ICO challenges adtech to step up privacy protection

The UK Information Commissioners Office ICO wants the advertising industry to come up with new initiatives that address the risks of adtech, and take account of data protection requirements from the outset. The ICO is an independent body set up to uphold information rights. The technology that is...

Google’s Threat Horizons report: Will the straightforward approach get results?

Google’s Cybersecurity Action Team has released a Threat Horizons report focusing on cloud security. It’s taken some criticism for being surprisingly straightforward and less complex than you may expect. On the other hand, many businesses simply don’t understand many of the threats at large...

Improving security for mobile devices: CISA issues guides

The Cybersecurity and Infrastructure Security Agency CISA has released two actionable Capacity Enhancement Guides CEGs to help users and organizations improve mobile device cybersecurity. Consumers One of the guides is intended for consumers. There are an estimated 294 million smart phone users i...

New law will issue bans, fines for using default passwords on smart devices

The idea of connecting your entire home to the internet was once a mind-blowing concept. Thanks to smart devices, that concept is now a reality. However, this technological advancement aimed at making our lives more convenient—not to mention very cool and futuristic!—has also opened a wide door f...

Beware card skimmers this Black Friday

The UKs top cybercops are urging owners of small online shops to "protect their customers and profits" by guarding against card skimmers in the frenetic shopping period that starts with Black Friday, which lands on November 26 this year. The warning comes from the National Cyber Security Centre...

“Free Steam games” videos promise much, deliver malware

Gamers are a hot target for scammers, especially in the run up to Christmas. Major games are released throughout the last few months of any year, and the FOMO fear of missing out is strong. Especially if said titles offer pre-order exclusive bonuses, or deals and discounts for a few weeks after t...

Windows Installer vulnerability becomes actively exploited zero-day

Sometimes the ways in which malicious code gets in the hands of cybercriminals is frustrating for those in the industry, and incomprehensible to those on the outside. A quick summary of the events in the history of this exploit: A researcher found a flaw in Windows Installer that would allow an...

What is facial recognition?

Facebook recently announced it would give up on its facial recognition system. Facebook, or Meta, was using software to automatically identify people in images posted to its social network. Since facial recognition has become an increasingly toxic concept in many circles and Facebook was having...

Password usage analysis of brute force attacks on honeypot servers

As Microsoft’s Head of Deception, Ross Bevington is responsible for setting up and maintaining honeypots that look like legitimate systems and servers. Honeypot systems are designed to pose as an attractive target for attackers. Sometimes they are left vulnerable to create a controllable and safe...

Millions of GoDaddy customer data compromised in breach

Domain name registrar giant and hosting provider GoDaddy yesterday disclosed to the Securities and Exchange Commission SEC that it had suffered a security breach. In the notice, it explained it had been compromised via an "unauthorized third-party access to our Managed WordPress hosting...

Please don’t buy this! 3 gift card scams to watch out for this holiday season

With the holiday season around the corner, we thought it was a good time to look at the dangers that come with gift cards. Gift cards can be an easy win in cases where you don’t know the receiver well enough to decide on a fitting gift, or when their wishes are out of your price range. But there...

Windows 10 chills out, gives sysadmins a break

A few short weeks ago, Microsoft launched the very latest version of its desktop operating system OS, Windows 11. In security terms, Windows 11 is very much Windows 10 with knobs on. Or what Spinal Taps Nigel Tufnel might describe as Windows 10 turned up to 11. Unlike Tufnels description of his...

Security researchers play peek-a-boo with Conti ransomware server

It’s not been a great time for ransomware authors recently. Well, some ransomware authors at any rate. While many are making huge amounts of money from their device-locking antics, its not a profession without risk. Every so often something can and does go wrong, and ransomware groups get into al...

How to defend your website against card skimmers

Black Friday and the holiday season are approaching, and shoppers are forecast to spend record amounts again this year. Retail websites big and small can expect a lot of interest from shoppers looking for deals, and a lot of interest from cybercriminals looking to cash in on those shoppers, by...

The Internet is not safe enough for women, and Sue Krautbauer has some ideas about why: Lock and Code S02E22

Decades ago, the promise of the Internet was clear: No one, depending on their age, gender, race, income, or place of birth, would be unwelcome from expressing their thoughts and ideas. Today, that promise has been largely unfulfilled. As Malwarebytes discovered earlier this year, the Internet is...

A week in security (Nov 15 – Nov 21)

Last week on Malwarebytes Labs Instagram’s memorialize feature abused to memorialize…Instagram’s boss Evasive manoeuvres: HTML smuggling explained FBI server hijacked to send up to 100,000 bogus attack mails New Mac malware raises more questions about Apple’s security patching SharkBot Android...

Malwarebytes CrackMe – contest summary

On October 29 we published our third CrackMe Challenge and announced two parallel tracks for the contest: "The fastest solve" , and "The best write-up". In the first category "The fastest solve" , we got three winners already the first weekend following publication. Big congratulations to: @nazyw...

Patch now! FatPipe VPN zero-day actively exploited

According to its marketing team, a FatPipe MPVPN can make your VPN "900% more secure." Well, I dont know about that, but I do know a way to make your MPVPN admin console 100% more secure, and that you should do so right away, by installing the latest version of its software. Why? Because older...

Phishers target TikTok influencers with verification promises and copyright threats

Influencers on TikTok are feeling the pinch of scams and phishing thanks to targeted campaigns hungry for fresh logins. The phishing campaigns make use of much older tactics seen across multiple platforms down the years. It’s a one-two combo of “Do this quickly, or else something bad will happen”...

Update now! Netgear vulnerability patched

Netgear has released a fix for a vulnerability on several of their product models. The affected product models include extenders, routers, air cards, and modems. The vulnerability was discovered by researchers at GRIMM, but prior to the planned disclosure date, Netgear released a patch that fixed...

Bogus JS libraries become sustained ransomware threat for Roblox gamers

If your kids play Roblox, you may wish to warn them of ransomware perils snapping at their heels. A very smart, and determined attack has been taking place for a little while now. Although initially dismissed as a form of prank, the developers under fire now disagree. Whether prank or malicious...

Fake ransomware warnings hit WordPress sites: How to stay safe

A ransomware warning has appeared out of nowhere and started taking over WordPress sites. The warning, with its black background and red writing, says: “SITE ENCRYPTED Countdown FOR RESTORE SEND 0.1 BITCOIN: address redacted create file on site /unlock.txt with transaction key inside” But theres...

TrickBot helps Emotet come back from the dead

Probably one of the best known threats for the past several years, Emotet has always been under intense scrutiny from the infosec community. On several occasions, it appeared to take an early retirement, but then again it came back. However, when multiple law enforcement agencies seized control o...

When renting a hitman online goes horribly wrong

You might think looking up an illegal act online, and then visiting a website claiming to be all about doing said act, would be a huge mistake. Nobody would do this, right? Right? Its too wild to contemplate. You can barely move online for warnings about tracking or tracing. Even your web browser...

SoNot SoSafe: Android malware disguises itself as secure messaging app

If you haven’t heard of SoSafe Chat, you will now. This Android app, purported as a secure messaging application that uses end-to-end encryption, is the latest ruse cybercriminals put upon smartphone users, particularly those based in India, to infect their devices with GravityRAT, a piece of...

SharkBot Android banking Trojan cleans users out

Researchers have discovered and analyzed a new Android banking Trojan that allows attackers to steal sensitive banking information such as user credentials, personal information, current balance, and even to perform gestures on the infected device. According to the researchers, SharkBot...

New Mac malware raises more questions about Apple’s security patching

Apples reputation on security has been taking a beating lately. As mentioned in some of our previous coverage, security researcher Joshua Long recently shone a light on problems with Apples security patching strategy. His findings showed a shocking number of cases where Apple patched a...

FBI server hijacked to send up to 100,000 bogus attack mails

If you received a scary missive from what appears to be from the FBI over the last few days, youre not alone. The emails, which may have reached as many as 100,000 people, blamed a fictitious cyberattack on an innocent party. The mail read as follows: Our intelligence monitoring indicates...

Evasive maneuvers: HTML smuggling explained

Microsoft Threat Intelligence Center MSTIC last week disclosed “a highly evasive malware delivery technique that leverages legitimate HTML5 and JavaScript features” that it calls HTML smuggling. HTML smuggling has been used in targeted, spear-phishing email campaigns that deliver banking Trojans...

Instagram’s memorialize feature abused to memorialize…Instagram’s boss

The mechanisms for memorialising the social network accounts of people who’ve died haven’t really suffered a lot of scrutiny up until now. I’ve done a fair amount of research on the processes and perils we face in the digitally deceased age. Traditionally, the biggest issues in this space tended ...

A week in security (Nov 8 – Nov 14)

Last week on Malwarebytes Labs Multiple video games break after domain name snafu How to remove adware on an Android phone Smart TV adverts put a wrinkle in your programming Are cybercriminals turning away from the US and targeting Europe instead? Patch now! Microsoft plugs actively exploited...

A multi-stage PowerShell based attack targets Kazakhstan

This blog post was authored by Hossein Jazi. On November 10 we identified a multi-stage PowerShell attack using a document lure impersonating the Kazakh Ministry of Health Care, leading us to believe it targets Kazakhstan. A threat actor under the user name of DangerSklif perhaps in reference to...

The importance of backing up

What does backing up something mean? Backing up is the act of making a copy or copies of a file. These files are stored somewhere other than where the originals are located. You may only need to back up a few files, or it might be a much bigger effort. Requirements may differ greatly depending on...

Could Apple’s new MacBooks signal a change in direction on security?

Apple recently announced a new line of completely overhauled MacBook Pros. Much has been written about their new design, new chips, new displays, new keyboards etc, but I thought I detected something else that might be new about these MacBooks too: A new approach. The updated laptops may be the...

Murder-for-hire, money laundering, and more: How organised criminals work online

Europol has released an extensive report into serious and organized crime, including how these groups use the internet to aid in their criminal behaviour. Europol is the European Union’s EU law enforcement agency and it assists the EU Member States in their fight against serious international cri...

Playstation 5 hacked—twice!

Over the weekend, hackers revealed that the Playstation 5 PS5, Sony’s latest darling, has been broken into—not just once but twice. Fail0verflow, the hacking group notorious for breaking Playstation consoles, and Andy "TheFlow" Nguyen, a security engineer at Google and widely known in the...

[updated] Patch now! Microsoft plugs actively exploited zero-days and other updates

On what might seem a relatively calm Patch Tuesday with 55 vulnerabilities being patched, the fact that six of them were rated “Critical” and two of them actively exploited spoils the Zen factor somewhat. Publicly disclosed computer security flaws are listed in the Common Vulnerabilities and...

Are cybercriminals turning away from the US and targeting Europe instead?

Significant cyberattacks against critical targets in Europe have doubled in the past year, according to EU figures obtained by CNN. And with the announced pressure from the US against major ransomware gangs we can expect these figures to go up even more. Its also clear from recent attacks that th...

Smart TV adverts put a wrinkle in your programming

Smart TVs are back in the news due to the potential pitfalls of embedded advertising. It may come as a surprise to some, but these devices aren’t particularly new. As far back as 2013, security researchers were already exploring the issues related to internet connected televisions in a home...

How to remove adware on an Android phone

It shouldn’t be surprising that Android devices are the targets of threats like adware and other Potentially Unwanted Programs PUPs. After all, there are millions of apps on the Google Play Store, servicing billions of monthly active users globally. And, as we have noted with Mac virus trends,...

Multiple video games break after domain name snafu

We’ve seen quite a few complaints from gamers this past weekend, unable to load up and play games on the Steam platform. The problem wasn’t hackers, or DDoS attacks, or anything else. Rather, the issue is something bundled with the game by default designed to keep titles “secure” from tampering...

Why we fail at getting the cybersecurity basics right, with Jess Dodson: Lock and Code S02E21

The cybersecurity basics should be just that—basic. Easy to do, agreed-upon, and adopted at a near 100 percent rate by companies and organizations everywhere, right? Youd hope. But the reality is that basic cybersecurity blunders continue to affect businesses of all sizes, which has led to...

A week in security (Nov 1 – Nov 7)

Last week on Malwarebytes Labs Celebrity jewelry house Graff falls victim to ransomware Lessons from a real-life ransomware attack Is Apples Safari browser the last, best hope for web privacy? What is Twitch? Google patches zero-day vulnerability, and others, in Android Zuckerbergs Metaverse, and...

Wanted! US offers $10m bounty for ransomware kingpins

The US State Department is offering a massive $10 million reward if you can help bring DarkSide to justice. The U.S. Department of State announces a reward offer of up to $10,000,000 for information leading to the identification or location of any individuals who holds a key leadership position i...

CISA sets two week window for patching serious vulnerabilities

The Cybersecurity and Infrastructure Security Agency CISA has issued binding directive 22-01 titled Reducing the Significant Risk of Known Exploited Vulnerabilities. This directive applies to all software and hardware found on federal information systems managed on agency premises or hosted by...

Credit card skimmer evades Virtual Machines

This blog post was authored by Jérôme Segura There are many techniques threat actors use to slow down analysis or, even better, evade detection. Perhaps the most popular method is to detect virtual machines commonly used by security researchers and sandboxing solutions. Reverse engineers are...

Update now! Mozilla fixes security vulnerabilities in Firefox 94

In a security advisory, Mozillas announced that several security issues in its Firefox browser have been fixed. Several of these vulnerabilities were listed as having a high impact. Publicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures CVE database. Its...

Trojan Source: Hiding malicious code in plain sight

Researchers at the University of Cambridge, UK, have released details of a cunning and insidious new class of software vulnerability that allows attackers to hide code in plain sight, within the source code of computer programs. The techniques demonstrated by the researchers could be used to pois...

BlackMatter ransomware group announces shutdown. But for how long?

The BlackMatter ransomware gang has announced they are going to shut down their operation, citing pressure from local authorities. And pressure there is. Only two weeks ago, we wrote about a warning that the Federal Bureau of Investigation FBI, the Cybersecurity and Infrastructure Security Agency...

This Steam phish baits you with free Discord Nitro

Weeks ago, we talked about the one effective lure that could get a Discord user to consider clicking on a scam link they were generously given, either by a random user or a legitimate contact who also happened to have fallen for the same ploy: free Discord Nitro subscriptions. And similar to how...