4662 matches found
US offers huge reward in fight against state-sponsored cybercriminals
The US Department of State has announced that its Rewards for Justice RFJ program is now offering: …up to $10 million for information leading to the identification or location of any person who, while acting at the direction or under the control of a foreign government, participates in malicious...
Does using a VPN slow down your Internet?
A Virtual Private Network VPN can stop others from snooping on or tampering with your Internet traffic. It does this by concealing your traffic inside an encrypted tunnel between you and your VPN provider. And because your traffic appears to join the the Internet from your VPN providers computer...
What is scareware?
Scareware is a type of rogue program which has been around for many years, arguably dating back to 1990. It can be installed without permission, or via deception and false promises. Scareware is primarily used to panic or worry someone into performing a task they otherwise wouldn’t have done. The...
SonicWall warns users of “imminent ransomware campaign”
This post has been updated with a statement from SonicWall below SonicWall has issued an urgent security notice warning users of unpatched End-Of-Life EOL SRA & SMA 8.X remote access devices that they have been made aware of an imminent ransomware campaign using stolen credentials. The exploitati...
Ransomware’s Russia problem
This blog post was written in collaboration with members of the Threat Intelligence Team. Last week, US news outlet NBC News caused a stir with an article proclaiming that the REvil ransomware used in the recent, colossal Kaseya supply-chain attack was "written to avoid computers that use Russian...
Is crypto’s criminal rollercoaster approaching a terminal dip?
It’s a turbulent time in the cryptomining realm, especially for malware authors. Some big attacks and a lot of publicity has resulted in prolific groups promising to disband, even if potentially only temporarily. Running a tighter ship The mining banhammer continues to swing as China keeps puttin...
Four in-the-wild exploits, 13 critical patches headline bumper Patch Tuesday
The list of July 2021 Patch Tuesday updates looks endless. 117 patches with no less than 42 CVEs assigned to them that have FAQs, mitigations details or workarounds listed for them. Looking at the urgency levels Microsoft has assigned to them, system administrators have their work cut out for the...
Nope, that isn’t Elon Musk, and he isn’t offering a free Topmist Dust watch either
Elon Musk is an incredibly popular target for scammers and spammers on social media. Attach his name to something he has no involvement in and watch it fly. Verified accounts on Twitter continue to be favourites for account compromise / fake Elon scams. Those often turn out to be Bitcoin related...
DNS-over-HTTPS takes another small step towards global domination
Firefox recently announced that it will be rolling out DNS-over-HTTPS or DoH soon to one percent of its Canadian users as part of its partnership with CIRA the Canadian Internet Registration Authority, the Ontario-based organization responsible for managing the .ca top-level domain for Canada and...
A week in security (July 5 – July 11)
Last week on Malwarebytes Labs: Racing against a real-life ransomware attack. Podcast with Ski Kacoroski. Kaseya CEO: “The impact of this incredibly sophisticated attack is very minimal” Patch now! Emergency fix for PrintNightmare released by Microsoft. Game over: Apex Legends players locked out ...
How to send an anonymous email
Sometimes readers ask us how to send an anonymous email or how criminals and scammers manage to send anonymous emails. Since this is not an easy question to answer, because, for starters, there are several ways to interpret the question, I’ll try to give you some information here. Interpret the...
Judge drops hammer, dishes 7 years slammer for BEC and romance scammer
A Texas resident has finally paid the price for a heady mix of malicious mail antics. A combination of business email compromise BEC scams and romance fakeouts bagged them $2.2 million across roughly 6 years. This is quite a divergent portfolio of scamming activity. You may typically assume BEC...
How one word can disable an iPhone’s WiFi functionality
A researcher has found a way to disable the WiFi functionality on iPhones by getting them to join a WiFi hotspot with a weird name. This shouldnt be happening. The first thing you learn in coding school when it comes to input which is literally any data a device has to do something with is to...
Malspam banks on Kaseya ransomware attack
The Malwarebytes Threat Intelligence Team recently found a malicious spam campaign making the rounds and banking on the ransomware attack that forced Kaseya to shut down its VSA service. This is a classic example of an opportunistic attack conducted by potentially another threat actor/group off t...
Kaseya update delayed for security reasons
Software vendor Kaseya has been caught in the chaos of a supply-chain compromise by the REvil ransomware gang since Friday. Around 40 managed service providers MSPs that rely on Kaseya VSA software to administer customers IT—and up to 1,500 of their customers—have been stricken with the ransomwar...
3 things the Kaseya attack can teach us about ransomware recovery
Only rarely do companies allow us a look inside their organization while they are recovering from a ransomware attack. Many find it more convenient to keep a low profile or to be secretive. A positive exception to this is found in the Dutch managed service provider MSP VelzArt, one of the many...
Game over: Apex Legends players locked out by protest message
Messages placed directly in or around games is a common hack technique. It can be used for trolling, phishing, scams, or anything else the message-placer can think of. Messages can also be placed in games for the purposes of advertising but thats a tale for a different day. Recently, players of...
UPDATED: Patch now! Emergency fix for PrintNightmare released by Microsoft
Last week we wrote about PrintNightmare, a vulnerability that was supposed to be patched but wasnt. After Junes Patch Tuesday, researchers found that the patch did not work in every case, most notably on modern domain controllers. Yesterday, Microsoft issued a set of out-of-band patches that sets...
Kaseya CEO: “The impact of this incredibly sophisticated attack is very minimal”
The official YouTube channel of Kaseya, the latest organization attacked by no less than the criminals behind REvil ransomware, released a video of Fred Voccola, Kaseyas CEO, giving a first-hand account of what happened during the attack, the facts on affected customers, and the next steps theyre...
Racing against a real-life ransomware attack, with Ski Kacoroski: Lock and Code S02E12
At 11:37 pm on the night of September 20, 2019, cybercriminals launched a ransomware attack against Northshore School District in Washington state. Early the next morning, Northshore systems administrator Ski Kacoroski arrived on scene. As Kacoroski soon found out, he and his team were on a race...
A week in security (June 28 – July 4)
Last week on Malwarebytes Labs: Is it Game Over for VR Advergaming? Lil’ skimmer, the Magecart impersonator What is the WireGuard VPN protocol? Binance receives the ban hammer from UK’s FCA Fired by algorithm: The future’s here and it’s a robot wearing a white collar Second colossal Linkedin...
UPDATED: Kaseya hijacked, thousands attacked by REvil, fix delayed again
Malwarebytes does not use Kaseya products. Malwarebytes detects the REvil ransomware used in this attack as Sodinokibi. Latest updates July 7, 8:30 am, Kaseya VSA SaaS platform still offline, not updated as planned July 6, 3:40 pm, malspam using fake Kaseya security update July 6, 3:15 am,...
Beware password-spraying fancy bears
The NSA, FBI, and CISA, in cooperation with the UKs National Cyber Security Centre NCSC, have issued a report that describes in detail why, and how, they think that a Russian military unit is behind large-scale brute-force attacks on the cloud-IT resources of government and private sector compani...
Microsoft exec reveals “routine” secrecy orders from government investigators
Microsoft executive Tom Burt told Congressional lawmakers Wednesday that Federal law enforcement agencies send “routine” secret orders for customer information from the Seattle-based company, numbering anywhere from 2,400 to 3,500 such requests a year. “While the recent news about secret...
SMS authentication code includes ad: a very bad idea
SMS authentication codes are back in the news, and the word Id use to summarise their reappearance is "embattled." I can still remember a time where two-factor authentication 2FA, authentication grids, regional lockouts, Yubikeys, and offline authentication apps simply did not exist. And if they...
PrintNightmare 0-day can be used to take over Windows domain controllers
In a rush to be the first to publish a proof-of-concept PoC, researchers have published a write-up and a demo exploit to demonstrate a vulnerability that has been dubbed PrintNightmare. Only to find out they had alerted the world to a new 0-day vulnerability by accident. What happened? In June,...
Police seize DoubleVPN data, servers, and domain
A coordinated effort between global law enforcement agencies—led by the Dutch National Police—shut down a VPN service that was advertised on cybercrime forums. The VPN company promised users the ability to double- and triple-encrypt their web traffic to obscure their location and identity. The...
Babuk ransomware builder leaked following muddled “retirement”
In the last days of April 2021, the operators of Babuk ransomware announced they were going to focus on demanding a ransom for information stolen from compromised networks, leaving the encryption part of their operation behind. It meant that they no longer needed ransomware at all. “Babuk changes...
Second colossal LinkedIn “breach” in 3 months, almost all users affected
LinkedIn has reportedly been breached—again—following reports of a massive sale of information scraped from 500M LinkedIn user profiles in the underground in May. According to Privacy Shark, the VPN company who first reported on this incident, a seller called TomLiner showed them he was in...
Fired by algorithm: The future’s here and it’s a robot wearing a white collar
Black Mirror meets 1984. Imagine that your employer uses a bot to keep track of your “production level.” And when this bot finds that you are an under-performer it fires off a contract-termination mail. Does this sound like the world you live in? Unfortunately, for some people it is. The case...
Binance receives the ban hammer from UK’s FCA
Binance, the worlds largest and most popular cryptocurrency exchange network, has had a rough few days. First, Japans financial regulator, the Financial Services Agency FSA, issued its second warning to Binance on Friday, 25 June, for operating in the country without permission The first warning...
What is the WireGuard VPN protocol?
In layman’s terms, a VPN uses encryption to create a private online connection between a device and a VPN server. With a good VPN service, you can shield your data from curious eyes. A VPN protocol is the set of rules that shapes how your data travels between your computer, mobile phone, tablet, ...
Lil’ skimmer, the Magecart impersonator
This blog post was authored by Jérôme Segura A very common practice among criminals consists of mimicking legitimate infrastructure when registering new domain names. This is very true for Magecart threat actors who love to impersonate Google, jQuery and many other popular brands. In this post we...
Is it game over for VR advergaming?
We’ve been warning about advergaming—the combination of virtual reality VR and ads—for years on the Labs Blog. I’ve given a few talks on the subject too, and how ad networks will slowly work their way into enclosed spaces formerly reserved for your head. They still might, but thanks to a recent...
A week in security (June 21 – June 27)
Last week on Malwarebytes Labs: Want to stop ransomware attacks? Send the cybercriminals to jail, says Brian Honan: Lock and Code S02E11 Atomic research institute breached via VPN vulnerability Hotel staff bust Hermes SMS scammer with suspiciously large number of cables City of Liège hit by...
Complicated Active Directory setups are undermining security
Security researchers and technical architects from SpecterOps have found that almost every Active Directory installation they have looked at over the last decade has had some kind of misconfiguration issue. And misconfigurations can lead to security issues, such as privilege escalation methods. T...
Brave takes aim at Google with privacy-first search engine
The privacy-forward web browser Brave launched its new search engine in beta on Wednesday, promising a more private experience that does not track user searches, build user profiles, or require the use of an external, pre-existing search index to deliver results. Clear from the company’s early...
MITRE introduces D3FEND framework
The US National Security Agency NSA has announced it will fund the development of a knowledge base of defensive countermeasures for the most common techniques used by malicious threat actors. The project will be made available through MITRE and will be called D3FEND as it complements MITRE’s...
City of Liège hit by ransomware, Ryuk suspected
Liège, the third largest city in Belgium, and a major educational hub, has been hit by a ransomware attack, disrupting its IT services and network. The municipality of Lieges official website, which was translated from the French. According to its official website pictures above: The City of Lièg...
Hotel staff bust Hermes SMS scammer with suspiciously large number of cables
If you’re in the UK, you’ve likely received a fake delivery SMS at this point. The original big driver for this over the pandemic was a non-stop wave of Royal Mail phishing scams. As that article mentions, most if not all of our interactions with organisations is done by mobile. I receive medical...
Atomic research institute breached via VPN vulnerability
Remember when we told you to patch your VPNs already? I hate to say "I told you so", but I informed you thusly. According to South Korean officials a North Korean cyber-espionage group managed to infiltrate the network of South Koreas state-run nuclear research institute last month. The crime: ti...
A week in security (June 14 – June 20)
Last week on Malwarebytes Labs: How to delete your Instagram account. Working from home? You’re probably being spied on. Another one bites the dust: Avaddon ransomware group shuts down operation. Patch now! Apple fixes in-the-wild iPhone vulnerabilities. Windows 10 to retire in four years or 52...
Want to stop ransomware attacks? Send the cybercriminals to jail, says Brian Honan: Lock and Code S02E11
Ransomware attacks are on a different scale this year, with major attacks not just dismantling the business and management of Colonial Pipeline in the US, the Health Service Executive in Ireland, and the meatpacker JBS in Australia, but also disrupting peoples access to gasoline, healthcare,...
Two Google plans that could make open source code more secure
Recently Google announced that it will fund the further development of Rust. Rust is a low-level programming language that is designed to be more memory secure than other popular programming languages, such as C. Google has also proposed an end-to-end framework for supply chain integrity which it...
Polazert Trojan using poisoned Google Search results to spread
Trojan.Polazert aka SolarMarker has gone back and fine-tuned an old tactic known as SEO-poisoning to plant their Remote Access Trojan RAT on as many systems as possible. This RAT runs in memory and is used by attackers to install additional malware on affected systems. Trojan.Polazert...
The 6 best Chrome extensions for privacy and security
While searching for security- and privacy-improving extensions, users may end up installing an extension that is counterproductive to their goals. To help our readers I have compiled a list of Chrome extensions that can actually help you improve your online privacy and security. Our regular reade...
Clop stopped? Ransomware gang loses Tesla and other treasures in police raid
Ukrainian law enforcement officials announced Wednesday that they had arrested several individuals involved in criminal activity committed by the Clop ransomware gang, a cybercriminal gang that helped popularize the “double extortion” model of not only threatening to encrypt a victim’s files, but...
Jail for consultant who scraped colossal trove of Alibaba customer data
A billion data points, including the usernames and mobile phone numbers of customers have been siphoned off Alibaba websites by a web crawler. The information has reached us about a week after a court ruling in the case. The court ruling A central Chinese court has ruled that an employee of a...
Twitter takes aim at the chaos, clutter and trolls with new feature concepts
Twitter is potentially looking to add some new features to combat specific forms of abuse and / or aggravation on the platform. They’re still at the design stage, but they’re asking for feedback and it seems this will happen down the line. With that in mind, let’s take a look at what they’re up t...
Windows 10 to retire in four years (or 52 Patch Tuesdays, in sysadmin years)
Microsoft will terminate support for Windows 10 Home and Pro on 14 October 2025, a decade after the original Windows 10 was brought to market. Although some may claim that a Microsoft document has been "quietly edited" over the weekend to reflect this "sudden change", this reveal isnt new. In fac...