" entry to US data

A former executive at TikToks parent company ByteDance has claimed in court documents that the Chinese Communist Party CCP had access to TikTok data, despite the data being stored in the US. The allegations were made in a wrongful dismissal lawsuit which was filed in May in the San Francisco...

Ransomware review: June 2023

This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, "known attacks" are those where the victim didn't pay a ransom. This provides the best overall picture of...

Update your Cisco System Secure Client now to fix this AnyConnect bug

Cisco Secure Client is the fresh recipient of a fix to address a high-severity vulnerability related to improper permissions. The flaw allows attackers to potentially escalate privileges to the SYSTEM account. From the vulnerability advisory: A vulnerability in the client update feature of Cisco...

VMware patches critical vulnerabilities in Aria Operations for Networks

VMware has released security updates to fix three vulnerabilities in Aria Operations for Networks which could result in information disclosure and remote code execution. The vulnerabilities were found in Aria Operations for Networks which was formerly known as vRealize Network Insight. Users of...

Unveiling Nebula's Report 2.0: A new approach to security reporting

We're excited to announce Report 2.0, a major upgrade to our report system in Nebula. Report 2.0 is not just a cosmetic touch up--it's a completely revamped security reporting solution designed to cater to your diverse business requirements, allowing for a more dynamic, data-driven approach to IT...

Warning: Victims' faces placed on explicit images in sextortion scam

The FBI has issued a warning about criminals digitally manipulating people's faces on to pornographic images--known as deepfaking--and then using those images to harass or extort money out of their victim in a practice known as sextortion. The FBI said the victims include children. From the...

Update Chrome now! Google patches actively exploited zero-day

Google has released an update which includes two security fixes. One of these security fixes is for a zero-day about which Google says its aware that an exploit for this vulnerability exists in the wild. How to protect yourself If youre a Chrome user on Windows, Mac, or Linux, you should update a...

How Coffee County Schools safeguards 7500 students and 1200 staff

We're excited to announce that our much-anticipated 4th edition of the Byte Into Security webinar series is now available on-demand. Originally aired on May 31st, this session is a goldmine for those facing the unique challenges of K-12 cybersecurity. The webinar is free, and you can watch it rig...