Crypto-scams you should be steering clear of in 2021

A fair few cryptocurrency scams have been doing the rounds across 2021. Most of them are similar if not identical to tactics used in previous years with an occasional twist. Here’s some of the most visible ones you should be steering clear of. Recovery code theft Many Bitcoin wallets make use of...

VPN Test: How to check if your VPN is working or not

The primary function of a Virtual Private Network VPN is to enhance your online privacy and security. It should do this without slowing your Internet too noticeably. Performing a VPN test or two can help you ensure that its up to the mark. VPN privacy test Your Internet Service Provider ISP assig...

Cyberbullying 101: A Primer for kids, teens, and parents

At some point in our lives, we have likely either been bullied, stood back and watched others bullying, or participated in the act. Playing the role of offender, offended, and by-stander has become easier, thanks to the Internet and the technologies that make it possible to keep up connected. In...

Microsoft’s PrintNightmare continues, shrugs off Patch Tuesday fixes

I doubt if there has ever been a more appropriate nickname for a vulnerable service than PrintNightmare. There must be a whole host of people in Redmond having nightmares about the Windows Print Spooler service by now. PrintNightmare is the name of a set of vulnerabilities that allow a standard...

Twitter says it out loud: Removing anonymity will not stop online abuse

An investigation by Twitter into racist tweets levied against three Black players on the English football team following the national hopefuls’ loss against Italy last month revealed that anonymity played almost no role in whether users posted abusive comments from their accounts. The analysis,...

If a QR code leads you to a Bitcoin ATM at a gas station, it’s a scam

Rogue QR code antics have been back in the news recently. They’re not exactly a mainstay of fakery, but they do tend to enjoy small waves of popularity as events shaped by the real world remind everyone they still exist. The most notable example where this is concerned is of course the pandemic...

Thief pulls off colossal, $600m crypto-robbery …and gives the money back

The largest crypto-robbery in history is rapidly turning into the most bizarre as well. Lets start at the beginning… In an apparent scream for mercy, 21 hours ago the Poly Network Team reached out via Twitter to “hackers” that had managed to transfer roughly $600 million in digital tokens out of...

PrintNightmare and RDP RCE among major issues tackled by Patch Tuesday

The sheer number of patches 44 security vulnerabilities should be enough to scare us, but unfortunately we have gotten used to those numbers. In fact, 44 is a low number compared to what we have seen on recent Patch Tuesdays. So what are the most notable vulnerabilities that were patched. One...

Check your passwords! Synology NAS devices under attack from StealthWorker

Synology PSIRT Product Security Incident Response Team has put out a warning that it has recently seen and received reports about an increase in brute-force attacks against Synology devices. PSIRT suspects the botnet commonly known as StealthWorker is responsible for this increase in activity...

Ransomware turncoat leaks Conti data, lifts the lid on the ransomware business

Last week, The Record broke the news that a self-described "pen tester" for the infamous Conti ransomware gang, who goes by the handle m1Geelka, had leaked manuals, technical guides, and software on the underground forum XSS. According to the screenshot of m1Geelkas original forum post—and...

Home routers are being hijacked using vulnerability disclosed just 2 days ago

The early bird catches the worm. Unless the worm was early enough to hide. On August 3, 2021 a vulnerability that was discovered by Tenable was made public. Only two days later, on August 5, Juniper Threat Labs identified some attack patterns that attempted to exploit this vulnerability in the...

A week in security (August 2 – August 8)

Last week on Malwarebytes Labs: RDP brute force attacks explained The 3 biggest threats reaching for your antivirus software’s off switch Zoom and gloom? Video comms org agrees to settle for $85m COVID-19 vaccine appointment system attacked in Italy Chrome casts away the padlock - is it good...

Apple’s search for child abuse imagery raises serious privacy questions

The Internet has been on fire since the August 4 discovery disclosed publicly by Mathew Green that Apple will be monitoring photos uploaded to iCloud for child sexual abuse material CSAM. Some see this as a great move by Apple that will protect children. Others view this as a potentially dangerou...

Edge’s Super Duper Secure Mode benchmarked: How much speed would you trade for security?

In an attempt to make Edge more secure, the Microsoft Vulnerability Research team has started to experiment with disabling Just-In-Time JIT compilation in the browsers V8 JavaScript engine, to create what its calling Super Duper Secure Mode. The reasoning behind this experiment sounds valid. A...

Amazon will pay you $10 for your palm prints. Should you be worried?

Retail giant Amazon recently offered to pay $10 USD for your palm prints. Would you offer them your hand? Many seem to home in and seethe over the price being too little for something as priceless and unique as their palm print, not realizing that when it does come to registering biometric data i...

What is Tor?

Tor, The Onion Router Tor The Onion Router is free software used to keep your online communications safe and secure from outside observers. It’s designed to block tracking and eavesdropping, resist fingerprinting where services tie your browser and device information to an identity, and to hide t...

NSA issues advice for securing wireless devices

By releasing an information sheet that provides guidance on securing wireless devices while in public pdf—for National Security System, Department of Defense, and Defense Industrial Base teleworkers—the NSA has provided useful information on malicious techniques used by cyber actors, and ways to...

Chrome casts away the padlock—is it good riddance or farewell?

It’s been an interesting journey for security messaging where browsers are concerned. Back in the day, many of the websites you’d visit on a daily basis weren’t secure. By secure, I mean that they didnt use HTTPS. There was no padlock, which meant that the traffic between you and the website wasn...

COVID-19 vaccine appointment system attacked in Italy

In another cyberattack on a healthcare system, threat-actors have tried to throw a wrench into the ongoing COVID-19 vaccine roll-out in the region of Lazio, Italy. The large and densely populated region is the countrys second most populous and includes the countrys capital, Rome. On Sunday the...

Zoom and gloom? Video comms org agrees to settle for $85m

Zoom has agreed to an $85m settlement regarding privacy, zoom-bombing, and data sharing. The class action privacy lawsuit filed in the US against the embattled company wasn’t particularly impressed with the following: Zoom-bombing running wild in video sessions. Zoom-bombing, the practice of...

The 3 biggest threats reaching for your antivirus software’s off switch

Having antivirus AV software on your computer is a staple. Modern antivirus offers layered protection—a cybersecurity approach that uses multiple techniques in one package to keep you safe if you download a malicious file from the Internet, find yourself worrying after clicking a link on a direct...

RDP brute force attacks explained

While you read these words, the chances are that somebody, somewhere, is trying to break in to your computer by guessing your password. If your computer is connected to the Internet it can be found, quickly, and if it can be found, somebody will try to break in. And it isnt like the movies. The...

A week in security (July 26 – August 1)

Last week on Malwarebytes Labs: OSX.XLoader hides little except its main purpose: What we learned in the installation process. The Clubhouse database “breach” is likely a non-breach. Here’s why. Kaseya Unitrends has unpatched vulnerabilities that could help attackers expand a breach. UDP Technolo...

Disaster planning with Lesley Carhart, and the slim chance of a critical infrastructure “big one”: Lock and Code S02E14

The 2021 attacks on two water treatment facilities in the US—combined with ransomware attacks on an oil and gas supplier and a meat and poultry distributor—could lead most people to believe that a critical infrastructure “big one” is coming. But, as Lesley Carhart, principal threat hunter with...

LemonDuck no longer settles for breadcrumbs

LemonDuck has evolved from a Monero cryptominer into LemonCat, a Trojan that specializes in backdoor installation, credential and data theft, and malware delivery, according to the Microsoft 365 Defender Threat Intelligence Team, which explained their findings in a two-part story 12 on the...

Spear-phishing now targets employees outside the finance and executive teams, report says

Social engineering attacks have been a longstanding concern for both individuals and organizations alike. The trend, as we know it, is that fraudsters conducting spear phishing attacks—specifically, business email compromise BEC—are likely to target employees either in the finance or executive...

Microsoft provides more mitigation instructions for the PetitPotam attack

In a revision of KnowledgeBase article KB5005413, Microsoft has provided more elaborate mitigation instructions for the PetitPotam attacks that were disclosed a week ago. PetitPotam is the name for an attack method using a bug that was found by a security researcher who also published a...

Crimea “manifesto” deploys VBA Rat using double attack vectors

This blog post was authored by Hossein Jazi. On July 21, 2021, we identified a suspicious document named "Манифест.docx" "Manifest.docx" that downloads and executes two templates: one is macro-enabled and the other is an html object that contains an Internet Explorer exploit. While both technique...

BlackMatter, a new ransomware group, claims link to DarkSide, REvil

Theres a new ransomware gang in town—and, frankly, were not at all surprised. After DarkSide disappeared—coincidentally, immediately after Colonial Pipeline gave in to the groups ransom demand of roughly $5M USD worth in Bitcoin—a new ransomware group who calls themselves BlackMatter surfaced on...

The Olympics: a timeline of scams, hacks, and malware

The 2020 Olympics are, after a bit of a delayed start, officially in full swing. So too is the possibility for scammers to crawl out of the woodwork. And while actual, measurable cyberrattacks and hacks surrounding The Olympics did not truly get rolling until 2008 in Beijing, The Olympic games ha...

UDP Technology IP Camera firmware vulnerabilities allow for attacker to achieve root

Researchers at RandoriSec have found serious vulnerabilities in the firmware provided by UDP Technology to Geutebrück and many other IP camera vendors. According to the researchers the firmware supplier UDP Technology fails to respond to their reports despite numerous mails and LinkedIn messages...

Kaseya Unitrends has unpatched vulnerabilities that could help attackers expand a breach

It must not be easy to work at Kaseya right now. While they are working as hard as they can to help customers, and customers of their customers, recover from the REvil ransomware attack at the beginning of July, a new vulnerability in their software has been disclosed. As a sidenote, Kaseya...

The Clubhouse database “breach” is likely a non-breach. Here’s why.

Before the work week ended last week Friday, a security researcher found a leak of what is claimed to be full phone numbers of users of Clubhouse, the new social media app everyone is talking about and just recently came out of beta. Clubhouse is an audio-only social media platform where, unlike...

OSX.XLoader hides little except its main purpose: What we learned in the installation process

Last week, Check Point Research described a new Mac variant of malware they call XLoader. It was identified as being the successor of something called Formbook, a very prevalent threat in the Windows world. According to Check Point, the Mac version of the malware is being "rented" as part of a...

A week in security (July 19 – July 25)

Last week on Malwarebytes Labs: Stopransomwaredotgov, a one-stop hub for ransomware resources Beware, crypto-scammer seeks foreigner with BLOCK CHAIN ACCOUNT Remcos RAT delivered via Visual Basic US, EU, UK, NATO blame China for “reckless” exchange attacks HiveNightmare zero-day lets anyone be...

AvosLocker enters the ransomware scene, asks for partners

This blog post was authored by Hasherezade In mid-July we responded to an incident that involved an attack on a Microsoft Exchange server. The threat actor used this entry point to get into a Domain Controller and then leveraged it as a springboard to deploy ransomware. While examining the...

CNA legal filings lift the curtain on a Phoenix CryptoLocker ransomware attack

Two months after fully restoring its systems, CNA Financial, the leading US insurance company that was attacked by a group using Phoenix CryptoLocker ransomware, issued a legal notice of an information security incident to the Consumer Protection Bureau in New Hampshire. You may recall that Phoen...

Busted! Fraud-as-a-Service gang that sold 2FA-proof phishing arrested

The Dutch police announced that they arrested two Dutch citizens, aged 24 and 15, for developing and selling phishing panels. The police also searched the house of another suspect, an 18 year old who was not arrested. The people behind this illegal business called themselves the Fraud Family and...

5 years for swatter who caused a man’s death for a Twitter handle

Doxing or doxxing is in the news again, for an absolutely shocking story that ended with a mans death caused by a swatting attack. If you dont know what doxxing or swatting are, don’t worry. We’ll explain it all. The doxing 101 Doxing someone is a technique going back to the 90s. Back then,...

Millions of Windows machines affected by ancient printer vulnerability

A very serious security flaw in immensely popular printer drivers has been disclosed and it could affect many millions of Windows systems. The printer driver was issued by HP, but it’s also in use by Samsung and Xerox. All the affected printers are laser printers. The most surprising about this...

Pegasus spyware has been here for years. We must stop ignoring it

On July 18, a group of 17 newspaper and media organizations—aided by Amnesty International’s Security Lab and the research group Citizen Lab—revealed that one of the world’s most advanced and viciously invasive spyware tools had been used to hack, or attempt to hack, into 37 mobile phones owned b...

The life and death of the ZeuS Trojan

Whether youve read up on Greek mythology or youre simply a big fan of Marvel comics, the name "Zeus" should be familiar to you. In the context of cybercrime though, ZeuS aka the Zbot Trojan is a once-prolific malware that could easily be described as one of a handful of information stealers ahead...

ID theft ghouls targeting Surfside victims is appalling, but no surprise

We’ve written at length about account compromise and identity theft, and how criminals will often hijack accounts belonging to dead people. In many ways, it’s the perfect crime for anyone indulging in social engineering. The amount of abandoned accounts due to death can only ever go up, and nobod...

HiveNightmare zero-day lets anyone be SYSTEM on Windows 10 and 11

Users with low privileges can access sensitive Registry database files on Windows 10 and Windows 11, leaving them vulnerable to a local elevation of privilege vulnerability known as SeriousSAM or HiveNightmare. Doesnt sound serious? Reassured that users must already have access to the system and ...

US, EU, UK, NATO blame china for “reckless” Exchange attacks

Do you remember back when the latest urgent update was a vulnerability in Microsoft Exchange? How is that only four months ago? The trigger for the urgent advice in March was the fact that Microsoft detected multiple zero-day exploits being used to attack on-premises versions of Microsoft Exchang...

Remcos RAT delivered via Visual Basic

This blog post was authored by Erika Noerenberg Introduction Over the past months, Malwarebytes researchers have been tracking a unique malspam campaign delivering the Remcos remote access trojan RAT via financially-themed emails. Remcos is often delivered via malicious documents or archive files...

Beware, crypto-scammer seeks foreigner with BLOCK CHAIN ACCOUNT

We’ve observed a 419-style scam also known as an advance fee scam which combines the promise of cryptocurrency riches with WhatsApp conversation. The mail, which arrived with the subject "Urgent respond", begins as follows: Greetings to you my friend, My name is Haifa Kalfan, I am the Store manag...

StopRansomware.gov brings together information on stopping and surviving ransomware attacks

The US Department of Homeland Security DHS and the US Department of Justice DOJ—along with other federal partners—have launched a new website as part of the US governments fight against ransomware: StopRansomware.gov. StopRansomware.gov is said to be a one-stop hub for ransomware resources for...

A week in security (July 12 – July 18)

Last week on Malwarebytes Labs: DNS-over-HTTPS takes another small step towards global domination Nope, that isn’t Elon Musk, and he isn’t offering a free Topmist Dust watch either Four in-the-wild exploits, 13 critical patches headline bumper Patch Tuesday Is crypto’s criminal rollercoaster...

“Seven or eight” zero-days: The failed race to fix Kaseya VSA, with Victor Gevers, Lock and Code S02E13

Kaseya VSA included at least “seven or eight” privately known zero-day vulnerabilities before it suffered a widespread ransomware attack that impacted hundreds of businesses, said Victor Gevers, chair of the Dutch Institute for Vulnerability Disclosure, or DIVD, a volunteer-run organization that...