Silent Librarian APT right on schedule for 20/21 academic year

October 14, 2020 ~ Dade Murphy ~ Leave a comment

Malwarebytes Labs-- A threat actor known as Silent Librarian/TA407/COBALT DICKENS has been actively targeting universities via spear phishing campaigns since schools and universities went back. We were initially tipped off by one of our customers, and were able to identify a new active campaign from this APT group. Based off a number of intended victims, … Continue reading Silent Librarian APT right on schedule for 20/21 academic year

Amazon Prime Day—8 tips for safer shopping

October 13, 2020 ~ Dade Murphy ~ Leave a comment

Malwarebytes Labs-- Avid Amazon Prime Day shoppers may have been worried they’d missed it this year—thanks coronavirus. Fear not, last month Amazon announced Prime Day will take place three months after its original annual date, beginning today. And this year, it’ll take place over two days, rather than one. This could mark the beginning of … Continue reading Amazon Prime Day—8 tips for safer shopping

Lock and Code S1Ep17: Journalism’s role in cybersecurity with Alfred Ng and Seth Rosenblatt

October 12, 2020 ~ Dade Murphy ~ Leave a comment

Malwarebytes Labs-- Most everything about cybersecurity—the threats, the vulnerabilities, the breaches and the blunders—doesn’t happen in a vacuum. And the public doesn’t learn about those things because threat actors advertise their exploits, or because companies trumpet their lackluster data security practices. No, we often learn about cybersecurity issues because of reporting. And as the years … Continue reading Lock and Code S1Ep17: Journalism’s role in cybersecurity with Alfred Ng and Seth Rosenblatt

Credit card skimmer targets virtual conference platform

October 8, 2020 ~ Dade Murphy ~ Leave a comment

Malwarebytes Labs-- We’ve seen many security incidents affecting different websites simultaneously because they were loading the same tampered piece of code. In many instances, this is due to what we call a supply-chain attack, where a threat actor targets one company that acts as an intermediary to others. In today’s case, the targeted websites all … Continue reading Credit card skimmer targets virtual conference platform

Healthcare security update: death by ransomware, what’s next?

October 8, 2020 ~ Dade Murphy ~ Leave a comment

Malwarebytes Labs-- A recent ransomware attack which played a significant role in the death of a German woman has put into focus both the dangers and the importance of cybersecurity today. But it has also led some to point fingers as to who was responsible. As usual, playing the blame game helps no one, but … Continue reading Healthcare security update: death by ransomware, what’s next?

Risky business: survey shows majority of people use work devices for personal use

October 7, 2020 ~ Dade Murphy ~ Leave a comment

Malwarebytes Labs-- There’s no denying the coronavirus pandemic is having a significant impact on the way we use technology. Some changes feel like a subtle acceleration of behavioral shifts that were already well underway (i.e. more online shopping and more streaming TV/movies). Other changes are more extreme and we’re only beginning to understand the long-term … Continue reading Risky business: survey shows majority of people use work devices for personal use

Release the Kraken: Fileless APT attack abuses Windows Error Reporting service

October 6, 2020 ~ Dade Murphy ~ Leave a comment

Malwarebytes Labs-- This blog post was authored by Hossein Jazi and Jérôme Segura. On September 17th, we discovered a new attack called Kraken that injected its payload into the Windows Error Reporting (WER) service as a defense evasion mechanism. That reporting service, WerFault.exe, is usually invoked when an error related to the operating system, Windows … Continue reading Release the Kraken: Fileless APT attack abuses Windows Error Reporting service

Mobile network operator falls into the hands of Fullz House criminal group

October 5, 2020 ~ Dade Murphy ~ Leave a comment

Malwarebytes Labs-- Most victims of Magecart-based attacks tend to be typical online shops selling various goods. However, every now and again we come across different types of businesses which were affected simply because they happened to be vulnerable. Today we take a quick look at a mobile operator who offers cell phone plans to its … Continue reading Mobile network operator falls into the hands of Fullz House criminal group

A week in security (September 28 – October 4)

October 5, 2020 ~ Dade Murphy ~ Leave a comment

Malwarebytes Labs-- Last week on Malwarebytes Labs, we dug into what happens when card fraud comes calling, we gave a rundown on some novel ransomware attacks that took advantage of smart coffee makers, and we introduced VideoBytes, our new, monthly series in which we’ll provide video coverage of some of the cybersecurity world’s top stories. … Continue reading A week in security (September 28 – October 4)

VideoBytes: Ransomware gets wasted!

October 2, 2020 ~ Dade Murphy ~ Leave a comment

Malwarebytes Labs-- Hello dear readers, and welcome to the latest edition of VideoBytes! On today’s episode, we’re talking about how ransomware is on the rise again, focused on attacking corporations with malware that not only encrypts files, but also steals it. The tactics used to deploy these forms of ransomware have become more capable and … Continue reading VideoBytes: Ransomware gets wasted!