Woody RAT: A new feature-rich malware spotted in the wild

This blog post was authored by Ankur Saini and Hossein Jazi The Malwarebytes Threat Intelligence team has identified a new Remote Access Trojan we are calling Woody Rat that has been in the wild for at least one year. This advanced custom Rat is mainly the work of a threat actor that targets...

Woody RAT: A new feature-rich malware spotted in the wild

This blog post was authored by Ankur Saini and Hossein Jazi The Malwarebytes Threat Intelligence team has identified a new Remote Access Trojan we are calling Woody Rat that has been in the wild for at least one year. This advanced custom Rat is mainly the work of a threat actor that targets...

Bank fraud scammers trick victims with claims of bogus Zelle transfers

It pays to be careful where cold calls from someone claiming to work for your bank are concerned. Scam callers are impersonating bank staff, with suggestions of dubious payments made to your account. One unfortunate individual has already lost around $1,000 to this slice of telephone-banking base...

Bank fraud scammers trick victims with claims of bogus Zelle transfers

It pays to be careful where cold calls from someone claiming to work for your bank are concerned. Scam callers are impersonating bank staff, with suggestions of dubious payments made to your account. One unfortunate individual has already lost around $1,000 to this slice of telephone-banking base...

NetStandard attack should make Managed Service Providers sit up and take notice

Managed Service Providers MSPs, organizations that allow companies to outsource a variety of IT and security functions, are a growing market. Because they are a potential gateway to lots of company networks they make a very attractive target for cybercriminals. In a recent threat advisory Huntres...

NetStandard attack should make Managed Service Providers sit up and take notice

Managed Service Providers MSPs, organizations that allow companies to outsource a variety of IT and security functions, are a growing market. Because they are a potential gateway to lots of company networks they make a very attractive target for cybercriminals. In a recent threat advisory Huntres...

FCC warns of steep rise in phishing over SMS

After the FCC Federal Communications Commission made a huge splash weeks ago when it told Google and Apple to pull TikTok from their respective app stores, the federal agency is now warning Americans of an increased wave of SMS phishing attacks. SMS phishing, otherwise known as smishing or...

Update now! VMWare patches critical vulnerabilities in several products

In a new critical security advisory, VMSA-2022-0021, VMWare describes multiple vulnerabilities in several of its products, one of which has a CVSS score of 9.8. Exploiting these vulnerabilities would enable a threat actor with network access to bypass authentication and execute code remotely...

Update now! VMWare patches critical vulnerabilities in several products

In a new critical security advisory, VMSA-2022-0021, VMWare describes multiple vulnerabilities in several of its products, one of which has a CVSS score of 9.8. Exploiting these vulnerabilities would enable a threat actor with network access to bypass authentication and execute code remotely...

For months, JusTalk messages were accessible to everyone on the Internet

JusTalk, a popular mobile video calling and messaging app with 20 million global users, exposed a massive database of supposedly private messages to the public Internet for months. According to security researcher Anurag Sen, who discovered the open database, the messages were stored unencrypted,...

For months, JusTalk messages were accessible to everyone on the Internet

JusTalk, a popular mobile video calling and messaging app with 20 million global users, exposed a massive database of supposedly private messages to the public Internet for months. According to security researcher Anurag Sen, who discovered the open database, the messages were stored unencrypted,...

How to protect yourself and your kids against device theft

In no time at all, kids will be going back to school or starting college. And while gearing up for this, it’s very important to be aware of the threat from device loss in the school environment. Maybe you are away at university for the first time and have a new place to live, or maybe your kids...

How to protect yourself and your kids against device theft

In no time at all, kids will be going back to school or starting college. And while gearing up for this, its very important to be aware of the threat from device loss in the school environment. Maybe you are away at university for the first time and have a new place to live, or maybe your kids ha...

When a sextortion victim fights back

When Katie Yates suddenly started receiving nude photos of her friend, Natalie Claus, over on Snapchat, she instantly recognized that Claus had just become a victim of a sextortion attack. She also knew how Claus should respond. This happened in December 2019 when Claus was a sophomore. Both were...

When a sextortion victim fights back

When Katie Yates suddenly started receiving nude photos of her friend, Natalie Claus, over on Snapchat, she instantly recognized that Claus had just become a victim of a sextortion attack. She also knew how Claus should respond. This happened in December 2019 when Claus was a sophomore. Both were...

Millions of Arris routers are vulnerable to path traversal attacks

Security researcher Derek Abdine has published an advisory about vulnerabilities that exist in the MIT-licensed muhttpd web server. This web server is present in Arris firmware which can be found in several router models. muhttpd web server muhttpd mu HTTP deamon is a simple but complete web serv...

Wrestling star Mick Foley’s Twitter compromised, selling PS5 consoles

One of the biggest wrestling stars around, Mick Foley, had his Twitter account hijacked in an attempt to legitimize a very popular scam. When a well known individual has their social media accounts compromised, disaster looms, as everything from phishing to malware distribution waits in the wings...

Wrestling star Mick Foley's Twitter compromised, selling PS5 consoles

One of the biggest wrestling stars around, Mick Foley, had his Twitter account hijacked in an attempt to legitimize a very popular scam. When a well known individual has their social media accounts compromised, disaster looms, as everything from phishing to malware distribution waits in the wings...

Millions of Arris routers are vulnerable to path traversal attacks

Security researcher Derek Abdine has published an advisory about vulnerabilities that exist in the MIT-licensed muhttpd web server. This web server is present in Arris firmware which can be found in several router models. muhttpd web server muhttpd mu HTTP deamon is a simple but complete web serv...

Have we lost the fight for data privacy? Lock and Code S03E16

At the end of 2021, Lock and Code invited the folks behind our news-driven cybersecurity and online privacy blog, Malwarebytes Labs, to discuss what upset them most about cybersecurity in the year prior. Today, were bringing those same guests back to discuss the other, biggest topic in this space...

Have we lost the fight for data privacy? Lock and Code S03E16

At the end of 2021, Lock and Code invited the folks behind our news-driven cybersecurity and online privacy blog, Malwarebytes Labs, to discuss what upset them most about cybersecurity in the year prior. Today, we're bringing those same guests back to discuss the other, biggest topic in this spac...

A week in security (July 25 – July 31)

Last week on Malwarebytes Labs: Update Google Chrome now! New version includes 11 important security patches Lightning Framework, modular Linux malware Malware spent months hoovering up credit card details from 300 US restaurants Lock down your Neopets account: Data breach being investigated Demo...

A week in security (July 25 - July 31)

Last week on Malwarebytes Labs: Update Google Chrome now! New version includes 11 important security patches Lightning Framework, modular Linux malware Malware spent months hoovering up credit card details from 300 US restaurants Lock down your Neopets account: Data breach being investigated Demo...

To settle with the DoJ, Uber must confess to a cover-up. And it did.

Uber covered up the 2016 data breach that affected its 57 million customers and drivers. The confession came as part of the settlement between the DOJ US Department of Justice and the taxi company, which will see it avoid criminal prosecution. In a press release from the DOJ, Uber "admits that it...

The ransomware landscape changes as fewer victims decide to pay

Fewer victims are choosing to pay their ransomware extorters, especially among large enterprises, according to a recent investigation from Coveware. As a result of this, and other circumstances, we can see some shifts in the way that ransomware groups and their affiliates work. Large organization...

Criminals using compromised social media accounts to “post indecent images of children” says UK cybercrime organization

Action Fraud, the UKs national reporting center for fraud and cybercrime, is warning of a very disturbing scam involving social media and "indecent images of children." Details are light, but social media fans should take this as a warning to lock down their accounts immediately. Criminals are...

The ransomware landscape changes as fewer victims decide to pay

Fewer victims are choosing to pay their ransomware extorters, especially among large enterprises, according to a recent investigation from Coveware. As a result of this, and other circumstances, we can see some shifts in the way that ransomware groups and their affiliates work. Large organization...

To settle with the DoJ, Uber must confess to a cover-up. And it did.

Uber covered up the 2016 data breach that affected its 57 million customers and drivers. The confession came as part of the settlement between the DOJ US Department of Justice and the taxi company, which will see it avoid criminal prosecution. In a press release from the DOJ, Uber "admits that it...

Criminals using compromised social media accounts to "post indecent images of children" says UK cybercrime organization

Action Fraud, the UK's national reporting center for fraud and cybercrime, is warning of a very disturbing scam involving social media and "indecent images of children." Details are light, but social media fans should take this as a warning to lock down their accounts immediately...

Google delays Chrome third party cookie sunsetting…again

Weve seen many examples of third-party cookies being tackled by browsers recently. Its not so long ago that Firefox effectively locked down third-party tracking by isolating cookies into so-called jars. By doing so, their "Total Cookie Protection" seeks to prevent all those cookies on your PC...

Google delays Chrome third party cookie sunsetting...again

We've seen many examples of third-party cookies being tackled by browsers recently. It's not so long ago that Firefox effectively locked down third-party tracking by isolating cookies into so-called jars. By doing so, their "Total Cookie Protection" seeks to prevent all those cookies on your PC...

Radioactivity monitoring and warning system hacked, disabled by attackers

The Spanish police arrested two people under the accusation of tampering with the Red de Alerta a la Radiactividad RAR. The RAR is part of the Spanish national security systems and in use to monitor gamma radiation levels across the country. The network is managed, operated and maintained by the...

TikTok owner ByteDance pushed a pro-China agenda to Americans, say former employees

Controversy over supposed pro-China messaging in apps from TikTok owner Bytedance continues to grow. Tales are emerging relating to a now shelved app called TopBuzz. Former employees have spoken to BuzzFeed, making claims of both pro-China content promotion and forms of censorship elsewhere...

“Orwellian in the extreme” food store installs facial recognition cameras to stop crime, faces backlash

A convenience shop chain is under fire and facing legal charges for installing cameras with facial recognition software in 35 of its branches across the UK. The cameras analyze and convert video face captures into biometric data. The data is compared with a database of people who have committed...

IIS extensions are on the rise as backdoors to servers

The Microsoft 365 Defender Research Team has warned that attackers are increasingly leveraging Internet Information Services IIS extensions as covert backdoors into servers. IIS extensions are able to stay hidden in target environments and as such provide a long-term persistence mechanism for...

Anti-vaxxer dating site exposes user data

An anti-vax dating site has been revealed as shockingly easy to compromise by security researchers. Many major aspects of the site, from membership subscriptions to support tickets, were found to be vulnerable. The site, called Unjected, has been around since last year. It functions as a sort of...

In post-Roe US, experts share how to keep your data private

In the weeks since the Supreme Court of the United States removed a nationwide right to choose to have an abortion, millions of Americans have been forced to relearn what is and isn’t safe to do online, as their actions, words, and choices—many of which are tracked digitally—could potentially be...

PrestaShop warns of vulnerability: Update your stores now!

A vulnerability affecting open source e-commerce platform PrestaShop could spell trouble for servers running PrestaShop websites. The 15-year-old organisations platform is currently used by around 300,000 shops worldwide. The exploit is very dependent on specific versions in use, so one PrestaSho...

Simplifying the fight against ransomware: An expert explains

Fighting against ransomware can be difficult—especially if your organization has limited IT resources to begin with. But Adam Kujawa, security evangelist and director of Malwarebytes Labs, has a few tips for overburdened IT folks looking to simplify their fight against ransomware. In this post,...

T-Mobile agrees to pay customers $350 million in settlement over data breach

T-Mobile has agreed to pay $350 million to settle class action claims related to a 2021 cyberattack which impacted around 80 million US residents. Under the proposed settlement, T-Mobile would also commit to an aggregate incremental spend of $150 million for data security and related technology i...

SonicWall urges customers to patch critical SQL injection bug ASAP

Cybersecurity hardware company, SonicWall, recently released a public security notice about a critical SQL injection flaw affecting its GMS Global Management System and Analytics On-Prem products. The flaw, which is tracked as CVE-2022-22280, is given a 9.4 critical rating. With the high capabili...

Microsoft clamps down on RDP brute-force attacks in Windows 11

It wasnt so long ago that we were wondering what improvements Windows 11 would make in the security stakes. Well, we havent had to wait too long to find out. Windows 11 build 22528.1000 and up will tackle one of the more common entry points for network intruders. Namely, trying to prevent the bru...

Demo: Your data has been encrypted! Stopping ransomware attacks with Malwarebytes EDR

It’s no secret that ransomware is one of the most pressing cyber threats of our day. What worse, ransomware gangs have increased their attacks on a range of vulnerable industries, with disruptions to business operations, million-dollar ransom demands, data exfiltration, and extortion. With...

Lock down your Neopets account: Data breach being investigated

Bad news for players of long-time virtual pet management title Neopets. Word is spreading of a compromise claimed to have accessed around 69 million user accounts. This compromise, posted to a hacking forum, is said to include both the database and around 460 MB of compressed source code from...

Malware spent months hoovering up credit card details from 300 US restaurants

Criminal hackers have been able to steal at least 50,000 credit cards from 300 restaurants in the US, after launching two Magecart campaigns that target the MenuDrive, Harbortouch, and InTouchPOS online payment platforms: Magecart is a web-skimmer—malware that is injected onto a vulnerable websit...

Lightning Framework, modular Linux malware

Researchers at Intezer have published a technical analysis of Lightning Framework, a previously undocumented and undetected Linux threat. Lightning is a modular framework that is very versatile and something we don’t see very often in the Linux space. The old argument that Linux systems or Macs f...

Update Google Chrome now! New version includes 11 important security patches

The latest Google Chrome update includes 11 security fixes, some of which could be exploited by an attacker to take control of an affected system. Google Chromes Stable channel has been updated to 103.0.5060.134 for Windows, Mac, and Linux, and the new version will roll out over the coming...

A week in security (July 18 – July 24)

Last week on Malwarebytes Labs: Extortionists target restaurants, demand money to take down bad reviews The FTC will go after companies misusing location, health, and other sensitive data Roblox breached: Internal documents posted online by unknown attackers Warning for WordPress admins: Uninstal...

The Wren Eleanor story: Why you should keep your kids’ images off social media

TikTok moms have started a movement: Calling out potential creeps who follow child influencer accounts on the platform. The latest account in the spotlight is @wren.eleanor, a TikTok account with a massive 17.3 million followers. Its an impressive number and one that got the attention of armchair...

The winding road to compliance

“Here are the keys. Buy milk and bread. Drive safely.” These are important instructions for a new driver tasked with running an errand. But unless the driver knows where they are going, a bit of guidance on how to get to the store can only help. Without it, the driver may complete the errand...