byPaul DucklinThanks to Bill Kearney of Sophos Rapid Response for his work on this article.If you’ve read the recent Sophos 2021 Threat Report, you’ll know that we deliberately included a section about all the malware out there that isn’t ransomware.Sure, ransomware understandably hogs the media headlines these days, but cybercriminality go

Researchers discovered an ElasticSearch database exposed online that contained data for over 100000 compromised Facebook accounts. Researchers at vpnMentor discovered an ElasticSearch database exposed online that contained an archive of over 100.000 compromised Facebook accounts. The archive was used by crooks as part of a global hacking campaign against

Last week on Malwarebytes Labs, we reported on multiple patch releases: from Mozilla’s Firefox and Thunderbird to Google’s Chrome. We also had a chat with our resident experts, Adam Kujawa and John Donovan, about the future of IoT cybersecurity in our latest Lock and Code podcast episode. Lastly, we took a look at a new ransomware called RegretLo

Reports emerged of phishers having abused a feature in Google Drive in an attempt to trick users into visiting malicious websites.In this scam wave, users reported having received Google Drive notifications in Russian or English asking them to collaborate on unfamiliar documents. Those documents contained links to scam websites.Some of those links tried to e

Hackers broke into a website used in Donald Trump ‘s campaign website on Tuesday, the news is worrying because comes a few days before Election Day. Hackers defaced a website used in Donald Trump’s campaign website, donaldjtrump.com, displaying the following message: “This site was seized.” “The world has had enough of the

Unknown individuals temporarily defaced the official campaign website of President Donald Trump with a cryptocurrency scam.Twitter user Gabriel Lorenzo Greschler was among the first to spot the defacement, which is believed to have occurred at around 16:00 PST on October 27..@realDonaldTrump's campaign website has been hacked. Doing research for a climat

A ransomware gang has made headlines for donating a big chunk of stolen funds to two charities. Two separate donations given to Children International and The Water Project rang tills to the tune of $10,000 each. Their reason was that they’re targeting “only large profitable corporations, we think it’s fair that some of the money they’ve paid will go to char

A federal court in the United States issued a temporary restraining order against a tech support scheme that’s alleged to have targeted U.S. consumers.On October 15, the U.S. District Court filed Southern District of Florida submitted a complaint against Michael Brian Cotter, 59, of Glendale, California.The complaint alleged that Cotter had worked with

Despite COVID-19, soccer season is slowly ebbing its way back into daily life around the world. It’s also sneaking back onto TV screens in the form of huge-budget video games. Step up to the plate, FIFA 21. FIFA games: the football juggernaut The FIFA series is an absolute monster in terms of sales, clocking in at around 280 million copies across

Last week on Malwarebytes Labs, we dug into what happens when card fraud comes calling, we gave a rundown on some novel ransomware attacks that took advantage of smart coffee makers, and we introduced VideoBytes, our new, monthly series in which we’ll provide video coverage of some of the cybersecurity world’s top stories. In our first week, we g

This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Samy Kamkar, chief security officer and co-founder of Open Path, about the digital vulnerabilities in our physical world. If you look through a recent history of hacking, you’ll find the clear significance

byPaul DucklinAren’t SMSes dead? Aren’t they just plain old text anyway? Surely they’re of no interest to cybercriminals any more?Well, SMSes aren’t dead at all – they’re still widely used because of their simplicity and convenience.Indeed, as a general-purpose short message service – which is literally what the lett

bySean GallagherInternet scammers are always looking for a better way to separate unwitting device users from their money. And as with all other endeavors, they’ve learned that it pays to advertise.At SophosLabs we recently researched a collection of scams that exploit web advertising networks to pop up fake system alerts on both computers and mobile devices

Last week on Malwarebytes Labs, we dug into security hubris on the Lock and Code podcast, explored ways in which Apple’s notarization process may not be hitting all the right notes, and detailed a new web skimmer. We also explained how to keep distance learners secure, talked about PCI DSS compliance, and revealed that SMB security posture is weakened by COV

A report revealed that scammers requested funds in the form of gift cards in two-thirds of business email compromise (BEC) attacks.For a phishing trends report from the Anti-Phishing Working Group (APWG), APWG member Agari examined thousands of BEC attacks that occurred in the second half of 2020. It found that 66% of them involved gift cards. By contrast, d