Categories: Threat Intelligence Tags: malvertising Tags: ads Tags: google Tags: dynamic search ads Tags: python Tags: pycharm Tags: malware Dynamically generated ads can be problematic when the content they are created from has been compromised. (Read more…) The post ‘Accidental’…
Category: Malwarebytes Labs
Update now! Apple patches a raft of vulnerabilities
Categories: Exploits and vulnerabilities Categories: News Tags: iLeakage Tags: side-channel Tags: Safari Tags: CVE-2023-40413 Tags: CVE-2023-40416 Tags: CVE-2023-40423 Tags: CVE-2023-42487 Tags: CVE-2023-42841 Tags: CVE-2023-41982 Tags: CVE-2023-41997 Tags: CVE-2023-41988 Tags: CVE-2023-40447 Tags: CVE-2023-42852 Tags: CVE-2023-32434 Tags: CVE-2023-41989 Tags: CVE-2023-38403 Tags: CVE-2023-42856…
Octo Tempest cybercriminal group is “a growing concern”—Microsoft
Categories: News Categories: Ransomware Tags: ALPHV Tags: Octo Tempest Tags: RaaS Tags: LOTL Tags: social engineering Tags: SIM swapping A group of cybercriminals known for advanced social engineering attacks has joined one of the biggest ransomware groups as an affiliate.…
Patch…later? Safari iLeakage bug not fixed
Categories: Exploits and vulnerabilities Categories: News Apple has fixed a bunch of security flaws, but not iLeakage, a side-channel vulnerability in Safari. (Read more…) The post Patch…later? Safari iLeakage bug not fixed appeared first on Malwarebytes Labs. This article has…
Announcing NEW Malwarebytes Identity Theft Protection
Categories: Personal In today’s hyper-connected world, Malwarebytes now protects your identity, reputation, and credit all in one place, so you can focus on living your life. (Read more…) The post Announcing NEW Malwarebytes Identity Theft Protection appeared first on Malwarebytes…
Face search engine PimEyes stops searches of children’s faces
Categories: News Categories: Personal Categories: Privacy Tags: PimEyes Tags: minors Tags: children Tags: face search engine Tags: AI PimEyes says it has taken technical measures to block searches for children’s faces as part of a no harm policy. (Read more…)…
Cyberattack hits 5 hospitals
Categories: News Tags: Transform Tags: service provider Tags: 5 hospitals Tags: Canada Tags: cyberattack A cyberattack on shared service provider TransForm has impacted operations in five Canadian hospitals. (Read more…) The post Cyberattack hits 5 hospitals appeared first on Malwarebytes…
Update vCenter Server now! VMWare fixes critical vulnerability
Categories: Business Categories: Exploits and vulnerabilities Categories: News Tags: VMWare Tags: vCenter Server Tags: CVE-2023-34056 Tags: CVE-2023-34048 Tags: DCE/RPC Tags: out of bounds write Tags: information disclosure Tags: remote code execution VMWare has issued an update to address out-of-bounds write…
A week in security (September 18 – September 24)
Categories: News Tags: Themebleed Tags: zero-days Tags: Apple Tags: T-Mobile Tags: MGM Tags: metaverse A list of topics we covered in the week of September 18 to September 24 of 2023 (Read more…) The post A week in security (September…
What does a car need to know about your sex life? Lock and Code S04E20
Categories: Podcast This week on the Lock and Code podcast, we speak with Mozilla’s Privacy Not Included team about the invasive data collection practices of modern cars. (Read more…) The post What does a car need to know about your…
TikTok flooded with fake celebrity nude photo Temu referrals
Categories: Personal Tags: TikTok Tags: celeb Tags: celebrity Tags: fake Tags: nude Tags: nudes Tags: scam Tags: referral Tags: temu A bogus celebrity leaked photos scam linked to Temu referrals is doing the rounds on TikTok. (Read more…) The post…
Ransomware group claims it’s “compromised all of Sony systems”
Categories: News The ransomware group RansomedVC says its selling Sony’s data. (Read more…) The post Ransomware group claims it’s “compromised all of Sony systems” appeared first on Malwarebytes Labs. This article has been indexed from Malwarebytes Labs Read the original…
T-Mobile spills billing information to other customers
Categories: News Categories: Personal Tags: T-Mobile Tags: billing details Tags: data breach Tags: glitch T-Mobile customers recently found other subscribers’ information on their online dashboards. (Read more…) The post T-Mobile spills billing information to other customers appeared first on Malwarebytes…
Emergency update! Apple patches three zero-days
Categories: Exploits and vulnerabilities Categories: News Tags: Apple Tags: emergency Tags: update Tags: CVE-2023-41991 Tags: CVE-2023-41992 Tags: CVE-2023-41993 Apple has released patches for three zero-day vulnerabilities that may have been actively exploited. (Read more…) The post Emergency update! Apple patches…
Steer clear of cryptocurrency recovery phrase scams
Categories: Personal Tags: cryptocurrency Tags: mark cuban Tags: scam Tags: phish Tags: phishing Tags: wallet Tags: hot Tags: cold Tags: metamask Tags: extension Tags: browser Tags: mobile Tags: android Tags: search engine We take a look at a common cryptocurrency…
Involved in a data breach? Here’s what you need to know
Categories: News Categories: Personal If you’ve received a message from a company saying your data has been caught up in a breach, you might be unsure what to do next. Well, we have some tips for you… (Read more…) The…
DoppelPaymer ransomware group suspects identified
Categories: News Categories: Ransomware More DoppelPaymer ransomware group suspects have been identified by blockchain investigations and had search warrants executed against them. (Read more…) The post DoppelPaymer ransomware group suspects identified appeared first on Malwarebytes Labs. This article has been…
Compromised Free Download Manager website was delivering malware for years
Categories: News Tags: Free Download Manager Tags: Linux Tags: Debian Tags: crond Tags: reverse shell After three years of delivering malware to selected visitors, Free Download Manager was alerted to the fact that its website had been compromised. (Read more…)…
Microsoft AI researchers accidentally exposed terabytes of sensitive data
Categories: Business Categories: News Tags: blob Tags: SAS Tags: Microsoft Tags: Wiz Tags: secrets Microsoft AI researchers posted a long-living, overly permissive, SAS token on GitHub, exposing 38 TB of data. (Read more…) The post Microsoft AI researchers accidentally exposed…
The mystery of the CVEs that are not vulnerabilities
Categories: Business Categories: Exploits and vulnerabilities Categories: News Tags: CVE Tags: NVD Tags: vulnerabilities Tags: CVE-2020-19909 Researchers have raised the alarm about a large set of CVE for older bugs that never were vulnerabilities. (Read more…) The post The mystery…
The privacy perils of the Metaverse
Categories: Personal Tags: metaverse Tags: meta Tags: Facebook Tags: VR Tags: AR Tags: XR Tags: reality Tags: virtual reality Tags: privacy Tags: safety We take a look at the privacy implications of the Metaverse. (Read more…) The post The privacy…
A week in security (September 11 – September 17)
Categories: News Tags: week Tags: security Tags: September Tags: 2023 Tags: iPhone Tags: A list of topics we covered in the week of September 11 to September 17 of 2023 (Read more…) The post A week in security (September 11…
Ransomware group steps up, issues statement over MGM Resorts compromise
Categories: Business Tags: MGM Resorts Tags: hotel Tags: casino Tags: ransomware Tags: blackcap Tags: ALPHV We take a look at a ransomware group’s claims that they were the ones responsible for the MGM Resorts attack. (Read more…) The post Ransomware…
ThemeBleed exploit is another reason to patch Windows quickly
Categories: Exploits and vulnerabilities Categories: News Tags: theme Tags: themepack Tags: Microsoft Tags: cve-2023-38146 Tags: msstyles An exploit has been released for a vulnerability in .themes that was patched in the September 2023 Patch Tuesday update. (Read more…) The post…
Malwarebytes named leader across six endpoint security categories, marking its ease of use, in G2 Fall 2023 results
Categories: Business Malwarebytes is the only vendor recognized as “Easiest to Use” with the “Easiest Admin” for its EDR and MDR solutions in the recent G2 Fall 2023 results. (Read more…) The post Malwarebytes named leader across six endpoint security…
Europol lifts the lid on cybercrime tactics
Categories: News Categories: Ransomware Tags: Europol Tags: Phishing Tags: RDP Tags: VPN Tags: Exchange Tags: LOTL Tags: BEC Tags: ransomware Tags: IAB Tags: crypter Tags: Flubot A Europol report discusses developments in cyberattacks, new methodologies, and threats as observed by…
Watch out, this LastPass email with “Important information about your account” is a phish
Categories: News Categories: Scams We caught a nasty phish yesterday, likely looking to feed on victims of last year’s LastPass breach. (Read more…) The post Watch out, this LastPass email with “Important information about your account” is a phish appeared…
Malwarebytes wins every Q2 MRG Effitas award & scores 100% on new phishing test
Categories: Business Dive into where we prevented more than the rest and how we were able to do it. (Read more…) The post Malwarebytes wins every Q2 MRG Effitas award & scores 100% on new phishing test appeared first on…
PSA: Ongoing Webex malvertising campaign drops BatLoader
Categories: Threat Intelligence Tags: malvertising Tags: batloader Corporate users performing Google searches for the popular conferencing software Webex are being targeted in a malvertising campaign. (Read more…) The post PSA: Ongoing Webex malvertising campaign drops BatLoader appeared first on Malwarebytes…
Patch now! September Microsoft Patch Tuesday includes two actively exploited zero-days
Categories: Business Categories: Exploits and vulnerabilities Categories: News Tags: Microsoft Tags: Adobe Tags: Android Tags: Apple Tags: Chrome Tags: SAP Tags: Exchange Tags: Visual Studio Tags: CVE-2023-36761 Tags: CVE-2023-36802 Tags: CVE-2023-29332 Tags: Azure Microsoft’s September 2023 Patch Tuesday is another…
3 reasons why your endpoint security is not enough
Categories: Business Watch our recent webinar and learn about weaknesses in your current endpoint security setup and how to address them. (Read more…) The post 3 reasons why your endpoint security is not enough appeared first on Malwarebytes Labs. This…
iPhone 15 launch: Wonderlust scammers rear their heads
Categories: Personal Tags: apple Tags: wanderlust Tags: cryptocurrency Tags: event Tags: BTC Tags: ETH Tags: fake We take a look at a cryptocurrency scam riding on the coat tails of the Apple Wonderlust event. (Read more…) The post iPhone 15…
Major cyberattack leaves MGM Resorts reeling
Categories: News Categories: Personal Tags: MGM resorts Tags: hotel Tags: casino Tags: attack Tags: cyber Tags: shutdown MGM resorts has suffered a major cyberattack leading to shutdowns across the US. (Read more…) The post Major cyberattack leaves MGM Resorts reeling…
Two Apple issues added by CISA to its catalog of known exploited vulnerabilities
Categories: Exploits and vulnerabilities Categories: News Tags: Blastpass Tags: citizenlab Tags: pegasus Tags: nso Tags: cisa Tags: apple Tags: cve-2023-41064 Tags: cve-2023-41061 Tags: buffer overflow CISA has added two recently discovered Apple vulnerabilities to its catalog of known exploited vulnerabilities.…
Microsoft Teams used to deliver DarkGate Loader malware
Categories: Business Categories: News Tags: Microsoft Teams Tags: DarkGate Tags: Loader Tags: Trojan Tags: Sharepoint Tags: AutoIt Researchers have found a new distribution method for the DarkGate Loader which circumvents the security features in Microsoft Teams. (Read more…) The post…
Update Chrome now! Google patches critical vulnerability being exploited in the wild
Categories: Exploits and vulnerabilities Categories: News Tags: Google Tags: Chrome Tags: CVE-2023-4863 Tags: WebP Tags: buffer overflow Tags: 116.0.5845.187/.188 Chrome users are being urged to patch a critical vulnerability for which an exploit is available. (Read more…) The post Update…
Ransomware review: September 2023
Categories: Threat Intelligence Ransomware news in August was highlighted by the sudden fall of CL0P from the list of the monthly most active gangs, while Lockbit returned to the number one spot. (Read more…) The post Ransomware review: September 2023…
A week in security (September 4 – September 10)
Categories: News Tags: week Tags: security Tags: September Tags: 2023 Tags: Atomic stealer Tags: Microsoft breach A list of topics we covered in the week of September 4 to September 10 of 2023 (Read more…) The post A week in…
The main causes of ransomware reinfection
Categories: News Categories: Ransomware Tags: ransomware Tags: reinfection Tags: stolen credentials Tags: vulnerabilities Tags: infected backups Tags: logging Tags: forensic investigation Tags: backdoors The main causes for getting reinfected with ransomware can be prevented by performing a forensic analysis. (Read…
Wyze home cameras temporarily show other people’s security feeds
Categories: Personal Tags: home camera Tags: network Tags: security Tags: feed Tags: room Tags: house Tags: smart We take a look at reports of a popular home camera product temporarily displaying the wrong feeds to other users. (Read more…) The…
Re-air: What teenagers face growing up online: Lock and Code S04E19
Categories: Podcast This week on Lock and Code, we revisit an earlier conversation with a Bay Area teenager about the hardest parts about growing up online. (Read more…) The post Re-air: What teenagers face growing up online: Lock and Code…
Chrome’s “Enhanced Ad Privacy”: What you need to know
Categories: Personal Tags: google Tags: chrome Tags: website Tags: API Tags: Topics Tags: tracking Tags: ads Tags: adverts Tags: cookies We take a look at a Chrome popup related to Topics API, which you may be seeing in the near…
A history of ransomware: How did it get this far?
Categories: News Categories: Ransomware Tags: history Tags: ransomware Tags: bulletproof hosting Tags: cryptocurrency Tags: encryption Tags: fast internet Tags: government protection Tags: RaaS Tags: LockBit Tags: pentester tools Tags: code We tell you about the origin of ransomware and what…
FreeWorld ransomware attacks MSSQL—get your databases off the internet
Categories: News Categories: Ransomware An attack that uses a database as an entry point to a network reminds us that you should never expose your databases to the internet. (Read more…) The post FreeWorld ransomware attacks MSSQL—get your databases off…
How Microsoft’s highly secure environment was breached
Categories: News An investigation by Microsoft has finally revealed how China-based hackers circumvented its highly isolated and restricted production environment in May 2023. (Read more…) The post How Microsoft’s highly secure environment was breached appeared first on Malwarebytes Labs. This…
FreeWorld ransomware attacks MSSQL—get your databases off the Internet
Categories: News Categories: Ransomware A attack that uses a database as an entry point to a network reminds us that you should never expose your databases to the Internet. (Read more…) The post FreeWorld ransomware attacks MSSQL—get your databases off…
Smart chastity device exposes sensitive user data
Categories: Personal Tags: chastity cage Tags: IoT Tags: Internet of Things Tags: romance Tags: toy Tags: device Tags: expose Tags: user data We take a look at reports of an IoT chastity cage device which is exposing user data. (Read…
X wants your biometric data
Categories: Personal Tags: twitter Tags: x Tags: social media Tags: social network Tags: register Tags: biometric Tags: ID Tags: passport Tags: verify Tags: verification Tags: premium Tags: elon musk We take a look at plans to voluntarily upload identification to…
Mac users targeted in new malvertising campaign delivering Atomic Stealer
Categories: Threat Intelligence Tags: amos Tags: apple Tags: malvertising Tags: atomic stealer Tags: wallets Tags: crypto Tags: mac While malvertising delivering infostealers has largely been a Windows problem, Mac users are getting targeted as well. (Read more…) The post Mac…
Password-stealing Chrome extension smuggled on to Web Store
Chrome browser extensions can steal passwords from the text input fields in websites, despite Chrome’s latest security and privacy standard, Manifest V3. (Read more…) The post Password-stealing Chrome extension smuggled on to Web Store appeared first on Malwarebytes Labs. This…
A week in security (August 28 – September 3)
Categories: News Tags: week Tags: security Tags: August Tags: 2023 A list of topics we covered in the week of August 28 to September 3, 2023. (Read more…) The post A week in security (August 28 – September 3) appeared…
Supply chain related security risks, and how to protect against them
We take a look at the importance of supply chain cybersecurity and share some tips to enhance it. (Read more…) The post Supply chain related security risks, and how to protect against them appeared first on Malwarebytes Labs. This article…
A firsthand perspective on the recent LinkedIn account takeover campaign
Categories: News Tags: LinkedIn Tags: sessions Tags: contacts It started with a password reset email in the middle of the night. (Read more…) The post A firsthand perspective on the recent LinkedIn account takeover campaign appeared first on Malwarebytes Labs.…
Qakbot botnet infrastructure suffers major takedown
Categories: News Categories: Ransomware Tags: Qakbot Tags: FBI Tags: law enforcement Tags: takedown Tags: removal tool Tags: HIBP Tags: Spamhaus The Qakbot botnet has suffered a major setback after its infrastructure was heavily disrupted by US and European law enforcement…
Prompt injection could be the SQL injection of the future, warns NCSC
Categories: News Tags: AI Tags: ML Tags: LLM Tags: chatgpt Tags: data poisoning Tags: SQL Tags: prompt injection The NCSC has warned about integrating LLMs into your own services or platforms. Prompt injection and data poisoning are just some of…