4662 matches found
Karakurt extortion group: Threat profile
The FBI Federal Bureau of Investigation, together with CISA Cybersecurity and Infrastructure Security Agency and other federal agencies, recently released a joint cybersecurity advisory CSA about the Karakurt data extortion group also known as Karakurt Team and Karakurt Lair. Like RansomHouse,...
Instagram scam steals your selfies to trick your friends
What would you do if a friend of yours set up a NSFW account, and then used it to follow you on Instagram? Would you check it out? We recently learned of a group of friends who had to ask themselves exactly that. Fortunately, they realised that something was off. The account wasnt the real owners...
“Multiple adversaries” exploiting Confluence vulnerability, warns Microsoft
Microsoft has warned that "multiple adversaries and nation-state actors" are making use of the recent Atlassian Confluence RCE vulnerability. A fix is now available for CVE-2022-26134. It is essential users of Confluence address the patching issue immediately. Confluence vulnerability: Background...
Introducing Malwarebytes Vulnerability Assessment for OneView: How to check for Common Vulnerabilities and Exposures (CVEs)
Malwarebytes is happy to announce our Vulnerability Assessment module for OneView, our multi-tenant console where you can manage Malwarebytes Nebula accounts, subscriptions, invoicing, and integrations. This module enables our MSPs to scan, identify, and assess vulnerabilities in customers’ digit...
Don’t panic! “Unpatchable” Mac vulnerability discovered
Researchers at MITs Computer Science & Artificial Intelligence Lab CSAIL found an attack surface in a hardware-level security mechanism utilized in Apple M1 chips. The flaw is unpatchable, but attackers would need to chain it with other vulnerabilities to make use of the attack method. The hardwa...
Taking down the IP2Scam tech support campaign
Tech support scams follow a simple business model that has not changed much over the years. After all, why change a recipe that continues to yield large profits. We see countless such campaigns and block them indiscriminately to protect our customers from being defrauded by a fraudulent tech...
Update Chrome now: Four high risk vulnerabilities found
Users of Chrome have been advised to apply updates as soon as possible related to seven security vulnerabilities. CISA has also warned that the vulnerabilities could be used to take control of affected systems. Although no detailed explanation of how these vulnerabilities work has been released,...
Serious vulnerabilities found in ITarian software, patches available for SaaS products
Dutch research group DIVD has identified multiple vulnerabilities in ITarian products. In cooperation with DIVD, ITarian has made patches available to deal with these vulnerabilities for its SaaS platform. Software as a service SaaS is a software distribution model in which a cloud provider hosts...
A week in security (June 6 – June 12)
Last week on Malwarebytes Labs: FBI warns of scammers soliciting donations for Ukraine Microsoft autopatch is here…but can you use it? Prometheus ransomwares flaws inspired researchers to try to build a near-universal decryption tool Rotten apples banned from App store Hackers can take over...
WhatsApp spam offers up “B&Q Father’s Day Contest 2022”
Fathers Day in the UK June 19 is almost upon us, and scammers are taking advantage of it—and the fractional possibility of some nice weather—using a barbeque-themed lure. A mysterious WhatsApp message The barbeque bait arrives out of the blue, from a somebody who has your number, as a random...
Cloud data breaches: 4 biggest threats to cloud storage security
Just about anywhere you look, organizations are using the cloud in some form—and they’re not all large enterprises. Small and medium businesses SMBs are also reaping the many benefits that the cloud offers over on-premise software, especially the lowered IT costs, increased scalability, and large...
ASyncRat surpasses Dridex, TrickBot and Emotet to become dominant email threat
Earlier this year Malwarebytes released its 2022 Threat Review, a review of the most important threats and cybersecurity trends of 2021, and what they could mean for 2022. Among other things it covers the years alarming rebound in malware detections, and a significant shift in the balance of emai...
Facebook users targeted in massive phishing campaign
Facebook is once again the launchpad for a large-scale phishing campaign, according to researchers at PIXM. The campaign, which first shows signs of life back in September 2021, has generated millions of page views and ad referral revenue "estimated to be millions of USD at this scale of...
BlackBasta is the latest ransomware to target ESXi virtual machines on Linux
BlackBasta, an alleged subdivision of the ransomware group Conti, just began supporting the encryption of VMwares ESXi virtual machines VM installed on enterprise Linux servers. Because more and more organizations have begun using VMs for cost-effectiveness and easier management of devices, this...
Update now! Patch against vulnerabilities in Meeting Owl Pro and Whiteboard Owl devices
After a decent amount of pressure, Owl Labs has finally released updates for vulnerabilities in Meeting Owl, and Whiteboard Owl cameras. The vulnerabilities were reported to Owl Labs in January, One of the vulnerabilities, CVE-2022-31460 has been added to the Known exploited vulnerabilities catal...
Apple’s passkeys attempt to solve the password problem
The recent Apple Worldwide Developers Conference WWDC revealed another teasing of what has been referred to as "the end of passwords forever". Passkeys are a "new biometric sign-in standard". Biometrics in security circles are used for things like identity cards, building access, and so on. This...
MakeMoney malvertising campaign adds fake update template
Malware authors and distributors are following the ebbs and flow of the threat landscape. One campaign we have tracked for a numbers of years recently introduced a new scheme to possibly completely move away from drive-by downloads via exploit kit. In this quick blog post, we will look at this ne...
Awful 4chan chat bot spouts racial slurs and antisemitic abuse
“A robot may not injure a human being or, through inaction, allow a human being to come to harm” Science fiction readers, and many others, will recognize Asimov’s first law of robotics. After reading about a bot called GPT-4chan I was wondering whether we should include: “A bot may not insult a...
5 Linux malware families SMBs should protect themselves against
There’s no shortage of reasons why an SMB might use Linux to run their business: There are plenty of distros to choose from, it’s generally free, and perhaps above all — it’s secure. The common wisdom goes that Linux malware is rare, and for the most part this is true. Thanks to its built-in...
SSNDOB stolen data marketplace shut down by global law enforcement operation
The United States Department of Justice has announced a major takedown of a criminal marketplace that traded Personally Identifiable Information PII. Not just any old marketplace; this was a major, years-long operation with several failsafes to prevent permanent takedown. It took quite the...
Coffee app in hot water for constant tracking of user location
A mobile app violated Canadas privacy laws via some pretty significant overreach with its tracking of device owners. The violation will apparently not bring the app owners, Tim Hortons, any form of punishment. However, the fallout from this incident may hopefully serve as a warning to others with...
Ransomware Task Force priorities see progress in first year
This blog is part of our live coverage from RSA Conference 2022: US President Joseph R. Biden Jr., The White House, and law enforcement agencies across the world paid close attention last year when a group of more than 60 cybersecurity experts launched the Ransomware Task Force, heeding the group...
Hackers can take over accounts you haven’t even created yet
Account hijacking has sadly become a regular, everyday occurrence. But when it comes to hijacking accounts before they are even created? Thats something youd never think possible—but it is. Two security researchers, Avinash Sudhodanan and Andrew Paverd, call this new class of attack a...
Rotten apples banned from the App store
Apple’s App Review process may have received ill wishes from many benevolent developers, but Apple has now revealed how effective it is and why it is so stringent. According to its review of the year 2021, Apple protected customers from nearly $1.5 billion in potentially fraudulent transactions,...
Prometheus ransomware’s flaws inspired researchers to try to build a near-universal decryption tool
This blog is part of our live coverage from RSA Conference 2022: Prometheus—a ransomware build based on Thanos that locked up victims’ computers in the summer of 2021—included a major “vulnerability” that led security researchers at IBM to try and build a one-size-fits-all ransomware decryptor th...
Microsoft Autopatch is here…but can you use it?
Updating endpoints on a network can be a daunting task. Testing before rollout can take time. Delays to patches going live can cause all manner of headaches. Windows Autopatch aims to tackle some of these issues, and is now live for public preview. The release comes with a few caveats which youll...
FBI warns of scammers soliciting donations for Ukraine
The FBI recently issued an announcement about a fraudulent scheme that proves there is no low thats too low for scammers. "Criminal actors are taking advantage of the crisis in Ukraine by posing as Ukrainian entities needing humanitarian aid or developing fundraising efforts, including monetary a...
A week in security (May 30 – June 5)
Last week on Malwarebytes Labs: Intuit phish says "We have put a temporary hold on your account" The Quad commits to strengthening cybersecurity in software, supply chains Double-whammy attack follows fake Covid alert with a bogus bank call Microsoft Office zero-day "Follina"—its not a bug, its a...
Tor’s (security) role in the future of the Internet, with Alec Muffett
Tor has a storied reputation in the world of online privacy. The open-source project lets people browse the Internet more anonymously by routing their traffic across different nodes before making a final connection between their device and a desired website. Its something weve discussed previousl...
Ransomware: May 2022 review
The Malwarebytes Threat Intelligence team monitors the threat landscape continuously and produces monthly ransomware reports based on a mixture of proprietary and open-source intelligence. Conti sleight of hand? Although LockBit remained the most widely-deployed ransomware in May 2022, it was,...
[updated]Unpatched Atlassian Confluence vulnerability is actively exploited
Researchers found a vulnerability in Atlassian Confluence by conducting an incident response investigation. Atlassian rates the severity level of this vulnerability as critical. Atlassian has issued a security advisory and is working on a fix for the affected products. This qualifies the...
Internet Safety Month: Avoiding the consequences of unsafe Internet practices
Welcome to Internet Safety Month, a once-a-year event in which you, the public, are told that anywhere between three and 30 different best practices will simplify your approach to staying safe online. Unfortunately, much of the well-intentioned advice surrounding Internet Safety Month ignores one...
Internet Safety Month: Parental controls—what they can and can’t do for you
Parental controls can be useful to limit the risks your children run into online, but you should know up front that they cannot eliminate every risk out there. Parents and adults everywhere are understandably having a hard time keeping up with the favored social networks of children and...
Introducing EDR for Linux: Remediating and isolating threats on Linux servers
We’re excited to announce our new EDR for Linux offering, which extends our advanced protection and response capabilities to Linux devices via Nebula and OneView. In this post, we show you what remediating and isolating threats on Linux servers looks like with Malwarebytes EDR for Linux. Let’s ge...
Introducing Malwarebytes DNS Filtering module: How to block sites and create policy rules
We’re happy to announce Malwarebytes DNS Filtering, a new module for the Nebula platform which helps block access to malicious websites and limit threats introduced by suspicious content. But how exactly does it work, you ask? In this post, we give a basic walkthrough of the module, starting off...
Ransomware attack turns 2022 into 1977 for Somerset County
1977 was quite the year. Led Zeppelin! Jimmy Carter! Saturday Night Fever! We can now add "a ransomware attack" to this once static list. Somerset County, New Jersey, has been hit so hard by a network assault that theyve ended up in the direst straits imaginable, with county databases unavailable...
More than a quarter of Americans fell for robocall scam calls in past year
More and more Americans have been falling victim to phone scams since 2019. According to the latest report from Truecaller Google Docs upload of the entire report, separate blog here, a known spam blocker and caller ID app, 68.4 million Americans were victimized in the last 12 months, a substanti...
TrustPid is another worrying, imperfect attempt to replace tracking cookies
German ISPs are considering the introduction of TrustPid, a new type of “supercookie” that comprises of a unique identifier which will be issued for each customer that will be able to track what that customer is doing online. The providers are trying to sell this idea by telling the public that t...
3 ways DNS filtering can save SMBs from cyberattacks
If you’re an SMB, chances are that you’re already well-aware of the fact that cyber threats can wreak havoc on your business. Everything from rootkits to ransomware threaten not just financial losses, but also significant network downtime and reputational damage as well. Couple this with the fact...
Phishing mail claims a 3D Secure upgrade is required
Today we took a look at a phishing mail pinning its hopes on a QR code linking to a bogus website. Scammers claim that your mail address has "not been registered for the 3D Secure Security Update". 3D Secure phishing mail The mail reads as follows: Dear Sir / Madam, Our administration has shown...
FAQ: Mitigating Microsoft Office’s ‘Follina’ zero-day
On Monday May 30, 2022, Microsoft issued CVE-2022-30190 for a zero-day remote code vulnerability, Follina, already being exploited in the wild via malicious Word documents. Q: What exactly is Follina? A: Follina is the nickname given to a new vulnerability discovered as a zero-day and identified ...
WhatsApp accounts hijacked by call forwarding
In a short post on LinkedIn Rahul Sasi, founder and CEO of CloudSEK, explains how WhatsApp account takeovers are possible. The methods consists of several steps and it takes some social engineering skills, but it’s good to be aware of the possibility and how it works. It starts with the threat...
Threat profile: RansomHouse makes extortion work without ransomware
Cybersecurity is an industry known for many hats: white hats, black hats, and grey hats. White hats refer to "the good people" in the industry for those who are not in the know. They are malware analysts, security researchers, and penetration testers. Black hats are the opposite of white hats, an...
Runescape phish claims your email has been changed
A Runescape-themed missive landed in our email inbox today, claiming action is required to secure our account. The malicious email and the scam behind it are perfect examples of one of the more reliable tactics in the world of phishing—fooling a victim into thinking they need to take some action ...
FBI warns of education sector credentials on dark web forums
The FBI is warning academics to be on their guard, as an embattled education sector continues to experience attacks and breaches, with data spilling onto the so-called dark web. The government agencys Private Industry Notification PDF cites US academic credentials up for grabs from a variety of...
Is quantum teleportation the future of secure communications?
“Beam me up Scotty” will always remain my first association with teleportation. And as it stands now, we are still a long way from teleporting matter, but the teleportation of information has recently made a huge step forward. Researchers in Delft say they have succeeded in teleporting quantum...
Microsoft Office zero-day “Follina”—it’s not a bug, it’s a feature! (It’s a bug)
Update: Please see our FAQ for the latest guidance and mitigation tips on Follina. On Monday May 30, 2022, Microsoft issued CVE-2022-30190 regarding the Microsoft Support Diagnostic Tool MSDT in Windows vulnerability. The mitigation offered by Microsoft consists of an alternative method to...
Double-whammy attack follows fake Covid alert with a bogus bank call
The BBC has revealed details of how a food bank in the UK was conned out of about $63,000 £50,000 by scammers who used two separate attacks to fleece their victims. A food bank is a way for people to ensure they dont starve. They are a backstop during times of economic uncertainty, and have been...
The Quad commits to strengthening cybersecurity in software, supply chains
The United States, Australia, and its Asian partners—India and Japan—have agreed to work on several cybersecurity initiatives on software, supply chain, and user data. The countries leaders, who convened in Tokyo on May 24, 2022, have met annually four times since the revival of the...
Intuit phish says “we have put a temporary hold on your account”
Intuit released a warning about a phishing email being sent to its customers. The phishing emails tell recipients that their account has been put on hold, and try to trick users into “validating their account” to release it again. Intuit Intuit Inc. is an American business software company that...