4663 matches found
Rackspace confirms it suffered a ransomware attack
It's not been a great week for cloud computing service provider Rackspace. On December 2, customers began experiencing problems connecting and logging into their Exchange environments. Rackspace started investigating and discovered an issue that affected its Hosted Exchange environments. Now...
Update now! NetGear routers’ default configuration allows remote attacks
NetGear has made a hotfix available for its Nighthawk routers after researchers found a network misconfiguration in the firmware allowed unrestricted communication with the internet facing ports of the device listening through IPv6. No auto-update The hotfix is available for the model RAX30, also...
Update now! Google patches Android vulnerability that allows remote code execution over Bluetooth
In the Android security bulletin of December 5, 2022 you can find an overview of the security vulnerabilities affecting Android devices that are fixed in patch level 2022-12-05 or later. The most severe of these issues is a critical security vulnerability in the System component that could lead t...
Ho, ho, no! Scams to avoid this festive season
Whether youve been naughty or nice, someone will try and stuff a scam down your chimney either way. The FBI is warning of several likely ways to be parted from your funds or logins, and were going to give some additional context along with tips to avoid these digital lumps of coal. Social media...
SIM swapper jailed for 18 months over crypto heist
Nicholas Truglia 25 from Florida was sentenced to 18 months on Thursday for his involvement in a digital heist that cost Michael Terpin @michaelterpin, a renowned personality in the cryptocurrency space, $23.8M. The theft happened on January 2018, where Truglia and his co-conspirators targeted...
Vehicle Identification Numbers reveal driver data via telematics
There are many ways that data collection, and data availability, make less sense as the years pass by. This is frequently accompanied by a resistance to change, to improve these processes, because "thats how weve always done it". Sadly this is often the case even when those data collectors have...
Lazarus group uses fake cryptocurrency apps to plant AppleJeus malware
The North Korean Lazarus Group, aka APT38, is one of the most sophisticated North Korean APTs. It's been active since 2009 and is responsible for many high profile attacks. In January of 2022 the Malwarebytes Intelligence Team uncovered a campaign where Lazarus conducted spear phishing attacks...
Watch out for this triple threat PayPal phish
ZDNet reports an interesting form of PayPal scam sent to one of their own writers. The scam is a so-called "triple threat" phish, in that it gives the scammer three different ways to potentially collect some ill gotten gains from potential victims. The idea is that if one of the three tactics...
"Baby dumped at the gate" post is a Facebook hoax
Every so often, bizarre but oddly believable scams do the rounds on Facebook. And so we have the latest: A tragic tale of a lost baby left outside the gate of someones house. The abandoned baby Facebook hoax springs into action A post made to Facebook December 1st by someone claiming to be in the...
Hive Social pulls the plug on itself after security flaws found
You may well have changed your social media site of choice recently, but that doesnt mean the security implications of less familiar sites and services can be ignored. For the sites themselves, coping with an influx of new users can be nothing short of a large headache. And even the more...
Update now! Emergency fix for Google Chrome's V8 JavaScript engine zero-day flaw released
On Friday, December 2, Google rolled out an out-of-band patch for an actively exploited zero-day vulnerability in its V8 JavaScript engine. The flaw could allow attackers to cause a system crash or execute potentially malicious code. That means you'll want to update Chrome to patch against this...
Snapchat gives Californians more power over their personal data
There's a new toggle switch in Snapchat that, once enabled, limits the use of sensitive personal information. TechCrunch reports that the switch is a new privacy feature Snapchat will be rolling out to comply with the California Privacy Rights Act CPRA, also known as Proposition 24. The act, whic...
Security advisories are falling short. Here's why, with Dustin Childs: Lock and Code S03E25
Decades ago, patching was, to lean into a corny joke, a bit patchy. In the late 90s, the Microsoft operating system OS Windows 98 had a supportive piece of software that would find security patches for the OS so that users could then download those patches and deploy them to their computers. That...
Eufy "no cloud" security cameras streaming data to the cloud
Eufy home security cameras are currently in a spot of trouble as a result of door camera footage. This is because it turns out that data which should not have been going to the cloud was doing so anyway in certain conditions. Securing your home: a complicated proposition Insecure cameras,...
A week in security (November 28 - December 4)
Last week on Malwarebytes Labs: Fraudster site iSpoof shut down, 142 arrested internationally 3 threats to watch out for this Cyber Monday Twitter user data leaks continue to drip from the faucet China-made equipment banned by FCC due to national security threat Sensitive police records stolen an...
Android is slowly mastering memory management vulnerabilities
Recently we wrote about why the NSA wants you to shift to memory safe programming languages. The short version is: If you ever read our posts describing security vulnerabilities, you will see a lot of phrases like "buffer overflow", "failure to release memory", "use after free", "memory...
Time to uninstall! Abandoned Android apps pack a vulnerability punch
Synopsis has published an advisory warning of multiple vulnerabilities across three different Android remote mouse and keyboard apps with a combined install count of about two million. The apps are at risk from remote code execution RCE, and theres no sign of a fix coming anytime, ever. Bleeping...
CISA and the FBI issue alert about Cuba ransomware
In the latest StopRansomware effort of publicizing ransomware information for network defenders, the Cybersecurity and Infrastructure Security Agency CISA and the Federal Bureau of Investigation FBI have issued a joint Cybersecurity Advisory CSA on the ransomware known as "Cuba." Though named...
Google sues "harassing and deceptive" impersonator
After receiving many complaints, Google has announced it has filed a lawsuit against a company that has made it its business to impersonate Google. The company going by the name of "G Verifier" deployed telemarketing and website tactics that were intended to persuade people they were doing busine...
LinkedIn introduces new security features to combat fake accounts
LinkedIn knows it has a problem with bots and fake accounts, and has acknowledged this on more than one occasion. For years, it has been aware of spam, fake job offers, phishing, fraudulent investments, and at times malware, and has been trying to combat those issues. In 2018, LinkedIn rolled out...
Malware on the Google Play store leads to harmful phishing sites
A family of malicious apps from developer Mobile apps Group are listed on Google Play and infected with Android/Trojan.HiddenAds.BTGTHB. In total, four apps are listed, and together they have amassed at least one million downloads. Older versions of these apps have been detected in the past as...
Police warn of fake law enforcement arrest warrant calls
Brownsville Police Department is warning about scammers impersonating law enforcement in order to extract money from potential victims. The scam involves pressure from an immediate threat, several ways to extract yourself from this non-existent claim of wrongdoing, and multiple levels of...
Raccoon Stealer admin will be extradited to the US, charged for computer crimes
The US Department of Justice has indicted a Ukrainian national for his involvement in Raccoon Stealer, a noteworthy password-stealing Trojan leased in the underground for criminals to use as part of a malware-as-a-service MaaS business model. According to court documents, Mark Sokolovsky, 26, is...
Raspberry Robin worm used as ransomware prelude
Raspberry Robin aka Worm.RaspberyRobin started out as an annoying, yet relatively low-profile threat that was often installed via USB drive. First spotted in September 2021, it was typically introduced into a network through infected removable drives, often USB devices. Now the worm has been foun...
A week in security (October 24 - 30)
Last week on Malwarebytes Labs: Lock and Code: A gym heist in London goes cyber Healthcare site leaks personal health information via Google and Meta tracking pixels An odd kind of cybercrime: Gift vouchers, medical records, and...food Cisco warns of ISE vulnerability with no fixed release or...
A Chrome fix for an in-the-wild exploit is out—Check your version
Google has announced an update for Chrome that fixes an in-the-wild exploit. Chrome Stable channel has been updated to 107.0.5304.87 for Mac and Linux, and 107.0.5304.87/.88 for Windows. The vulnerability at hand is described as a type confusion issue in the V8 Javascript engine. Mitigation If...
What is ransomware-as-a-service and how is it evolving?
Ransomware attacks are becoming more frequent and costlier--breaches caused by ransomware grew 41 percent in the last year, the average cost of a destructive attack rising to $5.12 milllion. Whats more, a good chunk of the cyber criminals doing these attacks operate on a ransomware-as-a-service...
Dormant Colors browser hijackers could be used for more nefarious tasks, report says
Researchers from Guardio, a cybersecurity company specializing in web browser protection, recently revealed a campaign involving a trove of popular yet malicious extensions programmed to steal user searches, browsing data, and affiliation to thousands of targeted sites. Nicknamed "Dormant Colors,...
Medibank customers' personal data compromised by cyber attack
Australian health care insurance company Medibank confirmed that the threat actor behind a cyberattack on the company had access to the data of at least 4 million customers. Although Medibank at first said that there was "no evidence that customer data has been accessed," a week later their...
Maintenance Mode aims to keep phone data private during repairs
One of the biggest data related headaches youll face with a mobile device is what do to in the event of a repair. When you have to send your phone in for a fix, what happens to your data? In many cases, the repair technicians will simply scrub the phone by default unless you ask them not to. In...
Fake Proof-of-Concepts used to lure security professionals
Researchers from the Leiden University published a paper detailing how cybercriminals are using fake Proof-of-Concepts PoCs to install malware on researchers' systems. The researchers found these fake PoCs on a platform where security professionals would usually expect to find them--the public co...
New streaming ad technology plays hide-and-seek with gamers
A new form of digital advertising is looking to make its way to you courtesy of video gaming. However, theres a rather peculiar twist involved. These ads wont appear in front of you while playing; in fact, theyre designed to trigger when someone else is in-game. The most baffling twist of all?...
Critical OpenSSL fix due Nov 1—what you need to know
A fix for a critical issue in OpenSSL is on the way, announced in advance of its release on November 1, 2022, in a four hour window between 13:00 UTC and 17:00 UTC. The release, version 3.0.7, will address a critical vulnerability for all versions of the software starting with a 3. Versions...
Chrome users, you have 3 months to say goodbye to Windows 7 and 8.1
After keeping Chrome running on early Windows versions for two extra years, giving IT administrators time to update, Google has decided it won't delay any further: Unless organizations upgrade to Windows 10 or 11 next year, they won't be able to use Chrome. Browsers based on Chrome, such as Brave...
US agencies issue warning about DAIXIN Team ransomware
The FBI, Cybersecurity and Infrastructure Security Agency CISA, and the Department of Health and Human Services HHS have issued a joint advisory about DAIXIN Team, a fledgling ransomware and data exfiltration group that has been targeting US healthcare. First spotted in June 2022, the DAIXIN Team...
Point-of-sale malware used to steal 167,000 credit cards
In the 19 months between February 2021 and September 2022, two point-of-sale POS malware operators have stolen more than 167,000 payment records, mainly from the US, according to researchers at Group-IB. The researchers were able to retrieve information about infected machines and compromised...
iPhone zero-day. Update your devices now!
It's time to update your Apple devices to ward off a zero-day threat discovered by an anonymous researcher. As is customary for Apple, the advisory revealing this attack is somewhat threadbare, and doesn't reveal a lot of information with regard to what's happening, but if you own an iPad or iPho...
Malformed signature trick can bypass Mark of the Web
Mark of the Web MOTW--the technology that ensures Windows pops a warning message when trying to open a file downloaded from the Internet--is back in the news, but unfortunately not in a good way. Bleeping Computer reports that a recently uncovered but somewhat old bug has been unearthed which hel...
A cyber threat hunter talks about what he’s learned in his 16+ year cybersecurity career
Hiep Hinh is a Principal MDR Analyst at Malwarebytes, where he supports 24/7/365 Managed Detection and Response MDR efforts. Hiep has over 16 years of experience in the cybersecurity and intelligence fields, including for the US Army as an intelligence analyst and for the Airforce Computer...
Cisco warns of ISE vulnerability with no fixed release or workaround
Cisco has published a security advisory for a vulnerability in the web-based management interface of Cisco Identity Services Engine ISE that could allow an authenticated, remote attacker to read and delete files on an affected device. The bug, with a CVSS score of 7.1 has no patch and no...
A gym heist in London goes cyber
A thief has been stalking London. This past summer, multiple women reported similar crimes to the police: While working out at their local gyms, someone snuck into the locker rooms, busted open their locks, stole their rucksacks and gym bags, and then, within hours, purchased thousands of pounds ...
An odd kind of cybercrime: Gift vouchers, medical records, and...food
Someone with a gift for technology but a nasty habit of using it for very bad things has been spared from going to jail with a suspended sentence. Peter Foy, 18 at the time of his antics, racked up a remarkable, and slightly peculiar, list of compromises before being brought before the court. A...
Healthcare site leaks personal health information via Google and Meta tracking pixels
Advocate Aurora Health has disclosed that by visiting its websites users may have shared personal information, and possibly protected health information PHI, with Google and Meta Facebook. Advocate Aurora Health is the 11th largest not-for-profit, integrated health system in the US and provides...
A week in security (October 17 - 23)
Last week on Malwarebytes Labs: Thermal cameras could help reveal your password How to spot a scam Warning: "FaceStealer" iOS and Android apps steal your Facebook login Criminal group busted after stealing hundreds of keyless cars Fake tractor fraudsters plague online transactions DeadBolt...
Former cop abused unrevoked system access to extort women
When Bryan Wilson, a former Louisville Metropolitan Police Department LMPD officer in Kentucky, pleaded guilty to cyberstalking charges in June, details of his crime weren't revealed. Now they have. A new court document discloses facts about how he stole sexually explicit photos and videos from...
Looking for student debt relief? Watch out for scammers says the FBI
The FBI believes that scammers may be after people applying for the One-Time Federal Student Loan Debt Relief, a program announced by the Biden-Harris Administration in August 2022 that provides up to $20,000 in student loan debt relief. In a recent public service announcement, the agency warned ...
Gas, a positive social network for teens (no, really)
A new social network is currently in the news, billed as a positive space for teens to enjoy themselves. Im all for positive spaces online, but what is it, and will teens really be happier there than say Instagram, or even just hanging out in WhatsApp groups? Pump the gas Launched in August of th...
Third-party application patching: Everything you need to know for your business
Patch management that is consistent and efficient has never been more critical in keeping your security infrastructure up to date and secure. Although todays endpoint management solutions include patch management functionalities, third-party patching is an area that shouldnt be forgotten. In this...
Suspected LAPSUS$ group member arrested in Brazil
The Brazilian Federal Police have arrested a suspect after an investigation into last year's breach of the Brazilian Ministry of Health. Responsibility for the breach was claimed by the LAPSUS$ group, when users found a message stating that system data had been copied and deleted and was in the...
Microsoft breach reveals some customer data
Microsoft customers find themselves in the middle of a data breach situation. The Microsoft Security Response Center blog reports that researchers reported a misconfigured Microsoft endpoint on September 24. This miscongifuration resulted in the possibility of "unauthenticated access to some...