IT NEWS

The constant barrage of cyber threats can be overwhelming for all of us. And, as those threats evolve and attackers find new ways to compromise us, we need a way to keep on top of everything nasty that’s thrown our way. 

Malwarebytes’ free version tackles and reactively resolves threats already on your system, but the real-time protection you get with Malwarebytes Premium Security goes one step further and actively monitors your computer’s files, processes, and system memory in real time to block threats before they have a chance to do any damage. You don’t need to worry about what happens after your initial scan, because real-time protection is actively waiting to combat new threats and keep you safe. 

Imagine your computer is like a castle, and you want to protect your people from potential invaders. Having real-time protection is like having guards stationed all around your castle, constantly watching for signs of trouble and stopping them in their path before they can cause harm. 

Here’s how guarding that castle looks like in cybersecurity terms: 

1. Proactive and continuous monitoring

We monitor your files, processes, and system memory, your incoming and outgoing data, and the behavior of applications on your system. All in real time. 

2. Dynamic detection

Unlike traditional approaches that rely heavily on detecting malware that is already known to exist, Malwarebytes employs dynamic detection techniques, such as heuristic analysis, behavior monitoring, and machine learning to detect and block threats based on their behavior and characteristics, even if the threats have never been seen before.  

3. Multi-layered defense

Malwarebytes real-time protection offers a multi-layered approach to security, combining various technologies to provide comprehensive protection against a variety of threats. This includes protection against viruses, ransomware, potentially unwanted programs (PUPs), spyware, trojans, exploits, and other forms of malware.  

4. Rapid response 

When Malwarebytes detects suspicious activity or potential threats, it responds quickly. Malwarebytes quarantines or removes malicious files, protects you from harmful websites, and blocks unauthorized access to your system.  

5. Minimal impact 

Malwarebytes runs quietly in the background and protects you without hogging your device’s resources.  

6. Regular updates to malware detection database 

To ensure our program is equipped to detect and block the latest threats, we continuously update our database and algorithms.  

In short, real-time protection serves as a proactive defense layer against constantly evolving cyber threats. Having this layer improves your cybersecurity and gives you peace of mind in this increasingly digital world.  

Don’t just take our word for it: Malwarebytes Premium Security was awarded “Product of the Year” in a recent AVLab test. 

Keep yourself protected and upgrade to Malwarebytes Premium Security.  

The Securities and Exchange Commission (SEC) has announced rules around breaches for certain financial institutions—registered broker-dealers, investment companies, investment advisers, and transfer agents— that require them to have written incident response policies and procedures that can be used in the event of a breach.

The requirement is an adoption of amendments to Regulation S-P, which was enacted in 2000 to safeguard the financial information of consumers, requiring financial institutions to tell customers about how they use their personal information.

But things have changed drastically since 2000. Even in the four years between 2018 and 2022, complaints about identity theft more than doubled, per the FBI’s Internet Crime Complaint Center.

SEC Chair Gary Gensler said:

“Over the last 24 years, the nature, scale, and impact of data breaches has transformed substantially. These amendments to Regulation S-P will make critical updates to a rule first adopted in 2000 and help protect the privacy of customers’ financial data. “

Under these amendments, covered firms will be required to notify customers of breaches that might put their personal data at risk. This will give these customers the chance to prepare themselves for the negative consequences of a breach.

Covered organizations have to provide notice to victims as soon as possible and no later than 30 days after becoming aware of an incident involving the leak of customer information. Organizations must include details about the incident, the data leaked and what victims can do to protect themselves. As Gensler puts it:

“The basic idea for covered firms is if you’ve got a breach, then you’ve got to notify.”

The amendments will become effective 60 days after publication in the Federal Register. Larger entities will have 18 months after the date of publication in the Federal Register to comply with the amendments, and smaller entities will have 24 months after the date of publication in the Federal Register to comply.

Has your data been exposed?

If you want to find out how much of your data has been exposed online, you can try our free Digital Footprint scan. Fill in the email address you’re curious about (it’s best to submit the one you most frequently use) and we’ll send you a free report.

We don’t just report on threats – we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

Last week on Malwarebytes Labs:

• Deleted iPhone photos show up again after iOS update
• Scammers can easily phish your multi-factor authentication codes. Here’s how to avoid it
• Notorious data leak site BreachForums seized by law enforcement
• Apple and Google join forces to stop unwanted tracking
• Update Chrome now! Google releases emergency security patch
• Why car location tracking needs an overhaul

Last week on ThreatDown:

• Wi-Fi design flaw makes networks vulnerable to hijacking
• Black Basta ransomware affiliates use Quick Assist to target users
• Update now! Microsoft’s May Patch Tuesday includes two actively exploited vulnerabilities
• F5 fixes two remotely exploitable vulnerabilities in BIG-IP Next Central Manager
• A peek inside a malvertising campaign

Stay safe!

Our business solutions remove all remnants of ransomware and prevent you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

iPhone owners are reporting that photos they’d deleted are now back on their phones, after updating to iOS 17.5.

With so many users reporting similar oddities, it would seem something went wrong, or at least different than to be expected. Here are some examples from Reddit:

“When in conversation with my partner, I went to send a picture and saw that the latest pictures were nsfw material we’d made years ago”

“I have four pics from 2010 that keep reappearing as the latest pics uploaded to iCloud. I have deleted them repeatedly.”

“Same thing happened to me. Six photos from different times, all I have deleted. Some I had deleted in 2023.”

When you delete a photo from an iPhone or iPad, it goes into a “Recently deleted” album for up to 30 days to make it easy to recover if the photo is accidentally deleted. However, the above examples vastly exceed this timeframe, and it’s unclear exactly what’s happened here.

When you delete a file, actually all that happens is you remove the pointer that tells you where exactly the file is located. This makes it hard to find, but not impossible. Until the system uses the location of the deleted file and replaces it with other data, the file can be retrieved.

Apple’s last update for iOS 17.5 and iPadOS 17.5 came out on Monday with a warning to update your iPhone as soon as possible. That’s because iOS 17.5 fixes 15 security vulnerabilities, some of which are serious. Please don’t let this article stop you from installing the update, but it’s good to be prepared for some unexpected behavior.

At the time of writing, Apple hasn’t commented on the issue.

We don’t just report on phone security—we provide it

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

More and more websites and services are making multi-factor-authentication (MFA) mandatory, which makes it much harder for cybercriminals to access your accounts. That’s a great thing. But as security evolves, so do cybercriminals who are always looking for new ways to scam us.

A type of phishing we’re calling authentication-in-the-middle is showing up in online media. While these techniques, named after man-in-the-middle (MitM) attacks, have existed for a while, they appear to be gaining traction now.

It works like this: A user gets lured to a phishing site masquerading as a site they normally use, such as a bank, email or social media account. Once the user enters their login into the fake site, that information gets redirected by the cybercriminals to the actual site, without the user knowing.

The user is then prompted for their MFA step. They complete this, usually by entering a code or accepting a push notification, and this information is then relayed to the criminals, allowing them to login to the site.

Once the criminals are into an account, they can start changing settings like the account’s email address, phone number, and password, so the user can no longer log in, or they can simply clean out a bank account. This may help you understand why many platforms ask for your PIN or other authentication again when you try to change one of these important settings.

Victims are lured to phishing sites like these via links from social media or emails where it can be hard to identify the real link.  Phishing sites can even show up in sponsored search results, in the same way as we reported about tech support scams.

How to protect yourself from authentication-in-the-middle attacks

• Keep your wits about you. Being aware of how scammers work is the first step to avoiding them. Don’t assume sponsored search results are legit, and trust that if something seems suspicious then it probably is.
• Use security software. Many security programs block known phishing sites, although domains are often short-lived and get rotated quickly. Malwarebytes Browser Guard can help protect you.
• Use a password manager. Password managers will not auto-fill a password to a fake site, even if it looks like the real deal to you.
• Consider passkeys. Multi-factor authentication is still super-important to enable, and will protect you from many types of attacks, so please continue to use it. However, authentication-in-the-middle attacks only work with certain types of MFA, and passkeys won’t allow the cybercriminals to login to your account in this way. Many services have already begun using passkeys and they’re no doubt here to stay.

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

BreachForums—probably the largest dark web marketplace for stolen data to be leaked and sold—has been seized by law enforcement.

Now, both the regular and the TOR domain of BreachForums are plastered with a message telling visitors the site is now under control of the FBI.

The FBI said BreachForums and its predecessor Raidforums was:

“…operating as a clear-net marketplace for cybercriminals to buy, sell, and trade contraband, including stolen access devices, means of identification, hacking tools, breached databases, and other illegal services.”

Raidforums ran from early 2015 until February 2022. The first iteration of BreachForums was then set up in March 2022 and ran until March 2023, when US law enforcement arrested the alleged operator, “Pompompurin”, in New York.

A new administrator then rose to the occasion and said they were working on a plan to get the forum through the problems caused by that arrest. But on March 21, 2023, the new administrator announced the decision to shut BreachForums down.

Another forum administrator going by the account name “Baphomet” then took over.

According to BleepingComputer, the FBI has also seized the site’s Telegram channel, with law enforcement sending messages to the channel on behalf of the forum’s operator “Baphomet”.

BreachForums was in use just last week for a big name breach when a cybercriminal put up for sale breached customer data taken from Dell between 2017-2024.

We’ll keep you posted on any new developments.

Has your data been exposed?

If you want to find out how much of your data has been exposed online, you can try our free Digital Footprint scan. Fill in the email address you’re curious about (it’s best to submit the one you most frequently use) and we’ll send you a free report.

We don’t just report on threats – we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection

Apple and Google have announced an industry specification for Bluetooth tracking devices which help alert users to unwanted tracking.

The specification, called Detecting Unwanted Location Trackers, will make it possible to alert users across both iOS and Android if a device is unknowingly being used to track them.

The alert would be pushed to the users device and would say “[Item] Found Moving With You.”

In many cases “[Item]” might well actually be an AirTag.

AirTags’ intended use is to let you easily track things like your keys, wallet, purse, backpack, luggage, and more. You can simply set it up with your iPhone, iPad, or iPod touch, attach it somewhere, and the AirTag will show up in your Find My app. However, AirTags have long been associated with this unwanted tracking, which is something Apple apparently did not foresee and has been working on to make this type of abuse harder.

Apple’s first step to discourage unwanted tracking was the “Tracking Notifications” option in the Find My app. This feature is available on iOS or iPadOS 14.5 or later.

Android introduced a similar “unknown tracker alert” to find trackers placed near you or in your belongings without your knowledge or consent.

With the new capability that both tech giants have pushed, users will now get the alert, regardless of the platform the device is paired with. If a user gets such an alert on their device, it means that someone else’s Bluetooth tracker is moving with them.

Android and iPhone users can view the tracker’s identifier, have the tracker play a sound to help locate it, and access instructions to disable it. Bluetooth tag manufacturers including Chipolo, eufy, Jio, Motorola, and Pebblebee have all said that future tags will be compatible.

Apple and Google will continue to work with the Internet Engineering Task Force via the Detecting Unwanted Location Trackers working group to develop the official standard for this technology.

We don’t just report on phone security—we provide it

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

Google has released an emergency security update for its Chrome browser. The update includes a patch released four days earlier for a vulnerability which Google say is already being exploited.

The easiest way to update Chrome is to allow it to update automatically, but you can end up lagging behind if you never close the browser or if something goes wrong—such as an extension stopping you from updating the browser.

Click Settings > About Chrome. If there is an update available, Chrome will notify you and start downloading it. Then all you have to do is relaunch the browser in order for the update to complete, and for you to be safe from those vulnerabilities.

Technical details on the vulnerabilities

If you have already updated to version 124.0.6367.201/.202 for Mac and Windows or 124.0.6367.201 for Linux, this will provide protection against the first vulnerability. The patch Google issued four days ago covered this actively exploited vulnerability.

The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. The actively exploited CVE patched in this update is:

CVE-2024-4671 a use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Use after free (UAF) is a type of vulnerability that is the result of the incorrect use of dynamic memory during a program’s operation. If, after freeing a memory location, a program does not clear the pointer to that memory, an attacker can use the error to manipulate the program. Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code. In this case, by exploiting the vulnerability, the attacker can escape the sandbox that should contain any threats to the browser.

Exploitation is possible by getting the target to open a specific, specially crafted webpage, so the vulnerability is suitable for exploitation as a drive-by attack.

CVE-2024-4761: An out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

An out-of-bounds write or read flaw makes it possible to manipulate parts of the memory which are allocated to more critical functions. This could allow an attacker to write code to a part of the memory where it will be executed with permissions that the program and user should not have.

V8 is Google’s open-source high-performance JavaScript and WebAssembly engine and is part of the Chromium project. Among others it runs the JavaScript code included in webpages.

Again, exploitation is possible by getting the target to open a specific, especially crafted webpage, which makes the vulnerability suitable for exploitation as a drive-by attack.

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

Last week on Malwarebytes Labs:

• Dell notifies customers about data breach
• DocGo patient health data stolen in cyberattack
• Desperate Taylor Swift fans defrauded by ticket scams
• Tracing what went wrong in 2012 for today’s teens, with Dr. Jean Twenge: Lock and Code S04E10

Last week on ThreatDown:

• Ransomware review: May 2024
• FakeBat threat profile
• Law enforcement places new teasers on LockBit leak site and reveals sanctions

Stay safe!

Across America, survivors of domestic abuse and stalking are facing a unique location tracking crisis born out of policy failure, unclear corporate responsibility, and potentially risky behaviors around digital sharing that are now common in relationships.

No, we’re not talking about stalkerware. Or hidden Apple AirTags. We’re talking about cars.

Modern cars are the latest consumer “device” to undergo an internet-crazed overhaul, as manufacturers increasingly stuff their automobiles with the types of features you’d expect from a smartphone, not a mode of transportation.

There are cars with WiFi, cars with wireless charging, cars with cameras that not only help while you reverse out of a driveway, but which can detect whether you’re drowsy while on a long haul. Many cars now also come with connected apps that allow you to, through your smartphone, remotely start your vehicle, schedule maintenance, and check your tire pressure.

But one feature in particular, which has legitimate uses in responding to stolen and lost vehicles, is being abused: Location tracking.

It’s time car companies do something about it.  

In December, The New York Times revealed the story of a married woman whose husband was abusing the location tracking capabilities of her Mercedes-Benz sedan to harass her. The woman tried every avenue she could to distance herself from her husband. After her husband became physically violent in an argument, she filed a domestic abuse report. Once she fled their home, she got a restraining order. She ignored his calls and texts.

But still her husband could follow her whereabouts by tracking her car—a level of access that Mercedes representatives reportedly could not turn off, as he was considered the rightful owner of the vehicle (according to The New York Times, the husband’s higher credit score convinced the married couple to have the car purchased in his name alone).

As reporter Kashmir Hill wrote of the impasse:

“Even though she was making the payments, had a restraining order against her husband and had been granted sole use of the car during divorce proceedings, Mercedes representatives told her that her husband was the customer so he would be able to keep his access. There was no button she could press to take away the app’s connection to the vehicle.”

This was far from an isolated incident.

In 2023, Reuters reported that a San Francisco woman sued her husband in 2020 for allegations of “assault and sexual battery.” But some months later, the woman’s allegations of domestic abuse grew into allegations of negligence—this time, against the carmaker Tesla.

Tesla, the woman claimed in legal filings, failed to turn off her husband’s access to the location tracking capabilities in their shared Model X SUV, despite the fact that she had obtained a restraining order against her husband, and that she was a named co-owner of the vehicle.

When The New York Times retrieved filings from the San Francisco lawsuit above, attorneys for Tesla argued that the automaker could not realistically play a role in this matter:

“Virtually every major automobile manufacturer offers a mobile app with similar functions for their customers,” the lawyers wrote. “It is illogical and impractical to expect Tesla to monitor every vehicle owner’s mobile app for misuse.”

Tesla was eventually removed from the lawsuit.

In the Reuters story, reporters also spoke with a separate woman who made similar allegations that her ex-husband had tracked her location by using the Tesla app associated with her vehicle. Because the separate woman was a “primary” account owner, she was able to remove the car’s access to the internet, Reuters reported.

A better path

Location tracking—and the abuse that can come with it—is a much-discussed topic for Malwarebytes Labs. But the type of location tracking abuse that is happening with shared cars is different because of the value that cars hold in situations of domestic abuse.

A car is an opportunity to physically leave an abusive partner. A car is a chance to start anew in a different, undisclosed location. In harrowing moments, cars have also served as temporary shelter for those without housing.

So when a survivor’s car is tracked by their abuser, it isn’t just a matter of their location and privacy being invaded, it is a matter of a refuge being robbed.

In speaking with the news outlet CalMatters, Yenni Rivera, who works on domestic violence cases, explained the stressful circumstances of exactly this dynamic.

“I hear the story over and over from survivors about being located by their vehicle and having it taken,” Rivera told CalMatters. “It just puts you in a worst case situation because it really triggers you thinking, ‘Should I go back and give in?’ and many do. And that’s why many end up being murdered in their own home. The law should make it easier to leave safely and protected.”

Though the state of California is considering legislative solutions to this problem, national lawmaking is slow.

Instead, we believe that the companies that have the power to do something act on that power. Much like how Malwarebytes and other cybersecurity vendors banded together to launch the Coalition Against Stalkerware, automakers should work together to help users.

Fortunately, an option may already exist.

When the Alliance for Automobile Innovation warned that consumer data collection requests could be weaponized by abusers who want to comb through the car location data of their partners and exes, the automaker General Motors already had a protection built in.

According to Reuters, the roadside assistance service OnStar, which is owned by General Motors, allows any car driver—be they a vehicle’s owner or not—to hide location data from other people who use the same vehicle. Rivian, a new electric carmaker, is reportedly working on a similar feature, said senior vice president of software development Wassym Bensaid in speaking with Reuters.

Though Reuters reported that Rivian had not heard of their company’s technology being leveraged in a situation of domestic abuse, Wassym believed that “users should have a right to control where that information goes.”

We agree.

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.