4662 matches found
Apple’s child safety features are coming to a Messages app near you
Apple will soon be rolling out its promised child safety features in the Messages app for users in Australia, Canada, New Zealand, and the UK. The announcement comes four months after the features initial launch in the US on the iOS, iPad, and macOS devices. To make communicating with Messages...
Why MITRE matters to SMBs
Running a small- to medium-sized business SMB requires expertise in everything, from marketing and sales to management and hiring, but in the ever-expanding list of executive responsibilities, one particular item demands attention: Cybersecurity. Cyberattacks can—and have—shuttered entire...
A week in security (April 18 – 24)
Last week on Malwarebytes Labs: Why you shouldn’t automate your VirusTotal uploads North Korean Lazarus APT group targets blockchain tech companies Watch out for Ukraine donation scammers in Twitter replies Beware tragic “my daughter died…” Facebook posts offering free PS5s US warns of APT groups...
Pegasus spyware found on UK government office phone
“When we found the No. 10 case, my jaw dropped." John Scott-Railton recalled after finding out on July 7, 2020 that Pegasus, the highly sophisticated flagship spyware of Israels NSO Group, was used to infect a phone linked to the network at 10 Downing Street, the UK Prime Ministers home and offic...
Lenovo issues fixes for laptop backdoors
Researchers have discovered three vulnerabilities affecting various Lenovo consumer laptop models. The vulnerabilities were found in UEFI firmware drivers originally meant to be used only during the manufacturing process, along with a vulnerability in the SW SMI handler function. The list of...
Beware of fake Twitter philanthropists offering to put $750 into your Cash App account
Twitter philanthropists are a controversial emergence on the social media platform. In essence, Twitter-based philanthropy is about incredibly rich people helping out those who need it. The help is random, and often focused around performing a task like listening to a podcast or simply retweeting...
It’s legal to scrape public data—US appeals court
Web scraping—the automated extraction of data from websites—has been around for a long time. Simultaneously cursed and praised, with nobody being able to quite land the decisive blow about whether it should be allowed, one way or another. This may have changed, thanks to a recent US appeals court...
The fake Elon Musk Bitcoin giveaway marathon will NOT make you rich
Today we look at a fakeout which begins with Elon Musk, and ends with a trip to Mars or, if youre really lucky, the Sun. One of the most annoying “features” of Twitter is being added to lists without permission. Its a theoretically useful way to keep track of certain topics. It’s often also used...
Oracle releases massive Critical Patch Update containing 520 security patches
Oracle has issued a Critical Patch Update which contains 520 new security patches across various product families. A few of these updates may need your urgent attention if you are a user of the affected product. Publicly disclosed computer security flaws are listed in the Common Vulnerabilities a...
US warns of APT groups that can “gain full system access” to some industrial control systems
An "exceptionally rare and dangerous" advanced persistent threat APT malware kit, containing custom-made tools designed to target some of North America’s industrial control systems ICS and supervisory control and data acquisition SCADA devices, appears to have been caught before it could be let...
Beware tragic “my daughter died…” Facebook posts offering free PS5s
Tragic tales are being posted to Facebook, combined with the offer of a giveaway. However, some are perhaps not quite what they seem. The PS5 is still one of the hottest bits of tech around, and near-total lack of availability, combined with a high sale price, means that some people will do...
Watch out for Ukraine donation scammers in Twitter replies
The invasion of Ukraine has been a money making opportunity for scammers since the moment it began: Fake donation sites, bogus Red Cross portals, phishing pages, the works. These scams can also be found on social media. Faking donations on Twitter Some users of social media have become very...
North Korean Lazarus APT group targets blockchain tech companies
A new advisory issued by the Federal Bureau of Investigation FBI, the Cybersecurity and Infrastructure Security Agency CISA, and the US Treasury Department Treasury, highlights the cyberthreats associated with cryptocurrency thefts and tactics used by a North Korean state-sponsored advanced...
Why you shouldn’t automate your VirusTotal uploads
It is important to realize that uploading certain files to VirusTotal may result in leaking confidential data, which could result in a breach of confidentiality, or worse. We have warned against uploading personal information, as does VirusTotal itself on their home page. But apparently some...
A week in security (April 11 – 17)
Last week on Malwarebytes Labs: Credential-stealing malware disguises itself as Telegram, targets social media users Old Play Store apps served notice by upcoming API level changes Denonia cryptominer is first malware to target AWS Lambda Ransomware: March 2022 review Why identity management...
Filing your taxes? Be wary of help found through search engines
The deadline for filing your taxes in the US is nearly upon us. April 18 is the very last date that you can afford to hand your tax returns in to the IRS. People will naturally gravitate toward all manner of filing tools to get the job done. But it’s worth noting that sites are lurking in search...
Stalkerware-type detections hit record high in 2021, but fell in second half
After having tracked stalkerware for years, Malwarebytes can reveal that in 2021, detections for apps that can non-consensually monitor another persons activity reached their highest peak ever, but that, amidst the record-setting numbers, the volume of detections actually began to significantly...
Zloader, another botnet, bites the dust
Microsoft has announced that its Digital Crimes Unit DCU has taken legal and technical action to disrupt a malicious botnet called Zloader. Zloader or Zbot are common names used to refer to any malware related to the ZeuS family. There are a lot of those because the ZeuS banking Trojan source cod...
“Your AppIe lD has been locked” spam email takes you on a website mystery tour
Spam which claims your account has been locked out and needs to be fixed are common. They drive people to phishing campaigns on a daily basis. The mail below follows the same pattern with one key difference. It looks like a phish, but goes somewhere else entirely. No, your Apple ID has not been...
SMS group spam promises free gifts in return for bill payment
We’re seeing lots of examples of peculiar SMS messages sent to random groups of people. Most of these messages promise free gifts and/or offers after having paid bills. Nobody has asked for these texts, and they’re not being sent by providers of any services. What’s going on? The set up Most of t...
April’s Patch Tuesday update includes fixes for two zero-day vulnerabilities
It’s that time of the month again. Time to check what needs to be updated and prioritize where necessary. The Microsoft updates include at least two zero-day vulnerabilities that deserve your attention. Microsoft Microsoft has released security updates and non-security updates for client and serv...
NGINX zero-day vulnerability: Check if you’re affected
On April 9, hacking group BlueHornet tweeted about an experimental exploit for NGINX 1.18 and promised to warn companies affected by it. On April 10, BlueHornet claimed to have breached the China branch of UBS Securities using the NGINX vulnerability. All we learned on Twitter was that a new...
Steer clear of this “TestNTrace” SMS spam
Yesterday I received an SMS from “TestNTrace”, with the message resembling an official NHS communication: The text reads as follows: NHS: You’ve been in close contact with a person who has contracted the Omicron variant. Please order a test kit via: URL redacted Well, that’s an alarming thing to...
Malwarebytes Evaluation of the MITRE ENGENUITY ATT&CK Round 4 Emulations
The results of the MITRE Engenuity ATT&CK Evaluation of the Wizard Spider and Sandworm adversaries were officially released1 last week. We are very proud of the Malwarebytes EDR results in the MITRE Engenuity test, which are the direct reflection of a relentless core EDR team and the learnings fr...
Conti ransomware offshoot targets Russian organizations
Thanks to the Threat Intelligence team for their help with this article. Conti, the infamous ransomware created by a group of Russian and Eastern European cybercriminals, has again made headlines after a hacking group used its leaked source code to create another variant of the ransomware and...
How to password protect a folder
There are times when you would like a folder to be accessible by you alone. Financial information, personal documents, or work related files on your personal system sometimes need to be hidden from prying eyes. One of the ways to do this is to password protect the folder. Windows For the Windows...
Apps removed from Google Play for harvesting user data
Dozens of apps were removed from the Google Play Store after they were found to be harvesting the data of device owners. The code in question—a software development kit SDK—was used inside apps which were downloaded over 10 million times. What happened? A wide range of Android apps were found to...
USPS “Your package could not be delivered” text is a smishing scam
A scam is doing the rounds which begins with a text from what claims to be the US Postal Service. The SMS reads as follows: "U.S. Postal Service We’re sorry to let you know that your package could not be delivered. To reschedule a delivery please visit bitdotly" I’ve never received an SMS from th...
Why identity management matters
Today is Identity Management Day, which aims to inform the public about the dangers of casually or improperly managing and securing digital identities. The day was started in 2021 and is hosted by the Identity Defined Security Alliance IDSA and National Cybersecurity Alliance. Digital identity A...
Ransomware: March 2022 review
The Malwarebytes Threat Intelligence team continuously monitors the threat landscape to stay on top of existing and emerging attacks. In this March 2022 ransomware review, we go over some of the most successful ransomware incidents based on both open source and dark web intelligence. The March da...
Denonia cryptominer is first malware to target AWS Lambda
Security researchers at Cado Security, a cybersecurity forensics company, recently discovered the first publicly-known malware targeting Lambda, the serverless computing platform of Amazon Web Services AWS. Though Lambda has been around for less than ten years, serverless technology is considered...
Old Play Store apps served notice by upcoming API level changes
Starting very soon, old and outdated apps on the Google Play Store will no longer be available to download. A major clearout is coming, and if you’re an app developer it may be time to overhaul your product or face Android-centric oblivion. What’s happening? Android makes use of APIs application...
Credential-stealing malware disguises itself as Telegram, targets social media users
A credential-stealing Windows-based malware, Spyware.FFDroider, is after social media credentials and cookies, according to researchers at ThreatLabz. The version analyzed by the researchers was packed with Aspack. The spyware is offered on download sites pretending to be installers for freeware...
A week in security (April 4 – 10)
Last week on Malwarebytes Labs: Why data protection and privacy are not the same, and why that matters: Lock and Code S03E09 YouTube channels of Taylor Swift, Justin Bieber, Harry Styles, and other musicians compromised Successful operations against Russian Sandworm and Strontium groups targeting...
Why data protection and privacy are not the same, and why that matters: Lock and Code S03E09
Theres a mistake commonly made in the United States that a law that was passed to help people move their healthcare information to a new doctor or provider was actually passed to originally implement universal, wide-ranging privacy controls on that same type of information. This is the mixup with...
YouTube channels of Taylor Swift, Justin Bieber, Harry Styles, and other musicians compromised
Some of the biggest stars around have seen content placed on their YouTube accounts without permission over the last couple of days. Taylor Swift has around 40 million subscribers. Justin Bieber? 68 million. Harry Styles, a respectable 12 million. You can even add Eminem and Michael Jackson to th...
Successful operations against Russian Sandworm and Strontium groups targeting Ukraine revealed
The US Department of Justice DoJ and Microsoft have taken the sting out of two operations believed to be controlled by the Russian Federation’s Main Intelligence Directorate GRU. On Wednesday, the DOJ announced that it had disrupted GRU’s control over thousands of internet-connected firewall...
Don’t enter your recovery phrase! Phishers target Ledger crypto-wallet users
Ledger is one of the biggest hardware cryptocurrency wallets around and scammers have noticed. Phishing mails are in circulation, hoping to snag Ledger users with a sneaky request for passphrases. What is a Ledger recovery phrase? A recovery phrase is an incredibly important combination of words...
Watch out for fake WhatsApp “New Incoming Voicemessage” emails
Thanks to the Threat Intelligence team for their help with this article. Security researchers from Armorblox, a cybersecurity company specializing in email-based threats, have encountered a fake WhatsApp email with the subject "New Incoming Voicemessage." The spoofed WhatsApp voicemail notificati...
Cash App breached by a former employee could affect millions
In December last year, the customer information of Cash App users was accessed by a former employee of Block, the company behind the popular mobile payment service app. This was revealed in a very recent filing to the Securities and Exchange Commission SEC, which shows that the former employee...
Beware Ukraine-themed fundraising scams
Unfortunately scammers continue to focus on the invasion of Ukraine to make money. A flurry of bogus domains and scam techniques are spreading their wings. They appear to focus on donation fakeouts but there’s a few other nasty surprises lying in wait too. The lowest of the low There are few lowe...
Colibri Loader combines Task Scheduler and PowerShell in clever persistence technique
This blog post was authored by Ankur Saini, with contributions from Hossein Jazi and Jérôme Segura 2022-04-07: Added MITRE ATT&CK mappings 2022-04-07: Changed the name of the final payload from Vidar to Mars Stealer Colibri Loader is a relatively new piece of malware that first appeared on...
CISA advises D-Link users to take vulnerable routers offline
On April 4 2022, the Cybersecurity & Infrastructure Security Agency CISA added CVE-2021-45382 to its known exploited vulnerabilities catalog. But since the affected products have reached end of life EOL, the advice is to disconnect them, if still in use. CISA catalog The CISA catalog of known...
GitLab issues security updates; watch out for hard coded passwords
GitLab has issued several critical security updates, with users of the version control software urged to upgrade their installations as soon as possible. One of the fixes is for a hard coded password issue. What is distributed version control? Distributed version control is a way for an...
5 ways to spring clean your security
It is now officailly spring in the Northern Hemisphere, and with spring and the longer days comes the inescapable urge to shake off the lethargy of Winter and embrace the need to go through your stuff, throw a bunch of it out, and give the rest of it a shiny new lustre. And in our increasingly...
“Free easter chocolate basket” is a social media scam after your personal details
Holidays inspire fraudsters and scammers to create timely and effective ways to string people along and get them to give up either their money or their personal information. This is the case in this chocolate-themed scam. Cadbury UK has issued a warning to its 315,000 followers on Twitter about a...
Update now! Zyxel patches critical firewall bypass vulnerability
In a security advisory Zyxel has urged customers to update because a security flaw can lead to the circumvention of firewall protection in several Zyxel products. Zyxel is a Taiwanese producer of modems and other networking equipment and its products are sold in over 150 countries. The...
A week in security (March 28 – April 3)
Last week on Malwarebytes Labs: New UAC-0056 activity: There’s a Go Elephant in the room Globant suffers network breach due to LAPSUS$ compromise Update now! Apple patches two zero-day vulnerabilities that may have been actively exploited Hive ransomware impacts California non-profit health...
New UAC-0056 activity: There’s a Go Elephant in the room
This blog post was authored by Ankur Saini, Roberto Santos and Hossein Jazi. UAC-0056 also known as SaintBear, UNC2589 and TA471 is a cyber espionage actor that has been active since early 2021 and has mainly targeted Ukraine and Georgia. The group is known to have performed a wiper attack in...
Globant suffers network breach due to LAPSUS$ compromise
Globant, an IT and software development firm with offices all around the globe, admitted in a press statement Wednesday that it has suffered a breach in its network. Affected data includes but may not be limited to some source code and certain project documentation of clients. "We have recently...