Lock and Code S1Ep18: Finding consumer value in Cybersecurity Awareness Month with Jamie Court

This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Jamie Court, president of the non-profit advocacy group Consumer Watchdog, about the consumer value in Cybersecurity Awareness Month. Launched initially ...

Google patches actively exploited zero-day bug that affects Chrome users

Google has recently released Chrome version 86.0.4240.111 to patch several holes. One is for a zero-day flaw - that means a vulnerability that is being actively exploited in the wild. The flaw, which is officially designated as CVE-2020-15999, occurs in the way FreeType handles PNG images embedde...

The value of cybersecurity integration for MSPs

For modern Managed Service Providers MSPs, gone are the days of disparate workflows, and that’s really for the best. Imagine trying to run a successful MSP business today—finding potential customers, procuring new clients, developing purchase orders, managing endpoints, and sending invoices—all...

XSS to TSS: tech support scam campaign abuses cross-site scripting vulnerability

Tech support browser lockers continue to be one of the most common web threats. Not only are they a problem for end users who might end up on the phone with scammers defrauding them of hundreds of dollars, theyve also caused quite the headache for browser vendors to fix. Browser lockers are only...

Brute force attacks increase due to more open RDP ports

While leaving your back door open while you are working from home may be something you do without giving it a second thought, having unnecessary ports open on your computer is a security risk that is sometimes underestimated. Thats because an open port can be subject to brute force attacks. What...

A week in security (October 12 – October 18)

Last week on Malwarebytes Labs, we looked at journalism’s role in cybersecurity on our Lock and Code podcast, gave tips for safer shopping on Amazon Prime day, and discussed an APT attack springing into life as Academia returned to the real and virtual campus environment. We also dug into potenti...

Deepfakes and the 2020 United States election: missing in action?

If you believe reports in the news, impending deepfake disaster is headed our way in time for the 2020 United States election. Political intrigue, dubious clips, mischief and mayhem were all promised. We’ll need to be careful around clips of the President issuing statements about being at war, or...

How Covid fatigue puts your physical and digital health in jeopardy

After six months of social distancing, sheltering in place, working from home, distance learning, mask-wearing, hand-washing, and plenty of hand-wringing, people are pretty damn tired of COVID-19. And with no magic bullet yet and no end in sight, annoyance has turned into exasperation and even...

QR code scams are making a comeback

Just when we thought the QR code was on its way out, the pandemic has led to a return of the scannable shortcut. COVID-19 has meant finding a digital equivalent to things normally handed out physically, like menus, tour guides, and other paperwork, and many organizations have adopted the QR code ...

FIFA 21 game scams: watch out for unsporting conduct

Despite COVID-19, soccer season is slowly ebbing its way back into daily life around the world. Its also sneaking back onto TV screens in the form of huge-budget video games. Step up to the plate, FIFA 21. FIFA games: the football juggernaut The FIFA series is an absolute monster in terms of sale...

Silent Librarian APT right on schedule for 20/21 academic year

A threat actor known as Silent Librarian/TA407/COBALT DICKENS has been actively targeting universities via spear phishing campaigns since schools and universities went back. In mid-September, we were tipped off by one of our customers about a new active campaign from this APT group. Based off a...

Amazon Prime Day—8 tips for safer shopping

Avid Amazon Prime Day shoppers may have been worried theyd missed it this year—thanks coronavirus. Fear not, last month Amazon announced Prime Day will take place three months after its original annual date, beginning today. And this year, itll take place over two days, rather than one. This coul...

Lock and Code S1Ep17: Journalism’s role in cybersecurity with Alfred Ng and Seth Rosenblatt

Most everything about cybersecurity—the threats, the vulnerabilities, the breaches and the blunders—doesnt happen in a vacuum. And the public doesn’t learn about those things because threat actors advertise their exploits, or because companies trumpet their lackluster data security practices. No,...

Credit card skimmer targets virtual conference platform

Weve seen many security incidents affecting different websites simultaneously because they were loading the same tampered piece of code. In many instances, this is due to what we call a supply-chain attack, where a threat actor targets one company that acts as an intermediary to others. In todays...

Healthcare security update: death by ransomware, what’s next?

A recent ransomware attack which played a significant role in the death of a German woman has put into focus both the dangers and the importance of cybersecurity today. But it has also led some to point fingers as to who was responsible. As usual, playing the blame game helps no one, but it does...

Risky business: survey shows majority of people use work devices for personal use

There’s no denying the coronavirus pandemic is having a significant impact on the way we use technology. Some changes feel like a subtle acceleration of behavioral shifts that were already well underway i.e. more online shopping and more streaming TV/movies. Other changes are more extreme and we’...

Release the Kraken: Fileless injection into Windows Error Reporting service

This blog post was authored by Hossein Jazi and Jérôme Segura. On September 17th, we discovered a new attack called Kraken that injected its payload into the Windows Error Reporting WER service as a defense evasion mechanism. That reporting service, WerFault.exe, is usually invoked when an error...

Mobile network operator falls into the hands of Fullz House criminal group

Update 2020-10-05: The malicious code has been removed from Boom! Mobiles website Most victims of Magecart-based attacks tend to be typical online shops selling various goods. However, every now and again we come across different types of businesses which were affected simply because they happene...

A week in security (September 28 – October 4)

Last week on Malwarebytes Labs, we dug into what happens when card fraud comes calling, we gave a rundown on some novel ransomware attacks that took advantage of smart coffee makers, and we introduced VideoBytes, our new, monthly series in which well provide video coverage of some of the...

VideoBytes: Ransomware gets wasted!

Hello dear readers, and welcome to the latest edition of VideoBytes! On todays episode, were talking about how ransomware is on the rise again, focused on attacking corporations with malware that not only encrypts files, but also steals it. The tactics used to deploy these forms of ransomware hav...

Chaos in a cup: When ransomware creeps into your smart coffee maker

When the fledgling concept of the Internet of Things IoT was beginning to excite the world almost a decade ago, perhaps no coffee lover at that time wouldve imagined including the coffee machine in the roster of internet-connected devices—even in jest. True, the simple, utilitarian coffee machine...

VideoBytes: Twitter gets hacked!

Hello dear readers, and welcome to the latest and greatest from VideoBytes: a brand new, video feature that we announced just yesterday. On our debut post today, were talking to you about the Twitter hack, in which hackers accessed the Twitter accounts of 130 high profile figures, like Barack...

Introducing VideoBytes, by Malwarebytes Labs

We have exciting news for avid readers of Malwarebytes Labs: This week, we’re launching a new, monthly video series that will feature the research, insights, and commentary of our own Adam Kujawa, security evangelist and a director for Malwarebytes Labs. Welcome to VideoBytes, our little corner o...

Caught in the payment fraud net: when, not if?

Sometimes, I think there are three certainties in life: death, taxes, and some form of payment fraud. Security reporter Danny Palmer experienced this a little while ago, and has spent a significant amount of time tracking the journey of his card details from the UK to Suriname. His deep-dive...

Lock and Code S1Ep16: Investigating digital vulnerabilities with Samy Kamkar

This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Samy Kamkar, chief security officer and co-founder of Open Path, about the digital vulnerabilities in our physical world. If you look through a recent...

Taurus Project stealer now spreading via malvertising campaign

For the past several months, Taurus Project—a relatively new stealer that appeared in the spring of 2020—has been distributed via malspam campaigns targeting users in the United States. The macro-laced documents spawn a PowerShell script that invokes certutil to run an autoit script ultimately...

Sandbox in security: what is it, and how it relates to malware

To better understand modern malware detection methods, it’s a good idea to look at sandboxes. In cybersecurity, the use of sandboxes has gained a lot of traction over the last decade or so. With the plethora of new malware coming our way every day, security researchers needed something to test ne...

Phishers spoof reliable cybersecurity training company to garner clicks

"It happens to the best of us." And, indeed, no adage is better suited to a phishing campaign that recently made headlines. Fraudsters used the brand, KnowBe4—a trusted cybersecurity company that offers security awareness training for organizations—to gain recipients’ trust, their Microsoft Outlo...

A week in security (September 14 – 20)

Last week on Malwarebytes Labs, we looked at Fintech industry developments, specifically the differences between Europe and the US, and we analyzed how some charities and the advertising industry are tied together. We also told readers about what companies can do to counter domain name abuse. In...

Is domain name abuse something companies should worry about?

Even though some organizations and companies may not realize it, their domain name is an important asset. Their web presence can even make or break companies. Therefor, "domain name abuse" is something that can ruin your reputation. Losing control There are several ways in which perpetrators can...

Charities and the advertising industry: data ecosystems and privacy risks

Data makes the world go round, more often than not via advertising and its tracking mechanisms. Whether you think making money from large volumes of PII to keep the web ticking over is a good thing, or a sleazy data-grab often encouraging terrible ad practices, it’s not going to go away anytime...

Fintech industry developments, differences between Europe and the US

“Put your money in the bank and you can watch it grow.” If there is a statement that shows us how much the financial world has changed it’s this one. With the introduction of negative interest, companies and consumers with a large amount of liquid assets are looking for a different way to handle...

Lock and Code S1Ep15: Safely using Google Chrome Extensions with Pieter Arntz

This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Pieter Arntz, malware intelligence researcher for Malwarebytes, about Google Chrome extensions. These sometimes helpful online tools that work directly...

The informed voter’s guide to election cyberthreats

Singapore held its most recent general election on July 10 2020, and although they used the electoral system called first-past-the-post FPTP, a scheme favored by the US, UK, and most English-speaking countries, the road leading to Election Day was not without challenges and obstacles. While all...

Report: Pandemic caused significant shift in buyer appetite in the dark web

Last year, credentials for PayPal, Facebook, and Airbnb were among the top goods on high demand in the dark web, aka the Internets underground market. But due to the COVID-19 outbreak, with most of the worldwide population sheltering, working, and studying indoors, many facets of life have made a...

Malvertising campaigns come back in full swing

Malvertising campaigns leading to exploit kits are nowhere near as common these days. Indeed, a number of threat actors have moved on to other delivery methods instead of relying on drive-by downloads. However, occasionally we see spikes in activity that are noticeable enough that they highlight ...

A week in security (August 31 – September 6)

Last week on Malwarebytes Labs, we dug into security hubris on the Lock and Code podcast, explored ways in which Apple’s notarization process may not be hitting all the right notes, and detailed a new web skimmer. We also explained how to keep distance learners secure, talked about PCI DSS...

SMB cybersecurity posture weakened by COVID-19, Labs report finds

In August, Malwarebytes Labs analyzed the damage caused by COVID-19 to business cybersecurity. Because of immediate, mandated transitions to working from home WFH, businesses across the United States suffered more data breaches, lost more dollars, and increased their overall attack surfaces, all...

PCI DSS compliance: why it’s important and how to adhere

PCI DSS is short for Payment Card Industry Data Security Standard. Every party involved in accepting credit card payments is expected to comply with the PCI DSS. The PCI Standard is mandated by the card brands, but administered by the Payment Card Industry Security Standards Council PCI SSC. The...

How to keep K–12 distance learners cybersecure this school year

With the pandemic still in full swing, educational institutions across the US are kicking off the 2020–2021 school year in widely different ways, from re-opening classrooms to full-time distance learning. Sadly, as schools embracing virtual instruction struggle with compounding IT challenges on t...

New web skimmer steals credit card data, sends to crooks via Telegram

The digital credit card skimming landscape keeps evolving, often borrowing techniques used by other malware authors in order to avoid detection. As defenders, we look for any kind of artifacts and malicious infrastructure that we might be able to identify to protect our users and alert affected...

Apple’s notarization process fails to protect

In macOS Mojave, Apple introduced the concept of notarization, a process that developers can go through to ensure that their software is malware-free and must go through for their software to run on macOS Catalina. This is meant to be another layer in Apples protection against malware...

Lock and Code S1Ep14: Uncovering security hubris with Adam Kujawa

This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Adam Kujawa, security evangelist and director of Malwarebytes Labs, about "security hubris," the simple phenomenon in which businesses are less secure th...

Missing person scams: what to watch out for

Social media has a long history of people asking for help or giving advice to other users. One common feature is the ubiquitous “missing person” post. You’ve almost certainly seen one, and may well have amplified such a Facebook post, or Tweet, or even blog. The sheer reach and virality of social...

Good news: Stalkerware survey results show majority of people aren’t creepy

Back in July, we sent out a survey to Malwarebytes Labs readers on the subject of stalkerware—the term used to describe apps that can potentially invade someone’s privacy. We asked one question: “Have you ever used an app to monitor your partner’s phone?” The results were reassuring. We received...

The cybersecurity skills gap is misunderstood

Nearly every year, a trade association, a university, an independent researcher, or a large corporation—and sometimes all of them and many in between—push out the latest research on the cybersecurity skills gap, the now-decade-plus-old idea that the global economy lacks a growing number of...

A week in security (August 17 – 23)

Last week on Malwarebytes Labs, we looked at the impact of COVID-19 on healthcare cybersecurity, dug into some pandemic stats in terms of how workforces coped with going remote, and served up a crash course on malware detection. Our most recent Lock and Code podcast explored the safety of parenta...

‘Just tell me how to fix my computer:’ a crash course on malware detection

Malware. You’ve heard the term before, and you know it’s bad for your computer—like a computer virus. Which begs the question: Do the terms “malware” and “computer virus” mean the same thing? How do you know if your computer is infected with malware? Is "malware detection" just a fancy phrase for...

20 percent of organizations experienced breach due to remote worker, Labs report reveals

It is no surprise that moving to a fully remote work environment due to COVID-19 would cause a number of changes in organizations approaches to cybersecurity. What has been surprising, however, are some of the unanticipated shifts in employee habits and how they have impacted the security posture...

The impact of COVID-19 on healthcare cybersecurity

As if stress levels in the healthcare industry weren’t high enough due to the COVID-19 pandemic, risks to its already fragile cybersecurity infrastructure are at an all-time high. From increased cyberattacks to exacerbated vulnerabilities to costly human errors, if healthcare cybersecurity wasnt...