New ESXiArgs encryption routine outmaneuvers recovery methods

In what seems to be a typical arms race where one side responds to counter the progress the other side has made, the ransomware group behind the massive attack on ESXi Virtual Machines VMs has come up with a new variant that can no longer be decrypted with the recovery script released by the...

One in nine online stores are leaking your data, says study

eCommerce security company Sansec has revealed it's found a number of online stores accidentally leaking highly sensitive data. After studying 2,037 online stores, the company found that 12.3 percent exposed compressed files in ZIP, SQL, and TAR archive formats, which BleepingComputer noted appea...

Android 14 developer preview highlights multiple security improvements

Android developers have been given a taste of whats to come in the next big step up in mobile land, thanks to Android 14 waiting on the horizon. The developer preview is a great way for those most familiar with the mobile operating system to see which changes theyll enjoy and what ones theyll hav...

Should you share passwords with your partner?

To share or not to share? When it comes to love and romance, that is the password question, isn't it? This Valentine's Day, we attempt to lift the lid on this steamy cybersecurity subject to see if two people in a romantic relationship are both on board on the matter of exchanging passwords with...

Consent to gather data is a "misguided" solution, study reveals

When researchers from the University of Pennsylvania's Annenberg School for Communication conducted a survey to see if "informed consent" practices are working online with regard to user data gathering, the results revealed weaknesses in a framework that, for decades, has served as the basis for...

French law to report cyberincidents within 3 days to become effective soon

The pressure on victims of cybercrime to notify authorities in a timely manner is increasing from many sides and for multiple reasons. On January 24, 2023 France passed a law Article L12-10-1 of the Insurance Code that victims of cybercrime are required to report the incident within 72 hours afte...

CISA issues alert with South Korean government about DPRK's ransomware antics

CISA and other federal agencies were joined by the National Intelligence Service NIS and the Defense Security Agency of the Republic of Korea ROK in releasing the latest cybersecurity advisory in the US government's ongoing StopRansomware effort. This alert highlights continuous state-sponsored...

Jailbreaking ChatGPT and other large language models while we can

The introduction of ChatGPT launched an arms race between tech giants. The rush to be the first to incorporate a similar large language model LLM into their own offerings read: search engines may have left a lot of opportunities to bypass the active restrictions such as bias, privacy concerns, an...

What is AI good at (and what the heck is it, actually), with Josh Saxe: Lock and Code S04E04

In November of last year, the AI research and development lab OpenAI revealed its latest, most advanced language project: A tool called ChatGPT. ChatGPT is so much more than "just" a chatbot. As users have shown with repeated testing and prodding, ChatGPT seems to "understand" things. It can give...

A week in security (February 6 - 12)

Last week on Malwarebytes Labs: Two year old vulnerability used in ransomware attack against VMware ESXi On the 20th Safer Internet Day, what was security like back in 2004? Florida hospital takes entire IT systems offline after 'ransomware attack' Introducing Malwarebytes Mobile Security for...

Malwarebytes recognized as endpoint security leader by G2

G2 has released their Winter 2023 reports, ranking Malwarebytes as the leader across a number of endpoint protection categories. Based on verified customer reviews, Malwarebytes has been ranked 1 over top EDR vendors for endpoint malware and antivirus protection, detection and remediation of...

KillNet hits healthcare sector with DDoS attacks

At the end of January, the Health Sector Cybersecurity Coordination Center warned that the KillNet group is actively targeting the US healthcare sector with distributed denial-of-service DDoS attacks. The Cybersecurity and Infrastructure Security Agency CISA says it helped dozens of hospitals...

Reddit breached, here's what you need to know

On Thursday, February 9, 2023, Reddit reported that it had experienced a security incident as a result of an employee being phished. What happened? According to Reddit, it "became aware of a sophisticated phishing campaign" late on February 5, 2023, that attempted to steal credentials and...

Beware fake Facebook emails saying "your page has been disabled"

Facebook users need to be on their guard for bogus emails claiming to be from Facebook, that tell users their account has been disabled. The emails make use of the classic "apply some pressure" tactics so beloved of scammers everywhere. A missive that makes you shrug wont get you clicking bogus...

$800,000 recovered from Business Email Compromise attack

We continue to see the damaging repercussions of business email compromise BEC impacting organisations across the US and elsewhere. The Houston Chronicle reports that law enforcement seized $800,000 from a bank account used for pillaging funds from a construction management company. The attack BE...

Introducing Malwarebytes Application Block: How to block unauthorized software from executing on Windows endpoints

Malwarebytes is excited to announce Application Block, a new module for Nebula and OneView for MSPs which helps organizations easily thwart unwanted applications from launching on Windows endpoints. For as many applications out there that help you keep business running as usual, there are just as...

Ryuk ransomware laundering leads to guilty plea

Ryuk, a mainstay of the ransomware scene for some years until it transformed into Conti and then split off into other groups after that, is back in the news again... though not in the way you might have imagined. Its not a compromise, or a surprise comeback. What we have is a guilty plea, as a...

Ransomware review: February 2023

This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who builds a monthly picture of ransomware activity by monitoring the information published by ransomware gangs on their Dark Web leak sites. This information represents victims who were successfully attacke...

Update now! GoAnywhere MFT zero-day patched

An emergency patch 7.1.2 has been released for an actively exploited zero-day vulnerability found in the GoAnywhere MFT administrator console. GoAnywhere MFT, which stands for managed file transfer, is a software solution that allows businesses to manage and exchange files in a secure and complia...

Encrypted messaging service eavesdropped on by police, users arrested

After eavesdropping on yet another encrypted messaging service for five months, law enforcement agencies decided to shut down the service that was popular among members of organized crime groups. The service called Exclu claims to use the "most secure encryption protocols", as well as end-to-end...

Stalkerware-type app developers fined by NY Attorney General

Stalkerware is a huge problem when it comes to intrusion into peoples personal lives. "Friends", strangers, family members, abusive spouses and many more can potentially dabble in this malignant pastime and cause all manner of trouble for their target. Thanks to the New York Attorney Generals...

ION starts bringing customers back online after LockBit ransomware attack

ION Group, a financial software firm, is reportedly beginning to bring clients back online after being hit by a ransomware attack late last week. The Russian-linked LockBit ransomware group claimed responsibility for attacking a division of ION Group, which affecting 42 clients in Europe and the...

Introducing Malwarebytes Mobile Security for Business: How to find malware and stop phishing attacks on smartphones and ChromeOS

Malwarebytes is excited to announce Malwarebytes Mobile Security for Business, which extends our award-winning endpoint protection to mobile devices. Dont get it twisted: mobile devices may be small, but they have huge implications for your security posture. In fact, 73% of organizations...

Florida hospital takes entire IT systems offline after 'ransomware attack'

Tallahassee Memorial Healthcare TMH, a major hospital system in northern Florida, has reportedly been experiencing an "IT security issue" since Thursday evening, which impacted some of its IT systems. When TMH learned of the issue, it took its entire IT systems offline as a precaution and contact...

On the 20th Safer Internet Day, what was security like back in 2004?

Today is the 20th Safer Internet Day. Since 2004, there's been an annual event designed to "Promote safer and more responsible use of online technology and mobile phones, especially amongst children and young people across the world." 2004 was a key year for several safety activities, encompassin...

[update]Two year old vulnerability used in ransomware attack against VMware ESXi

On Friday and over the weekend, several Computer Emergency Response Teams CERTs sounded the alarm about an ongoing large scale ransomware attack on VMware ESXi virtual machines. With some discrepancies between Shodan queries from various researchers, most agree that an estimated 500 entities were...

A week in security (January 30 - February 5)

Last week on Malwarebytes Labs: A private moment, caught by a Roomba, ended up on Facebook. Eileen Guo explains how: Lock and Code S04E03 New data wipers deployed against Ukraine Update your LearnPress plugins now! Riot Games refuses to pay ransom to avoid League of Legends leak Analyzing and...

Business Email Compromise attack imitates vendors, targets supply chains

Today we have a fascinating tale of a business email compromise BEC group steering clear of targeting executives, in favour of fouling up supply chains instead. The attack, which may sound overly complicated, is a fairly streamlined attack with the intention of making a lot of money. BEC: What is...

How the CISA catalog of vulnerabilities can help your organization

The Cybersecurity and Infrastructure Security Agency CISA maintains a "known exploited vulnerabilities catalog" which can be useful if you need help prioritizing the patching of vulnerabilities. In essence it is a long list of vulnerabilities that are actually being used by criminals to do harm,...

Cyberthreats facing UK finance sector "a national security threat"

As the reports covering all of 2022 start trickling in, we can see that cybercrime and other types of fraud had a major impact last year. Take for example the 2022 half year fraud update by UK Finance, which tells us that criminals stole a total of £609.8 million roughly $750 million through...

The rise of multi-threat ransomware

Today we have a ten minute YouTube expedition into the murky world of ransomware. In the video, "The rise of multi-threat ransomware" embedded below, I cover a couple of key talking points that always seem to come up in conversation. Single, double, triple? The video covers how ransomware made th...

Cybersecurity and privacy tips you can teach your 5+-year-old

Everything we teach our kids starts at home--we parents are their first teachers, after all. So, why wait for them to start going to school to start learning about cybersecurity and online privacy? Though it's hardly news that more and more children are being introduced to mobile computing device...

Ransomware in December 2022

Malwarebytes Threat Intelligence builds a monthly picture of ransomware activity by monitoring the information published by ransomware gangs on their dark web leak sites. This information represents victims who were successfully attacked but opted not to pay a ransom. Lockbit has rebounded from i...

Malwarebytes earns AV-TEST Top Product awards for fifth consecutive quarter

AV-TEST, a leading independent tester of cybersecurity solutions, has just ranked Malwarebytes as a Top Product for consumers and businesses for the fifth quarter in a row. Every two months, experts at AV-Test evaluate Windows antivirus software across three categories: Protection against malware...

GitHub revokes several certificates after unauthorized access

In a call to action, GitHub warned users of GitHub Desktop for Mac and Atom that it will revoke certificates which were exposed during unauthorized access to a set of repositories used in the planning and development of GitHub Desktop and Atom. Revoking these certificates will invalidate some...

Up to 10 million people potentially impacted by JD Sports breach

Were at the start of February, and news of breaches keeps on coming. In this case, though, while the news that 10 million JD Sports customers may have been impacted by a cyber attack has only just arrived, the data potentially accessed in that attack is already several years old. The danger zone ...

How to protect your business from supply chain attacks

Threat actors know that attacking the supply chain is not just a smart strategy but also a winning one. When American store Target found a Trojan designed to steal card details on its POS point-of-sale systems in 2013, no one expected that the route into its secure environment was its heating,...

40% of online shops tricking users with “dark patterns”

The European Commission has been looking at retail websites to see if they're misleading consumers with "dark patterns". Spoiler: Yes, they are. The Commission, along with the national consumer protection authorities of 23 EU member states, plus Norway and Iceland, have released the results of...

Google sponsored ads malvertising targets password manager

We have recently written about malvertising campaigns that leverage Google paid advertisements to try and trick people into downloading malware instead of the software they were looking for. This malware then stole login credentials from the affected system. Now, our researchers found that the...

Analyzing and remediating a malware infested T95 TV box from Amazon

A couple of weeks ago, security news outlets made their rounds reporting on an Android TV box available on Amazon that came pre-installed with malware. The findings came from a Canadian developer, Daniel Milisic, who posted on his GitHub. What Daniel found was an Android T95 TV box infected with...

Riot Games refuses to pay ransom to avoid League of Legends leak

After confirming threat actors were able to steal some of its code, Riot Games has also revealed that it received a ransom email from its attacker. The attackers demanding $10 million to stop them leaking source code from League of Legend's and other games. Riot's reply? Today, we received a rans...

Update your LearnPress plugins now!

Its time for a reminder to ensure all of your WordPress plugins are fully up to date or removed, if you don't need them. Bleeping Computer reports that as many as 75,000 WordPress sites may be open to several flaws in a plugin called LearnPress. Worse, the update tally for users of the plugin isn...

A private moment, caught by a Roomba, ended up on Facebook. Eileen Guo explains how: Lock and Code S04E03

In 2020, a photo of a woman sitting on a toilet--her shorts pulled half-way down her thighs--was shared on Facebook, and it was shared by someone whose job it was to look at that photo and, by labeling the objects in it, help train an artificial intelligence system for a vacuum. Bizarre? Yes...

New data wipers deployed against Ukraine

As war in Ukraine rages, new destructive malware continues to be discovered. In a recent tweet, the Ukrainian Computer Emergency Response Team CERT-UA named five wipers used against Ukrinform, Ukraines national news agency. It suspects a link to the Sandworm group. UPDATE: UAC-0082 suspected...

A week in security (January 23—29)

Last week on Malwarebytes Labs: T-Mobile reports data theft of 37 million customers in the US Ransomware revenue significantly down over 2022 Microsoft to end direct sale of Windows 10 licenses at the end of January TikTok CEO told to "step up efforts to comply" with digital laws 4 ways to protec...

Hive! Hive! Hive! Ransomware site submerged by FBI

On January 26, 2023, the United States Department of Justice DoJ released details about a disruption campaign against the Hive ransomware group. The disruption campaign has reportedly had access to Hive's infrastructure since July of 2022. Its access became public on Thursday when Hive's dark web...

What happened in privacy in 2022

Annual reviews of any years developments in privacy rarely lend themselves to pithy wrap-ups, but 2022 was different, providing the clearest example yet for so many people--American women in particular--that their privacy was not theirs to determine, and that the often-repeated refrain that priva...

5 facts about Vice Society, the ransomware group wreaking havoc on the education sector

Move over Lockbit, there's a new ransomware-as-a-service RaaS player in town attacking the education sector--and its name is Vice Society. Vice Society is believed to be a Russian-based intrusion, exfiltration, and extortion group. And their ideal prey? You guessed it: universities, colleges, and...

CISA releases advice on how to safeguard K–12 organizations

To help K-12 schools and school districts in their struggle against cybercrime the Cybersecurity & Infrastructure Security Agency CISA has released the report, Protecting Our Future: Partnering to Safeguard K-12 organizations from Cybersecurity Threats. A cybersecurity incident can significantly...

WhatsApp hijackers take over your account while you sleep

Late last week, Twitter user Zuk @ihackbanme tweeted an issue about WhatsApp that has the potential to turn heads. The recent WhatsApp accounts takeover is simple and genius. This is how it works: You're sleeping. A "hacker" tries to login to your account via WhatsApp. You get a text message with...