4662 matches found
Patch now! Apple fixes in-the-wild iPhone vulnerabilities
Apple has fixed two vulnerabilities in Safaris WebKit component, announcing it is aware of a report that they may have been actively exploited. Both vulnerabilities could be abused by maliciously crafted web content that could lead to arbitrary code execution: In other words, the bugs let rogue...
Another one bites the dust: Avaddon ransomware group shuts down operation
Are you seeing some pattern here? In what could be a called "shocking news" on Friday, BleepingComputer revealed that the gang behind the Avaddon ransomware shut down its operations after releasing more than 2,000 decryption keys to the technology news site. BleepingComputer claimed they received...
Working from home? You’re probably being spied on
One year ago, as countless employees settled into new routines for working from home WFH, a Reddit user shared a video online of a strange contraption: A wire coat hanger bent out of shape, one side gripping an external USB mouse, the other side latched onto an oscillating fan. As the fan swished...
How to delete your Instagram account
Although sharing your day’s highlights in snapshots and videos on Instagram can be entertaining, some people claim to feel happier after deleting their accounts. Consuming media tailor-made to make other peoples lifestyles appear alluring can be addictive for some and induce anxiety in others. No...
A week in security (June 7 – June 13)
Last week on Malwarebytes Labs: Amazon SIdewalk starts sharing your WiFi data tomorrow, thanks White hat, black hat, grey hat hackers: what’s the difference? Can two VPN “wrongs” make a right? Lock and Code S02E10 DOJ recovers pipeline ransom, signals more aggressive approach to cybercrime 800...
How to deactivate or delete your Facebook account
People worldwide use Facebook to connect with friends and family, and to engage in pointless debates with strangers over moderately amusing cat videos. But while some feel that the social media platform is an essential part of life, others find the data scandals and privacy issues disconcerting...
Cloud vs on premises: 3 reasons the Cloud is winning
Thanks to the vast rollout of COVID-19 vaccines to millions of people in the US and Europe, some of us are finally seeing some semblance of a return to normalcy. And organizations, who have experienced first-hand the struggle to stay afloat during months of struggle, are expecting to transition...
How a Resident Evil image leaked in a ransomware attack ended up in the middle of $12m copyright claim
Back in November, gaming giant Capcom suffered a ransomware attack. In its press notification, it mentioned the various types of data potentially grabbed by their attackers. Things took an ominous turn when they refused to pay the ransom, and the group behind the attack said that was the wrong...
Russia accused of hacking Dutch police during MH17 investigation
Journalists at the Dutch newspaper "De Volkskrant" have reported that the countrys intelligence service, AIVD, discovered in 2017 that Russian hackers had broken into Dutch police systems. The De Volkskrant report is based on knowledge from anonymous sources. The reason behind this act of espiona...
How to clear cookies
Until the information age, cookies were only known as a tasty but unhealthy snack that some people enjoyed, and others avoided. HTTP cookies, also known as computer, browser, or Internet cookies, are similarly divisive. Although some people like the more personalized browsing experience created b...
Microsoft fixes seven zero-days, including two PuzzleMaker targets, Google fixes serious Android flaw
This patch Tuesday harvest was another big one. The Windows updates alone included seven zero-day vulnerability updates, two of them are actively being used in the wild by a group called PuzzleMaker, four others that have also been seen in the wild, plus one other zero-day vulnerability not known...
TrickBot indictment reveals the scale and complexity of organized cybercrime
Back in 2016, we saw the emergence of a botnet mainstay called TrickBot. Initially observed by our Labs team spreading via malvertising campaigns, it quickly became a major problem for businesses everywhere. Whether spread by malvertising or email spam, the end result was the same. Data...
800 arrests after police dupe crime groups into using backdoored phones
An international operation that monitored an encrypted device company under control of the Federal Bureau of Investigation FBI and the Australian Federal Police AFP has led to a massive, coordinated string by law enforcement in several countries. The setup Law enforcement agencies around the worl...
DOJ recovers pipeline ransom, signals more aggressive approach to cybercrime
The US Department of Justice announced Monday that it recovered much of the ransomware payment that Colonial Pipeline paid to free itself from the attack that derailed the oil and gas supplier’s operations for several days last month. The seizure of 63.7 of the initial 75 paid bitcoins represente...
Can two VPN “wrongs” make a right? Lock and Code S02E10
This week on Lock and Code, were presenting you something a little different. Were telling you a story—with no guest interview included—that involves the use of VPNs. In 2016, a mid-20s man began an intense, prolonged harassment campaign against his new roommate. He emailed her from spoofed email...
White hat, black hat, grey hat hackers: What’s the difference?
When you think of the world of ethical hackers white hat, malicious hackers black hat, and hackers that flirt with both sides grey hat, you may envision people in shiny trench coats and dark glasses, whose computer skills are only matched by their prowess in martial arts. The truth is that hacker...
Amazon Sidewalk starts sharing your WiFi tomorrow, thanks
Amazon smart device owners only have until June 8 to opt out of a new program that will group their Echo speakers and Ring doorbells into a shared wireless network with their neighbors, a new feature that the shopping giant claims will provide better stability for smart devices during initial set...
A week in security (May 31 – June 6)
Last week on Malwarebytes Labs, we looked at an interesting trend in facial recognition technology—hint: its a slow fade, the latest ransomware attacks on JBS and Steamship Authority, Cobalt Strike, a Coronavirus phishing campaign, WhatsApp’s decision to not limit app functionalities for...
Security pros agree about threats—convincing everyone else is the problem
How about that Colonial Pipeline? As troubling as this event may be, for those of us working in the world of cybersecurity it can be hard to convince others to take dangers like this seriously—regardless of how real and immediate they are. “Sadly, the upper leadership team does not understand the...
Ransomware to be investigated like terrorism
The impact of recent ransomware attacks on vital infrastructure in the US has triggered a reaction from the US Attorney’s office. In an internal guidance it says that all ransomware investigations in the field should be centrally coordinated with a recently created task force in Washington...
Cybercrime, fraud, and insider threats increased in 2020 in the UK, report says
Since the initial lockdown, we have seen the rise of certain types of cybercrime, including scams and fraud campaigns that either bank on the global COVID-19 pandemic or take advantage of potential victims that adhere to work-from-home measures. In the UK, the National Crime Agency NCA has...
Steamship Authority answers question: Who’s the next ransomware victim?
After the attacks on Colonial Pipeline and JBS, many may have been wondering, as we did, what the next ransomware headline was going to be. Well, here it is—another victim in the vital infrastructure of transport and logistics, although this time the impact may be less brutal. Steamship Authority...
Coronavirus phishing: “Welcome back to the office…”
As offices start to slowly open back up, the theoretically post-pandemic world is changing its threat landscape once again, and that includes the likely inclusion of coronavirus phishing attempts. With the move to remote work, attackers switched up their tactics. Personal devices and home network...
JBS says it is recovering quickly from a ransomware attack
This week another major supplier reported it had been hit with ransomware. After the Colonial Pipeline attack last month, this time the victim is the worlds largest meatpacker, JBS. JBS halted cattle slaughter at all its US plants on Tuesday after the attack caused their Australian operations to...
WhatsApp reverses course, will not limit app functionality
WhatsApp, the end-to-end encrypted messaging service that has lost users, its founders, and a large amount of public goodwill, issued a reversal on its recent privacy policy enforcement measures, clarifying that it will no longer punish users who refuse to share some of their data with the...
Cobalt Strike, a penetration testing tool abused by criminals
If you were to compose a list of tools and software developed by security and privacy defenders that ended up being abused by the bad guys, then Cobalt Strike would unfortunately be near the top of the list. Maybe only Metasploit could give it a run for the first place ranking. Metasploit—probabl...
Kimsuky APT continues to target South Korean government using AppleSeed backdoor
This blog post was authored by Hossein Jazi. The Kimsuky APT—also known as Thallium, Black Banshee, and Velvet Chollima—is a North Korean threat actor that has been active since 2012. The group conducts cyber espionage operations to target government entities mainly in South Korea. On December...
Revisiting the NSIS-based crypter
This blog post was authored by hasherezade NSIS Nullsoft Scriptable Install System is a framework dedicated to creating software installers. It allows to bundle various elements of an application together i.e. the main executable, used DLLs, configs, along with a script that controls where are th...
The slow trend away from facial recognition technology
It’s been a busy few weeks for facial recognition technology. Its oft-maligned abilities frequently wind up in tales of privacy invasion, or false positives, or dubious data retention. In fact, it’s not uncommon to see big organisations backing away from how they expect to use it, or indeed deplo...
A week in security (May 24 -30)
Last week on Malwarebytes Labs we discussed VPN Android apps, how even the FBI has to deal with insider threats, Chromes Incognito mode, new rules for critical infrastructure spurred by the Colonial Pipeline attack, how to delete your Twitter account, what encryption is, how healthcare service...
Threat spotlight: Conti, the ransomware used in the HSE healthcare attack
On the 14th of May, the Health Service Executive HSE, Ireland’s publicly funded healthcare system, fell victim to a Conti ransomware attack, forcing the organization to shut down more than 80,000 affected endpoints and plunging them back to the age of pen and paper. This happened a week after...
SolarWinds attackers launch new campaign
Nobelium is a synthetic chemical element with the symbol No and atomic number 102. It is named in honor of Alfred Nobel. But it is also the name given to the threat actor that is behind the attacks against SolarWinds, the Sunburst backdoor, TEARDROP malware, GoldMax malware, other related...
RMM software: What is it and do you need it?
As cybersecurity products evolve to better protect against new forms of malware, trickier evasion techniques, and more organized cybercrime campaigns, the practice of cybersecurity evolves, too, providing simple, streamlined methods to manage hundreds of endpoints through one tool: RMM software...
Falsifying and weaponizing certified PDFs
The Portable Document Format PDF file type is one of the most common file formats in use today. Its value comes from the fact that PDFs always print the same way, and that PDFs are supposed to be read-only unlike a Word document, say, which is designed to be easy to edit. This immutability can be...
Healthcare service faces test of willpower with Ransomware authors
Healthcare and ransomware are in the news in a big way. Data leaks are inevitable, but those are typically associated with accidents by the general public. Possibly the most malicious type of data spillage is when people compromising said data decide to do the spilling. It’s one thing to...
What is encryption? And why it matters in a VPN
Encryption is a term used to describe the methods that hide the true meaning of messages using code, especially to prevent unauthorized access to the information in the messages. Not all users of virtual private networks VPN care about encryption, but many are interested and benefit from strong...
How to delete your Twitter account: the deactivation process
You may decide to delete your Twitter account, because social media isn’t for everyone. Perhaps you set up an account to see what the big deal is. Maybe you wanted to hang out with friends but you’re all moving to a new platform. It’s possible the service just isn’t very good and filled with trol...
Colonial Pipeline attack spurs new rules for critical infrastructure
Following a devastating cyberattack on the Colonial Pipeline, the Transportation Security Administration—which sits within the government’s Department of Homeland Security—will issue its first-ever cybersecurity directive for pipeline companies in the United States, according to exclusive reporti...
What is Incognito mode? Our private browsing 101
Incognito mode is the name of Google Chrome’s private browsing mode, but it’s also become the catch-all term used to describe this type of web surfing, regardless of the browser being used. Some call it Private Mode, others call it Private Browsing. Apple almost certainly got there first, yet...
Insider threats: If it can happen to the FBI, it can happen to you
If you’re worried about the risk of insider threats, you’re not alone. It can affect anyone, even the FBI. A federal grand jury has just charged a former intelligence analyst with stealing confidential files from 2004 to 2017. That’s an incredible 13 years of “What are you doing with that pile of...
VPN Android apps: What you should know
Months ago, we told readers about the importance of using a VPN on their iPhones, and while those lessons do apply to Android devices—a VPN for Android will encrypt your Android’s web activity and app traffic, and it will stop your mobile carrier from monetizing your data—Android users should...
A week in security (May 17 – May 23)
Last week on Malwarebytes Labs, we looked at a banking trojan full of nasty tricks, explained some tips and pointers for using VirusTotal, and dug into how an authentication vulnerability was patched by Pega Infinity. We also explored how a Royal Mail phish deploys evasion tricks to avoid analysi...
Shining a light on dark patterns with Carey Parker: Lock and Code S02E09
This week on Lock and Code, we speak to cybersecurity advocate and author Carey Parker about "dark patterns," which are subtle tricks online to get you to make choices that might actually harm you. Dark patterns have been around for years, and the tricks theyre based on are even older. Ever bough...
Apple confirms Macs get malware
Anyone following the court case between Epic and Apple is undoubtedly already aware of the "bombshell" dropped by Apples Craig Federighi yesterday. For those not in the know, Federighi, as part of his testimony relating to the security of Apples mobile device operating system, iOS, stated that "w...
Android patches for 4 in-the-wild bugs are out, but when will you get them?
In the Android Security Bulletin of May 2021, published at the beginning of this month, you can find a list of roughly 40 vulnerabilities in several components that might concern Android users. According to info provided by Googles Project Zero team, four of those Android security vulnerabilities...
A doctor reveals the human cost of the HSE ransomware attack
"It’s cracking, the whole thing." The words were delivered quickly, but in a thoughtful and measured way. As if the person saying them was used to delivering difficult news. Little surprise, given they belonged to a doctor. But this doctor wasnt describing a medical condition—this was their...
“Have I been pwnd?”– What is it and what to do when you *are* pwned
Adobe. Yahoo!. The US Department of Energy DoE. The New York Times. What these names have in common is that they have all experienced at least one breach in 2013—the year when threat actors started targeting organizations across industries to either steal data for profit or leak them to "teach...
Royal Mail phish deploys evasion tricks to avoid analysis
Royal Mail phish scams are still in circulation, slowly upgrading their capabilities with evasion tools deployed in far more sophisticated malware attacks. Often, the quality of sites we see varies greatly. Many fake Royal Mail pages are cookie-cutter efforts existing on borrowed time. The...
Pega Infinity patches authentication vulnerability
Security researchers came across a Pega Infinity vulnerability through participation in Apple’s bug bounty program, after focusing on vendors that supplied technology to Apple. By using Burp Suite—an integrated platform for performing security testing of web applications—the security researchers...
4 things you should know about testing AV software with VirusTotal’s free online multiscanner
As COVID-19 soldiers on, small and medium-size businesses now feel as ripe for malware attacks as deep-pocketed multinationals. SMBs see that, along with remote work, our pandemic has also brought troubling new holes to their security. This means cybercriminals—equal opportunity charlatans that...