Categories: Threat Intelligence Tags: malvertising Tags: ads Tags: google Tags: dynamic search ads Tags: python Tags: pycharm Tags: malware Dynamically generated ads can be problematic when the content they are created from has been compromised. (Read more…) The post ‘Accidental’…
Category: Malwarebytes Labs
Update now! Apple patches a raft of vulnerabilities
Categories: Exploits and vulnerabilities Categories: News Tags: iLeakage Tags: side-channel Tags: Safari Tags: CVE-2023-40413 Tags: CVE-2023-40416 Tags: CVE-2023-40423 Tags: CVE-2023-42487 Tags: CVE-2023-42841 Tags: CVE-2023-41982 Tags: CVE-2023-41997 Tags: CVE-2023-41988 Tags: CVE-2023-40447 Tags: CVE-2023-42852 Tags: CVE-2023-32434 Tags: CVE-2023-41989 Tags: CVE-2023-38403 Tags: CVE-2023-42856…
Octo Tempest cybercriminal group is “a growing concern”—Microsoft
Categories: News Categories: Ransomware Tags: ALPHV Tags: Octo Tempest Tags: RaaS Tags: LOTL Tags: social engineering Tags: SIM swapping A group of cybercriminals known for advanced social engineering attacks has joined one of the biggest ransomware groups as an affiliate.…
Patch…later? Safari iLeakage bug not fixed
Categories: Exploits and vulnerabilities Categories: News Apple has fixed a bunch of security flaws, but not iLeakage, a side-channel vulnerability in Safari. (Read more…) The post Patch…later? Safari iLeakage bug not fixed appeared first on Malwarebytes Labs. This article has…
Announcing NEW Malwarebytes Identity Theft Protection
Categories: Personal In today’s hyper-connected world, Malwarebytes now protects your identity, reputation, and credit all in one place, so you can focus on living your life. (Read more…) The post Announcing NEW Malwarebytes Identity Theft Protection appeared first on Malwarebytes…
Face search engine PimEyes stops searches of children’s faces
Categories: News Categories: Personal Categories: Privacy Tags: PimEyes Tags: minors Tags: children Tags: face search engine Tags: AI PimEyes says it has taken technical measures to block searches for children’s faces as part of a no harm policy. (Read more…)…
Cyberattack hits 5 hospitals
Categories: News Tags: Transform Tags: service provider Tags: 5 hospitals Tags: Canada Tags: cyberattack A cyberattack on shared service provider TransForm has impacted operations in five Canadian hospitals. (Read more…) The post Cyberattack hits 5 hospitals appeared first on Malwarebytes…
Update vCenter Server now! VMWare fixes critical vulnerability
Categories: Business Categories: Exploits and vulnerabilities Categories: News Tags: VMWare Tags: vCenter Server Tags: CVE-2023-34056 Tags: CVE-2023-34048 Tags: DCE/RPC Tags: out of bounds write Tags: information disclosure Tags: remote code execution VMWare has issued an update to address out-of-bounds write…
1Password reports security incident after breach at Okta
Categories: News Tags: 1Password Tags: Okta Tags: HAR file Tags: session Password manager 1Password says it’s been affected by a breach at Okta, but it reports no user data has been stolen. (Read more…) The post 1Password reports security incident…
A week in security (October 16 – October 22)
Categories: News Tags: week Tags: security Tags: October Tags: 2023 A list of topics we covered in the week of October 16 to October 22 of 2023 (Read more…) The post A week in security (October 16 – October 22)…
Battling a new DarkGate malware campaign with Malwarebytes MDR
Categories: Business On September 13th, 2023, the Malwarebytes MDR team spotted a new DarkGate malware campaign on a client network. (Read more…) The post Battling a new DarkGate malware campaign with Malwarebytes MDR appeared first on Malwarebytes Labs. This article…
MGM attack is too late a wake-up call for businesses, says James Fair: Lock and Code S04E22
Categories: Podcast This week on the Lock and Code podcast, we speak with James Fair about the reluctance of some businesses to take cybersecurity seriously, even in the face of major attacks. (Read more…) The post MGM attack is too…
Google Chrome wants to hide your IP address
Categories: News Categories: Personal Categories: Privacy Tags: Google Tags: Chrome Tags: IP Protection Google plans to roll out its IP Protection feature for Chrome in phases. (Read more…) The post Google Chrome wants to hide your IP address appeared fi…
Ragnar Locker ransomware group taken down
Categories: News Categories: Ransomware Tags: ragnar locker Tags: europol Tags: eurojust One of the oldest active ransomware gangs has been taken down by an international cooperation of law enforcement agencies (Read more…) The post Ragnar Locker ransomware group taken down…
The hot topics from Europe’s largest trade fair for IT security
Categories: News Categories: Ransomware Tags: IT-SA Tags: ransomware Tags: AI Tags: ChatGPT Tags: NIS2 The major talking points IT-SA included ransomware, ChatGPT, and NIS2. (Read more…) The post The hot topics from Europe’s largest trade fair for IT security appeared…
IT administrators’ passwords are awful too
Categories: Business Categories: News Tags: IT administrators Tags: admin Tags: password Tags: qwerty Tags: 123456 Are IT administrators any better at coming up with decent passwords? Research says they aren’t. (Read more…) The post IT administrators’ passwords are awful too…
Cisco IOS XE vulnerability widely exploited in the wild
Categories: Exploits and vulnerabilities Categories: News Tags: Cisco Tags: IOS X Tags: remote management Tags: vulnerability Tags: CVE-2023-20198 Tags: webUI Tags: http server Tags: http secure-server Researchers have found that a recently disclosed vulnerability in Cisco IOS XE has already…
3 crucial security steps people should do, but don’t
Categories: Personal Cybersecurity could be as easy as 1-2-3. The problem, though, is that people have to want it. (Read more…) The post 3 crucial security steps people should do, but don’t appeared first on Malwarebytes Labs. This article has…
Clever malvertising attack uses Punycode to look like KeePass’s official website
Categories: Threat Intelligence Tags: malvertising Tags: keepass Tags: punycode Tags: malware Tags: ads Tags: google Threat actors are doubling down on brand impersonation by using lookalike domain names. (Read more…) The post Clever malvertising attack uses Punycode to look like…
The US wants governments to commit to not paying ransoms
Categories: News Categories: Ransomware The US is pushing member countries of the Counter Ransomware Initiative to stop paying ransoms to cybercriminals. (Read more…) The post The US wants governments to commit to not paying ransoms appeared first on Malwarebytes Labs.…
A week in security (October 9 – October 15)
Categories: News A list of topics we covered in the week of October 9 to October 15 of 2023 (Read more…) The post A week in security (October 9 – October 15) appeared first on Malwarebytes Labs. This article has…
The forgotten malvertising campaign
Categories: Threat Intelligence Tags: malvertising Tags: ads Tags: notepad Tags: hta Tags: malware Tags: google A sophisticated threat actor has been using Google ads to deliver custom malware payloads to victims for months while flying under the radar. (Read more…)…
Explained: Quishing
Categories: Explained Categories: News Tags: quishing Tags: qr code Tags: phishing We explain what quishing is and provide information about some current quishing campaigns. (Read more…) The post Explained: Quishing appeared first on Malwarebytes Labs. This article has been indexed…
Giant health insurer struck by ransomware didn’t have antivirus protection
Categories: News Categories: Ransomware The Philippine Health Insurance Corporation (PhilHealth), has confirmed that it was unprotected by antivirus software when it was attacked by the Medusa ransomware group in September. (Read more…) The post Giant health insurer struck by ransomware…
Update now! Atlassian Confluence vulnerability is being actively exploited
Categories: Exploits and vulnerabilities Categories: News Microsoft Threat Intelligence has revealed that it has been tracking the active exploitation of a vulnerability in Atlassian Confluence software since September 14, 2023. (Read more…) The post Update now! Atlassian Confluence vulnerability is…
CISA catalog passes 1,000 known-to-be-exploited vulnerabilities. Celebration time, or is it?
Categories: Exploits and vulnerabilities Categories: News Tags: CISA Tags: KEV Tags: catalog Tags: vulnerabilities Tags: prioritize The CISA Known Exploited Vulnerabilities catalog has grown to cover more than 1,000 vulnerabilities since its launch in November 2021. (Read more…) The post
Stalkerware activity drops as glaring spying problem is revealed
Categories: News Tags: stalkerware Tags: tracking Tags: intimate partner tracking Tags: spying Tags: stalkerware-type Tags: stalkerware-type app Tags: monitoring app Tags: monitoring Tags: Everyone’s afraid of the internet Tags: privacy Tags: parenthood North America has a spying problem. Its perpetrators…
Ransomware review: October 2023
Categories: Threat Intelligence In September, two high-profile casino breaches taught us about the nuances of the RaaS affiliate landscape, the asymmetric dangers of phishing, and of two starkly different approaches to ransomware negotiation. (Read more…) The post Ransomware review: October…
23andMe user data stolen, offered for sale
Categories: News Information belonging to as many as seven million 23andMe customers has been put up for sale on criminal forums following a credential stuffing attack. (Read more…) The post 23andMe user data stolen, offered for sale appeared first on…
Amazon Prime email scammer snatches defeat from the jaws of victory
Categories: News Categories: Scams A very convincing Amazon Prime scam landed in our mail server today and…went straight to spam. Here’s why. (Read more…) The post Amazon Prime email scammer snatches defeat from the jaws of victory appeared first on…
Multi-factor authentication has proven it works, so what are we waiting for?
Categories: News Categories: Personal Amazon has announced it will require all privileged AWS to use MFA in the near future. Let’s hope others follow. (Read more…) The post Multi-factor authentication has proven it works, so what are we waiting for?…
Exim finally fixes 3 out of 6 vulnerabilities
Categories: Business Categories: News Tags: Exim Tags: mta Tags: cla Tags: spf Tags: nltm Tags: cvss Tags: cve-2023-42115 Tags: cve-2023-42116 Tags: cve-2023-42117 Tags: cve-2023-42118 Tags: cve-2023-42119 Tags: cve-2023-42114 Tags: dbs spa Six vulnerabilities in the Exim message transfer agent have…
Meta and TikTok consider charging users for ad-free experience
Categories: News Categories: Personal Categories: Privacy Tags: Meta Tags: facebook Tags: Instagram Tags: X Tags: Youtube Tags: TikTok Social media companies are offering or thinking about paid subscriptions in exchange for removing ads. (Read more…) The post Meta and TikTok…
Sony was attacked by two ransomware operators
Categories: Business Categories: News Categories: Ransomware Tags: Sony Tags: RansomedVC Tags: Cl0p Tags: ransomware Tags: data breach Tags: MOVEit Sony has confirmed a ransomware attack in June and is investigating claims of a second, more recent one. (Read more…) The…
Update now! Apple patches vulnerabilities on iPhone and iPad
Categories: Exploits and vulnerabilities Categories: News Tags: Apple Tags: iOS Tags: iPad Tags: 17.0.3 Tags: CVE-2023-42824 Tags: CVE-2023-5217 Apple has issued an emergency update to patch two vulnerabilities, including an actively exploited one. (Read more…) The post Update now! Apple…
2023 MITRE ATT&CK® Evaluation results: Malwarebytes earns high marks for detection, blocks initial malware executions
Categories: Business MITRE Engenuity released its 2023 ATT&CK Evaluation results, with Malwarebytes blocking initial malware execution and earning high marks for detection. (Read more…) The post 2023 MITRE ATT&CK® Evaluation results: Malwarebytes earns high marks for detection, blocks initial malware…
Gen Z fears physical violence from being online more than anyone else, Malwarebytes finds
Categories: News Gen Z fears violence. Adults fear identity theft. And only about one-third of everyone is using antivirus. These are the cybersecurity and online privacy findings in Malwarebytes’ latest research. (Read more…) The post Gen Z fears physical violence…
Update your Android devices now! Google patches two actively exploited vulnerabilities
Categories: Android Categories: News Tags: Google Tags: Android Tags: Qualcomm Tags: webp Tags: ARM Mali Tags: cve-2023-4863 Tags: cve-2023-4211 Tags: cve-2023-33106 Tags: cve-2023-33107 Tags: cve-2023-22071 Tags: cve-2023-33063 Tags: 2023-10-006 Tags: patch level Google has patched 53 vulnerabilities in its Android…
Meta is using your public Facebook and Instagram posts to train its AI
Categories: News Categories: Personal Categories: Privacy Tags: Meta Tags: Facebook Tags: Instagram Tags: X Tags: xAI Tags: copyright Tags: tweets Social media companies are showing their hand about scraping user data to feed into their AI and large language models.…
A week in security (September 25 – October 1)
Categories: News Tags: week Tags: security Tags: September Tags: 2023 Tags: dependabot Tags: bard Tags: bing A list of topics we covered in the week of September 25 to October 1 of 2023 (Read more…) The post A week in…
FBI warns of multiple ransomware attacks on same victim
Categories: News Categories: Ransomware Tags: FBI Tags: ransomware Tags: dual attacks Tags: wipers The FBI has warned about new tactics deployed by ransomware gangs, dual attacks and use of wipers. (Read more…) The post FBI warns of multiple ransomware attacks…
Food delivery robots give captured video footage to police
Categories: News Categories: Privacy Tags: food delivery Tags: robots Tags: Serve Robotics Tags: self-driving cars Tags: footage Tags: police A food delivery service that deploys semi-autonomous robots has worked with the police, handing over camera feeds captured while the robots…
Ransomware reinfections on the rise from improper remediation
Ransomware attacks have been ramping up in 2023 and reinfections are occurring all over the globe, forcing lean IT teams to prepare. (Read more…) The post Ransomware reinfections on the rise from improper remediation appeared first on Malwarebytes Labs. This…
Update Chrome now! Google patches another actively exploited vulnerability
Categories: Exploits and vulnerabilities Categories: News Google has updated its Chrome Stable Channel to fix, among other things, an actively exploited vulnerability (Read more…) The post Update Chrome now! Google patches another actively exploited vulnerability appeared first on Malwarebytes Labs.…
Dependabot impersonators cause trouble on GitHub
Categories: Personal Tags: dependabot Tags: GitHub Tags: password Tags: attack Tags: imitate Tags: profile Tags: avatar Tags: commit Tags: resource Tags: dependency We take a look at a clever attack imitating GitHub’s Dependabot in order to publish rogue project updates.…
Malicious ad served inside Bing’s AI chatbot
Categories: Threat Intelligence Tags: bing chat Tags: AI Tags: malvertising Tags: ads Users looking for software downloads may be tricked into visiting malicious websites via their interaction with Bing Chat. (Read more…) The post Malicious ad served inside Bing’s AI…
Google’s Bard conversations turn up in search results
Categories: News Categories: Privacy Tags: Google Tags: Bard Tags: AI Tags: LLM Tags: crawled Tags: search After an update for Google’s Bard AI, users found that shared conversations were turning up in search results. (Read more…) The post Google’s Bard…
Malwarebytes Admin update: New Detection screens to manage threats!
Categories: Business We released version 1.2 of the Malwarebytes Admin app for IOS and Android last week, featuring new Detections features that adds visibility into threats. (Read more…) The post Malwarebytes Admin update: New Detection screens to manage threats! appeared…
Malwarebytes MDR wins G2 awards for “Best ROI,” “Easiest to Use,” and more
Categories: Business Customers rated Malwarebytes MDR as “Easiest to do Business With,” “Best Est. ROI,” “Easiest to Use,” and “Easiest Admin, and more. (Read more…) The post Malwarebytes MDR wins G2 awards for “Best ROI,” “Easiest to Use,” and more…
Xenomorph hunts cryptocurrency logins on Android
Categories: Personal Tags: android Tags: xenomorph Tags: malware Tags: phone Tags: google play Tags: cryptocurrency We take a look at a new Android scam involving Xenomorph malware and a hunt for cryptocurrency credentials. (Read more…) The post Xenomorph hunts cryptocurrency…
Pegasus spyware and how it exploited a WebP vulnerability
Categories: Android Categories: Apple Categories: Exploits and vulnerabilities Tags: Pegasus Tags: spyware Tags: nso Tags: webp Tags: libwebp Tags: buffer overflow The company behind the infamous Pegasus spyware used a vulnerability in almost every browser to plant their malware on…
Credit card thieves target Booking.com customers
Categories: News Categories: Scams Tags: booking.com Tags: obfuscated Tags: hospitality Tags: anti-sandboxing A very clever and complex phishing campaign uses organizations in the hospitality industry to get customers’ credit card information. (Read more…) The post Credit card thieves target Booking.com…
Child health data stolen in registry breach
Categories: Exploits and vulnerabilities Categories: News Categories: Ransomware Tags: MOVEit Tags: vulnerability Tags: Cl0p Tags: ransomware Tags: BORN Tags: NSC Tags: privacy Tags: identity theft Canadian healthcare organization Better Outcomes Registry & Network (BORN) has disclosed a data breach affecting…
Webinar: Bridging digital transformation & cybersecurity
Categories: Business How can organizations stay secure amidst the ceaseless tide of change? (Read more…) The post Webinar: Bridging digital transformation & cybersecurity appeared first on Malwarebytes Labs. This article has been indexed from Malwarebytes Labs Read the original article:…
A week in security (September 18 – September 24)
Categories: News Tags: Themebleed Tags: zero-days Tags: Apple Tags: T-Mobile Tags: MGM Tags: metaverse A list of topics we covered in the week of September 18 to September 24 of 2023 (Read more…) The post A week in security (September…
What does a car need to know about your sex life? Lock and Code S04E20
Categories: Podcast This week on the Lock and Code podcast, we speak with Mozilla’s Privacy Not Included team about the invasive data collection practices of modern cars. (Read more…) The post What does a car need to know about your…
TikTok flooded with fake celebrity nude photo Temu referrals
Categories: Personal Tags: TikTok Tags: celeb Tags: celebrity Tags: fake Tags: nude Tags: nudes Tags: scam Tags: referral Tags: temu A bogus celebrity leaked photos scam linked to Temu referrals is doing the rounds on TikTok. (Read more…) The post…
Ransomware group claims it’s “compromised all of Sony systems”
Categories: News The ransomware group RansomedVC says its selling Sony’s data. (Read more…) The post Ransomware group claims it’s “compromised all of Sony systems” appeared first on Malwarebytes Labs. This article has been indexed from Malwarebytes Labs Read the original…
T-Mobile spills billing information to other customers
Categories: News Categories: Personal Tags: T-Mobile Tags: billing details Tags: data breach Tags: glitch T-Mobile customers recently found other subscribers’ information on their online dashboards. (Read more…) The post T-Mobile spills billing information to other customers appeared first on Malwarebytes…
Emergency update! Apple patches three zero-days
Categories: Exploits and vulnerabilities Categories: News Tags: Apple Tags: emergency Tags: update Tags: CVE-2023-41991 Tags: CVE-2023-41992 Tags: CVE-2023-41993 Apple has released patches for three zero-day vulnerabilities that may have been actively exploited. (Read more…) The post Emergency update! Apple patches…
Steer clear of cryptocurrency recovery phrase scams
Categories: Personal Tags: cryptocurrency Tags: mark cuban Tags: scam Tags: phish Tags: phishing Tags: wallet Tags: hot Tags: cold Tags: metamask Tags: extension Tags: browser Tags: mobile Tags: android Tags: search engine We take a look at a common cryptocurrency…
Involved in a data breach? Here’s what you need to know
Categories: News Categories: Personal If you’ve received a message from a company saying your data has been caught up in a breach, you might be unsure what to do next. Well, we have some tips for you… (Read more…) The…
DoppelPaymer ransomware group suspects identified
Categories: News Categories: Ransomware More DoppelPaymer ransomware group suspects have been identified by blockchain investigations and had search warrants executed against them. (Read more…) The post DoppelPaymer ransomware group suspects identified appeared first on Malwarebytes Labs. This article has been…
Compromised Free Download Manager website was delivering malware for years
Categories: News Tags: Free Download Manager Tags: Linux Tags: Debian Tags: crond Tags: reverse shell After three years of delivering malware to selected visitors, Free Download Manager was alerted to the fact that its website had been compromised. (Read more…)…
Microsoft AI researchers accidentally exposed terabytes of sensitive data
Categories: Business Categories: News Tags: blob Tags: SAS Tags: Microsoft Tags: Wiz Tags: secrets Microsoft AI researchers posted a long-living, overly permissive, SAS token on GitHub, exposing 38 TB of data. (Read more…) The post Microsoft AI researchers accidentally exposed…
The mystery of the CVEs that are not vulnerabilities
Categories: Business Categories: Exploits and vulnerabilities Categories: News Tags: CVE Tags: NVD Tags: vulnerabilities Tags: CVE-2020-19909 Researchers have raised the alarm about a large set of CVE for older bugs that never were vulnerabilities. (Read more…) The post The mystery…
The privacy perils of the Metaverse
Categories: Personal Tags: metaverse Tags: meta Tags: Facebook Tags: VR Tags: AR Tags: XR Tags: reality Tags: virtual reality Tags: privacy Tags: safety We take a look at the privacy implications of the Metaverse. (Read more…) The post The privacy…
A week in security (September 11 – September 17)
Categories: News Tags: week Tags: security Tags: September Tags: 2023 Tags: iPhone Tags: A list of topics we covered in the week of September 11 to September 17 of 2023 (Read more…) The post A week in security (September 11…
Ransomware group steps up, issues statement over MGM Resorts compromise
Categories: Business Tags: MGM Resorts Tags: hotel Tags: casino Tags: ransomware Tags: blackcap Tags: ALPHV We take a look at a ransomware group’s claims that they were the ones responsible for the MGM Resorts attack. (Read more…) The post Ransomware…
ThemeBleed exploit is another reason to patch Windows quickly
Categories: Exploits and vulnerabilities Categories: News Tags: theme Tags: themepack Tags: Microsoft Tags: cve-2023-38146 Tags: msstyles An exploit has been released for a vulnerability in .themes that was patched in the September 2023 Patch Tuesday update. (Read more…) The post…
Malwarebytes named leader across six endpoint security categories, marking its ease of use, in G2 Fall 2023 results
Categories: Business Malwarebytes is the only vendor recognized as “Easiest to Use” with the “Easiest Admin” for its EDR and MDR solutions in the recent G2 Fall 2023 results. (Read more…) The post Malwarebytes named leader across six endpoint security…
Europol lifts the lid on cybercrime tactics
Categories: News Categories: Ransomware Tags: Europol Tags: Phishing Tags: RDP Tags: VPN Tags: Exchange Tags: LOTL Tags: BEC Tags: ransomware Tags: IAB Tags: crypter Tags: Flubot A Europol report discusses developments in cyberattacks, new methodologies, and threats as observed by…
Watch out, this LastPass email with “Important information about your account” is a phish
Categories: News Categories: Scams We caught a nasty phish yesterday, likely looking to feed on victims of last year’s LastPass breach. (Read more…) The post Watch out, this LastPass email with “Important information about your account” is a phish appeared…
Malwarebytes wins every Q2 MRG Effitas award & scores 100% on new phishing test
Categories: Business Dive into where we prevented more than the rest and how we were able to do it. (Read more…) The post Malwarebytes wins every Q2 MRG Effitas award & scores 100% on new phishing test appeared first on…
PSA: Ongoing Webex malvertising campaign drops BatLoader
Categories: Threat Intelligence Tags: malvertising Tags: batloader Corporate users performing Google searches for the popular conferencing software Webex are being targeted in a malvertising campaign. (Read more…) The post PSA: Ongoing Webex malvertising campaign drops BatLoader appeared first on Malwarebytes…
Patch now! September Microsoft Patch Tuesday includes two actively exploited zero-days
Categories: Business Categories: Exploits and vulnerabilities Categories: News Tags: Microsoft Tags: Adobe Tags: Android Tags: Apple Tags: Chrome Tags: SAP Tags: Exchange Tags: Visual Studio Tags: CVE-2023-36761 Tags: CVE-2023-36802 Tags: CVE-2023-29332 Tags: Azure Microsoft’s September 2023 Patch Tuesday is another…
3 reasons why your endpoint security is not enough
Categories: Business Watch our recent webinar and learn about weaknesses in your current endpoint security setup and how to address them. (Read more…) The post 3 reasons why your endpoint security is not enough appeared first on Malwarebytes Labs. This…
iPhone 15 launch: Wonderlust scammers rear their heads
Categories: Personal Tags: apple Tags: wanderlust Tags: cryptocurrency Tags: event Tags: BTC Tags: ETH Tags: fake We take a look at a cryptocurrency scam riding on the coat tails of the Apple Wonderlust event. (Read more…) The post iPhone 15…
Major cyberattack leaves MGM Resorts reeling
Categories: News Categories: Personal Tags: MGM resorts Tags: hotel Tags: casino Tags: attack Tags: cyber Tags: shutdown MGM resorts has suffered a major cyberattack leading to shutdowns across the US. (Read more…) The post Major cyberattack leaves MGM Resorts reeling…
Two Apple issues added by CISA to its catalog of known exploited vulnerabilities
Categories: Exploits and vulnerabilities Categories: News Tags: Blastpass Tags: citizenlab Tags: pegasus Tags: nso Tags: cisa Tags: apple Tags: cve-2023-41064 Tags: cve-2023-41061 Tags: buffer overflow CISA has added two recently discovered Apple vulnerabilities to its catalog of known exploited vulnerabilities.…
Microsoft Teams used to deliver DarkGate Loader malware
Categories: Business Categories: News Tags: Microsoft Teams Tags: DarkGate Tags: Loader Tags: Trojan Tags: Sharepoint Tags: AutoIt Researchers have found a new distribution method for the DarkGate Loader which circumvents the security features in Microsoft Teams. (Read more…) The post…
Update Chrome now! Google patches critical vulnerability being exploited in the wild
Categories: Exploits and vulnerabilities Categories: News Tags: Google Tags: Chrome Tags: CVE-2023-4863 Tags: WebP Tags: buffer overflow Tags: 116.0.5845.187/.188 Chrome users are being urged to patch a critical vulnerability for which an exploit is available. (Read more…) The post Update…
Ransomware review: September 2023
Categories: Threat Intelligence Ransomware news in August was highlighted by the sudden fall of CL0P from the list of the monthly most active gangs, while Lockbit returned to the number one spot. (Read more…) The post Ransomware review: September 2023…
A week in security (September 4 – September 10)
Categories: News Tags: week Tags: security Tags: September Tags: 2023 Tags: Atomic stealer Tags: Microsoft breach A list of topics we covered in the week of September 4 to September 10 of 2023 (Read more…) The post A week in…
The main causes of ransomware reinfection
Categories: News Categories: Ransomware Tags: ransomware Tags: reinfection Tags: stolen credentials Tags: vulnerabilities Tags: infected backups Tags: logging Tags: forensic investigation Tags: backdoors The main causes for getting reinfected with ransomware can be prevented by performing a forensic analysis. (Read…
Wyze home cameras temporarily show other people’s security feeds
Categories: Personal Tags: home camera Tags: network Tags: security Tags: feed Tags: room Tags: house Tags: smart We take a look at reports of a popular home camera product temporarily displaying the wrong feeds to other users. (Read more…) The…
Re-air: What teenagers face growing up online: Lock and Code S04E19
Categories: Podcast This week on Lock and Code, we revisit an earlier conversation with a Bay Area teenager about the hardest parts about growing up online. (Read more…) The post Re-air: What teenagers face growing up online: Lock and Code…
Chrome’s “Enhanced Ad Privacy”: What you need to know
Categories: Personal Tags: google Tags: chrome Tags: website Tags: API Tags: Topics Tags: tracking Tags: ads Tags: adverts Tags: cookies We take a look at a Chrome popup related to Topics API, which you may be seeing in the near…
A history of ransomware: How did it get this far?
Categories: News Categories: Ransomware Tags: history Tags: ransomware Tags: bulletproof hosting Tags: cryptocurrency Tags: encryption Tags: fast internet Tags: government protection Tags: RaaS Tags: LockBit Tags: pentester tools Tags: code We tell you about the origin of ransomware and what…
FreeWorld ransomware attacks MSSQL—get your databases off the internet
Categories: News Categories: Ransomware An attack that uses a database as an entry point to a network reminds us that you should never expose your databases to the internet. (Read more…) The post FreeWorld ransomware attacks MSSQL—get your databases off…
How Microsoft’s highly secure environment was breached
Categories: News An investigation by Microsoft has finally revealed how China-based hackers circumvented its highly isolated and restricted production environment in May 2023. (Read more…) The post How Microsoft’s highly secure environment was breached appeared first on Malwarebytes Labs. This…
FreeWorld ransomware attacks MSSQL—get your databases off the Internet
Categories: News Categories: Ransomware A attack that uses a database as an entry point to a network reminds us that you should never expose your databases to the Internet. (Read more…) The post FreeWorld ransomware attacks MSSQL—get your databases off…
Smart chastity device exposes sensitive user data
Categories: Personal Tags: chastity cage Tags: IoT Tags: Internet of Things Tags: romance Tags: toy Tags: device Tags: expose Tags: user data We take a look at reports of an IoT chastity cage device which is exposing user data. (Read…
X wants your biometric data
Categories: Personal Tags: twitter Tags: x Tags: social media Tags: social network Tags: register Tags: biometric Tags: ID Tags: passport Tags: verify Tags: verification Tags: premium Tags: elon musk We take a look at plans to voluntarily upload identification to…
Mac users targeted in new malvertising campaign delivering Atomic Stealer
Categories: Threat Intelligence Tags: amos Tags: apple Tags: malvertising Tags: atomic stealer Tags: wallets Tags: crypto Tags: mac While malvertising delivering infostealers has largely been a Windows problem, Mac users are getting targeted as well. (Read more…) The post Mac…
Password-stealing Chrome extension smuggled on to Web Store
Chrome browser extensions can steal passwords from the text input fields in websites, despite Chrome’s latest security and privacy standard, Manifest V3. (Read more…) The post Password-stealing Chrome extension smuggled on to Web Store appeared first on Malwarebytes Labs. This…
A week in security (August 28 – September 3)
Categories: News Tags: week Tags: security Tags: August Tags: 2023 A list of topics we covered in the week of August 28 to September 3, 2023. (Read more…) The post A week in security (August 28 – September 3) appeared…
Supply chain related security risks, and how to protect against them
We take a look at the importance of supply chain cybersecurity and share some tips to enhance it. (Read more…) The post Supply chain related security risks, and how to protect against them appeared first on Malwarebytes Labs. This article…
A firsthand perspective on the recent LinkedIn account takeover campaign
Categories: News Tags: LinkedIn Tags: sessions Tags: contacts It started with a password reset email in the middle of the night. (Read more…) The post A firsthand perspective on the recent LinkedIn account takeover campaign appeared first on Malwarebytes Labs.…
Qakbot botnet infrastructure suffers major takedown
Categories: News Categories: Ransomware Tags: Qakbot Tags: FBI Tags: law enforcement Tags: takedown Tags: removal tool Tags: HIBP Tags: Spamhaus The Qakbot botnet has suffered a major setback after its infrastructure was heavily disrupted by US and European law enforcement…