4663 matches found
New PHP-based Ducktail infostealer is now after crypto wallets
A phishing campaign known to specifically target employees with access to their company's Facebook Business and Ads accounts has significantly widened its net and begun using a first-of-its-kind information-stealing malware to go after crypto wallets. The Ducktail Woo-ooh! campaign was first made...
Venus ransomware targets remote desktop services
Its time for another tale of remote desktop disaster, as a newish form of ransomware carves out a name for itself. Bleeping Computer reports that individuals behind Venus ransomware are breaking into "publicly exposed Remote Desktop services", with the intention of encrypting any and all Windows...
Microsoft fixes driver blocklist placing users at risk from BYOVD attacks
There may be an all-new acronym for you to try and remember, as a result of Microsoft fixing a lingering issue. This issue is called Bring Your Own Vulnerable Driver BYOVD, and BYOVD has been popping up in various forms for the last few months. These attacks may have been less impactful if a...
5 essential security tips for SMBs
In any business, the security of each computer is intimately connected to the security of every other computer. Interconnectedness allows attackers to turn a breach, a fault, or an oversight on one machine into access on all the machines its connected to. That means any attack on any computer is ...
Man scammed IRL for a phone he sold online
If youre looking to sell an item which youve advertised online, be on your guard. Even when everything looks to be working as it should, things can go wrong very quickly as one unfortunate IT graduate recently discovered. You would think that theres no way the in-person sale of an expensive devic...
Ransomware attack freezes newspaper printing system
Several German newspapers were left unable to release printed versions of their papers after a ransomware attack affected their printing systems. Speaking to BleepingComputer, Uwe Ralf Heer, editor-in-chief of Heilbronn Stimme, said the attack hit the entire Stimme Mediengruppe media group, which...
Why Log4Text is not another Log4Shell
The Apache Software Foundation has acknowledged a vulnerability in Apache Commons Text, a library focused on algorithms for string manipulation. The vulnerability has been assigned CVE-2022- 42889, but security researchers have dubbed it Log4Text. The name provides an immediate association with...
DeadBolt ransomware gang tricked into giving victims free decryption keys
Dutch police and other law enforcement agencies have managed to trick the DeadBolt ransomware operators into releasing 150 decryption keys for free. The method of obtaining decryption keys was found by a Dutch incident response company called Responders.NU, who shared the method with the police...
How to spot a scam
Unfortunately, scams are a fact of life online. The virtual ties that bind us are international now: Our public telephone numbers, social media accounts, email addresses, messaging apps, dating profiles, and even our physical mailboxes, can all be reached by any criminal and con artist from...
Warning: "FaceStealer" iOS and Android apps steal your Facebook login
Earlier this month, security researchers from Meta found 400 malicious Android and iOS apps designed to steal user Facebook login credentials. Such mobile malware, which Malwarebytes detects typically as Android/Trojan.Spy.Facestealer, usually arrives as an app disguised as a useful or entertaini...
Criminal group busted after stealing hundreds of keyless cars
Europol has disclosed an international operation in which 31 suspects were arrested, 22 locations were searched, and over one million Euros in criminal assets were seized. The organized criminal gang specialized in stealing French keyless cars. Among the arrested were the software developers that...
Fake tractor fraudsters plague online transactions
The agriculture sector has been under fire from digital attacks for some time now. The primary problem so far has been ransomware, and law enforcement recently warned that malware authors may be gearing up to time their attacks in this sector for maximum damage. The FBI highlighted that attacks...
Thermal cameras could help reveal your password
Thermal imaging cameras detect heat energy, a helpful tool for engineers when hunting for thermal insulation gaps in buildings. But did you know that such devices can now aid in password theft? Because these devices are sold a lot cheaper than they used to, pretty much anyone can get their hands ...
A week in security (October 10 - 16)
Last week on Malwarebytes Labs: Teen talk: What it's like to grow up online, and the role of parents: Lock and Code S03E21 White House unveils Blueprint for an AI Bill of Rights Credential stuffers take aim at Final Fantasy XIV players Meta accuses apps of stealing WhatsApp accounts Smart lights...
Android and iOS leak some data outside VPNs
Virtual Private Networks VPNs on Android and iOS are in the news. Its been discovered that in certain circumstances, some of your traffic is leaked so it ends up outside of the safety cordon created by the VPN. Mullvad, the discoverers of this Android "feature" say that it has the potential to...
FBI, CISA warn of disinformation ahead of midterms
In less than four weeks, the balance of power in the US House of Representatives and Senate will be up for grabs, along with a host of gubernatorial seats, and positions at the state and municipal levels. With everyone preparing to cast their ballots, the FBI and the Cybersecurity and...
Introducing Malwarebytes Managed Detection and Response (MDR)
With our Managed Detection and Response MDR service now generally available for businesses and MSPs, you may be wondering: What is MDR, how does Malwarebytes MDR work, and do I need it? Underpinned by our award-winning EDR technology, Malwarebytes MDR offers powerful and affordable threat...
Android and Chrome start showing passwords the door
Google has announced that it's bringing passkey support to both Android and Chrome. On May 5, 2022, it said it would implement passwordless support in Android and Chrome and the latest annoncement about passkeys is an important step in that journey. Passkeys Passkeys are a replacement for...
Chinese APT's favorite vulnerabilities revealed
In a joint cybersecurity advisory, the National Security Agency NSA, the Cybersecurity and Infrastructure Security Agency CISA, and the Federal Bureau of Investigation FBI have revealed the top CVEs used by state-sponsored threat actors from China. The advisory aims to "inform federal and state,...
Only half of teens agree they "feel supported online" by parents
Not enough children and teenagers trust their parents to support them online, and not enough parents know exactly how to give the support their children need. Those are some of the latest findings from joint research conducted this summer by Malwarebytes and 1Password, which we have published tod...
UK government sounds alarm on tax scams
The UK government has issued a warning for people to be on their guard against fake tax rebate scams as they gearing up to fill out their 2021/22 tax returns. Ensuring your self-employed documents are correct and accurate can be a complicated business at the best of times. Having to worry about...
Update now! October patch Tuesday fixes actively used zero-day...but not the one you expected
Microsoft fixed 84 vulnerabilities in its October 2022 Patch Tuesday updates. Thirteen of them received the classification 'Critical'. Among them are a zero-day vulnerability that's being actively exploited, and another that hasnt been spotted in the wild yet. The bad news is that the much-desire...
Winnti APT group docks in Sri Lanka for new campaign
In early August, the Malwarebytes Threat Intelligence team identified a new attack targeting government entities in Sri Lanka. The threat actors used multiple layers of protection and techniques to make analysis harder and hide their final payload. However, based on tactic, techniques and...
Top 5 ransomware detection techniques: Pros and cons of each
In the fight against ransomware, much of the discussion revolves around prevention and response. Actually detecting the ransomware, however, is just as important to securing your business. To understand why, just consider the following example. Lets say youre a farmer taking care of a flock of...
An 18 year scam odyssey of stranded astronauts
There is a semi-mythical scam which comes around every couple of years, like some sort of digital bad luck version of Halleys Comet. Instead of flood, famine, and the death of Kings, it brings confusion, some level of hilarity, and a slice of sheer disbelief. Unfortunately it also threatens to...
Security awareness campaign highlights things your bank will never say
If you like anti-phishing efforts, hashtags, and confusing but colourful video games, youll be interested to know that a security initiative involving all three is now live. The American Bankers Association and other banks in the US are involved in an awareness campaign tied in with National...
Court rules webcam monitoring of remote employee was an invasion of privacy
A Dutch court has ruled that the decision to fire a remote employee because he refused to keep his webcam on during working hours was unjustified. The employee worked remotely for a Florida-based software development company with a Dutch office. The court ruled that the request to keep the webcam...
Smart lights vulnerable to "blink and you'll miss it" attack
Over the last couple of years, key parts of our daily lives have been sliding into some form of Internet connectivity. Smartphones and other devices have become necessities. Paying bills? Those systems have moved online. Tax? Online. Wage slips and bank statements? Its paperless time. Welfare...
Meta accuses apps of stealing WhatsApp accounts
Meta is attempting to clamp down on rogue WhatsApp-styled applications which originate from China. Bleeping Computer reports that no fewer than one million WhatsApp accounts have been compromised, allegedly as a result of using these apps which are claimed to bundle malware. Dubious apps The apps...
Teen talk: What it's like to grow up online, and the role of parents: Lock and Code S03E21
Growing up is different for teens today. Issues with identity, self-expression, bullying, fitting in, and trusting your friends and family--while all those certainly existed decades ago, they were never magnified in quite the same way that they are today, and that's largely because of one enormou...
Credential stuffers take aim at Final Fantasy XIV players
Square Enix, the company behind video games like Final Fantasy XIV, reports that a third party is attempting to gain access to its Account Management System. How is this happening, and what are the risks? More importantly, what do you need to do to ensure your accounts are safe from harm?...
White House unveils Blueprint for an AI Bill of Rights
On Tuesday, the Biden-Harris Administration's Office of Science and Technology Policy OSTP unveiled a new Blueprint for an AI Bill of Rights, which lists five principles to guide the design, use, and development of intelligence-based automated systems "to protect the American public in the age of...
A week in security (October 3 – 9)
Last week on Malwarebytes Labs: Romance scammer deepfakes Mark Ruffalo to con elderly artist Actively exploited vulnerability in Bitbucket Server and Data Center Ransomware-affected school district refuses to pay, gets stolen data released Ransomware review: September 2022 Huge increase in smishi...
Romance scammer given 25 years of alone time
Romance scams are often low risk, high reward strategies for ciminals, who use them to steal large sums of money from vulnerable people in the cruellest ways possible. Once the victim wires the cash, theres a good chance that its never coming back. The perpetrator has almost certainly covered the...
Malwarebytes' modernized bug bounty program—here's all you need to know
Malwarebytes welcomes and encourages independent researchers reporting vulnerabilities in our products, and has run a bug bounty program for several years. Our security team has spent the last few months modernizing the program and we thought you'd like to hear about it. What is a bug bounty...
Android vulnerabilities could allow arbitrary code execution
Several vulnerabilities have been patched in the Google Android operating system OS, the most severe of which could allow for arbitrary code execution. None of the vulnerabilities have been spotted in the wild. Operating systems contain and manage all the programs and applications that a computer...
Hundreds of Microsoft SQL servers found to be backdoored
Researchers at DCSO CyTec recently found a backdoor that specifically targets Microsoft SQL servers. The malware acts as an Extended Stored Procedure, which is a special type of extension used by Microsoft SQL servers. After scanning approximately 600,000 servers worldwide, they found 285 servers...
Data Access Agreement offers a new path for UK - US data requests
Requesting data for the purposes of law enforcement may be about to become a little easier for the British Government. The Data Access Agreement DAA went live on Monday this week. The DAA is authorised by something called the Clarifying Lawful Overseas Use of Data CLOUD Act, which itself has come...
Cyberstalking, pig masks, and cockroaches: Former eBay execs are sentenced
The former Senior Director of Safety & Security at eBay, and the companys former Director of Global Resiliency, have been sentenced to prison for their roles in a cyberstalking campaign. The targets of the campaign were the editor and publisher of a newsletter that eBay executives viewed as...
BOD 23-01: Improving asset visibility and vulnerability detection on federal networks
On October 3, 2022, the Cybersecurity and Infrastructure Security Agency CISA issued Binding Operational Directive 23-01 BOD 23-10. This directive requires all Federal Civilian Executive Branch FCEB entities to maintain an inventory of all IPv4- and IPv6-networked assets, perform regular, periodi...
Admin from hell facing 10 years for sabotaging ex-employer's network
The perils of the insider threats are often talked about in abstract terms, probably because most organisations want to keep a lid on internally-based bad actors. Every so often, concrete details emerge to highlight what a thoroughly rotten day a rogue employee can inflict on everybody else thoug...
Bogus job offers hide trojanised open-source software
Microsoft researchers are warning of fake job offers where the only actual compensation available is a golden handshake of malware and trickery. The campaign targets those with technical know-how because, despite what some may think, scams are for everybody, not just people unfamiliar with tech...
Kim Kardashian gets huge fine for crypto ad
The Securities and Exchange Commission SEC announced in a recent press release that it's charging celebrity influencer Kim Kardashian for violating Section 17b of the Securities Act of 1933, or the anti-touting provision. Kardashian was paid to promote EthereumMax or EMAX, a crypto asset security...
TikTok's "secret operation" tracks you even if you don't use it
Consumer Reports CR, a US-based nonprofit consumer organization, has revealed that TikTok gathers data on people who don't even use the app itself. If this sounds familiar, it's because it's happened before. Meta's near-omnipresence wherever you are online enabled it to gather data on users, even...
Huge increase in smishing scams, warns IRS
The Internal Revenue Service IRS has issued a warning for taxpayers about a recent increase in IRS-themed smishing scams aimed at stealing personal and financial information. Smishing is short for SMS phishing, where the phishes are sent via text message. The IRS has identified and reported...
Ransomware review: September 2022
Malwarebytes Threat Intelligence builds a monthly picture of ransomware activity by monitoring the information published by ransomware gangs on their Dark Web leak sites. This information represents victims who were successfully attacked but opted not to pay a ransom. This article is also availab...
Ransomware-affected school district refuses to pay, gets stolen data released
Data stolen from Los Angeles Unified School District has been leaked online, after staff refused to pay the ransom related to a ransomware attack. The attackers threatened to release the data if the ransom wasn't paid, and so release it they did. The double extortion tactic Threatening to release...
Actively exploited vulnerability in Bitbucket Server and Data Center
On September 29, 2022 the Cybersecurity & Infrastructure Security Agency CISA added three vulnerabilities to the catalog of known to be exploited vulnerabilities. One of them is a vulnerability in Atlassians Bitbucket Server and Data Center. The other two are the Exchange Server zero-day...
Romance scammer deepfakes Mark Ruffalo to con elderly artist
Deepfakes have settled into a groove, as most scam techniques do. It seems most deepfakers have decided to make as much cash as possible from unsuspecting victims instead of doing anything particularly earth-shattering with their technology. One curious twist we may not have seen coming is the...
A week in security (September 26 – October 2)
Last week on Malwarebytes Labs: Why almost everything we told you about passwords was wrong Two new Exchange Server zero-days in the wild Local government cybersecurity: 5 best practices Optus data breach "attacker" says sorry, it was a mistake Fast Company hacked to send obscene and racist...