New DazzleSpy malware attacks macOS

DazzleSpy, a piece of malware that attacks macOS, was discovered last fall by researchers at ESET, and now those researchers have released more detailed findings. DazzleSpy, according to the researchers at ESET, was being spread via watering hole attacks via pro-democracy websites in China. It...

KONNI evolves into stealthier RAT

This blog post was authored by Roberto Santos KONNI is a Remote Administration Tool that has being used for at least 8 years. The North Korean threat actor that is using this piece of malware has being identified under the Kimsuky umbrella. This group has been very busy, attacking political...

Senate Committee passes new antitrust bill aimed at Big Tech companies

The American Innovation and Choice Online Act AICOA, a bill that forbids Big Tech platforms like Apple, Alphabet Google’s parent company, and Amazon from generally behaving in an anti-competitive manner, was approved by the Senate Judiciary Committee late last week with a 16-6 vote. US Senator Am...

Google sued over deceptive location tracking

Four Attorneys General AG from the District of Columbia and the states of Indiana, Texas, and Washington have filed separate lawsuits agains Google for allegedly misleading its users into believing that they are no longer tracking their location when they deliberately pause the "Location History"...

Windows Update has changed over the years. Here are 25 group policies to avoid

Microsoft has published a list of 25 group policies that administrators should not use in Windows 10 and Windows 11 as they do not provide optimal behavior or cause unexpected results. Since November 2015 when Windows 10 was first introduced, there have been many changes and some of them have...

Microsoft warns of phishy OAuth apps

Microsoft is warning Office 365 users to watch out for a phishy emails asking you to install an app called Upgrade. The app requests multiple permissions which could cause problems on a network if granted: Creating inbox rules Read and write emails and calendar items Read contacts This is only th...

Cyberinsurance companies don’t want to pay out for “acts of war”

Due to the evolving and growing impact of cybersecurity incidents there are some questions starting to arise about the way that insurance companies deal with the costs that are the results of such incidents. Cyber insurance is a form of cover designed to protect your business from threats in the...

Dark Souls servers taken offline over hacking fears

There’s been trouble brewing over the weekend for players of the smash-hit Dark Souls series. PvP player vs player servers were temporarily shut down by the developers after a hack. Dark Souls says that PvP servers for console versions PlayStation, Xbox were not affected, and that it is a...

Discord scammers go CryptoBatz phishing

It’s not been a great couple of weeks for people looking to get in on NFTs. Missing apes, rug-pulls, it’s all go in non-fungible token land. The latest mishap has come to light, in the shape of bad planning and the slowly shifting impermanence of link ownership. Rockstar Ozzy Osbourne announced...

Warning issued over tampered QR codes

Avid readers of the Malwarebytes Labs blog will be well aware of QR code scams. Take, for example, that QR code scam in the Netherlands that victimized at least a dozen and definitely more car owners. It went like this: Someone approaches you and says they want to pay for their parking but cant...

Microsoft is now disabling Excel 4.0 macros by default

Back in October 2021, Microsoft announced in an email to customers that it planned to disable Excel 4.0 macros by default to protect customers from malicious documents. Last week—after three decades of macro viruses, and three decades of trying to convince every single Excel user individually to...

A week in security (January 17 – 23)

Last week on Malwarebytes Labs: CISA calls for urgent action against critical threats Red Cross begs attackers to “Do the right thing” after family reunion service compromised Update now! Chrome patches critical RCE vulnerability in Safe Browsing Combatting SMS and phone fraud: UK government issu...

Segway store compromised with Magecart skimmer

In the early 2000s, the Segway company released a personal transporter that would become iconic. The Segway Human Transporter was quickly sold on Amazon and featured in a number of movies. Since 2015, Segway has been a subsidiary of Chinese-based company Ninebot and sells electric scooters under...

Microsoft is now disabling Excel 4.0 macros by default

Back in October 2021, Microsoft announced in an email sent to customers that it planned to disable Excel 4.0 macros by default to protect customers from malicious documents. Now, Microsoft says that change has happened. Good news Sometimes good news in the security world comes later than expected...

Dark Souls servers taken offline over hacking fears

There’s been trouble brewing over the weekend for players of the smash-hit Dark Souls series. PvP servers player vs player were temporarily shut down by the developers after a hack. PvP servers for Dark Souls 3, Dark Souls 2, and Dark Souls: Remastered have been temporarily deactivated to allow t...

A week in security (January 17 — 23)

Last week on Malwarebytes Labs: CISA calls for urgent action against critical threats Red Cross begs attackers to “Do the right thing” after family reunion service compromised Update now! Chrome patches critical RCE vulnerability in Safe Browsing Combatting SMS and phone fraud: UK government issu...

Data Privacy Day: Know your rights, and the right tools to stay private

Not all data privacy rights are the same. There’s the flimsy, the firm, the enforceable, and the antiquated, and, unfortunately, much of what determines the quality of your own data privacy rights is little more than your home address. Those in Chile, for example, enjoy a globally rare...

CISA calls for urgent action against critical threats

In a CISA Insights bulletin the Cybersecurity & Infrastructure Security Agency CISA warns that every organization in the United States is at risk from cyber threats that can disrupt essential services and potentially result in impacts to public safety. The warning specifically reminds readers of...

Red Cross begs attackers to “Do the right thing” after family reunion service compromised

Restoring Family Links is a program most commonly associated with The Red Cross. It’s been around since 1870, and aims to reunite lost family members, repatriate individuals, prevent folks from disappearing, and much more. You may have seen them in the news during times of disaster, war, and othe...

Update now! Chrome patches critical RCE vulnerability in Safe Browsing

Google has issued an update for the Chrome browser which includes 26 security fixes. What stands out is that one of these fixes is rated as "critical". The critical vulnerability is a use after free bug in the Safe Browsing feature. The Stable channel has been updated to 97.0.4692.99 for Windows,...

Combatting SMS and phone fraud: UK government issues guidance

The UK’s National Cyber Secuity Centre NCSC has published a guide to help make your organizations SMS and telephone messages effective and trustworthy. SMS and telephone calls represent an extremely effective means of mass communication. As such they are essential tools for most organizations,...

Open Subtitles breach: The dangers of password reuse

Popular website Open Subtitles has been breached. The impact so far: almost seven million accounts “breached and ransomed” back in August. New breach: Open Subtitles had almost 7M accounts breached and ransomed in Aug. Data included email and IP addresses, usernames and unsalted MD5 password...

Steer clear of gift card balance scams

Rogue ads are a problem-causing menace which can strike in many ways. Malvertising often uses a combination of exploits to drop malware. Phishing campaigns get the job done with social engineering and bogus websites. This particular incident is an example of the latter, and a good reminder to be...

Browsers on iOS, iPadOS and Mac leak your browsing activity and personal identifiers

Researchers at FingerprintJS, a Chicago-based firm that specializes in online fraud prevention, have published a software bug introduced in Safari 15’s implementation of the IndexedDB API that lets any website track your internet activity and may even reveal your identity. They found that in Safa...

Mac users, update now! “Powerdir” flaw could allow attackers to spy on you

If you have been forgoing updating your Mac, this article might make you think twice. The Microsoft 365 Defender Research Team has discovered a vulnerability in macOS, which allows malicious apps to successfully bypass a users privacy preferences. This means attackers could access personal data...

Campaign launched to delay social media end-to-end encryption

The many issues surrounding end-to-end encryption E2EE are ever-present. They usually spring up when something that could potentially affect the safety of those who are vulnerable comes to light. Back in November, Meta announced it had delayed plans to roll out E2EE on its Facebook and Instagram...

Cybercriminals’ friend VPNLab.net shut down by law enforcement

Europol has announced that law enforcement has seized or disrupted the 15 servers that hosted VPNLab.net’s service, rendering it no longer available. Led by the Central Criminal Office of the Hannover Police Department in Germany, the coordinated operation took place in Germany itself, the...

Why we don’t patch, with Jess Dodson: Lock and Code S03E02

In 2017, the largest ransomware attack ever recorded hit the world, infecting more than 230,000 computers across more than 150 countries in just 24 hours. And it could have been solved with a patch that was released nearly two months prior. This was the WannaCry ransomware attack, and its final,...

Nintendo warns of imitation websites and suspicious hardware

Brave indeed is the soul who decides to take on Nintendo with scam-filled behaviour online. The console legends have a long history of crunching down on fraud, as well as gaming past-times some would consider to be harmless. Whether you create fan-made games, offer up plundered ROMs for use in...

Infamous dark net carding site UniCC to close

UniCC, the largest site on the dark web that sells credit card and debit card information, will close up shop for good, taking its affiliate site, LuxSocks, with it, too. According to Elliptic, a company that offers risk solutions for cryptoassets, the unknown UniCC administrators have made an...

REvil ransomware gang busted by Russian Federal Security Service

Eight members of the REvil ransomware group have been arrested in Russia and will be pressed with criminal charges. Russias intelligence bureau, the FSB, announced on Friday that it had conducted an operation together with the Interior Ministry in Moscow, St. Petersburg, and the regions of Moscow...

A week in security (January 10 – 16)

Last week on Malwarebytes Labs: Ransomware cyberattack forces New Mexico jail to lock down Some Android users can disable 2G now and why that is a good thing Phishers on the prowl with fake parking meter QR codes Update now: Microsoft patches 97 bugs including 6 zero-days and a wormable one...

Ransomware cyberattack forces New Mexico jail to lock down

Five days after the new year, the Metropolitan Detention Center MDC in Bernalillo County, New Mexico suddenly went on lockdown. The reason? A ransomware cyberattack has knocked the jails internet connection offline, rendering most of their data systems, security cameras, and automatic doors...

Some Android users can disable 2G now and why that is a good thing

The Electronic Frontier Foundation EFF has happily informed people that Google has quietly pushed a new feature to its Android operating system allowing users to optionally disable 2G at the modem level in their phones. This is beneficial because 2G uses weak encryption between the tower and devi...

Phishers on the prowl with fake parking meter QR codes

QR codes come and go as a threat. The last time we wrote about them they were causing problems at gas stations, and by sheer chance this latest outing shares vehicular related subject matter. Law enforcement in the US is sounding the alarm regarding parking meters. A quick refresher QR Quick...

[updated] You can update now: Microsoft patches 97 bugs including 6 zero-days and a wormable one

How time flies sometimes. Microsoft yesterday released the first patch Tuesday security updates of the year 2022. The update includes fixes for six zero-day vulnerabilities and a total of 97 bugs. This includes two Remote Code Execution RCE vulnerabilities affecting open source libraries. None of...

Software engineer hacked webcams to spy on girls—Here’s how to protect yourself

A 32 year-old software engineer has been sentenced to two years and two months in prison for remotely accessing chat logs, photos, videos, and webcams of his female victims. For nine years, between 2010 to 2019, Robert Davies used malware to infiltrate his targets devices and access their data...

FIFA 22 phishers tackle customer support with social engineering

Players of smash hit gaming title FIFA 22 have become the target of a wave of attacks focused on account compromise. Up to 50 “high profile” accounts were hijacked by what may have been the same group. FIFA games are, traditionally, a big draw for scammers and phishers. Many sports titles offer...

Ransomware targets Edge users

Unless youve been hiding under a rock for the last twenty years, youve probably heard the one about "keeping your software up to date". Applying software updates promptly is arguably the single most useful thing you can do to keep yourself secure online, and vendors, experts, pundits, and blogs...

Intimate photo hacker spared from jail, said he “liked the detective work”

Michael Grime, a British games programmer, has escaped jail after using stolen credentials to access several womens personal email accounts and social media accounts in order to steal their private and intimate photos. Grime was caught by the National Crime Agency NCA as part of an operation...

The Facebook Pixel Hunt aims to unravel Facebook’s tracking methods. Will you join?

Browser developer Mozilla has announced a research project to provide insights into, and data about, a space that’s opaque to policymakers, researchers and users themselves. Tracking the trackers is the name of the game. Give up some of your data voluntarily to stop the involuntary collection by...

How to share your Wi-Fi password safely

You may not have as many people visiting your home due to the pandemic, but restrictions are a hit-and-miss affair. Its possible your region has opened up a little, and youre seeing folks in your home for the first time in a long time. They may well be bringing new devices to your home, and you m...

Night Sky: the new corporate ransomware demanding a sky high ransom

Theres a new ransomware in town—isnt there always?—and its, unsurprisingly, after corporation-sized businesses. Its called Night Sky, and it was first spotted and revealed by MalwareHunterTeam, a group on Twitter who hunts malware online, on the first day of 2022. First day of the year, and a new...

Attackers are mailing USB sticks to drop ransomware on victims’ computers

Physical objects as security threats are in the news at the moment. The oft-touched upon tale of rogue USB sticks is a common one. Being wary of random devices found on the floor, or handed out at events is a smart move. You simply don’t know what’s lurking, and it’s hard to find out safely witho...

A week in security (January 3 – 9)

Last week on Malwarebytes Labs: Ransomware attacks Finalsite, renders 8,000 school sites unreachable for days Patchwork APT caught in its own web Sophisticated phishing scheme spent years robbing authors of their unpublished work Google and Facebook fined $240 million for making cookies hard to...

Ransomware attacks Finalsite, renders 8,000 school sites unreachable for days

Finalsite, a popular platform for creating school websites, appears to have recovered significant functionality after being attacked by a still-unknown ransomware on Tuesday, January 4, 2022. At least 8,000 schools are said to have been affected by the resulting outage. An important message from...

Patchwork APT caught in its own web

Patchwork is an Indian threat actor that has been active since December 2015 and usually targets Pakistan via spear phishing attacks. In its most recent campaign from late November to early December 2021, Patchwork has used malicious RTF files to drop a variant of the BADNEWS Ragnatela Remote...

Sophisticated phishing scheme spent years robbing authors of their unpublished work

Three years ago on Quora, someone asked what writers do to keep their manuscripts from being stolen. One of the top answers reads as follows: You’re joking, right? It’s hard enough to get people to read your novel once it’s out on Amazon, much less reading it before it’s finished…unless you’re...

Google and Facebook fined $240 million for making cookies hard to refuse

French privacy watchdog, the Commission Nationale de lInformatique et des Libertés CNIL, has hit Google with a 150 million euro fine and Facebook with a 60 million euro fine, because their websites—google.fr, youtube.com, and facebook.com—dont make refusing cookies as easy as accepting them. The...

New iPhone malware spies via camera when device appears off

When removing malware from an iOS device, it is said that users need to restart the device to clear the malware from memory. That is no longer the case. Security researchers from ZecOps have created a new proof-of-concept PoC iPhone Trojan capable of doing "fun" things. Not only can it fake a...