4662 matches found
Google flags man as sex abuser after he sends photos of child to doctor
Mark noticed something was wrong with his son. His penis was hurting and appeared to be swollen. Since it was a Saturday during the pandemic, an emergency consultation was scheduled by video. So the doctor could assess the problem ahead of time, the parents were advised to send photos of their...
Criminals socially engineer their way to bank details with fake arrest warrants
When an organization experiences a massive data breach, it knows at least that it needs to inform the federal government about the cybersecurity incident, get law enforcement involved, and then inform its clients and affiliates. Seems simple enough, but this process, which countries from the West...
Reddit users crowdsourcing explicit images and identities
The BBC is warned of a large photograph trading ring which operated on popular group forum site Reddit. These warnings are in relation to stolen nude photographs and other content shared without permission. In this case, even non-explicit photos are being posted alongside frequently degrading and...
CISA wants you to patch these actively exploited vulnerabilities before September 8
On Thursday, CISA the US Cybersecurity and Infrastructure Security Agency updated its catalog of actively exploited vulnerabilities by adding seven new entries. These flaws were found in Apple, Google, Microsoft, Palo Alto Networks, and SAP products. CISA set the due date for everyone to patch th...
Cryptojackers growing in numbers and sophistication
With rising energy costs and increased volatility in the value of cryptocurrencies, we were bound to see a rise in malicious cryptomining, aka cryptojacking. If you dont know whether you will ever see a return on your investments in mining equipment, one will look for other opportunities. But if...
A week in security (August 15 - August 21)
Last week on Malwarebytes Labs: Donut breach: Lessons from pen-tester Mike Miller: Lock and Code S03E17 Introducing Malwarebytes Cloud Storage Scanning: How to scan for malware in cloud file storage repositories JSSLoader: the shellcode edition CISA and FBI issue alert about Zeppelin ransomware H...
Tech support scammers target Microsoft users with fake Office 365 USB sticks
Microsoft is a hot target for scammers and acts of fraud. For example, tech support scam websites cover themselves in Windows branding and messages. Phone scammers claim to be calling directly from Microsoft. If its not a Bill Gates themed lottery spam mail in your mailbox, its a fake Excel...
Explained: Steganography
Steganography is the prime example of effectively hiding something in plain sight. The word steganography comes from the Greek words "stegos" meaning "cover" and "grafia" meaning "writing." Steganography, then, is defined as "covered writing." In essence, we use the name steganography for every...
Spying on the spies. See what JavaScript commands get injected by in-app browsers
Developer and privacy expert Felix Krause aka KrauseFx announced this week that he had introduced a simple tool to list the JavaScript commands executed by iOS apps when they deployed an in-app web browser to render webpages. He already shared some eye-opening results on his Twitter feed. By...
Business Services industry targeted across the country for backdoor access
The presence of so many hacking tools in the detections for the Business Services industry tells a story about these organizations being targeted for not only infection, but to establish backdoors and likely gain access to customers of the organizations through the victims network. Just like...
Attackers waited until holidays to hit US government
The government industry in the United States dealt with heavy hitting breaches against local, federal, and state government networks, primarily during the first quarter of 2021. Our telemetry revealed a small spike in a generic backdoor detection, known as Backdoor.Agent, during March of 2021,...
How IT teams can prevent phishing attacks with Malwarebytes DNS filtering
Phishing attacks are a persistent threat to businesses globally. According to Verizon, 82 percent of data breaches in 2021 involved the human element--with phishing attacks making up over 60 precent of these. And if it aint broke, dont fix it: threat actors have only continued to use phishing to...
Bad rhythm: Janet Jackson song resonates poorly with some old hard drives
Janet Jacksons Rhythm Nation music video would have caused quite the commotion back in the old Windows XP days. If youre still running a certain model of an OEM hard drive from the Windows XP days, you may still be liable to experience the same thing today. However, said commotion was not solely...
Urgent update for macOS and iOS! Two actively exploited zero-days fixed
Apple has released emergency security updates to fix two zero-day vulnerabilities previously exploited by attackers to hack iPhones, iPads, or Macs. Publicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures CVE database. Its goal is to make it easier to sha...
$6 million heist targets video game skin trading site
An incredibly popular digital item trading site has suffered a spectacular loss at the hands of wily attackers. According to Bleeping Computer, CS Money lost out on $6 million via just 20,000 pilfered items. How did this happen, and why are digital items so popular in the first place? The digitiz...
Nearly 2,000 Signal users affected by Twilio phishing attack
New findings following the Twilio phishing attack revealed that Signal, one of its high-value clients and a popular encrypted messaging platform, was particularly affected. 1,900 of its users had their phone numbers and SMS registration codes exposed. However, Signal reassured users that the...
Update Chrome now! Google issues patch for zero day spotted in the wild
Google updated the Stable channel for Chrome to 104.0.5112.101 for Mac and Linux and 104.0.5112.102/101 for Windows which will roll out over the coming days/weeks. Extended stable channel has been updated to 104.0.5112.101 for Mac and 104.0.5112.102 for Windows , which will roll out over the comi...
Ransomwater confusion, does the criminal know who the victim is?
When we say that attribution is always tricky, we are obviously only seeing the half of it. Apparently sometimes even the cybercriminals are not always clear on which company they breached. Clop ransomware put out a statement that they breached Thames Water when in reality their victim was South...
How to secure a Windows PC for your kids
With the return to school fast approaching, it's time to ready the things your kids will need to pass the next year with flying colors. Increasingly, that means computing devices, which means you'll need to spend time thinking about the safety and security of what they will be using. In our "Back...
CISA and FBI issue alert about Zeppelin ransomware
The Federal Bureau of Investigation FBI and the Cybersecurity and Infrastructure Security Agency CISA have released a joint Cybersecurity Advisory CSA about Zeppelin ransomware. The advisory contains indicators of compromise IOCs and tactics, techniques, and procedures TTPs associated with...
JSSLoader: the shellcode edition
The Malwarebytes Threat Intelligence team observed a malspam campaign in late June that we attribute to the FIN7 APT group. One of the samples was also reported on Twitter by Josh Trombley; during execution, it was observed to drop a secondary payload, written in .NET. Details about FIN7 campaign...
Introducing Malwarebytes Cloud Storage Scanning: How to scan for malware in cloud file storage repositories
Were excited to announce Malwarebytes Cloud Storage Scanning, a new service that extends Nebula malware scanning options to include files stored on cloud storage repositories that are part of your organizations digital ecosystem. Today, the service supports scanning of files under 100Mb in size...
A week in security (August 8 - August 14)
Last week on Malwarebytes Labs: KMSpico explained: No, KMS is not "kill Microsoft" Twitter data breach affects 5.4M users Can your EDR handle a ransomware attack? 6-point checklist for an anti-ransomware EDR Twilio breached after social engineering attack on employees Summer of exploitation leads...
Donut breach: Lessons from pen-tester Mike Miller: Lock and Code S03E17
When Mike Miller was hired by a client to run a penetration test on one of their offices, he knew exactly where to start: Krispy Kreme. Equipped with five dozen donuts the boxes stacked just high enough to partially obscure his face, Miller said, Miller walked briskly into a side-door of his...
Anti-tracking tool tells you if you're being followed
If there is one thing we know about the people around us, even the perfect strangers, it's that they almost all have smartphones. And those smartphones aren't merely passive receivers, they're broadcasting constantly, looking for things you might want to connect to. Advertisers have exploited the...
Viral video drives malvertising on social media platform
This blog post was authored by Jerome Segura Viral content shared on social media is highly coveted since it gets a lot of impressions and engagement. Unfortunately, the people who push this kind of content don't always have the best of intentions. We recently identified a malvertising campaign o...
Researchers found one-click exploits in Discord and Teams
A group of security researchers have discovered a series of vulnerabilities in Electron, the software underlying popular apps like Discord, Microsoft Teams, and many others, used by tens of millions of people all over the world. Electron is a framework that allows developers to create desktop...
[updated] Thousands of Zimbra mail servers backdoored in large scale attack
Researchers at Volexity have discovered that a known vulnerability has been used in a large scale attack against Zimbra Collaboration Suite ZCS email servers. But the vulnerability was supposed to be hard to exploit since it required authentication. So they decided to dig deeper. An incomplete fi...
Slack flaw exposed users' hashed passwords
Slack, the workplace communication platform, has notified some of its users that their hashed passwords have been subject to exposure for the last five years. The company wasnt specific in its notice, but Wired said that the flaw was in one of its "low-friction features". The flaw exposed hashed...
Now it's BlenderBot's turn to make shocking, inappropriate, and untrue remarks
Last Friday, Meta unveiled its new BlenderBot 3 AI chatbot, a conversational AI prototype. The company said its chatbot is designed to learn by having natural conversations with people online. It also improves its skills via human feedback. Meta also asserts with confidence that the more the AI...
Update now! Microsoft fixes two zero-days in August's Patch Tuesday
Microsoft has published fixes for 141 separate vulnerabilities in its batch of August updates, fixing a total of 118 CVEs in multiple products. This is a new monthly record if you look at the CVE count. Publicly disclosed computer security flaws are listed in the Common Vulnerabilities and...
5 cybersecurity tips for students going back to school
The new school season is just around the corner. And while you are getting ready to go back to school, now is a good opportunity to check you are doing all you can to stay as safe as possible online. Make sure you are doing these five things: 1. Use multi-factor authentication MFA MFA has become ...
Summer of exploitation leads to healthcare under fire
May 2021 was a tough month for the Healthcare and Medical sector-the most notable threat trend at the time was the heavy use of a new popular exploit against Dell systems, leading to immense effort by attackers to utilize the exploit before it became less effective due to patching. During this...
Education hammered by exploits and backdoors in 2021 and 2022
In May of 2021, education underwent a siege of exploit attempts using the vulnerability CVE-2021-21551, which exploits a Dell system driver bug and helps attackers to gain access to a network. Considering that many schools across the United States use Dell hardware, its understandable to see such...
Twilio breached after social engineering attack on employees
Cloud-based communication platform provider Twilio has announced a breach via a social engineering attack on employees. On August 4, 2022, Twilio says it became aware of unauthorized access to information related to a limited number of Twilio customer accounts, through the social engineering atta...
Can your EDR handle a ransomware attack? 6-point checklist for an anti-ransomware EDR
Most cybersecurity experts agree that having Endpoint Detection and Response software is essential to fighting ransomware today--but not every EDR is equal. Businesses, especially small-to-medium sized ones with limited budget or IT resources, need to make sure that their EDR is cost-effective,...
Twitter data breach affects 5.4M users
Twitter has confirmed that it was breached last month via a now-patched 0-day vulnerability in Twitters systems, allowing an attacker to link email addresses and phone numbers to user accounts. This enabled the attacker to compile a list of 5.4 million Twitter user account profiles. "We want to l...
A week in security (August 1 – 7)
Last week on Malwarebytes Labs: Have we lost the fight for data privacy? Lock and Code S03E16 Wrestling star Mick Foley’s Twitter compromised, selling PS5 consoles Millions of Arris routers are vulnerable to path traversal attacks When a sextortion victim fights back How to protect yourself and...
KMSpico explained: No, KMS is not "kill Microsoft"
Thanks to Pieter Arntz and the Threat Intelligence Team who contributed to the research. A hack tool is a program that allows users to activate software even without a legitimate, purchased key. Hack tools are often used to root devices in order to among others remove barriers that stop users fro...
A week in security (August 1 - August 7)
Last week on Malwarebytes Labs: Have we lost the fight for data privacy? Lock and Code S03E16 Wrestling star Mick Foleys Twitter compromised, selling PS5 consoles Millions of Arris routers are vulnerable to path traversal attacks When a sextortion victim fights back How to protect yourself and yo...
Patch now! Cisco VPN routers are vulnerable to remote control
Cisco has released a security advisory about several vulnerabilities in the Cisco Small Business RV series routers, covering the RV160, RV260, RV340, and RV345. There are no workarounds available that address these vulnerabilities, so you need to patch. Vulnerabilities The vulnerabilities are...
Phishy calls and emails play on energy cost increase fears
Gas and electricity price concerns are rife at the moment, with spiralling costs and bigger increases waiting down the line. Sadly this makes the subject valuable material for fraudsters, playing into peoples fears with a dash of social engineering to make them worse off than they were previously...
Patch now! Cisco VPN routers are vulnerable to remote control
Cisco has released a security advisory about several vulnerabilities in the Cisco Small Business RV series routers, covering the RV160, RV260, RV340, and RV345. There are no workarounds available that address these vulnerabilities, so you need to patch. Vulnerabilities The vulnerabilities are...
Phishy calls and emails play on energy cost increase fears
Gas and electricity price concerns are rife at the moment, with spiralling costs and bigger increases waiting down the line. Sadly this makes the subject valuable material for fraudsters, playing into people's fears with a dash of social engineering to make them worse off than they were previousl...
DHS says to update your Emergency Alert Systems immediately
The Department of Homeland Security has issued an advisory after vulnerabilities were found in its Emergency Alert Systems EAS. EAS technology is designed to fire out warning messages during times of national emergency. It can be used to warn of coastal flooding, earthquakes, child abduction,...
FCC warns of steep rise in phishing over SMS
After the FCC Federal Communications Commission made a huge splash weeks ago when it told Google and Apple to pull TikTok from their respective app stores, the federal agency is now warning Americans of an increased wave of SMS phishing attacks. SMS phishing, otherwise known as smishing or...
Ransomware review: July 2022
Malwarebytes Threat Intelligence builds a monthly picture of ransomware activity by monitoring the information published by ransomware gangs on their Dark Web leak sites. This information represents victims who were successfully attacked but opted not to pay a ransom. In July, LockBit maintained...
Ransomware review: July 2022
Malwarebytes Threat Intelligence builds a monthly picture of ransomware activity by monitoring the information published by ransomware gangs on their Dark Web leak sites. This information represents victims who were successfully attacked but opted not to pay a ransom. In July, LockBit maintained...
Ransomware protection with Malwarebytes EDR: Your FAQs, answered!
We get a few questions about ransomware protection and how our Endpoint Detection and Response software can protect you from ransomware. In this post, our security experts answer some of your most frequently asked questions about ransomware and how our EDR can help—let’s get started. Q: When...
Ransomware protection with Malwarebytes EDR: Your FAQs, answered!
We get a few questions about ransomware protection and how our Endpoint Detection and Response software can protect you from ransomware. In this post, our security experts answer some of your most frequently asked questions about ransomware and how our EDR can help--lets get started. Q: When...