4662 matches found
ProxyLogon PoCs trigger a game of whack-a-mole
As we reported recently, the use of the Microsoft Exchange Server ProxyLogon vulnerabilities has gone from “limited and targeted attacks” to a full-size panic in no time. Criminal activities, ranging in severity from planting crypto-miners to deploying ransomware, and conducted by numerous groups...
Careers in cybersecurity: Malwarebytes talks to teachers and students
Every year, I take part in talks for universities and schools. The theme is often breaking into infosec. I give advice to teens considering pursuing tech as a further area of study. I explain a typical working day for degree undergraduates. Sometimes I’m asked to give examples of conference talks...
How your iPhone could tell you if you’re being stalked
The latest iOS beta suggests that Apple’s next big update will include an iPhone feature that warns users about hidden, physical surveillance of their location. The feature detects AirTags, Apples answer to trackable fobs made by Tile, and serves to block the potential abuse of the much-rumored...
Royal Mail scam says your parcel is waiting for delivery
Expecting a delivery? Watch out for phishing attempts warning of held packages and bogus shipping fees. This Royal Mail delivery scam begins with a text message out of the blue, claiming: Your Royal Mail parcel is waiting for delivery. Please confirm the settlement amount of 2.99 GBP via:...
The Malwarebytes 2021 State of Malware report: Lock and Code S02E04
This week on Lock and Code, we discuss the top security headlines generated right here on Labs. In addition, we tune in to a special presentation from Adam Kujawa about the 2021 State of Malware report, which analyzed the top cybercrime goals of 2020 amidst the global pandemic. If you just pay...
Ransomware is targeting vulnerable Microsoft Exchange servers
The Microsoft Exchange attacks using the ProxyLogon vulnerability, and previously associated with the dropping of malicious web shells, are taking on a ransomware twist. Until now, the name of the game has been compromise and data exfiltration, with a bit of cryptomining on the side. To summarise...
150,000 Verkada security cameras hacked—to make a point
Hackers were able to gain access to camera feeds from Verkada, a tech company that specializes in video security and physical access control, to demonstrate how prevalent surveillance is, reports say. Unfortunately, it also exposed the inner workings of hospitals, clinics, and mental health...
Police credit “unlocked” SKY ECC encryption for organized crime bust
At the moment, I’m really torn, and I need your help. Let me tell you what is going on. I read these statements and they can’t both be true, right? “The continuous monitoring of the illegal Sky ECC communication service tool by investigators in three countries has provided invaluable insights int...
5 common VPN myths busted
Virtual Private Networks VPNs are popular but often misunderstood. There are many misconceptions about them—misconceptions that may be stopping people from adding a useful layer to their security and privacy defenses. So, let’s do some myth busting. 1. VPNs are for illegal activity Some people...
iPhone app exposed other people’s call recordings
Video and audio are huge privacy concerns for people. If something goes wrong with tech it can have major ramifications. You’re likely very familiar with warnings about video. However, audio hasn’t always been so prominent. It’s only really since the rise of home assistants like Amazons Alexa tha...
OVH cloud datacenter destroyed by fire
A fire in one of the OVH datacenters has destroyed one datacenter and knocked two others offline. It took 100 firefighters and 43 fire trucks to fight the fire in the five-story building. Even though the fire department was quick to respond, and the fire was brought under control relatively...
REvil ransomware’s calling, and it’s not good news
The REvil ransomware AKA Sodinokibi, which operates as a Ransomware as a Service is adopting some outreach techniques after initial compromise, designed to shame victims into paying up. Shaming victims into action Malware authors and social engineers have relied on shame and the threat of exposur...
TinyCheck: Stalkerware detection that doesn’t leave a trace
In 2019, when Malwarebytes helped found the Coalition Against Stalkerware, which brings together cybersecurity vendors and nonprofits to detect and raise awareness about stalkerware, we encountered a significant roadblock in our fight: For some users, the very detection of these potentially...
Microsoft Exchange attacks cause panic as criminals go shell collecting
Only last week we posted a blog about multiple zero-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. Seeing how this disclosure came with a patch being available, under normal circumstances you would see some companies update...
A week in security (March 1 – 7)
Last week on Malwarebytes Labs, our podcast featured Eva Galperin who talked to us about defending online anonymity and speech. We wrote about how Ryuk ransomware has developed a worm-like capability, how Exchange servers are attacked by Hafnium zero-days, 21 million free VPN users’ data was...
International Women’s Day: Women in tech name their heroes
Happy Monday! And if you haven’t yet checked the significance of this day—March 8—before grabbing coffee, today is International Women’s Day IWD. Since March 19, 1911, the year the very first IWD was observed in several European countries, millions of people have been calling for women to be give...
Will Google’s Privacy Sandbox take the bite out of tracking cookies?
Third-party cookies have been the lynchpin of online advertising for many years. Plans to phase cookies out forever continue to run at a steady pace, with Google in the driving seat. In 2019, it announced its vision for a “Privacy Sandbox”. The building blocks for this were essentially: 1. Most...
New steganography attack targets Azerbaijan
This blog post was authored by Hossein Jazi Threat actors often vary their techniques to thwart security defenses and increase the efficiency of their attacks. One of the tricks they use is known as steganography and consists of hiding content within images. We recently observed a malicious Word...
China’s RedEcho accused of targeting India’s power grids
RedEcho, an advanced persistent threat APT group from China, has attempted to infiltrate the systems behind Indias power grids, according to a threat analysis report from Recorded Future PDF. It appears that what triggered this attempt to gain a foothold in Indias critical power generation and...
Update now! Chrome fix patches in-the-wild zero-day
The Microsoft Browser Vulnerability Research team has found and reported a vulnerability in the audio component of Google Chrome. Google has fixed this high-severity vulnerability CVE-2021-21166 in its Chrome browser and is warning Chrome users that an exploit exists in the wild for the...
21 million free VPN users’ data exposed
Detailed credentials for more than 21 million mobile VPN app users were swiped and advertised for sale online last week, offered by a cyber thief who allegedly stole user data collected by the VPN apps themselves. The data includes email addresses, randomly generated password strings, payment...
Patch now! Exchange servers attacked by Hafnium zero-days
Microsoft has detected multiple zero-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. Microsoft attributes the attacks to a group they have dubbed Hafnium. “HAFNIUM primarily targets entities in the United States across a number ...
Ryuk ransomware develops worm-like capability
The French governments computer emergency readiness team, thats part of the National Cybersecurity Agency of France, or ANSSI, has discovered a Ryuk variant that has worm-like capabilities during an incident response. For those unacquainted with Ryuk, it is a type of ransomware that is used in...
Defending online anonymity and speech with Eva Galperin: Lock and Code S02E03
This week on Lock and Code, we discuss the top security headlines generated right here on Labs. In addition, we talk to Eva Galperin, director of cybersecurity for Electronic Frontier Foundation, about the importance of protecting online anonymity and speech. In January, the New York Times expose...
To pay, or not to pay? That is the VPN question
VPNs have been a subject of deliberation for a long time. Is it even important to use one? I think the pandemic has made it clear that, yes, using a VPN is useful, even necessary, most especially for those working remotely. But should you pay for it? Or would you rather settle for free? Were goin...
TikTok pays $92 million to end data theft lawsuit
TikTok, the now widely popular social media platform that allows users to create, share, and discover, short video clips has been enjoying explosive growth since it appeared in 2017. Since then, it hasn’t stopped growing—more so during the current pandemic. While we can no longer categorize TikTo...
Scammers, profiteers, and shady sites? It must be tax season
US tax season is upon us, a time of the year when a special kind of vermin comes crawling out of the woodwork: tax scammers! Not that their goals are any different from any other scammers. They want your hard-earned dollars in their pockets. Most of the tax-related attacks follow a few tried and...
LazyScripter: From Empire to double RAT
Malwarebytes’ Threat Intelligence analysts are continually researching and monitoring active malware campaigns and actor groups as the prevalence and sophistication of targeted attacks rapidly evolves. In this paper, we introduce a new APT group we have named LazyScripter, presenting in-depth...
Clop targets execs, ransomware tactics get another new twist
Ransomware peddlers have come up with yet another devious twist on the recent trend for data exfiltration. After interviewing several victims of the Clop ransomware, ZDNet discovered that its operators appear to be systematically targeting the workstations of executives. After all, the top manage...
The mystery of the Silver Sparrow Mac malware
Cyber security company Red Canary published findings last week about a new piece of Mac malware called Silver Sparrow. This malware is notable in being one of the first to include native code for Apples new M1 chips, but what is unknown about this malware is actually more interesting than what is...
A week in security (February 15 – February 21)
Last week on Malwarebytes Labs, the spotlight fell on the State of Malware 2021 report, wherein we have seen cyberthreats evolve. We also touched on ransomware, such as Egregor and a tactic known as Remote Desktop Protocol RDP brute forcing that has long been part of the ransomware operators...
Omegle investigation raises new concerns for kids’ safety
Social media site Omegle is under fire after an investigation found boys using the platform to expose themselves on camera, and adults exposing themselves to minors. Omegle users are paired with a random stranger who they can socialize with via text or video chat. An investigation by the British...
North Korean hackers charged with $1.3 billion of cyberheists
The US Department of Justice recently unsealed indictments detailing North Koreas involvement in several global cyberattack campaigns against institutions in the financial and entertainment sectors, and money laundering schemes in certain US states. The first unsealed indictment is for hacking...
Cybersecurity in Cyberpunk 2077: the good, the bad, and the cringeworthy
What game caused some players to experience seizures, allows you to have unauthorized sex with Keanu Reeves, features a lead character who can’t keep the contents of his pants contained, was pulled from the PlayStation Store weeks after release, and still managed to shatter sales and streaming...
Romance scams: FTC reveals $304 million of heartache
In 2020, reported losses to the FTC for romance scams went up by 50% from 2019, totalling $304 million. And things werent exactly good before: Romance scams have cost people a fortune for 3 years running, according to the FTC. Their latest report suggests a steady rise in these kind of scams...
Clubhouse under scrutiny for sending data to Chinese servers
The audio-chat app Clubhouse is the latest rage in the social media landscape. What makes it so popular and, now its part of the social media landscape, can we trust it? The Clubhouse app Clubhouse was launched about a year ago and was initially only used by Silicon Valley’s rich and famous. It i...
Yandex sysadmin caught selling access to email accounts
Yandex, a European multinational technology firm best known for being the most-used search engine in Russia, has revealed it had a security breach, leading to the compromise of almost 5,000 Yandex email accounts. The company says it spotted the breach after a routine check by its security team...
RDP, the ransomware problem that won’t go away
The year 2020 will certainly be remembered as one of the most difficult and tragic years humankind has faced in modern times. The global pandemic changed the way we live and work in ways unimaginable, perhaps forever. It also altered the cybersecurity landscape dramatically. The FBI reported a 30...
Egregor ransomware hit by arrests
In a collaboration between French and Ukranian law enforcement, arrests have been made that might put a dent in one of the worlds most sophisticated ransomware operations. As reported first by France Inter, law enforcement made the arrests after French authorities traced ransom payments to...
Extortion, precision malware, and ruthless scams. Read the State of Malware 2021 report
Last year, threat actors took advantage of the COVID-19 public health crisis in a way previously considered unimaginable, not only preying on uncertainty and fear during the initial months of the global pandemic, but retooling attack methods, reneging on promises, strengthening malware, and...
Talking Emotet’s takedown with Adam Kujawa: Lock and Code S02E02
This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Adam Kujawa, security evangelist and director of Malwarebytes Labs, about Emotet, the former public enemy No. 1 in the cybercrime world. What began in 20...
Gang arrested for SIM-swapping celebrities, stealing $100 million
The UKs National Crime Agency NCA—working alongside the US Secret Service, Homeland Security, the FBI, Europol, and the District Attorneys Office of Santa Clara California—spearheaded the arrest of eight British citizens in the UK and Scotland, aged between 18 to 26, for a string of SIM swapping...
Who is to blame for the malicious Barcode Scanner that got on the Google Play store?
In our last blog, Barcode Scanner app on Google Play infects 10 million users with one update, we wrote about a barcode scanner found on the Google Play store that was infected with Android/Trojan.HiddenAds.AdQR. All initial signs led us to believe that LavaBird LTD was the developer of this...
Malvertising campaign on PornHub and other top adult brands exposes users to tech support scams
Threat actors involved in tech support scams have been running a browser locker campaign from November 2020 until February 2021 on the worlds largest adult platforms including PornHub. The same group behind this campaign has been active for much longer and we believe is tied to previous schemes...
Nude photo theft offers lessons in selfie security
Two former college graduates are in a lot of trouble after breaking into other students accounts and stealing sensitive personal data. They’re facing some serious charges with restitution payments of $35,430, potential jail time, and the threat of very big fines thrown into the mix. What happened...
Researcher’s audacious hack demonstrates new type of supply-chain attack
Often the most brilliant ideas are the most simple. The hard part is being the first one to come up with the idea and put it to use. One such brilliant yet simple idea belongs to Alex Birsan, a researcher who came up with a method to breach 35 big tech companies including Microsoft, Apple, Yelp,...
What Google learned from 1 billion evil email scams
Google and researchers at Stanford University have released an in-depth study analysing 5 months of phishing / malware mails sent globally. "Who is targeted by email-based phishing and malware? Measuring factors that differentiate risk" looked at more than a billion mails. The results were then f...
Big Patch Tuesday: Microsoft and Adobe fix in-the-wild exploits
Traditionally the second Tuesday of the month is Microsoft’s “patch Tuesday”. This is the day when they roll out all the available patches for their software, and their operating systems in particular. Since there were no less than 56 patches in this month’s issue we will focus on the most...
Hackers try to poison Florida City’s drinking water
The FBI, the Secret Service, and the Pinellas County Sheriffs Office are currently investigating an attempted poisoning of a city by an individual or group of hackers that occurred Friday last week. If it hadnt been caught in time, at least 15,000 people could have been affected. In a Monday pres...
Cyberpunk 2077 developer hit by ransomware
CD PROJEKT RED, the game developer behind Cyberpunk 2077, announced earlier on Twitter that it has fallen victim to a targeted ransomware attack. The company says it has backups for the affected systems and does not intend to pay the ransom. In their ransom note the attackers boast that they have...