Likely lead generation scam targets potential Malwarebytes MSP partners

Recently, Malwarebytes discovered a potential lead generation scam targeting companies that are interested in our Malwarebtyes Managed Service Provider MSP Program. In the scam, an individual who used the name “Jenny” aggressively contacted potential MSP partners claiming to represent Malwarebyte...

Threat profile: Egregor ransomware is making a name for itself

What is Egregor? Egregor ransomware is a relatively new ransomware first spotted in September 2020 that seems intent on making its way to the top right now. Egregor is considered a variant of Ransom.Sekhmet based on similarities in obfuscation, API-calls, and the ransom note. As weve reported in...

NCSC: Be Cyber Aware, especially during the Christmas season

In early December, the National Cyber Security Centre, a UK-based cybersecurity body and a part of GCHQ, kicked off the next chapter of its Cyber Aware campaign initiative, focusing on online shopping threats during the Christmas season. Cyber Aware is the UK government’s "national campaign on...

SolarWinds advanced cyberattack: What happened and what to do now

We learned more about the sophisticated attack first disclosed on December 8 when security firm FireEye reported it had been the victim of a state-sponsored adversary that stole Red Team assessment tools. On December 13 there was a new development when IT company SolarWinds announced it had been...

A week in security (December 7 – December 13)

Last week on Malwarebytes podcast we talked to Doug Levin, founder of the K12 cybersecurity resource center and advisor to the K12 Security Information Exchange, about how schools can plan for a cybersecure 2021. We also released a Malwarebytes Labs report revealing that 50 percent of schools did...

Malwarebytes detects leaked tools from FireEye breach

Hello folks! If you have not heard yet, the security firm FireEye has had a breach of many red team assessment tools used for identification of vulnerabilities to help protect customers. While it is not known exactly who was behind this attack, a big concern is the sharing and use of these stolen...

Buying COVID-19 vaccines from the Dark Web? No thanks!

Even though we hope that this is an unnecessary warning, we do want to put it out there. As soon as there was talk about a vaccine being available against the COVID-19 virus there were vendors on the Dark Web offering Russian and Chinese COVID-19 vaccines for sale. Now that the UK has started its...

VideoBytes: Ryuk Ransomware Targeting US Hospitals

Hello Folks! In this Videobyte, we’re talking about why hospitals are being targeted by the Ryuk ransomware, what tricks they are using to pull this off and what their motivations might be. Ryuk ransomware is being spread to hospitals using targeted phishing emails that infect systems with the...

Get a head start on defending against tax scams

It may not be tax season in your part of the world right now but you’ll no doubt be pleased to know a prolific tax scammer is on their way to jail for 20 years. If you’re annoyed by tax scam missives, or had the misfortune to hand money over, this is probably satisfying news. Between 2013 and 201...

Lock and Code S1Ep21: Lesson planning your school’s cybersecurity with Doug Levin

This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Doug Levin, founder of the K12 cybersecurity resource center and advisor to the K12 Security Information Exchange, about how schools can plan for a...

50 percent of schools did not prepare for secure distance learning, Labs report reveals

Education in the United States faced a crisis this year. The looming threat of the coronavirus—which spreads easily in highly-populated, enclosed rooms—forced schools across the country to develop new strategies for education. The dramatic stress of this transition is known. Teachers are working...

File-sharing and cloud storage sites: How safe are they?

There it is again—that annoying message that pops up when your email client informs you that a file is too big to attach. Those of us that are confronted with this problem on a regular basis—and those of us that want to attach files that could get picked up by anti-malware scanners along the...

VideoBytes: Is it goodbye forever to Maze ransomware?

Hello Folks! In this Videobyte we’re talking about Maze ransomware and whether or not its shutting down, and what that means for the cybercrime world. The notorious Maze ransomware group, known for its corporate targeting and data leaking extortion schemes is, apparently, shutting down operations...

The many ways you can be scammed on Facebook, part I

Scams can be found anywhere, and Facebook is no exception. And, with the holiday season just around the corner, and the world still weathering a pandemic, it pays to know what Facebook scams you, those close to you, and those you have professional relationships with could potentially encounter...

Deep learning: An explanation and a peek into the future

Deep learning is one of the most advanced forms of machine learning, and is showing new developments in many industries. In this article, well explain the concept and give some examples of the latest and greatest ways its being used. What is deep learning? There have been many attempts at creatin...

Baltimore gets hit by ransomware again, the schools this time

All Baltimore County Public Schools closed Wednesday after the school system was hit with a ransomware attack, according to officials. Baltimore County Public Schools superintended Dr. Darryl Williams stated: “This morning, we decided to close all BCPS schools and offices in order to access and...

German users targeted with Gootkit banker or REvil ransomware

This blog post was authored by Hasherezade and Jérôme Segura On November 23, we received an alert from a partner about a resurgence of Gootkit infections in Germany. Gootkit is a very capable banking Trojan that has been around since 2014 and possesses a number of functionalities such as keystrok...

November spam roundup: Stalkers, property tips, porn, stern words and PayPal

Today were rounding up some of the interesting pieces of spam currently in circulation, taking in everything from housing deals to mysteriously free slices of cash. You may have seen some of these already. Hopefully we can help make up your mind about whatevers lurking in your mailbox. A full hou...

A week in security (November 23 – November 29)

Last week on Malwarebytes Labs, we talked with Chris Boyd about charities that track you online. We also looked back at Zoom, and wondered whether its any safer months after its first vulnerability was reported. We talked about how Apples security is hampering the detection of potentially unwante...

IoT cybersecurity bill passed by Senate

Days before taking a week-long Thanksgiving recess, the US Senate passed an almost mundane cybersecurity bill that, if approved by the President, will improve security guidelines and protocols for Internet of Things IoT devices purchased and owned by the Federal government. The bill, called the...

Spotify resets some user logins after hacker database found floating online

A team of researchers working for vpnMentor has found a treasure trove in the form of an unsecured Elasticsearch database containing over 380 million records. The trove contained login credentials and other data belonging to Spotify users. So whats Spotify doing leaving its user data hanging arou...

Apple security hampers detection of unwanted programs

Anyone who uses Malwarebytes software is probably familiar with the fact that, in addition to things like malware and adware, Malwarebytes detects potentially unwanted programs PUPs. These are programs that exhibit a variety of unsavory behaviors, but that, for legal reasons, cannot be called...

Looks like we’re stuck with Zoom: Is it any safer?

Earlier this month, Zoom’s stock price took a dive on news of two promising COVID vaccines offering over 90 percent effectiveness against the virus a third vaccine was just announced. That’s nice. Glad to know some people think this nightmare is ending soon and we’ll all go back to the office and...

Lock and Code S1Ep20: Tracking the charities that track you online with Chris Boyd

This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Chris Boyd, lead malware intelligence analyst for Malwarebytes, about charity organizations and online ad tracking. Though many might assume that these t...

Black Friday 2020: How to shop safely online

Black Friday 2020 promises to be somewhat different from years gone by thanks to COVID-19. The annual surge of in-store chaos and trolley dashes isn’t compatible with social distancing, and so retailers will be looking to drive shoppers online. Friday 27th November is when things kick off this...

Demystifying two common misconceptions with e-commerce security

Online shopping has seen a dramatic increase in the months following the Covid-19 outbreak as more and more people opt-out of visiting physical stores. Such a phenomenon does not go unnoticed or without additional consequences. During the same time period, we have seen an increase in the usual...

IoT forecast: Running antivirus on your smart device?

In 2016, threat actors pulled off a basic but devastating botnet attack that harnessed the power of the Internet of Things IoT. After gathering a list of 61 default username and password combinations for IoT devices, threat actors scanned the Internet for open Telnet ports and, when they found a...

Chris Krebs, director of Cybersecurity and Infrastructure Security Agency, fired by President

On Tuesday evening, President Donald Trump fired Chris Krebs, director of the Cybersecurity and Infrastructure Security Agency CISA, just days after CISA called the recent presidential election the “most secure in American history.” In a tweet posted the same day, the President justified his...

WebNavigator Chromium browser published by search hijackers

A mystery Chromium browser recently made a sudden appearance, and is certainly proving popular. But what is it, and where did it come from? Malwarebytes detects the browser as PUP.Optional.WebNavigator, and we found several clues that this browser was brought to you by a notorious family of searc...

Malsmoke operators abandon exploit kits in favor of social engineering scheme

Exploit kits continue to be used as a malware delivery platform. In 2020, weve observed a number of different malvertising campaigns leading to RIG, Fallout, Spelevo and Purple Fox, among others. And, in September, we put out a blog post detailing a surge in malvertising via adult websites. One o...

A week in security (November 9 – November 15)

Last week on Malwarebytes Labs, we reported on multiple patch releases: from Mozillas Firefox and Thunderbird to Googles Chrome. We also had a chat with our resident experts, Adam Kujawa and John Donovan, about the future of IoT cybersecurity in our latest Lock and Code podcast episode. Lastly, w...

Hat trick for Google as it patches two more zero-days in Chrome

Slightly over a week ago we advised you to update your Chrome browser. That warning came only a week or so after we advised you to update your Chrome browser. Things are getting a bit repetitive round here. Today, we are compelled to repeat that statement as Google has issued patches for two new...

Surviving college distance learning during the pandemic: a cybersecurity guide

Social distancing, the wearing of face masks, practicing hand hygiene, and disinfecting often-touched surfaces have become human necessities during the pandemic era. For schools, theyve also had to adapt quickly to incorporate distance learning methods that let students continue their studies. Bu...

RegretLocker, new ransomware, can encrypt Windows virtual hard disks

Cybersecurity researchers discovered a new ransomware last month called RegretLocker that, despite a no-frills package, can do serious damage to virtual hard disks on Windows machines. Through a clever trick, RegretLocker can bypass the often-long encryption times required when encrypting a...

Mozilla patches critical security issues in Firefox and Thunderbird

Mozilla has issued a critical patch for Firefox, Firefox ESR, and Thunderbird after a security issue was discovered at the Tianfu Cup 2020 International Cybersecurity Contest The security issue has been assigned CVE-2020-26950 which has the “reserved” status. Publicly disclosed computer security...

Lock and Code S1Ep19: Forecasting IoT cybersecurity with John Donovan and Adam Kujawa

This week on Lock and Code, we offer something special for listeners—a backstage pass to a cybersecurity training that we held for employees during Cybersecurity Awareness Month, which ended in October. The topic? The future of cybersecurity for the Internet of Things. Our guests, Chief Informati...

Update your iOS now! Apple patches three zero-day vulnerabilities

Apple has patched three vulnerabilities in iOS and iPadOS that were actively being exploited in targeted attacks. Vulnerabilities that are being exploited in the wild without a patch being available are referred to as zero-days. The vulnerabilities were found and disclosed by Google’s Project Zer...

RegTech explained: a crucial toolset for the financial industry

Every organization in the financial industry needs to meet certain regulatory obligations, even if it’s just filing a tax return or submitting an annual report. In certain industries, such as financial services, theyve added their own additional sets of rules that must be adhered to. For example,...

Prop 24 passes in California, will change data privacy law

First-day returns in California showed voters firmly approving to change their state’s current data privacy law—which already guarantees certain privacy protections that many states do not—through the passage of Prop 24. As of the morning of November 4, according to The Sacramento Bee, 56.1 perce...

QBot Trojan delivered via malspam campaign exploiting US election uncertainties

This blog post was authored by Jérôme Segura and Hossein Jazi. The 2020 US elections have been the subject of intense scrutiny and emotions, while happening in the middle of a global pandemic. As election night ended and uncertainty regarding the results began to creep in, threat actors decided t...

Update your Chrome again as Google patches second zero-day in two weeks

Before you start to Google for election news, wed like you to check whether your browser is at the latest and safest version. “Again?”, Chrome users may say. Yes, because Google has found another zero-day vulnerability - that means its a hole that is actively being exploited right now. Its the...

Maze ransomware gang announces retirement

The threat actors behind Maze ransomware have announced their retirement. On November 1, they posted the retirement announcement on the website where they would normally name and shame their victims that were unwilling to pay the ransom. image courtesy of Graham Cluley "The Project is closed. Maz...

Hospital ransomware: Gangs are back to target healthcare

Healthcare is not in a good place right now. With some countries and states deciding to go back in to lockdown due to the continued rise of reported COVID-19 infections—and several garnering record-high numbers compared to when almost every country initially went into lockdown—it seems horrible...

A week in security (October 26 – November 1)

We had a very busy week at Malwarebytes Labs. We offered advice on Googles patch for an actively exploited zero-day bug that affects Chrome users, our podcast talked about finding consumer value in Cybersecurity Awareness Month with Jamie Court, we provided guidance about keeping ransomware cash...

Vastaamo psychotherapy data breach sees the most vulnerable victims extorted

“Hell is too nice a place for these people.” Never have we seen outrage about a cybercrime at such a level. The outrage is aimed at cybercriminals behind the data breach that occurred at Finnish psychotherapy practice Vastaamo. Vastaamo, which has treated some 40,000 patients, is a subcontractor ...

California’s Prop 24 splits data privacy supporters

California’s data privacy house is divided. On the Golden State’s November ballot this year is the question as to whether to amend California’s barely-two-year-old data privacy law, the California Consumer Privacy Act. Far from the first attempt to change the fledgling law, Proposition 24 sets...

HP printer issue on Mac: What happened?

Apple holds the keys to nearly all recent Mac software. This is a story of those keys, and how a Hewlett Packard HP error caused problems for a lot of people. Code signing and certificates First, its important to understand that when I say "keys," what I really mean is "certificates." These...

New Emotet delivery method spotted during downward detection trend

Emotet, one of cybersecurity’s most-feared malware threats, got a superficial facelift this week, hiding itself within a fake Microsoft Office request that asks users to update Microsoft Word so that they can take advantage of new features. This revamped presentation could point to internal effor...

Fake COVID-19 survey hides ransomware in Canadian university attack

This post was authored by Jérôme Segura with contributions from Hossein Jazi, Hasherezade and Marcelo Rivero. In recent weeks, weve observed a number of phishing attacks against universities worldwide which we attributed to the Silent Librarian APT group. On October 19, we identified a new phishi...

Scammers are spoofing bank phone numbers to rob victims

It can be a very convincing trick… “You can check the number in your display online sir. You’ll see I’m really calling from your bank.” That is, of course, if you are unaware that phone numbers can be spoofed. Then again, they wouldn’t be successful scammers if they weren’t convincing. If you...