4662 matches found
Bizarro: a banking Trojan full of nasty tricks
Researchers have discovered a new banking Trojan that has been found targeting customers of European and South American banks. They have dubbed the new Trojan Bizarro. How does Bizarro spread? The Bizarro malware spreads via Microsoft Installer MSI packages. Identified sources so far have been sp...
A week in security (May 10 – 16)
Last week on Malwarebytes Labs, we watched and reported on the Colonial Pipeline ransomware attack as developments of its story unfolded. This attack triggered the White House to refine a planned Executive Order on cybersecurity. We also profiled DarkSide, the ransomware responsible for the...
Gamers level up with rewards for better security
There was a time when stolen gaming accounts were almost treated as a fact of life. Console hacks weren’t taken particularly seriously. Security research in this area was occasionally derided as unimportant or trivial. Gaming accounts had an essence of innate disposability to them, even if this...
iPhone calendar spam attacks on the rise
Recently, we have seen an increasing number of reports from iPhone users about their calendars filling up with junk events. These events are most often either pornographic in nature, or claim that the device has been infected or hacked, and in all cases they contain malicious links. This phenomen...
WhatsApp calls and messages will break unless you share data with Facebook
WhatsApp told users last week that there was no need for alarm regarding an upcoming privacy policy deadline, as users who refuse to accept the privacy policy will not have their accounts deleted—they will just have their apps rendered useless, eventually incapable of receiving calls and messages...
What is a honeypot? How they are used in cybersecurity
Cybersecurity experts strive to enhance the security and privacy of computer systems. Quietly observing threat actors in action can help them understand what they have to defend against. A honeypot is one such tool that enables security professionals to catch bad actors in the act and gather data...
Newly observed PHP-based skimmer shows ongoing Magecart Group 12 activity
This blog post was authored by Jérôme Segura Web skimming continues to be a real and impactful threat to online merchants and shoppers. The threat actors in this space greatly range in sophistication from amateurs all the way to nation state groups like Lazarus. In terms of security, many...
What does WiFi stand for?
We use WiFi to connect to the Internet, but what is it, and what does it stand for? How does it have such a catchy name, and why do we sometimes have a weak Internet connection with a strong WiFi signal and vice versa? Read on to answer these questions and more. What does WiFi mean? Many people...
Using iPhones and AirTags to sneak data out of air-gapped networks
Someone has found an extraordinary way to exfiltrate data by piggybacking data on the backs of unsuspecting iPhones. Say what? A researcher has found out that it is possible to upload arbitrary data from non-internet-connected devices by sending Bluetooth Low Energy BLE broadcasts to nearby Apple...
Why MITRE ATT&CK matters—Choosing alert quality over quantity
Round 3 Carbanak/FIN7 results evaluation Last month, the researchers at MITRE Engenuity released the results of their most recent ATT&CK Evaluation, offering businesses an opportunity to make informed choices about their own security needs. This year, by modeling the ATT&CK testing after attack...
FragAttack: New Wi-Fi vulnerabilities that affect… basically everything
A new set of vulnerabilities with an aggressive name and their own website almost always bodes ill. The name FragAttack is a contraction of fragmentation and aggregation attacks, which immediately indicates the main area where the vulnerabilities were found. The vulnerabilities are mostly in how...
Threat spotlight: DarkSide, the ransomware used in the Colonial Pipeline attack
Late last week, the business network systems of Colonial Pipeline, the biggest supplier of fuels on the East Coast of the United States, were compromised due to a ransomware attack, forcing the company to temporarily shut down its operations while investigations are underway. Monday morning,...
Get patching! Wormable Windows flaw headlines Patch Tuesday
It looks like patching a wormable Remote Code Execution RCE bug in the HTTP stack of Windows 10 and Windows Server is likely to be top of most sysadmins todo lists after reading Mays Patch Tuesday updates. The monthly bug bonanza also features three other critical items among its 55 patches...
Colonial Pipeline attack expected to trigger imminent hardening of cybersecurity rules for federal agencies
UPDATE 04:23 pm Pacific Time, May 12: On Wednesday, President Joe Biden signed an Executive Order that broadly directs the Commerce Department to create cybersecurity standards for companies that sell software to the federal government. The Order comes in the immediate aftermath of a ransomware...
Avaddon ransomware campaign prompts warnings from FBI, ACSC
Both the Australian Cyber Security Centre ACSC and the US Federal Bureau of Investigation FBI have issued warnings about an ongoing cybercrime campaign that is using Avaddon ransomware. The FBI states that is has received notifications of unidentified cyber actors using Avaddon ransomware against...
Alleviating ransomware’s legal headaches with Jake Bernstein: Lock and Code S02E08
This week on Lock and Code, we speak to cybersecurity and privacy attorney Jake Bernstein about ransomware attacks that dont just derail a companys reputation and productivity, but also throw them into potential legal peril. In 2020, the cybersecurity community noticed a worrying trend from...
Ransomware attack shuts down Colonial Pipeline fuel supply
UPDATE 10:47 AM Pacific Time, May 10: At 8:55 AM Pacific Time, the FBI confirmed that Colonial Pipeline was attacked by Darkside. According to a statement posted on Twitter, the FBI said: "The FBI confirms that the Darkside ransomware is responsible for the compromise of Colonial Pipeline network...
A week in security (May 3 – 9)
Last week on Malwarebytes Labs, we discussed how Spectre attacks have come back from the dead; why Facebook banned Instragram ads by Signal; we highlighted the differences between the most popular VPN protocols; pointed out that Google is about to start automatically enrolling users in two-step...
Millions put at risk by old, out of date routers
Since the first stay-at-home measures were imposed by governments to keep everyone safe from the worsening COVID-19 pandemic, we at Malwarebytes have been making sure that you, dear reader, are as cyber-secure as possible in your home network, while you try to work and while your children attend...
Google to start automatically enrolling users in two-step verification “soon”
If you use a Google account, it may soon be mandatory to sign up to Googles two-step verification program. As recently as 2017, a tiny amount of GMail users made use of its two-step options. Maybe the uptake is still slow, and Google has decided enough is enough. With so much valuable data stuffe...
VPN protocols explained and compared
A Virtual Private Network VPN creates a safe "tunnel" between you and a computer you trust normally your VPN provider to protect your traffic from spying and manipulation. Any VPN worth its money encrypts the information that passes through it, so in this article we will ignore those that dont us...
Facebook bans Signal ads that reveal the depth of what it knows about you
Most of our readers are well aware of the fact that the big tech corporations, especially those that run social media know a great deal about us and our behavior. But it rarely hits home how much personal data they have about us and how they can guess, quite correctly, even more. Lots more. Signa...
Spectre attacks come back from the dead
Spectre is the name for a whole class of vulnerabilities discovered in January 2018 that affected huge numbers of modern computer processors that rely on a performance feature called speculative execution. Since then, some of the world’s most talented computer scientists from industry and academi...
A week in security (April 26 – May 2)
Last week on Malwarebytes Labs, we looked at which age range is most likely to be targeted by online predators, talked to Malwarebytes CISO John Donovan on our Lock and Code podcast, and explored the latest deepfake happenings. We also dug into a supply chain attack, discussed threats from a...
Task Force delivers strategic plan to address global ransomware problem
The Ransomware Task Force RTF, a think tank composed of more than 60 volunteer experts who represent organizations encompassing industries and governments, has recently pushed out a comprehensive and strategic plan for tackling the increasing threat and evolution of ransomware. The report, entitl...
IoT riddled with BadAlloc vulnerabilities
The Cybersecurity and Infrastructure Security Agency CISA has published advisory ICSA-21-119-04 about vulnerabilities found in multiple real-time operating systems RTOS and supporting libraries. Those operating systems and libraries are widely used in smart, Internet-connected "things". The numbe...
What is an IP address? Do I need one?
An IP address tells computers how to find a certain device within a computer network. An IP address is like an address label for information packets. For each network your computer is connected to, it has a unique IP address on that network. So, one device can have several IP addresses at the sam...
Signal app insists it’s so private it can’t provide subpoenaed call data
Signal—the private, end-to-end encrypted messaging app that surged in popularity in recent months—once again reminded criminal investigators that it could not fully comply with a legal request for user records and communications because of what it asserts as a simple, unchanging fact: The records...
What is Smishing? The 101 guide
Smishing is a valuable tool in the scammers armoury. Youve likely run into it, even if you didnt know that is its name. It doesnt arrive by email or social media direct message, instead choosing a route directly aimed at what may be your most personal device: the mobile phone. So, what is Smishin...
City fined for tracking its citizens via their phones
The Dutch information watchdog—the Autoriteit Persoonsgegevens AP—has fined the city of Enschede for € 600,000 for tracking its citizens movements without permission. It is the first time that a Dutch government body has been fined by the AP. The investigation was set in motion after it received ...
Bitcoin scammers phish for wallet recovery codes on Twitter
Were no strangers to the Twitter customer support DM slide scam. This is where someone watches an organisation perform customer support on Twitter, and injects themselves into the conversation at opportune moments hoping potential victims don’t notice. This is aided by imitation accounts modelled...
Watch out! Android Flubot spyware is spreading fast
Using a proven method of text messages about missed deliveries, an old player on the Android malware stage has returned for an encore. This time it seems to be very active, especially in the UK where Android users are being targeted by text messages containing a link to a particularly nasty piece...
Ransomware group threatens to leak information about police informants
UPDATE 12:12 PM Pacific Time, April 28: As of at least 9:40 AM Pacific Time, the Babuk ransomware gang removed any reference to the allegedly stolen DC Police Department data from its data leak website. This does not indicate with any certainty that the DC Police Department paid Babuk, but it is...
Password manager hijacked to deliver malware in supply chain attack
In the latest example of a supply chain attack, cybercriminals delivered malware to customers of the business password manager Passwordstate by breaching its developer’s networks and then deploying a fraudulent update last week, said Passwordstate’s maker, Click Studios. Though the number of...
Zoom deepfaker fools politicians…twice
We recently said deepfakes “remain the weapon of choice for malign interference campaigns, troll farms, revenge porn, and occasionally humorous celebrity face-swaps”. Skepticism that these techniques would work on a grand scale such as an election, remains in place. In the realm of malign...
Breaking free from the VirusTotal silo: Lock and Code S02E07
This week on Lock and Code, we speak to Malwarebytes Chief Information Security Officer John Donovan about the flaws in using VirusTotal as the one source of truth when evaluating whether or not a cybersecurity tool actually works. Its a practice that is surprisingly common. Weeks ago, Malwarebyt...
11-13 year old girls most likely to be targeted by online predators
The Internet Watch Foundation IWF, a not-for-profit organization in England whose mission is "to eliminate child sexual abuse imagery online", has recently released its analysis of online predator victimology and the nature of sexual abuse media that is currently prevalent online. The scope of th...
A week in security (April 19 – 25)
Last week on Malwarebytes Labs, we interviewed Youssef Sammouda, a 21-year-old bug bounty hunter who is focused on finding vulnerabilities on Facebook. We looked into the CodeCov supply-chain attack, the vulnerabilities in Pulse Secure VPN that are being actively exploited by attackers, and the...
SUPERNOVA malware discovered on SolarWinds Orion server
The Cybersecurity and Infrastructure Security Agency CISA has reported finding the SUPERNOVA web shell collecting credentials on a SolarWinds Orion server. These observations were made during an incident response to an Advanced Persistent Threat APT actor’s year-long compromise of an enterprise...
Artificial Intelligence ban slammed for failing to address “vast abuse potential”
A written proposal to ban several uses of artificial intelligence AI and to place new oversight on other “high-risk” AI applications—published by the European Commission this week—met fierce opposition from several digital rights advocates in Europe. Portrayed as a missed opportunity by privacy...
How to choose the best VPN for you
If you’ve been shopping for a VPN service in 2021, you’ve probably noticed how many providers are available. Using a personal VPN has grown in popularity in recent years, and for good reason. You may no longer be asking, “Should I use one,” but rather, “Which one should I choose?” The answer migh...
FBI face recognition trawl finds Capitol rioter via his girlfriend’s Instagram
Facial recognition tech is in the news again after the FBI discovered the identify of one of the Capitol rioters by using facial recognition software on his girlfriends Instagram posts. It may sound scary and invasive, but in truth, what’s happening isn’t particularly new. In this case, we have...
Take action! Multiple Pulse Secure VPN vulnerabilities exploited in the wild
Pulse Secure has alerted customers to the existence of an exploitable chain of attack against its Pulse Connect Secure PCS appliances. PCS provides Virtual Private Network VPN facilities to businesses, which use them to prevent unauthorized access to their networks and services. Cybersecurity...
FIN7 sysadmin behind “billions in damage” gets 10 years
In 2018 three high-ranking members of a sophisticated international cybercrime group operating out of Eastern Europe were arrested and taken into custody by US authorities. Ukrainian nationals Dmytro Fedorov, Fedir Hladyr, and Andrii Kolpakov, were members of a prolific hacking group widely known...
CodeCov supply-chain compromise likened to SolarWinds attack
CodeCov, a company that creates software auditing tools for developers, was recently breached the company says it was breached on April 1, and reported it on the April 15. According to investigators, this incident, in turn, gave attackers access to an unknown number of CodeCov’s clients networks...
Interview with a bug bounty hunter: Youssef Sammouda
Behind the scenes there are many people working in cyber-security that make the internet a safer place. Youssef Sammouda is one of these people. He has submitted at least a hundred reports to Facebook which have been resolved, making Facebook a safer platform along the way. Generally speaking,...
A week in security (April 12 – 18)
Last week on Malwarebytes Labs, our podcast featured Troy Hunt, Chloé Messdaghi, and Tanya Janca who discussed security fatigue with us. We announced the release of the Malwarebytes SMB Cybersecurity Trust & Confidence Report 2021, a first-of-its-kind survey of the hardworking IT professionals on...
Lazarus APT conceals malicious code within BMP image to drop its RAT
This blog was authored by Hossein Jazi Lazarus APT is one of the most sophisticated North Korean Threat Actors that has been active since at least 2009. This actor is known to target the U.S., South Korea, Japan and several other countries. In one of their most recent campaigns Lazarus used a...
Shady scam bots trick Omegle users into nonconsensual video sex recordings
14-year old Michael not his real name from Scandinavia first visited Omegle, the video online chat that has become hugely popular since the start of the pandemic, after hearing about "unpredictable and weird encounters" one may experience on the site from other students in school. He was intrigue...
Patch now! NSA, CISA, and FBI warn of Russian intelligence exploiting 5 vulnerabilities
The National Security Agency NSA, the Cybersecurity and Infrastructure Security Agency CISA, and the Federal Bureau of Investigation FBI have jointly released a Cybersecurity Advisory called Russian SVR Targets U.S. and Allied Networks, to expose ongoing Russian Foreign Intelligence Service SVR...