Criminal record database of millions of Americans dumped online
A notorious cybercriminal involved in breaches has released a database containing 70 million US criminal records.
Watch out for tech support scams lurking in sponsored search results
Our researchers found fake sponsored search results that lead consumers to a typical fake Microsoft alert site set up by tech support scammers.
New Go loader pushes Rhadamanthys stealer
A malicious ad for the popular admin tool PuTTY leads victims to a fake site that downloads malware.
A first analysis of the i-Soon data leak
Data from a Chinese cybersecurity vendor that works for the Chinese government exposed a range of hacking tools and services.
Atomic Stealer distributed to Mac users via fake browser updates | Malwarebytes
Compromised websites are being used to redirect to fake browser updates and deliver malware onto Mac users.
Nude “before and after” photos stolen from plastic surgeon, posted online, and sent to victims' family and friends
The FBI is investigating a data breach where cybercriminals were able to steal patients’ records from a Las Vegas plastic surgeon's office and then publish them online.
Malvertiser copies PC news site to deliver infostealer
Users looking to download a popular PC utility may be tricked in this campaign where a threat actor has registered a website that copies content from a PC and Windows news portal.
Battling a new DarkGate malware campaign with Malwarebytes MDR
First publicly reported in 2018, DarkGate is a Windows-based malware with a wide-range of capabilities including credential stealing and remote access to victim endpoints. Until recently, it was only seen being delivered through traditional email malspam campaigns. In late August 2023, however, researchers at Trusec found evidence of a campaign using external Teams messages to deliver the DarkGate Loader.
The forgotten malvertising campaign
In recent weeks, we have noted an increase in malvertising campaigns via Google searches. Several of the threat actors we are tracking have improved their techniques to evade detection throughout the delivery chain. We believe this evolution will have a real world impact among corporate users getting compromised via malicious ads eventually leading to the deployment of malware and ransomware. In this blog post, we look at a malvertising campaign that seems to have flown under the radar entirely for at least several months. It is unique in its way to fingerprint users and distribute time sensitive payloads.
PSA: Ongoing Webex malvertising campaign drops BatLoader
A new malvertising campaign is targeting corporate users who are downloading the popular web conferencing software Webex. Threat actors have bought an advert that impersonates Cisco's brand and is displayed first when performing a Google search.
Mac users targeted in new malvertising campaign delivering Atomic Stealer
- Malicious ads for Google searches are targeting Mac users Phishing sites trick victims into downloading what they believe is the app they want The malware is bundled in an ad-hoc signed app so it cannot be revoked by Apple * The payload is a new version of the recent Atomic Stealer for OSX
Malvertising via brand impersonation is back again
Web search is about to embark on a new journey thanks to artificial intelligence technology that online giants such as Microsoft and Google are experimenting with. Yet, there is a problem when it comes to malicious ads displayed by search engines that AI likely won't be able to fix.
Uncovering RedStinger - Undetected APT cyber operations in Eastern Europe since 2020
While the official conflict between Russia and Ukraine began in February 2022, there is a long history of physical conflict between the two nations, including the 2014 annexation of Crimea by Russia and when the regions of Donetsk and Luhansk declared themselves independent from Ukraine and came under Russia's umbrella. Given this context, it would not be surprising that the cybersecurity landscape between these two countries has also been tense.
LockBit and Cl0p ransomware gangs actively exploiting Papercut vulnerabilities
Vulnerabilities in PaperCut printing management are being used in ransomware attacks.
Magecart threat actor rolls out convincing modal forms
To ensnare new victims, criminals will often devise schemes that attempt to look as realistic as possible. Having said that, it is not every day that we see the fraudulent copy exceed the original piece. While following up on an ongoing Magecart credit card skimmer campaign, we were almost fooled by a payment form that looked so well done we thought it was real. The threat actor used original logos from the compromised store and customized a web element known as a modal to perfectly hijack the checkout page.
Ransomware pushes City of Oakland into state of emergency
The Interim City Administrator of the City of Oakland declared a state of emergency.after a ransomware attack crippled the city’s services a week ago
Ransomware pushes City of Oakland into state of emergency
The Interim City Administrator of the City of Oakland declared a state of emergency.after a ransomware attack crippled the city’s services a week ago
Google sponsored ads malvertising targets password manager
We have recently written about malvertising campaigns that leverage Google paid advertisements to try and trick people into downloading malware instead of the software they were looking for. This malware then stole login credentials from the affected system.
Google sponsored ads malvertising targets password manager
We have recently written about malvertising campaigns that leverage Google paid advertisements to try and trick people into downloading malware instead of the software they were looking for. This malware then stole login credentials from the affected system.
Analyzing and remediating a malware infested T95 TV box from Amazon
Find out why one of our Android experts has been obsessing over a little black box from Amazon.
Analyzing and remediating a malware infested T95 TV box from Amazon
Find out why one of our Android experts has been obsessing over a little black box from Amazon.
Apple announces 3 new security features
Apple has announced three new security features that will help protect logins, iMessage conversations, and data snyced by iCloud.
Apple announces 3 new security features
Apple has announced three new security features that will help protect logins, iMessage conversations, and data snyced by iCloud.
Malware on the Google Play store leads to harmful phishing sites
A family of malicious apps from developer Mobile apps Group are listed on Google Play and infected with Android/Trojan.HiddenAds.BTGTHB. In total, four apps are listed, and together they have amassed at least one million downloads. Older versions of these apps have been detected in the past as different variants of Android/Trojan.HiddenAds. Yet, the developer is still on Google Play dispensing its latest HiddenAds malware.
Malware on the Google Play store leads to harmful phishing sites
A family of malicious apps from developer Mobile apps Group are listed on Google Play and infected with Android/Trojan.HiddenAds.BTGTHB. In total, four apps are listed, and together they have amassed at least one million downloads. Older versions of these apps have been detected in the past as different variants of Android/Trojan.HiddenAds. Yet, the developer is still on Google Play dispensing its latest HiddenAds malware.
Dormant Colors browser hijackers could be used for more nefarious tasks, report says
Dormant Colors, a browser extension campaign, was spotted stealing browser data and hijacking search results and affiliation to thousands of sites.
Dormant Colors browser hijackers could be used for more nefarious tasks, report says
Dormant Colors, a browser extension campaign, was spotted stealing browser data and hijacking search results and affiliation to thousands of sites.
What is ransomware-as-a-service and how is it evolving?
Ransomware attacks are becoming more frequent and costlier—breaches caused by ransomware grew 41 percent in the last year, the average cost of a destructive attack rising to $5.12 milllion. What’s more, a good chunk of the cyber criminals doing these attacks operate on a ransomware-as-a-service (RaaS) model.
What is ransomware-as-a-service and how is it evolving?
Ransomware attacks are becoming more frequent and costlier—breaches caused by ransomware grew 41 percent in the last year, the average cost of a destructive attack rising to $5.12 milllion. What’s more, a good chunk of the cyber criminals doing these attacks operate on a ransomware-as-a-service (RaaS) model.
Malvertising on Microsoft Edge's News Feed pushes tech support scams
We uncovered a campaign on the Microsoft Edge home page where malicious ads are luring victims into tech support scams.