Category: Malwarebytes Labs

Update now! Apple patches a raft of vulnerabilities

Categories: Exploits and vulnerabilities Categories: News Tags: iLeakage Tags: side-channel Tags: Safari Tags: CVE-2023-40413 Tags: CVE-2023-40416 Tags: CVE-2023-40423 Tags: CVE-2023-42487 Tags: CVE-2023-42841 Tags: CVE-2023-41982 Tags: CVE-2023-41997 Tags: CVE-2023-41988 Tags: CVE-2023-40447 Tags: CVE-2023-42852 Tags: CVE-2023-32434 Tags: CVE-2023-41989 Tags: CVE-2023-38403 Tags: CVE-2023-42856…

Patch…later? Safari iLeakage bug not fixed

Categories: Exploits and vulnerabilities Categories: News Apple has fixed a bunch of security flaws, but not iLeakage, a side-channel vulnerability in Safari. (Read more…) The post Patch…later? Safari iLeakage bug not fixed appeared first on Malwarebytes Labs. This article has…

Announcing NEW Malwarebytes Identity Theft Protection

Categories: Personal In today’s hyper-connected world, Malwarebytes now protects your identity, reputation, and credit all in one place, so you can focus on living your life. (Read more…) The post Announcing NEW Malwarebytes Identity Theft Protection appeared first on Malwarebytes…

Cyberattack hits 5 hospitals

Categories: News Tags: Transform Tags: service provider Tags: 5 hospitals Tags: Canada Tags: cyberattack A cyberattack on shared service provider TransForm has impacted operations in five Canadian hospitals. (Read more…) The post Cyberattack hits 5 hospitals appeared first on Malwarebytes…

Update vCenter Server now! VMWare fixes critical vulnerability

Categories: Business Categories: Exploits and vulnerabilities Categories: News Tags: VMWare Tags: vCenter Server Tags: CVE-2023-34056 Tags: CVE-2023-34048 Tags: DCE/RPC Tags: out of bounds write Tags: information disclosure Tags: remote code execution VMWare has issued an update to address out-of-bounds write…

A week in security (September 18 – September 24)

Categories: News Tags: Themebleed Tags: zero-days Tags: Apple Tags: T-Mobile Tags: MGM Tags: metaverse A list of topics we covered in the week of September 18 to September 24 of 2023 (Read more…) The post A week in security (September…

T-Mobile spills billing information to other customers

Categories: News Categories: Personal Tags: T-Mobile Tags: billing details Tags: data breach Tags: glitch T-Mobile customers recently found other subscribers’ information on their online dashboards. (Read more…) The post T-Mobile spills billing information to other customers appeared first on Malwarebytes…

Emergency update! Apple patches three zero-days

Categories: Exploits and vulnerabilities Categories: News Tags: Apple Tags: emergency Tags: update Tags: CVE-2023-41991 Tags: CVE-2023-41992 Tags: CVE-2023-41993 Apple has released patches for three zero-day vulnerabilities that may have been actively exploited. (Read more…) The post Emergency update! Apple patches…

Steer clear of cryptocurrency recovery phrase scams

Categories: Personal Tags: cryptocurrency Tags: mark cuban Tags: scam Tags: phish Tags: phishing Tags: wallet Tags: hot Tags: cold Tags: metamask Tags: extension Tags: browser Tags: mobile Tags: android Tags: search engine We take a look at a common cryptocurrency…

DoppelPaymer ransomware group suspects identified

Categories: News Categories: Ransomware More DoppelPaymer ransomware group suspects have been identified by blockchain investigations and had search warrants executed against them. (Read more…) The post DoppelPaymer ransomware group suspects identified appeared first on Malwarebytes Labs. This article has been…

The mystery of the CVEs that are not vulnerabilities

Categories: Business Categories: Exploits and vulnerabilities Categories: News Tags: CVE Tags: NVD Tags: vulnerabilities Tags: CVE-2020-19909 Researchers have raised the alarm about a large set of CVE for older bugs that never were vulnerabilities. (Read more…) The post The mystery…

The privacy perils of the Metaverse

Categories: Personal Tags: metaverse Tags: meta Tags: Facebook Tags: VR Tags: AR Tags: XR Tags: reality Tags: virtual reality Tags: privacy Tags: safety We take a look at the privacy implications of the Metaverse. (Read more…) The post The privacy…

ThemeBleed exploit is another reason to patch Windows quickly

Categories: Exploits and vulnerabilities Categories: News Tags: theme Tags: themepack Tags: Microsoft Tags: cve-2023-38146 Tags: msstyles An exploit has been released for a vulnerability in .themes that was patched in the September 2023 Patch Tuesday update. (Read more…) The post…

Europol lifts the lid on cybercrime tactics

Categories: News Categories: Ransomware Tags: Europol Tags: Phishing Tags: RDP Tags: VPN Tags: Exchange Tags: LOTL Tags: BEC Tags: ransomware Tags: IAB Tags: crypter Tags: Flubot A Europol report discusses developments in cyberattacks, new methodologies, and threats as observed by…

PSA: Ongoing Webex malvertising campaign drops BatLoader

Categories: Threat Intelligence Tags: malvertising Tags: batloader Corporate users performing Google searches for the popular conferencing software Webex are being targeted in a malvertising campaign. (Read more…) The post PSA: Ongoing Webex malvertising campaign drops BatLoader appeared first on Malwarebytes…

3 reasons why your endpoint security is not enough

Categories: Business Watch our recent webinar and learn about weaknesses in your current endpoint security setup and how to address them. (Read more…) The post 3 reasons why your endpoint security is not enough appeared first on Malwarebytes Labs. This…

Major cyberattack leaves MGM Resorts reeling

Categories: News Categories: Personal Tags: MGM resorts Tags: hotel Tags: casino Tags: attack Tags: cyber Tags: shutdown MGM resorts has suffered a major cyberattack leading to shutdowns across the US. (Read more…) The post Major cyberattack leaves MGM Resorts reeling…

Microsoft Teams used to deliver DarkGate Loader malware

Categories: Business Categories: News Tags: Microsoft Teams Tags: DarkGate Tags: Loader Tags: Trojan Tags: Sharepoint Tags: AutoIt Researchers have found a new distribution method for the DarkGate Loader which circumvents the security features in Microsoft Teams. (Read more…) The post…

Ransomware review: September 2023

Categories: Threat Intelligence Ransomware news in August was highlighted by the sudden fall of CL0P from the list of the monthly most active gangs, while Lockbit returned to the number one spot. (Read more…) The post Ransomware review: September 2023…

A week in security (September 4 – September 10)

Categories: News Tags: week Tags: security Tags: September Tags: 2023 Tags: Atomic stealer Tags: Microsoft breach A list of topics we covered in the week of September 4 to September 10 of 2023 (Read more…) The post A week in…

The main causes of ransomware reinfection

Categories: News Categories: Ransomware Tags: ransomware Tags: reinfection Tags: stolen credentials Tags: vulnerabilities Tags: infected backups Tags: logging Tags: forensic investigation Tags: backdoors The main causes for getting reinfected with ransomware can be prevented by performing a forensic analysis. (Read…

A history of ransomware: How did it get this far?

Categories: News Categories: Ransomware Tags: history Tags: ransomware Tags: bulletproof hosting Tags: cryptocurrency Tags: encryption Tags: fast internet Tags: government protection Tags: RaaS Tags: LockBit Tags: pentester tools Tags: code We tell you about the origin of ransomware and what…

How Microsoft’s highly secure environment was breached

Categories: News An investigation by Microsoft has finally revealed how China-based hackers circumvented its highly isolated and restricted production environment in May 2023. (Read more…) The post How Microsoft’s highly secure environment was breached appeared first on Malwarebytes Labs. This…

Smart chastity device exposes sensitive user data

Categories: Personal Tags: chastity cage Tags: IoT Tags: Internet of Things Tags: romance Tags: toy Tags: device Tags: expose Tags: user data We take a look at reports of an IoT chastity cage device which is exposing user data. (Read…

X wants your biometric data

Categories: Personal Tags: twitter Tags: x Tags: social media Tags: social network Tags: register Tags: biometric Tags: ID Tags: passport Tags: verify Tags: verification Tags: premium Tags: elon musk We take a look at plans to voluntarily upload identification to…

Password-stealing Chrome extension smuggled on to Web Store

Chrome browser extensions can steal passwords from the text input fields in websites, despite Chrome’s latest security and privacy standard, Manifest V3. (Read more…) The post Password-stealing Chrome extension smuggled on to Web Store appeared first on Malwarebytes Labs. This…

A week in security (August 28 – September 3)

Categories: News Tags: week Tags: security Tags: August Tags: 2023 A list of topics we covered in the week of August 28 to September 3, 2023. (Read more…) The post A week in security (August 28 – September 3) appeared…

Qakbot botnet infrastructure suffers major takedown

Categories: News Categories: Ransomware Tags: Qakbot Tags: FBI Tags: law enforcement Tags: takedown Tags: removal tool Tags: HIBP Tags: Spamhaus The Qakbot botnet has suffered a major setback after its infrastructure was heavily disrupted by US and European law enforcement…