Apple releases emergency update: Patch, but don’t panic

Spyware developed by the company NSO Group is back in the news today after Apple released an emergency fix for iPhones, iPads, Macs, and Apple Watches. The update fixes a vulnerability silently exploited by software called Pegasus, which is often used in high-level surveillance campaigns by...

The many tentacles of Magecart Group 8

This blog post was authored by Jérôme Segura During the past couple of years online shopping has continued to increase at a rapid pace. In a recent survey done by Qubit, 70.7% of shoppers said they increased their online shopping frequency compared to before COVID-19. Criminals gravitate towards...

Why backups aren’t a “silver bullet” against ransomware, with Matt Crape: Lock and Code S02E17

A recent spate of ransomware attacks in the US and abroad have derailed major corporations, spurring a fuel shortage on the US East Coast, shuttering grocery stores in Sweden, and sending students home from grade schools. The solution, so many cybersecurity experts say, is to implement backups,...

A week in security (Sept 6 – Sept 12)

Last week on Malwarebytes Labs Apple delays plans to search devices for child abuse imagery. ProtonMail hands user’s IP address and device info to police, showing the limits of private email. Patch now! Netgear fixes serious smart switch vulnerabilities. Tor vs VPN—What is the difference? Windows...

That’s the way the cookie banner crumbles?

Elizabeth Denham, current head of the Information Commissioner’s Office ICO, the UK’s data protection watchdog and the organization tasked to ensure that businesses comply with the country’s strict data protection laws, is said to have met with her counterparts in the G7 nations on Tuesday to...

Facebook puts on Ray-Bans, struts into the privacy minefield of smart glasses

Facebook, neck-deep in virtual / augmented reality with the Oculus headset, continues to move things up a gear. Its announced “Ray-Ban stories”, smart glasses which take video and photos. The company may yet go one step further and incorporate these features into Augmented Reality AR specs which ...

Gamers beware: The risks of Real Money Trading (RMT) explained

Any game with an online component can be at risk from a practice known as Real Money Trading RMT, where in-game items, artefacts, characters and the like are sold for real money. It’s a big problem for developers, especially in competitive and / or massively multiplayer online role-playing game...

500,000 Fortinet VPN credentials exposed: Turn off, patch, reset passwords

A threat actor has leaked a list of almost 500,000 Fortinet VPN credentials, stolen from 87,000 vulnerable FortiGate SSL-VPN devices. The breach list provides raw access to organizations in 74 countries, including the USA, India, Taiwan, Italy, France, and Israel, with almost 3,000 US entities...

Sextortion on the rise, warns FBI

The pandemic saw a surge in sextortion cases in 2020. Fast forward 12 months, and the numbers continue to rise significantly. This revelation came from the FBI Internet Crime Complaint Center IC3. Until 31 July 2021, it had received over 16,000 sextortion complaints, with victims losing a combine...

[updated] Windows MSHTML zero-day actively exploited, mitigations required

Several researchers have independently reported a 0-day remote code execution vulnerability in MSHTML to Microsoft. The reason it was reported by several researchers probably lies in the fact that a limited number of attacks using this vulnerability have been identified, as per Microsoft’s securi...

Tor vs VPN—What is the difference?

Our data is a precious commodity and there are plenty of people who would like to get their hands on it, from spouses and marketing teams to crooks and state-sponsored spies. Because of that, tools like Tor and Virtual Private Networks VPNs are growing in popularity. But while both tools can...

Patch now! Netgear fixes serious smart switch vulnerabilities

In a security advisory, NetGear has announced it has fixed three vulnerabilities in firmware updates for several network devices. Most of the affected products are smart switches, some of them with cloud management capabilities that allow for configuring and monitoring them over the web. One of t...

ProtonMail hands user’s IP address and device info to police, showing the limits of private email

They say there’s two sides to every story. Depending on your point of view, you may have heard a recent story thats either about overreaching law enforcement and protestors exposed by organisations happy to hand over revealing data despite saying they wont. Or: BREAKING: legitimate business...

Apple delays plans to search devices for child abuse imagery

After the uproar from users and privacy advocates about Apple’s controversial plans to scan users devices for photos and messages containing child abuse and exploitation media, the company has decided to put the brakes on the plan. If you may recall, Apple announced in early August that it would...

A week in security (August 30 – September 5)

Last week on Malwarebytes Labs ProxyToken: another nail-biter from Microsoft Exchange Macs turn on apps signed by Symantec, treat them as malware Google Play sign-ins can be abused to track another person’s movements FTC bans SpyFone and its CEO from continuing to sell stalkerware BrakTooth...

FBI warns of ransomware threat to food and agriculture

The FBI has issued a Private Industry Notification PIN about cybercriminal actors targeting the food and agriculture sector with ransomware attacks. Farms are literally the first step in one of the most important, if not the most important, supply chain in our economy: The food supply chain. As...

Watch what you send on anonymous SMS websites

Its a good idea to try and keep certain things private. For example, people have been using anonymous email services for years. These either hide your real email address, or replace it entirely for specific tasks. Folks will go one step further, setting aliases for each service they sign up to. I...

WhatsApp hit with €225 million fine for GDPR violations

WhatsApp was hit with a €225 million fine for violating the General Data Protection Regulation GDPR, the European Union’s sweeping data protection law that has been in effect for more than three years. The fine represents the highest ever penalty levied by the Irish Data Protection Commission,...

Vulnerable WordPress plugin leaves online shoppers vulnerable

The most popular web content management system CMS is WordPress, which is used by more than 30% of all websites. By extension, the most popular ecommerce platform in the world is WooCommerce, a plugin that turns a WordPress website into an online shop. In fact, WooCommerce is so popular that it...

BrakTooth Bluetooth vulnerabilities, crash all the devices!

Security researchers have revealed details about a set of 16 vulnerabilities that impact the Bluetooth software stack that ships with System-on-Chip SoC boards from several popular vendors. The same group of researchers disclosed the SweynTooth vulnerabilities in February 2020. They decided to du...

FTC bans SpyFone and its CEO from continuing to sell stalkerware

Nearly two years after the US Federal Trade Commission first took aim against mobile apps that can non-consensually track people’s locations and pry into their emails, photos, and videos, the government agency placed restrictions Wednesday on the developers of SpyFone—which the FTC called a...

Google Play sign-ins can be abused to track another person’s movements

Even people that have been involved in cybersecurity for over 20 years make mistakes. I’m not sure whether that is a comforting thought for anyone or whether everyone should be worried now. But it is what it is and I make it a habit of owning my mistakes. So here goes. With the aid of Google I wa...

Macs turn on apps signed by Symantec, treat them as malware

On August 23, following an update to Apples security systems on macOS, some Mac users began to see security alerts about some of their apps, claiming that they "will damage your computer," and offering users the option to "report malware to Apple." This has led to much confusion online, and to an...

ProxyToken: Another nail-biter from Microsoft Exchange

Had I known this season of Microsoft Exchange was going to be so long Id have binge watched. Does anyone know how many episodes there are? Sarcasm aside, while ProxyToken may seem like yet another episode of 2021s longest running show, that doesn’t make it any less serious, or any less...

A week in security (August 23 – August 29)

Last week on Malwarebytes Labs: Patch now! Microsoft Exchange is being attacked via ProxyShell Realtek-based routers, smart devices are being gobbled up by a voracious botnet Criminals exploited weak checks and old tech to pull off vast COVID benefit fraud Mice “taking over the world!”, one Windo...

Hackers, tractors, and a few delayed actors. How hacker Sick Codes learned too much about John Deere: Lock and Code S02E16

No one ever wants a group of hackers to say about their company: "We had the keys to the kingdom." But thats exactly what the hacker Sick Codes said on this weeks episode of Lock and Code, in speaking with host David Ruiz, when talking about his and fellow hackers efforts to peer into John Deeres...

Microsoft warns about phishing campaign using open redirects

The Microsoft 365 Defender Threat Intelligence Team posted an article stating that they have been tracking a widespread credential phishing campaign using open redirector links. Open redirects have been part of the phisher’s arsenal for a long time and it is a proven method to trick victims into...

How to stay secure from ransomware attacks this Labor Day weekend

Labor Day weekend is just around the corner and, believe it or not, cybercriminals are likely just as excited as you are! Ransomware gangs have nurtured a nasty habit of starting their attacks at the least convenient times: When computers are idle, when employees who might notice a problem are ou...

Latest iPhone exploit, FORCEDENTRY, used to launch Pegasus attack against Bahraini activists

Researchers from Citizen Lab, an academic research and development lab based in the University of Toronto in Canada, has recently discovered that an exploit affecting iMessage is being used to target Bahraini activists with the Pegasus spyware. The Bahrain government and groups linked to them—suc...

US government and private sector agree to invest time, money in cybersecurity

In the wake of several high-profile ransomware attacks against critical infrastructure and major organizations in the last few months, President Biden met with private sector and education leaders to discuss a whole-of-nation effort needed to address cybersecurity threats and bolster the nation’s...

Cold wallet, hot wallet, or empty wallet? What is the safest way to store cryptocurrency?

In August of 2021, a thief stole about $600 million in cryptocurrencies from The Poly Network. They ended up giving it back, but not because they were forced to. Slightly more than one week later, Japanese cryptocurrency exchange Liquid was hacked and lost $97 million worth of digital coins. Thes...

The best browsers for privacy and security

Unfortunately there is a low correlation factor between what most people find the best browsers and what are the best browsers when it comes to privacy and security. If you look at the market share of the most popular browsers, there is one browser that steals the crown without a lot of...

Mice “taking over the world!”, one Windows machine at a time

Famously, Pinky and the Brain were a pair of animated mice that wanted to take over the world. Of course they never succeed, but maybe they just set their sights too high. Because while mice may not be taking over the world yet, they are taking over computers. In the last week, security researche...

Criminals exploited weak checks and old tech to pull off vast COVID benefit fraud

In life, when you encounter something momentuous—a sudden job loss, a routine check-up that revealed an illness you cant afford the medical bills for—you can be assured that the federal or state government has benefits you can apply for it. And where there are benefits, you can also be assured th...

Realtek-based routers, smart devices are being gobbled up by a voracious botnet

A few weeks ago we blogged about a vulnerability in home routers that was weaponized by the Mirai botnet just two days after disclosure. Mirai hoovers up vulnerable Internet of Things IoT devices and adds them to its network of zombie devices, which can then be used to launch huge Distributed...

Patch now! Microsoft Exchange is being attacked via ProxyShell

Last Saturday the Cybersecurity and Infrastructure Security Agency issued an urgent warning that threat actors are actively exploiting three Microsoft Exchange vulnerabilities—CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207. These vulnerabilities can be chained together to remotely execute...

A week in security (August 16 – August 22)

Last week on Malwarebytes Labs: Podcast: Katie Moussouris hacked Clubhouse. Her emails went unanswered for weeks. How to troubleshoot hardware problems that look like malware problems. Analysts “strongly believe” the Russian state colludes with ransomware gangs. macOS 11’s hidden security...

New variant of Konni malware used in campaign targetting Russia

This blog post was authored by Hossein Jazi In late July 2021, we identified an ongoing spear phishing campaign pushing Konni Rat to target Russia. Konni was first observed in the wild in 2014 and has been potentially linked to the North Korean APT group named APT37. We discovered two documents...

Largest DDoS attack ever reported gets hoovered up by Cloudflare

On the Cloudflare blog, the American web infrastructure behemoth that provides content delivery network CDN and DDoS mitigation services reports that it detected and mitigated a 17.2 million request-per-second rps DDoS attack. To put that number in perspective. The company reports that this is...

Cisco Small Business routers vulnerable to remote attacks, won’t get a patch

In a security advisory, Cisco has informed users that a vulnerability in the Universal Plug-and-Play UPnP service of Cisco Small Business RV110W, RV130, RV130W, and RV215W routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart...

T-Mobile customers, change your PINs

At the end of last week, T-Mobile was investigating reports of a “massive” customer data breach. A hacker claimed to stolen 100 million people’s data from T-Mobile’s servers, which included everything from names and driver licences to addresses and social security numbers. Its now confirmed...

Beware of COVID Pass scams

You’ve likely seen fake parcel delivery texts in the news recently, and we’ve covered a few of these ourselves. SMS missives claim a package is waiting to be delivered, and a small processing fee is required. There is no package; it’s a ruse to have people hand over their credit card details. It’...

Cars and hospital equipment running Blackberry QNX may be affected by BadAlloc vulnerability

Following an announcement by Blackberry the U.S. Food & Drug Administration FDA and the Cybersecurity & Infrastructure Security Agency CISA have put out alerts that vulnerabilities found in the Blackberry QNX real-time operating system RTOS may introduce risks for certain medical devices...

How to spot a DocuSign phish and what to do about it

Phishing scammers love well known brand names, because people trust them, and their email designs are easy to rip off. And the brands phishers like most are the ones youre expecting to hear from, or wouldnt be surprised to hear from, like Amazon or DHL. Now you can add DocuSign to that list...

macOS 11’s hidden security improvements

A deep dive into macOS 11s internals reveals some security surprises that deserve to be more widely known. Contents 1. Introduction 1. Disclaimers 2. macOS 11s better known security improvements 1. Secret messages revealed? 3. CPU security mitigation APIs 1. The NOSMT mitigation 2. The TECS...

Analysts “strongly believe” the Russian state colludes with ransomware gangs

"We have the smoke, the smell of gunpowder and a bullet casing. But we do not have the gun to link the activity to the Kremlin." This is what Jon DiMaggio, Chief Security Stretegist for Analyst1, said in an interview with CBS News following the release of its latest whitepaper, entitled "Nation...

Katie Moussouris hacked Clubhouse. Her emails went unanswered for weeks: Lock and Code S02E15

Nearly one year after the exclusive app Clubhouse launched on the iOS store, its popularity skyrocketed. The app, which is now out of beta, lets users drop into spontaneous audio conversations that, once they are over, are over. With COVID lockdown procedures separating many people around the wor...

How to troubleshoot hardware problems that look like malware problems

Sometimes it’s hard to figure out what exactly is going wrong with your computer. What do you do if you’ve run all the scans, checked all the files, and everything says the PC is malware free? Here’s a list of common problems that resemble cybersecurity issues, but could be caused by something...

A week in security (August 9 – August 15)

Last week on Malwarebytes Labs: Home routers are being hijacked using a vulnerability disclosed just 2 before Ransomware turncoat leaks Conti data, lifts the lid on the ransomware business Check your passwords! Synology NAS devices are under attack from StealthWorker PrintNightmare and RDP RCE...

Phishing campaign goes old school, dusts off Morse code

In an extensive report about a phishing campaign, the Microsoft 365 Defender Threat Intelligence Team describes a number of encoding techniques that were deployed by the phishers. And one of them was Morse code. While Morse code may seem like ancient communication technology to some, it does have...