Search results for malwarebytes cybersecurity | Breaking Cybersecurity News | The Hacker News

Malwarebytes on Tuesday said it was breached by the same group who broke into SolarWinds to access some of its internal emails, making it the fourth major cybersecurity vendor to be targeted after  FireEye ,  Microsoft , and  CrowdStrike . The company said its intrusion was not the result of a SolarWinds compromise, but rather due to a separate initial access vector that works by "abusing applications with privileged access to Microsoft Office 365 and Azure environments." The discovery was made after Microsoft notified Malwarebytes of suspicious activity from a dormant email protection app within its  Office 365 tenant  on December 15, following which it performed a detailed investigation into the incident. "While Malwarebytes does not use SolarWinds, we, like many other companies were recently targeted by the same threat actor," the company's CEO Marcin Kleczynski  said  in a post. "We found no evidence of unauthorized access or compromise in any...

Every week, the digital world faces new challenges and changes. Hackers are always finding new ways to breach systems, while defenders work hard to keep our data safe. Whether it's a hidden flaw in popular software or a clever new attack method, staying informed is key to protecting yourself and your organization. In this week's update, we'll cover the most important developments in cybersecurity. From the latest threats to effective defenses, we've got you covered with clear and straightforward insights. Let's dive in and keep your digital world secure. ⚡ Threat of the Week Palo Alto Networks PAN-OS Flaw Under Attack — Palo Alto Networks has disclosed a high-severity flaw impacting PAN-OS software that could cause a denial-of-service (DoS) condition on susceptible devices by sending a specially crafted DNS packet. The vulnerability (CVE-2024-3393, CVSS score: 8.7) only affects firewalls that have the DNS Security logging enabled. The company said it's aware of...

Stop tempting fate and take a look at our picks for the best antivirus programs on the market today. Every year there are billions of malware attacks worldwide. And these threats are constantly evolving. So if you are not currently using antivirus software, or you still rely on some free software you downloaded back in 2017, you are putting your cybersecurity in serious jeopardy.  Need help picking out antivirus software? Well, we've got you covered. Below you can find our picks for the best antivirus products of 2021. But before we get to that, let's set a few things straight so we're all on the same page.  When we talk about antivirus products, we're really talking about anti- malware  products. Malware is a catchall term that refers to any malicious program created to damage, disrupt, or take charge of a computer. Types of malware include not only viruses but spyware, trojan horses, ransomware, adware, and scareware. Any good antivirus product in 2021 must be ab...

With breaches making the headlines on an almost weekly basis, the cybersecurity challenges we face are becoming visible not only to large enterprises, who have built security capabilities over the years, but also to small to medium businesses and the broader public. While this is creating greater awareness among smaller businesses of the need to improve their security posture, SMBs are often left facing a gap in the market, unable to find security tooling that is both easy for them to use and which they can afford. When we consider the needs of SMBs, we need to focus both on the development of threat intelligence, which is necessary to understand and identify the threats being faced, as well  as the tools used to provide protection . NTTSH has built a pedigree of over 20 years' experience in the research and curation of threat intelligence as well as the development of capabilities and products which leverage its threat intelligence to protect customers. After many years of focus...

An ongoing  Magecart  campaign has attracted the attention of cybersecurity researchers for leveraging realistic-looking fake payment screens to capture sensitive data entered by unsuspecting users. "The threat actor used original logos from the compromised store and customized a web element known as a modal to perfectly hijack the checkout page," Jérôme Segura, director of threat intelligence at Malwarebytes,  said . "The remarkable thing here is that the skimmer looks more authentic than the original payment page." The term  Magecart  is a catch-all that refers to several cybercrime groups which employ online skimming techniques to steal personal data from websites – most commonly, customer details and payment information on e-commerce websites. The name originates from the groups' initial targeting of the Magento platform. According to  data  shared by Sansec, the first Magecart-like attacks were observed as early as 2010. As of 2022, more than ...

Cybersecurity researchers have detailed a "simple but efficient" persistence mechanism adopted by a relatively nascent malware loader called Colibri , which has been observed deploying a Windows information stealer known as Vidar as part of a new campaign. "The attack starts with a malicious Word document deploying a Colibri bot that then delivers the Vidar Stealer," Malwarebytes Labs  said  in an analysis. "The document contacts a remote server at (securetunnel[.]co) to load a remote template named 'trkal0.dot' that contacts a malicious macro," the researchers added. First documented by  FR3D.HK  and Indian cybersecurity company CloudSEK earlier this year, Colibri is a malware-as-a-service (MaaS) platform that's engineered to drop additional payloads onto compromised systems. Early signs of the loader appeared on Russian underground forums in August 2021. "This loader has multiple techniques that help avoid detection," CloudSEK r...

An unidentified threat actor has been exploiting a now-patched zero-day flaw in Internet Explorer browser to deliver a fully-featured VBA-based remote access trojan (RAT) capable of accessing files stored in compromised Windows systems, and downloading and executing malicious payloads as part of an "unusual" campaign. The backdoor is distributed via a decoy document named "Manifest.docx" that loads the exploit code for the vulnerability from an embedded template, which, in turn, executes shellcode to deploy the RAT, according to cybersecurity firm Malwarebytes, which spotted the suspicious Word file on July 21, 2021.  The malware-laced document claims to be a "Manifesto of the inhabitants of Crimea" calling on the citizens to oppose Russian President Vladimir Putin and "create a unified platform called 'People's Resistance.'" The Internet Explorer flaw, tracked as CVE-2021-26411 , is notable for the fact that it was abused by the ...

Cybersecurity researchers have uncovered a never-before-seen dropper that serves as a conduit to launch next-stage malware with the ultimate goal of infecting Windows systems with information stealers and loaders. "This memory-only dropper decrypts and executes a PowerShell-based downloader," Google-owned Mandiant said . "This PowerShell-based downloader is being tracked as PEAKLIGHT." Some of the malware strains distributed using this technique are Lumma Stealer , Hijack Loader (aka DOILoader, IDAT Loader, or SHADOWLADDER), and CryptBot , all of which are advertised under the malware-as-a-service (SaaS) model. The starting point of the attack chain is a Windows shortcut (LNK) file that's downloaded via drive-by download techniques -- e.g., when users look up a movie on search engines. It's worth pointing out that the LNK files are distributed within ZIP archives that are disguised as pirated movies. The LNK file connects to a content delivery network...

The threat actors behind the Hive ransomware-as-a-service (RaaS) scheme have launched attacks against over 1,300 companies across the world, netting the gang $100 million in illicit payments as of November 2022. "Hive ransomware has targeted a wide range of businesses and critical infrastructure sectors, including government facilities, communications, critical manufacturing, information technology, and — especially — Healthcare and Public Health (HPH)," U.S. cybersecurity and intelligence authorities  said  in an alert. Active since June 2021, Hive's RaaS operation involves a mix of developers, who create and manage the malware, and affiliates, who are responsible for conducting the attacks on target networks by often purchasing initial access from initial access brokers (IABs). In most cases, gaining a foothold involves the exploitation of  ProxyShell flaws  in Microsoft Exchange Server, followed by taking steps to terminate processes associated with antivirus...

A Pakistani threat actor successfully socially engineered a number of ministries in Afghanistan and a shared government computer in India to steal sensitive Google, Twitter, and Facebook credentials from its targets and stealthily obtain access to government portals. Malwarebytes' latest findings go into detail about the new tactics and tools adopted by the APT group known as  SideCopy , which is so-called because of its attempts to mimic the infection chains associated with another group tracked as  SideWinder  and mislead attribution. "The lures used by SideCopy APT are usually archive files that have embedded one of these files: LNK, Microsoft Publisher or Trojanized Applications," Malwarebytes researcher Hossein Jazi  said , adding the embedded files are tailored to target government and military officials based in Afghanistan and India. The revelation comes close on the heels of  disclosures  that Meta took steps to block malicious activities carr...

An emerging ransomware-as-a-service (RaaS) operation called Eldorado comes with locker variants to encrypt files on Windows and Linux systems. Eldorado first appeared on March 16, 2024, when an advertisement for the affiliate program was posted on the ransomware forum RAMP, Singapore-headquartered Group-IB said. The cybersecurity firm, which infiltrated the ransomware group, noted that its representative is a Russian speaker and that the malware does not overlap with previously leaked strains such as LockBit or Babuk. "The Eldorado ransomware uses Golang for cross-platform capabilities, employing Chacha20 for file encryption and Rivest Shamir Adleman-Optimal Asymmetric Encryption Padding (RSA-OAEP) for key encryption," researchers Nikolay Kichatov and Sharmine Low said . "It can encrypt files on shared networks using Server Message Block (SMB) protocol." The encryptor for Eldorado comes in four formats, namely esxi, esxi_64, win, and win_64, with its data leak ...