DeepStreamer: Illegal movie streaming platforms hide lucrative ad fraud operation

This investigation was a joint effort between Malwarebytes Threat Intelligence's Jerome Segura, DeepSee's Rocky Moss and Antonio Torres. Key findings Over a dozen unique domains were found selling ad inventory through Google Ad Manager, even though the pages were embedded invisibly under the...

DoppelPaymer ransomware group disrupted

Europol has announced it has arrested two suspected core members of the DoppelPaymer ransomware group. On 28 February, the German Regional Police and the Ukrainian National Police, with support from Europol, the Dutch Police, and the United States Federal Bureau of Investigations FBI, apprehended...

Play ransomware gang leaks City of Oakland data

The Play ransomware gang has begun partially publishing data they stole from the City of Oakland, California. The data were in multiple archive files with a collective file size of 10GB. According to the ransomware gang, the files contain "private and personal information data, financial...

Warning issued over Royal ransomware

As part of its StopRansomware effort, the Cybersecurity and Infrastructure Security Agency CISA has published a Cybersecurity Advisory CSA about Royal ransomware. Royal ransomware is a Ransomware-as-a-service Raas that first made an appearance in January 2022. In September of that year, it began...

Intel CPU vulnerabilities fixed. But should you update?

Microsoft has released out of band updates for information disclosure vulnerabilities in Intel CPUs. The normal gut reaction would be to install out of band updates as soon as possible. Microsoft wouldnt be releasing the updates ahead of the regular cycle without good reason, would it? Well, mayb...

National Cybersecurity Strategy Document: What you need to know

The US Government has been working on the National Cybersecurity Strategy Document 2023 for some time now, and its finally been released. The strategy document, which replaces the last such piece of work from 2018, attempts to indicate the general direction of the US approach to cybercrime and...

8 cybersecurity tips to keep you safe when travelling

The best way to keep your devices safe when you're travelling is to be unplugged. If you don't need it, don't take it with you. But since that is not always an option, here are some tips to keep you safe while you travel. 1. Backup before you go The consequences of losing your device or having it...

A week in security (February 27 - March 5)

Last week on Malwarebytes Labs: Fighting online censorship, or, encryption's latest surprise use-case, with Mallory Knodel: Lock and Code S04E05 How to work from home securely, the NSA way TikTok probed over child privacy practices iPhone users targeted in phone AND data theft campaign US Marshal...

LockBit ransomware demands $2 million for Pierce Transit data

The Pierce County Public Transportation Benefit Area Corporation Pierce Transit has fallen victim to a cyberattack using LockBit ransomware. Pierce Transit is a public transit operator in Washington state. The attack began on February 14, 2023, and required Pierce Transit to implement temporary...

YouTube under fire for allegedly gathering children's data

The UKs childrens code, introduced three years ago by the Information Commissioner's Office ICO, is all about ensuring that companies make childrens privacy a primary consideration when creating sites and services, games, and toys. The code, also known as the Age Appropriate Design Code AADC, may...

Internet Explorer users still targeted by RIG exploit kit

Despite a very slim browser market share, Internet Explorer IE is still being exploited by exploit kits like the RIG exploit kit EK. One major advantage for the malware distributors behind the exploit kit is that the outdated browser has reached end-of-life EOL, which means it no longer receives...

Ransomware led to multiple DISH Network outages

Satellite broadcast organisation DISH experienced a major system issue over the past week which affected multiple services. Websites and channels were unavailable, logins were non-functional, and some folks couldnt even pay their bills as a result of the downtime. There was a suspicion that...

AI voice cracks telephone banking voice recognition

Voice ID is slowly rolling out across various banks worldwide as a way to perform user authentication over the phone. However, questions remain about just how secure it is. Now that we have freely available artificial intelligence AI happily replicating peoples voices, could it be a security risk...

Crushing the two biggest threats to mobile endpoint security in 2023

Dont let their small size fool you: mobile devices can have a big impact on your security posture. Its easy to see why, considering that almost half of organizations said they suffered a mobile-related compromise in 2022. Malware and phishing are two particular mobile threats that you need to...

LastPass was undone by an attack on a remote employee

Last August, LastPass suffered a well publicised breach: Developer systems were compromised and source code stolen. This resulted in a second breach in November, which was revealed by LastPass in December. The company has now revealed that the individuals responsible for the attack also compromis...

US Marshals Service hit by ransomware and data breach

The US Marshals Service USMS says it's suffered a ransomware attack in which a threat actor managed to get hold of sensitive information about staff and fugitives. On February 17, 2023, the attacker infiltrated a system that held information about ongoing investigations, including personally...

iPhone users targeted in phone AND data theft campaign

When is an iPhone theft not just an iPhone theft? When the user's Apple ID and more, goes with it. That's what the Wall Street Journal reports has been happening over recent months. The paper interviewed a handful of people who fell victim to old-school phone theft while out in a bar. But it wasn...

How to work from home securely, the NSA way

People working remotely is no longer unusual, so the National Security Agency NSA has produced a short Best Practices PDF document detailing how remote workers can keep themselves safe from harm. In fact, the guide can also be applied to people using computers at home generally and is written in ...

Fighting online censorship, or, encryption's latest surprise use-case, with Mallory Knodel: Lock and Code S04E05

Government threats to end-to-end encryption--the technology that secures your messages and shared photos and videos--have been around for decades, but the most recent threats to this technology are unique in how they intersect with a broader, sometimes-global effort to control information on the...

TikTok probed over child privacy practices

The privacy protection authorities for Canada, Quebec, British Columbia, and Alberta have announced they will start an investigation into TikTok's privacy practices, especially in relation to its younger users. The investigation will include whether the company obtained valid and meaningful conse...

A week in security (February 20 - 26)

Last week on Malwarebytes Labs: GoAnywhere zero-day opened door to Clop ransomware Chip company loses $250m after ransomware hits supply chain GoDaddy says it's a victim of multi-year cyberattack campaign Twitter and two-factor authentication: What's changing? How to set up two-factor...

Arrested: Fearmongering data thieves who victimized thousands of businesses

The Dutch police have announced the arrest of three more suspects in one of the biggest data extortion cases to date. The men, all aged between 18 and 21, were allegedly involved in extorting businesses and selling stolen data to other criminals. During a two-year investigation the police learned...

Fake Amazon Prime email abuses LinkedIn's URL shortener

Over the last few days, scammers have been sending out phishing mails that disguise bogus URLs with something called Slinks--shortened Linkedin URLs. The shortened URLs redirect users to a different URL when they are clicked. If youve ever seen a Tiny URL, or a Bit.ly link, youll already be...

Malwarebytes wins 2023 CRN 'Coolest Endpoint And Managed Security Companies' award

CRN, a trusted source for IT channel news and analysis, has named Malwarebytes one of the "Coolest Endpoint And Managed Security Companies" on the 2023 CRN Security 100 list. The CRN Security 100 highlights channel-friendly cybersecurity vendors across a number of market segments including Endpoi...

Royal Mail schools LockBit in leaked negotiation

The LockBit group has finally given up any prospect of extracting a ransom from Royal Mail and published the files it stole from the company in a recent ransomware attack. The leak brings weeks of negotiations to a close, leaving Royal Mail without a decryptor, and LockBit without a payday...

BlackCat ransomware targets another healthcare facility

In a statement issued Monday morning, Lehigh Valley Health Network said it had been the target of a cyberattack attributed to a ransomware gang known as BlackCat. The Network is made up of 13 hospital campuses, as well as other health facilities, and is based in Pennsylvania. BlackCat The...

DNA testing company fined after customer data theft

DNA Diagnostics Center DDC, an Ohio-based private DNA testing company, last week reached a settlement deal with the Ohio and Pennsylvania state attorneys general in relation to a 2021 breach that saw the theft of 45,000 residents' personal details. Overall the attack compromised over 2.1 million...

Samsung adds Message Guard protection against zero-click exploits

Samsung has announced the introduction of Message Guard for the Samsung Galaxy S23 series. It will be gradually rolled out to other Galaxy smartphones and tablets later this year. Message Guard works on images received in messages by the apps "Samsung Messages" and "Messages by Google" and...

The 5 most dangerous cyberthreats facing businesses this year

Which of the myriad, extant cyberthreats should your business be paying the most attention to in 2023? Thats the question we set out to answer in this years annual State of Malware report, and the answers might surprise you. To understand why, you need to know what makes this years report so...

HardBit ransomware tailors ransom to fit your cyber insurance payout

Ransomware authors are wading into the cybersecurity insurance debate in a somewhat peculiar way. Specifically: urging victims to disclose details of their insurance contract, in order to tailor a ransom which will be beneficial to the company under attack. HardBit 2.0: dismantling a device piece...

Multilingual skimmer fingerprints 'secret shoppers' via Cloudflare endpoint API

One important aspect of data theft in criminal markets revolves around the authenticity of the data that is being resold. There are different services that exist to vet such things as credit card numbers so that buyers can purchase with confidence. Criminals are also very aware that anyone and in...

How to set up two-factor authentication on Twitter using a hardware key

If you use text based authentication as an additional level of security for your Twitter account, you may be aware that this option will be reserved for paying Twitter Blue subscribers come mid-March. This post explains how to enable hardware key authentication instead. Enabling a hardware securi...

How to set up two-factor authentication on Twitter using an app

If you use text based authentication as an additional level of security for your Twitter account, you may be aware that this option will be reserved for paying Twitter Blue subscribers come mid-March. This post will explain how to enable app based authentication. We found it easier to do on our...

Twitter and two-factor authentication: What's changing?

Twitter is making some dramatic shake ups to its currently available security settings. From March 19, users of Twitter wont be able to use SMS-based two-factor authentication 2FA unless they have a subscription to the paid Twitter Blue service. If you use text-based 2FA, the important thing here...

GoDaddy says it's a victim of multi-year cyberattack campaign

Hosting and domain name company GoDaddy says it believes a "sophisticated threat actor group" has been subjecting the company to a multi-year attack campaign, the most recent of which occurred in December 2022. In December, it received complaints about customer websites being periodically...

Chip company loses $250m after ransomware hits supply chain

Applied Materials, one of the worlds leading suppliers of equipment, services, and software for the manufacture of semiconductors, has warned that its second-quarter sales are likely to be hurt to the tune of $250 million due to a cybersecurity attack at one of its suppliers. MKS Instruments Inc...

GoAnywhere zero-day opened door to Clop ransomware

A semi-active ransomware group has claimed it is behind a string of attacks which have taken advantage of a zero-day vulnerability in GoAywhere MFT. The Russian-linked Clop ransomware group says it was able to remotely attack private systems using exposed GoAnywhere MFT administration consoles...

A week in security (February 13 - 19)

Last week on Malwarebytes Labs: What is AI good at and what the heck is it, actually, with Josh Saxe: Lock and Code S04E04 Malwarebytes recognized as endpoint security leader by G2 CISA issues alert with South Korean government about DPRK's ransomware antics Jailbreaking ChatGPT and other large...

iPhone calendar spam: What it is, and how to remove it

If you open up your iPhone and see a variety of messages claiming that youve been hacked, your phone is not protected, that viruses have damaged your phone, or, my personal favourite, "Click to get rid of annoying ads", fear not. Its quite possible youve accidentally wandered into a common form o...

Two Supreme Court cases could change the Internet as we know it

The Supreme Court is about to reconsider Section 230, a law thats been the foundation of the way we have used the Internet for decades. The court will be handling a few cases that at first glance are about online platforms' liability for hosting accounts from foreign terrorists. But at a deeper...

Mortal Kombat ransomware forms tag team with crypto-stealing malware

An "unidentified actor" is making use of these two malicious files to cause combo-laden mayhem on desktops around the world, according to new research from Talos. The tag-team campaign serves up ransomware known as Mortal Kombat, which borrows the name made famous by the video game, and Laplas...

TikTok car theft challenge: Hyundai, Kia fix flaw

Car manufacturer Hyundai, and its subsidiary Kia, began rolling out a free software update on February 14, 2023, to address a flaw in their anti-theft software, which was highlighted in a social media challenge. The release of the update came nine months after an uptick in car theft of the affect...

Ransomware pushes City of Oakland into state of emergency

The ransomware attack that hit Oakland on Wednesday February 8, 2023 is still crippling many of the citys services a week later. In fact, the situation is so bad that the Interim City Administrator has now declared a state of emergency. Tweet announcing the state of emergency The ransomware attac...

Arris router vulnerability could lead to complete takeover

Security researcher Yerodin Richards has found an authenticated remote code execution RCE vulnerability in Arris routers. This is the type of router that ISPs typically provide in loan for customers telephony and internet access. After responsible disclosure Richards has published a...

Fake Hogwarts Legacy cracks lead to adware, scams

Hogwarts Legacy, the much-anticipated Harry Potter video game, has finally landed on major gaming platforms. But, as with all games like this, it comes with a steep price tag, so it's no surprise to suddenly see websites peddling "cracked" versions of the game for free. These sites are easily...

WordPress sites backdoored with ad fraud plugin

WordPress is an immensely popular content management system CMS powering over 43% of all websites. Many webmasters will monetize their sites by running ads and need to draw particular attention to search engine optimization SEO techniques to maximize their revenues. But some people will take a...

Four EU telco giants will start asking users if they want personalized targeted ads

They say you can't have too much of a good thing. Unfortunately, this applies to ads, too, whether you think they're a good thing or not. Soon, Europes four biggest telecommunication companies--Germany's Deutsche Telekom DK, France's Orange, Spain's Telefonica, and the UK's Vodafone Group--will...

Update now! February's Patch Tuesday tackles three zero-days

The Patch Tuesday roundup from Microsoft for February 2023 includes three zero-days. Not exactly what we had in mind for Valentine's Day. Microsoft classifies a vulnerability as a zero-day if it is publicly disclosed or actively exploited with no official fix available. As far as we can tell, onl...

Update now! Apple patches vulnerabilities in MacOS and iOS

Apple has released information about the new security content of macOS Ventura 13.2.1 and of iOS 16.3.1 and iPadOS 16.3.1. Most prominent is a vulnerability in WebKit that may have been actively exploited. In December, 2022, we warned our readers about another actively exploited vulnerability in...

TrickBot gang members sanctioned after pandemic ransomware attacks

In a collaborative partnership, officials in the United States and the United Kingdom unmasked and imposed financial sanctions against seven members of the notorious Russian gang TrickBot alias "TrickLoader", a mainstream banking Trojan turned malware-as-a-service MaaS platform for other criminal...