4659 matches found
Lock and Code S1Ep13: Monitoring the safety of parental monitoring apps with Emory Roane
This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Emory Roane, policy counsel at Privacy Rights Clearinghouse, about parental monitoring apps. These tools offer parents the capabilities to spot where the...
Explosive technology and 3D printers: a history of deadly devices
Hackers: They’ll turn your computer into a BOMB! "Hackers turning computers into bombs" is a now legendary headline, taken from the Weekly World News. It has rather set the bar for "people will murder you with computers" anxiety. Even those familiar with the headline may not have dug into the sto...
Chrome extensions that lie about their permissions
“But I checked the permissions before I installed this pop-up-blocker—it said nothing about changing my searches,” my dad retorts after I scold him for installing yet another search-hijacking Chrome extension. Granted, they are not hard to remove, but having to do it over and over is a nuisance...
Dutch ISP Ziggo demonstrates how not to inform your customers about a security flaw
“Can you have a look at this email I got, please?" my brother asked. “It looks convincing enough, but I don’t trust it,” he added and forwarded me the email he received from Ziggo, his Internet Service Provider ISP. Shortly after, he informed me that despite its suspicious aura, he found...
The skinny on the Instacart breach
The COVID-19 outbreak has affected many facets of our lives—from how we visit our families, socialize with friends, meet with colleagues, to how we should be conducting ourselves outside of our homes. Ideally, a few meters apart from everyone else and with a mask on. These—on top of imposed...
SBA phishing scams: from malware to advanced social engineering
A number of threat actors continue to take advantage of the ongoing coronavirus pandemic through phishing scams and other campaigns distributing malware. In this blog, we look at 3 different phishing waves targeting applicants for Covid-19 relief loans. The phishing emails impersonate the US Smal...
A week in security (August 3 – 9)
Last week on Malwarebytes Labs, on our Lock and Code podcast, we talked about identity and access management technology. We also wrote about business email compromises to score big, discussed how the Data Accountability and Transparency Act of 2020 looks beyond consent, and we analyzed how the...
Inter skimming kit used in homoglyph attacks
As we continue to track web threats and credit card skimming in particular, we often rediscover techniques weve encountered elsewhere before. In this post, we share a recent find that involves what is known as an homoglyph attack. This technique has been exploited for some time already, especiall...
Data Accountability and Transparency Act of 2020 looks beyond consent
In the United States, data privacy is hard work—particularly for the American people. But one US Senator believes it shouldn’t have to be. In June, Democratic Senator Sherrod Brown of Ohio released a discussion draft of a new data privacy bill to improve Americans’ data privacy rights and their...
Business email compromise: gunning for goal
The evergreen peril of business email compromise BEC finds itself in the news once more. This time, major English Premier League football teams almost fell victim to their trickery, to the tune of £1 million. First half: fraudsters on the offensive Somebody compromised a Managing Director’s email...
Lock and Code S1Ep12: Pinpointing identity and access management’s future with Chuck Brooks
This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Chuck Brooks, cybersecurity evangelist and adjunct professor for Georgetown University’s Applied Intelligence Program and graduate Cybersecurity Programs...
Avoid these PayPal phishing emails
For the last few weeks, there’s been a solid stream of fake PayPal emails in circulation, twisting FOMO fear of missing out into DO THIS OR BAD THINGS WILL HAPPEN. It’s one of the most common tools in the scammer’s arsenal, and a little pressure applied in the right way often brings results for...
Malspam campaign caught using GuLoader after service relaunch
They say any publicity is good publicity. But perhaps this isnt true for CloudEye, an Italian firm that claims to provide "the next generation of Windows executables protection". First described by Proofpoint security researchers in March 2020, GuLoader is a downloader used by threat actors to...
Cloud workload security: Should you worry about it?
Due to the increasing use of the cloud, organizations find themselves dealing with hybrid environments and nebulous workloads to secure. Containerization and cloud-stored data have provided the industry with a new challenge. And while you can try to make the provider of cloud data storage...
TikTok is being discouraged and the app may be banned
In recent news retail giant Amazon sent a memo to employees telling them to delete the popular social media app TikTok from their phones. In the memo it stated that the app would pose a security risk without going into details. Later the memo was withdrawn without an explanation except that it wa...
A week in security (July 20 – 26)
Last week on Malwarebytes Labs, our Lock and Code podcast delved into Bluetooth and beacon technology. We also dug into APT groups targeting India and Hong Kong, covered a law enforcement bust, and tried to figure out when, exactly, a Deepfake is a Deepfake. Other cybersecurity news Insecure emai...
Deepfakes or not: new GAN image stirs up questions about digital fakery
Subversive deepfakes that enter the party unannounced, do their thing, then slink off into the night without anybody noticing are where it’s at. Easily debunked clips of Donald Trump yelling THE NUKES ARE UP or something similarly ludicrous are not a major concern. We’ve already dug into why that...
EncroChat system eavesdropped on by law enforcement
Due to the level of sophistication of the attack, and the malware code, we can no longer guarantee the security of your device. This text caused a lot of aggravation, worries, and sleepless nights. No one wants to hear the security of their device has been compromised by a malware attack. The goo...
Chinese APT group targets India and Hong Kong using new variant of MgBot malware
This blog post was authored by Hossein Jazi and Jérôme Segura On July 2, we found an archive file with an embedded document pretending to be from the government of India. This file used template injection to drop a malicious template which loaded a variant of Cobalt Strike. One day later, the sam...
Lock and Code S1Ep11: Locating concerns of Bluetooth and beacon technology with Chris Boyd
This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Chris Boyd, lead malware intelligence analyst for Malwarebytes, about Bluetooth and beacon technology. Last month, cybersecurity experts warned the publi...
It’s baaaack: Public cyber enemy Emotet has returned
It was never a question of "if" but "when". After five months of absence, the dreaded Emotet has returned. Following several false alarms over the last few weeks, a spam campaign was first spotted on July 13 showing signs of a likely comeback. The Emotet botnets started pushing malspam actively o...
How exposed are you to cybercrime?
No country, business, or person is immune to cybercrime, and as the Internets influence on our daily lives grows exponentially, so will the level of malicious activity throughout the world. An ever-changing cyber landscape will always carry with it new threats, but are they the same for everyone?...
Coordinated Twitter attack rakes in 100 grand
Update 7/18/2020 Twitter released an update about the situation and their investigation on their blog. Update 8/2/2020 ZDNet published a timeline based on the court documents released by the DOJ "Im feeling generous because of Covid-19. Ill double any BTC payment sent to my BTC address for the ne...
Website misconfigurations and other errors to avoid
Website owners, listen up: There are lots of things you shouldn’t do with your site, and many more you should avoid with the domains you’re responsible for. Insider malice, bad luck, and the stars aligning in impossible ways can all give your online portfolio a bad hair day. However, if you want ...
Stalkerware advertising ban by Google a welcome, if incomplete, step
On Friday, July 10, Google announced it would no longer allow advertising for spyware and similar surveillance technology—often referred to as “stalkerware”—on its platform. The change is a welcome step by one of the largest, most powerful companies in online advertising, but a close read of the...
A week in security (July 6 – 12)
Last week on Malwarebytes Labs, we took an in-depth look at card skimmers targeting ASP sites, we released another episode of Lock and Code exploring the Internet of Things, and we dug into a Mac mystery. We also examined some pre-installed malware, and put out a threat spotlight on some customiz...
Threat spotlight: WastedLocker, customized ransomware
WastedLocker is a new ransomware operated by a malware exploitation gang commonly known as the Evil Corp gang. The same gang that is associated with Dridex and BitPaymer. The attribution is not based on the malware variants as WastedLocker is very different from BitPaymer. What was kept was the...
We found yet another phone with pre-installed malware via the Lifeline Assistance program
We have discovered, yet again, another phone model with pre-installed malware provided from the Lifeline Assistance program via Assurance Wireless by Virgin Mobile. This time, an ANS American Network Solutions UL40 running Android OS 7.1.1. After our writing back in January—"United States...
Mac ThiefQuest malware may not be ransomware after all
Editor's note: The original name for the malware, EvilQuest, has been changed due to a legitimate game of the same name from 2012. The new name, ThiefQuest, is also more fitting for our updated understanding of the malware. The ThiefQuest malware, which was discovered last week, may not actually ...
Lock and Code S1Ep10: Pulling apart the Internet of Things with JP Taggart
This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to JP Taggart, senior security researcher at Malwarebytes, about the Internet of Things. For years, Internet capabilities have crept into modern consumer...
Credit card skimmer targets ASP.NET sites
Update: 2020-07-09 A reader contacted us with information about this series of attacks on .NET sites. There is a known vulnerability CVE-2017-9248 for Telerik UI for ASP.NET that is being exploited. An attacker can upload .aspx web shells and get remote code execution. This Telerik page offers...
Do Chromebooks need antivirus protection?
The supervisor handed Jim a Chromebook and said: “Take this home with you and use it to send me updates. We want to minimize the number of visits to the office—anything you can do from home helps keep this place safer. When the pandemic is over, I’d like to have it back in one piece, if possible....
New Mac ransomware spreading through piracy
Editor’s note: The original name for the malware, EvilQuest, has been changed due to a legitimate game of the same name from 2012. The new name, ThiefQuest, is also more fitting for our updated understanding of the malware. A Twitter user going by the handle @beatsballert messaged me yesterday...
Bluetooth beacons: one free privacy debate with your next order
Apps and their permissions have been in the news recently, particularly in relation to tracking/privacy issues and Bluetooth. Why Bluetooth, though? What is it, and what is it doing to raise concerns in some security quarters? Bluetooth: your cool, then uncool, but mostly cool again cousin...
A week in security (June 22 – 28)
Last week on Malwarebytes Labs, we provided a zero-day guide for 2020 featuring recent attacks and advanced preventive techniques, and we learned how to cough in the face of scammers, offering security tips for the 2020 tax season. We also looked at a web skimmer hiding within EXIF metadata that...
The face of tomorrow’s cybercrime: Deepfake ransomware explained
While many countries are beginning to ease up on their respective pandemic lock downs—which, in turn, also means that everyone will soon ease into a life that is not quite post-COVID-19—we find ourselves once more on the cusp of change, an outlook that makes some feel anxious and others hopeful...
Web skimmer hides within EXIF metadata, exfiltrates credit cards via image files
They say a picture is worth a thousand words. Threat actors must have remembered that as they devised yet another way to hide their credit card skimmer in order to evade detection. When we first investigated this campaign, we thought it may be another one of those favicon tricks, which we had...
Coughing in the face of scammers: security tips for the 2020 tax season
In spite of everything happening in the world right now—the 2020 tax season is about to come to an end, and taxes are due. Americans got a reprieve back in March when the US Treasury Department and Internal Revenue Service IRS announced they were pushing back the federal income tax filing due dat...
A zero-day guide for 2020: Recent attacks and advanced preventive techniques
Zero-day vulnerabilities enable threat actors to take advantage of security blindspots. Typically, a zero-day attack involves the identification of zero-day vulnerabilities, creating relevant exploits, identifying vulnerable systems, and planning the attack. The next steps are infiltration and...
Lock and Code S1Ep9: Strengthening and forgetting passwords with Matt Davey and Kyle Swank
This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Matt Davey, chief operations optimist at 1Password, and Kyle Swank, a member of 1Password’s security team, about—what else—passwords. We may know it’s...
Facial recognition: tech giants take a step back
Last week, a few major tech companies informed the public that they will not provide facial recognition software to law enforcement. These companies are concerned about the way in which their technology might be used. What happens when software that threatens our privacy falls into the hands of...
Multi-stage APT attack drops Cobalt Strike using Malleable C2 feature
This blog post was authored by Hossein Jazi and Jérôme Segura On June 10, we found a malicious Word document disguised as a resume that uses template injection to drop a .Net Loader. This is the first part of a multi-stage attack that we believe is associated to an APT attack. In the last stage,...
End of line: supporting IoT in the home
Trouble is potentially brewing in Internet of Things IoT land, even if the consequences may still be a little way off. System updates and issues surrounding expiring certificates will pose problems for manufacturers and headaches for consumers. System updates for fun and profit One of the first...
VPNs: should you use them?
We are going to talk today about something you’ve likely heard of before: VPNs, or Virtual Private Networks. We at Malwarebytes have delved into these tools in greater depth, and we’ve literally discussed them on the digital airwaves. But we want to answer a question we’ve been getting more and...
A week in security (June 8 – 14)
Last week on Malwarebytes Labs, we looked into nasty search hijackers that worried a lot of Chrome users; a list of considerations for MSPs when looking for an RMM platform; the complaint faced by ParetoLogic, the company that issues SpeedyPC, a product that claims to find and remove various PC...
Search hijackers change Chrome policy to remote administration
The latest type of installer in the saga of search hijacking changes a Chrome policy which tells users it can’t be removed because the browser is managed from the outside. As you can imagine, that has freaked out quite a few Chrome users. We have talked about the search hijacker’s business model ...
MSPs, know what you’re really looking for in an RMM platform
MSPs naturally adapt and mature as innovative technologies and more effective processes are introduced into the industry. But with ransomware cyberattacks happening left and right, pushing them to evolve even further, MSPs are left with no choice but to go with the flow. Going for improved...
Honda and Enel impacted by cyber attack suspected to be ransomware
Car manufacturer Honda has been hit by a cyber attack, according to a report published by the BBC, and later confirmed by the company in a tweet. Another similar attack, also disclosed on Twitter, hit Edesur S.A., one of the companies belonging to Enel Argentina which operates in the business of...
ParetoLogic facing complaint of alleged wrongdoing
A short while ago we reported on the FTC ruling against payment provider RevenueWire. Now, another Canadian company is under scrutiny, and the cases are very much related. Not only are these companies hailing from the same city, they also share some founders. The company ParetoLogic is involved i...
Lock and Code S1Ep8: Securely working from home (WFH) with John Donovan and Adam Kujawa
This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to John Donovan, head of security at Malwarebytes, and Adam Kujawa, director of Malwarebtyes Labs, about securely working from home WFH. With shelter-in-pla...