4662 matches found
Hackers take over 1.1 million accounts by trying reused passwords
The New York State Office of the Attorney General has warned 17 companies that roughly 1.1 million customers have had their user accounts compromised in credential stuffing attacks. Credential stuffing is the automated injection of stolen username and password pairs in to website login forms, in...
Intercepting 2FA: Over 1200 man-in-the-middle phishing toolkits detected
Two-factor authentication 2FA has been around for a while now and for the majority of tech users in the US and UK, it has became a security staple. Indeed, wake up calls brought about by data breaches have stirred others out of their comfort zones into finally adopting 2FA and making it part of...
Card skimmers strike Sotheby’s in Brightcove supply chain attack
Over 100 real estate websites have been compromised by the same web skimmer in a supply chain attack. So what happened? On Monday, January 3, Palo Alto said it had found a supply chain attack that used a cloud video platform to distribute skimmer campaigns. The attacker injected the skimmer’s...
Careful! Uber flaw allows anyone to send an email from uber.com
On New Years Eve, Seif Elsallamy @0x21SAFE on Twitter, a bug bounty hunter and security researcher, pointed out a phish-worthy security flaw he found on Uber’s email system. The flaw allowed anyone to send emails on behalf of Uber, meaning they would end with "@uber.com", just like the one below:...
$10m of funds goes missing in what appears to be a cryptocurrency rug-pull
There’s a lot of concern in the cryptocurrency realm at the moment. A yield farming platform "utilizing arbitrage to gain optimal yield with low risk" has gone AWOL. Site down, Twitter account deleted, no word from the team behind it explaining what happened. Worst of all, some $10 million worth ...
Customer support scammers take aim at NFT enthusiasts
Adidas has been making waves in the NFT space with a collection of footwear/bored ape crossover sales. WEN? EARLY ACCESS MINTING STARTS NOW First look of the collaborative NFT with @gmoneyNFT @punkscomic and @BoredApeYC Good luck and TracksuitUp pic.twitter.com/REYOSdRbNT -- adidas Originals...
Purple Fox rootkit now bundled with Telegram installer
The Purple Fox rootkit is being spread as an installer for the popular Telegram instant messaging app for Windows, according to researchers. Its not clear how the installer in this case was distributed, although it seems like at least some were delivered via email. Common distribution methods for...
What angered us most about cybersecurity in 2021: Lock and Code S03E01
We are just three days into 2022, which means what better time for a 2021 retrospective? But rather than looking at the biggest cyberattacks of last year—which we already did—or the most surprising—like we did a couple of years ago—we wanted to offer something different for readers and listeners...
What is IP sniffing?
IP sniffers, also known as packet sniffers, network analyzers, or protocol analyzers, are tools which play an essential role in the monitoring of networks, and in troubleshooting network-related issues. In essence, IP sniffing is monitoring traffic over a TCP/IP network. IP sniffers intercept the...
The three most significant cyberattacks of 2021
People that predict tomorrow’s weather by looking at today’s are often right. Cloudy today? Itll probably be cloudy tomorrow. The same is often true for cybersecurity threats. Looking back at 2021 it looks a lot like 2020: A lot of ransomware attacks. So, when I was asked to write about the three...
A week in security (Dec 20 – 26)
Last week on Malwarebytes Labs: When a deepfake “empire” continues to grow Everything you always wanted to know about NFTs but were too afraid to ask: Lock and Code S02E24 Police forces pipe 225 million pwned passwords into ‘Have I Been Pwned?’ Logistics giant warns of scams following ransomware...
Dridex affiliate dresses up as Scrooge
Threat actors are hoping to catch a few more victims before they leave work for the Christmas holidays. The recent malicious spam campaigns malspam we and others have observed appear to have been created by someone who wants to play Scrooge and add onto peoples already heightened state of anxiety...
FBI traces and grabs back $150 million theft that was turned into bitcoins
On December 1, 2021, the Tokyo police arrested an employee of Sony Life Insurance on suspicion of fraudulently obtaining 17 billion yen through an illegal money transfer from an overseas unit. On the same day 3,879 bitcoins, worth about $150 million, were seized by law enforcement, and on the...
Logistics giant warns of scams following ransomware attack
German logistics giant Hellmann Worldwide Logistics has issued a warning that data was stolen from the company when it was hit with a ransomware attack on December 9, 2021. It is not entirely clear what type of data was extracted, but the company says it is warning partners and customers to doubl...
Police forces pipe 225 million pwned passwords into ‘Have I Been Pwned?’
On his blog, Troy Hunt has announced a major milestone in the ‘Have I Been Pwned?’ project, thanks to the contributions of two of the worlds foremost law enforcement agencies, the FBI and the NCA the UK equivalent of the FBI, the National Crime Agency. This enormous injection of used passwords ha...
Everything you always wanted to know about NFTs (but were too afraid to ask): Lock and Code S02E24
In August, the NFT for a cartoon rock sold for $1.3 million, and ever since then, much of the world has been asking: What the heck is going on? NFTs, or non-fungible tokens, have skyrocketed in popularity this year, with the NFTs for several artworks selling for more than $2 million each; the mos...
When a deepfake “empire” continues to grow
I’ve been quite vocal on the impact of deepfakes, in terms of where the most harm takes place. Back in 2019, we looked at malign interference campaigns. I took the line that, other than revenge porn, this was where deepfakes were likely to have the most influence. Although people keep talking abo...
A week in security (Dec 13 – 19)
Last week on Malwarebytes Labs: Spear phish, whale phish, regular phish: What’s the difference? Kronos crippled by ransomware, service may be out for weeks 5 security lessons from 18 months of working from home What SMBs can do to protect against Log4Shell attacks After Log4j, December’s Patch...
Grindr fined for selling user data to advertisers
Dating network Grindr has been slapped with a US$7.7 million fine by Norwegian regulator Datatilsynet for sharing data with advertisers. Grindr—which call itself the worlds largest social networking app for gay, bi, trans, and queer people—sold data which includes GPS, IP address, age, and gender...
After Log4j, December’s Patch Tuesday has snuck up on us
For anyone about to sit back after checking their environment for the Log4j vulnerabilities and applying patches where needed, here are some more things that need patching. Microsoft In 2021’s final Patch Tuesday, Microsoft included a total of 67 fixes for security vulnerabilities. The total set ...
What SMBs can do to protect against Log4Shell attacks
As you may already know, the business, tech, and cybersecurity industries have been buzzing about Log4Shell CVE-2021-44228, aka Logjam, the latest software flaw in an earlier version of the Apache Log4j logging utility. As the name suggests, a logger is a piece of software that logs every event...
5 security lessons from 18 months of working from home
A little more than 20 months ago, many people around the world were asked or instructed to work from home to help slow the spread of COVID-19. It caused a seismic change to the way we all do business. Now, our latest research reveals how IT decision makers security concerns have been changed by...
Kronos crippled by ransomware, service may be out for weeks
Human resources platform provider UKG has put out a statement saying its fallen prey to ransomware that has disrupted the Kronos Private Cloud. It expects the service to be out for several weeks. The statement came after the company posted a message on the Kronos community message board, explaini...
Spear phish, whale phish, regular phish: What’s the difference?
There are many types of phishing attack nowadays, to the extent it can be tricky to keep up with them all. We have unique names for mobile attacks, postal attacks, threats sent via SMS and many more besides. However, we often see folks mix up their spears and their whales, and even occasionally...
A week in security (Dec 6 – 12)
Last week on Malwarebytes Labs: Log4j zero-day “Log4Shell” arrives just in time to ruin your weekend Click “OK” to defeat MFA Fake job interviews plague major game developers like Riot Games and Rockstar Has your WordPress site been backdoored by a skimmer? What is a search engine and why does...
[Update: CISA issues Log4j vulnerabilities scanner] Log4j zero-day “Log4Shell” arrives just in time to ruin your weekend
If youre running a service that relies on Apache Struts or uses the popular Apache Log4j utility we hope you havent made plans for the weekend. An exploit listed as CVE-2021-44228 was made public on December 9, 2021. The exploit is simple, easy to trigger, and can be used to perform remote code...
Click “OK” to defeat MFA
Researchers have discovered that Nobelium—the threat actor behind the infamous SolarWinds supply-chain attack, the Sunburst backdoor, TEARDROP malware, GoldMax malware, and other malicious activities—has found a way to use stolen credentials even when they require multi-factor authentication that...
Fake job interviews plague major game developers like Riot Games and Rockstar
If you’re job hunting at the moment, be on your guard. The pandemic is still around. Lots of people are in need of employment. Scammers are all too happy to string folks along with bogus employment offers, as is the case here. How have they managed to snare prospective job hunters? Riding on the...
Has your WordPress site been backdoored by a skimmer?
Skimmers and other threat actors are backdooring websites, and WordPress instances in particular, according to a recently released report. Researchers at Sucuri say attackers have developed methods to make sure that their grip on the infected site is not easily removed by applying the next update...
What is a search engine and why does anyone care which one you use?
An attempt at a simple definition: a search engine is a software system that allows users to find content on the Internet based on their input. The introduction of the major search engines brought about huge changes in the way we use the Internet. There is a wealth of knowledge available for thos...
Vulnerability in Windows 10 URI handler leads to remote code execution
Researchers at Positive Security have discovered a drive-by remote code-execution RCE bug in Windows 10. The vulnerability can be triggered by an argument injection in the Windows 10 default handler for ms-officecmd: URIs. It is likely that this vulnerability also exists in Windows 11. What’s...
Was threat actor KAX17 de-anonymizing the Tor network?
A mysterious threat actor has run thousands of malicious servers in entry, middle, and exit positions of the Tor network. Tracked as KAX17, the threat actor ran at its peak more than 900 malicious servers part of the Tor network, which typically tends to hover around a daily total of up to...
Is your web browser vulnerable to data theft? XS-Leak explained
In recent news, IT security researchers from Ruhr-Universität Bochum RUB and the Niederrhein University of Applied Sciences have disclosed 14 new cross-site leak also known as XSLeak or XS-Leak attacks that can affects modern browsers, such as Google Chrome, Microsoft Edge, Mozilla Firefox, and...
Microsoft disrupts China-based hacking group Nickel
Microsoft has taken control of 42 web domains that a hacking group was using to try to breach its targets. On December 2, the Microsoft Digital Crimes Unit DCU filed pleadings with the US District Court for the Eastern District of Virginia seeking authority to take control of the sites that it...
How to check for Windows updates and install them
Keeping Windows up to date is an important part of warding off malware, exploits, and other attacks. If you’re not running the latest version of your OS, it can give cybercriminals the leverage they need to compromise your system. Unfortunately not all machines are running automatic updates by...
Why Macs are the best, according to Mac expert Thomas Reed: Lock and Code S02E23
In the year 2021, the war for computer superiority has a clear winner, and it is the Macintosh, by Apple. The companys Pro model laptops are finally, belatedly equipped with ports that have been standard in other computers for years. The companys beleaguered "butterfly" keyboard has seemingly bee...
NSO Group spyware found on iPhones of US State Department employees
iPhones of at least nine US State Department employees are said to have been hacked using the Pegasus spyware developed by the Israeli technology company, NSO Group. Pegasus is a proprietary and sophisticated spyware capable of the remote surveillance of smartphones. The employees targeted by an...
A week in security (Nov 29 – Dec 5)
Last week on Malwarebytes Labs: CronRAT targets Linux servers with e-commerce attacks Hackers all over the world are targeting Tasmania’s emergency services Massive faceprint scraping company Clearview AI hauled over the coals Most people aren’t upgrading to Windows 11: Not the end of the world...
Emotet’s back and it isn’t wasting any time
Emotet is one of the best known, and most dangerous, malware threats of the past several years. On several occasions it appeared to take an early retirement, but it has always came back. In January of this year, a global police operation dismantled Emotets botnet. Law enforcement then used their...
Attacker unmasked by VPN flubs charged with Ubiquiti hack
A veritable barn-stormer of an insider threat story has recently come to light. A former employee of Ubiquiti Networks, Nickolas Sharp, has been arrested and charged for allegedly hacking company servers, stealing gigabytes of information, and then rounding it all off with a splash of extortion...
Emotet being spread via malicious Windows App Installer packages
As reported by Cryptolaemus on Twitter, and demonstrated step by step by BleepingComputer, Emotet is now being distributed through malicious Windows App Installer packages that pretend to be Adobe PDF software. How does the attack work? To understand what Microsoft is supposed to do about this...
SideCopy APT: Connecting lures to victims, payloads to infrastructure
This blog post was authored by Hossein Jazi and the Threat Intelligence Team. Last week, Facebook announced that back in August it had taken action against a Pakistani APT group known as SideCopy. Facebook describes how the threat actors used romantic lures to compromise targets in Afghanistan. I...
Capcom Arcade Stadium’s record player numbers blamed on card mining
Some of my favourite retro video games are making waves on Steam, but not in the way you might think. Classics such as Strider, Ghosts n’ Goblins, and more are all available as content for Capcom Arcade Stadium. This is an emulator which lets you play 31 arcade games from the 80s/90s. The games...
Here’s what data the FBI can get from WhatsApp, iMessage, Signal, Telegram, and more
Not every secure messaging app is as safe as it would like us to think. And some are safer than others. A recently disclosed FBI training document shows how much access to the content of encrypted messages from secure messaging services US law enforcement can gain and what they can learn about yo...
Have you downloaded that Android malware from the Play Store lately?
This post has been updated to include the Malwarebytes detection for these Android apps. Security researchers have discovered banking Trojan apps on the Google Play Store, and say they have been downloaded by more than 300,000 Android users. As you may know, banking Trojans are kitted for stealin...
Most people aren’t upgrading to Windows 11: Not the end of the world
Windows 11 is experiencing an apparent lack of uptake among Windows users. If this survey is accurate, less than 1% of 10 million PCs surveyed are running the new operating system. In fact, more machines are using Windows XP. That may surprise you. It might even seem like a bit of an embarrassing...
Massive faceprint scraping company Clearview AI hauled over the coals
Life must be hard for companies that try to make a living by invading people’s privacy. You almost feel sorry for them. Except I dont. The UK’s Information Commissioner’s Office ICO—an independent body set up to uphold information rights—has announced its provisional intent to impose a potential...
Hackers all over the world are targeting Tasmania’s emergency services
Emergency services—under which the police, fire, and emergency medical services departments fall—is an infrastructure vital to any country or state. But when those services come under threat from either physical or cyber entities, it’s as good as putting the lives of citizens at risk as well...
CronRAT targets Linux servers with e-commerce attacks
There’s an interesting find over at the Sansec blog, wrapping time and date manipulation up with a very smart RAT attack. The file, named CronRAT, isn’t an e-commerce attack compromising payment terminals in physical stores. Rather, it looks to swipe payment details by going after vulnerable web...
A week in security (Nov 22 – Nov 28)
Last week on Malwarebytes Labs How to defend your website against card skimmers Security researchers play peek-a-boo with Conti ransomware server Windows 10 chills out, gives sysadmins a break Please dont buy this! 3 gift card scams to watch out for this Black Friday Millions of GoDaddy customer...