You’ve likely fallen for it before—a simulated test sent by your own company to determine whether or not its employees are…
Month: January 2022
Actor’s verified Twitter profile hijacked to spam NFT giveaways
When we refer to hijacked verified profiles on Twitter, it’s most commonly some sort of Elon Musk themed scam. The hijackers…
A week in security (January 24 – 30)
Last week on Malwarebytes Labs: Stay safe!
[updated]QNAP update stops Deadbolt ransomware, annoys some users, starts debate
Earlier this week (25 January, 2022) news broke that a ransomware group was targeting QNAP Network Attached Storage (NAS) devices. The…
Big Mother is watching: What parents REALLY think about tracking their kids
Every year on Data Privacy Day, we’re greeted with countless arguments about the absolute merits of data privacy (protections good, invasions…
Update now! Apple patches another actively used zero-day
Apple has released patches for iOS 15.3, iPadOS 15.3, and macOS Monterey 12.2 and is urging users to update. The most…
Ransomware gangs are recruiting breached individuals to persuade companies to pay up
You’ve heard about ransomware, where attackers lock up your files and demand a payment for the decryption key. You may also…
North Korea’s Lazarus APT leverages Windows Update client, GitHub in latest campaign
This blog was authored by Ankur Saini and Hossein Jazi Lazarus Group is one of the most sophisticated North Korean APTs…
Let’s Encrypt to revoke “mis-issued” certificates
If you use a Let’s Encrypt SSL/TLS certificate, you may wish to check your account over the coming days. Revocation is…
Apple fixes Mac bug that could have allowed takeover of webcams and browser tabs
A researcher has picked up a $100,500 bounty from Apple after discovering a rather nasty method of gaining control of other…