dcsimg

NFTs explained: daylight robbery on the blockchain

Did you hear about the JPG file that sold for $69 million? I’ll give you some more detail, the JPG file is a piece of digital art made by Mike Winkelmann, the artist known as Beeple. The file was sold on Thursday by Christie’s in an online auction for $69.3 million. This set a record for artwork that exists only digitally. Which for many people raised the question: what’s to stop me from … [Read more...]

Mother charged with using deepfakes to shame daughter’s cheerleading rivals

A Pennsylvania woman reportedly sent doctored photos and videos of her daughter’s cheerleader rivals to their coaches, in an attempt to embarrass them and get them kicked off the team. She’s alleged to have used deepfake technology to create photo and video depictions of the girls naked, drinking, and vaping, law enforcement officials said. The woman—50-year-old Raffaela Spone—was … [Read more...]

FBI warns of increase in PYSA ransomware attacks targeting education

On March 16, the Federal Bureau of Investigation (FBI) issued a “Flash” alert on PYSA ransomware after an uptick on attacks this month against institutions in the education sector, particularly higher ed, K-12, and seminaries. According to the alert [PDF], the United Kingdom and 12 states in the US have already affected by this ransomware family. #FBI reporting notes a recent … [Read more...]

Royal Mail scam says your parcel is waiting for delivery

Expecting a delivery? Watch out for phishing attempts warning of held packages and bogus shipping fees. This Royal Mail delivery scam begins with a text message out of the blue, claiming: Your Royal Mail parcel is waiting for delivery. Please confirm the settlement amount of 2.99 GBP via:Uk(dot)royalmail-bill(dot)com Lots of folks may assume this text message is genuine, along with the URL. … [Read more...]

The Malwarebytes 2021 State of Malware report: Lock and Code S02E04

This week on Lock and Code, we discuss the top security headlines generated right here on Labs. In addition, we tune in to a special presentation from Adam Kujawa about the 2021 State of Malware report, which analyzed the top cybercrime goals of 2020 amidst the global pandemic. If you just pay attention to the numbers from last year, you might get the wrong idea. After all, malware detections … [Read more...]

Ransomware is targeting vulnerable Microsoft Exchange servers

The Microsoft Exchange attacks using the ProxyLogon vulnerability, and previously associated with the dropping of malicious web shells, are taking on a ransomware twist. Until now, the name of the game has been compromise and data exfiltration, with a bit of cryptomining on the side. To summarise: In ten days we’ve gone from “limited and targeted attacks” by a nation-state … [Read more...]

150,000 Verkada security cameras hacked—to make a point

Hackers were able to gain access to camera feeds from Verkada, a tech company that specializes in video security and physical access control, to demonstrate how prevalent surveillance is, reports say. Unfortunately, it also exposed the inner workings of hospitals, clinics, and mental health institutions; banks; police departments; prisons; schools; and companies like Tesla and Cloudflare, after … [Read more...]

5 common VPN myths busted

Virtual Private Networks (VPNs) are popular but often misunderstood. There are many misconceptions about them—misconceptions that may be stopping people from adding a useful layer to their security and privacy defenses. So, let’s do some myth busting. 1. VPNs are for illegal activity Some people think that VPNs are only useful for doing things like torrenting, accessing geo-locked … [Read more...]

REvil ransomware’s calling, and it’s not good news

The REvil ransomware (AKA Sodinokibi, which operates as a Ransomware as a Service) is adopting some outreach techniques after initial compromise, designed to shame victims into paying up. Shaming victims into action Malware authors and social engineers have relied on shame and the threat of exposure for years. Nothing encourages potential victims to pay up like a solid threat. This isn’t … [Read more...]

A week in security (March 1 – 7)

Last week on Malwarebytes Labs, our podcast featured Eva Galperin who talked to us about defending online anonymity and speech. We wrote about how Ryuk ransomware has developed a worm-like capability, how Exchange servers are attacked by Hafnium zero-days, 21 million free VPN users’ data was exposed, how China’s RedEcho was accused of targeting India’s power grids, whether Google’s Privacy … [Read more...]