Soon, all countires in Europe, including the UK and Switzerland, will have the power to accept all and reject all cookies with a single click.
The post “Reject All” cookie consent button is coming to European Google Search and YouTube appeared first on Malwarebytes Labs.

Google will soon be giving European countries a “Reject All” button in the Search and YouTube cookie consent banner.

This change, which was revealed by Google’s Product Manager for Privacy, Safety & Security Sammit Adhya in a blog post, has already been rolled out in France and will be cascaded to the rest of the European Economic Area, the UK, and Switzerland. Adhya didn’t provide a date on the cascade.

From the Adhya’s post:

> “In the past year, regulators who interpret European laws requiring these banners, including data protection authorities in France, Germany, Ireland, Italy, Spain and the UK, have updated their guidance for compliance. We’re committed to meeting the standards of that updated guidance and have been working with a number of these authorities.”

With directions from France’s Commission Nationale de l’Informatique et des Libertés (CNIL), Google finished a redesign of its cookie banner and changed the infrastructure behind how it handles cookies.

CNIL slapped Google with a $170M (€150M) fine for the confusing language in its cookie consent banners earlier this year. CNIL also found the asymmetry of letting users accept all tracking cookies with one click but allowing them to painstakingly untick individual options to reject them all as “unlawful.” Because the average user typically doesn’t want to bother doing this, they are left with no choice but to click “Accept all”—a win for Google’s business.

France has a strong case for declaring Google’s cookie consent behavior. In a 2019 study conducted by academics at Ruhr University Bochum (Germany) and the University of Michigan (USA), researchers found that European consumers think that most cookie consent notices are meaningless or manipulative.

![](https://blog.malwarebytes.com/wp-content/uploads/2022/04/google-new-cookie-banner-600x565.png)

_Google has made it easy for users to accept and reject all cookies with this new consent banner first released to French users. (Source: Google)_

Adhya implied that this could be the first step for Google to change the way cookies work on its sites. He said he knew the implications of these changes and how they impact other sites and content creators who conduct business online.

> “We believe this update responds to updated regulatory guidance and is aligned with our broader goal of helping build a more sustainable future for the web. We believe it is possible both to protect people’s privacy online and to give companies and developers tools to build thriving digital businesses.”

“Reject All” cookie consent button is coming to European Google Search and YouTube

Emotet is back with a new spam campaign. And it's now spreading itself as a shortcut link file pretending to be Word document.
The post Emotet fixes bug in code, resumes spam campaign appeared first on Malwarebytes Labs.

![Emotet fixes bug in code, resumes spam campaign](https://blog.malwarebytes.com/wp-content/uploads/2022/04/GettyImages-1277291140-900x506.jpg)

Posted: April 27, 2022 by

Emotet threat actors resumed their email spam campaign on Monday after stopping it late last week to fix a bug.

The bug—a flaw in how Emotet is installed onto a system after a victim opens a malicious email attachment—forced the actors to prematurely halt their campaign.

![](https://blog.malwarebytes.com/wp-content/uploads/2022/04/FQ-puUmWUAERnF2-600x392.jpeg)

_Sample email of an Emotet spam containing a defective attachment.  
(Source: @malware\_traffic)_

Emotet is spammed around in emails claiming to contain invoices, forms, or payment details. The attachment is a password-protected ZIP file with a shortcut link file (has the .LNK extension) inside pretending to be a Word document file.

Normally, once users double-click the file, Emotet is loaded into memory, steals email addresses to use in future campaigns, and drops a payload, usually another malware like ransomware or Cobalt Strike. However, the bug happened immediately after the attachment was clicked.

You see, double-clicking the file sets off a chain. A command looks for a string hidden in the .LNK file containing code written in Visual Basic. This code is then appended to a new VBS file before executing that file. But, the shortcut file a command statically calls to does not match the actual name of the attached shortcut file. For example, the command code calls for “Password2.doc.lnk”, but the attached file itself is named “INVOICE 2022-04-22\_1033, USA.doc”. This error breaks the infection chain.

Cryptolaemus (@Cryptolaemus1) has provided a more technical explanation in this Twitter thread:

> #emotet Update – As of the last few hours Ivan is running some tests on E4 to try to bypass detection by appending a VBS at the end of an LNK file in a zip. The LNK when launched will find a string in itself and then copy the remainder from that string after to a VBS file. 1/x https://t.co/pEcOWdbfOa
> 
> — Cryptolaemus (@Cryptolaemus1) April 22, 2022

Emotet’s current use of .LNK files as attachments is a tried-and-tested tactic that can bypass antivirus detection and Mark-of-the-Web (MOTW) “marking.” Mark of the Web is a Windows feature that determines the origin of a file downloaded from the Internet.

Our Threat Intelligence Team has seen APT threat actors use .LNK files in their attack campaigns (the Higaisa APT comes to mind). It’s no surprise that other cybercriminal groups have adopted this. Proponents of Emotet and IcedID were just some of them.

Emotet has been revolutionizing its way of reaching victims during its years of activity. Historically, it was spread via malicious Windows App Installer packages and malformed Word documents. Emotet is a sophisticated and versatile Trojan, which has been used by other criminal groups to drop their own malware, causing multiple system infections. Some of the files it drops are QBot, QakBot, TrickBot, and Mimikatz (a legitimate tool used to steal credentials).

BleepingComputer shared a list of attachment names the new Emotet email spam campaign is using, courtesy of Cofense, a security company specializing in email security:

*   ACH form.zip
*   ACH payment info.zip
*   BANK TRANSFER COPY.zip
*   Electronic form.zip
*   form.zip
*   Form.zip
*   Form – Apr 25, 2022.zip
*   Payment Status.zip
*   PO 04252022.zip
*   Transaction.zip

If you have received any emails bearing attachments with the above names, it would be wise to delete them immediately to prevent the risk of accidentally opening the attachment.

Stay safe out there!

**RELATED ARTICLES**

Emotet fixes bug in code, resumes spam campaign

A group of French hospitals was taken offline afetr a data breach has been discovered. The stolen data are patient records including SSN, banking information, email addresses, and phone numbers.
The post Hospitals taken offline after cyberattack appeared first on Malwarebytes Labs.

![Hospitals taken offline after cyberattack](https://blog.malwarebytes.com/wp-content/uploads/2022/04/empty_hospital_room-900x506.png)

Posted: April 26, 2022 by

The GHT Coeur Grand Est has become a victim of a cyberattack on the hospital centers of Vitry-le-François and Saint-Dizier. The hospital’s administration has warned \[French\] that data have been exfiltrated and might be used for phishing in the future.

As a consequence, the GHT Cœur Grand Est has cut all incoming and outgoing internet connections from its franchises in order to protect and secure information systems and data.

**GHT Coeur Grand Est**

The GHT (Groupements Hospitaliers de Territoire) Coeur Grand Est is a group of nine hospitals in the Northeast of France (around Bar-le-Duc). Together they employ some 6,000 healthcare professionals and serve around 300,000 inhabitants of the region. Most of the hospitals within the GHT network operate their own IT infrastructure, but they do share certain resources. The stolen data come from the hospital centers of Vitry-le-François (Marne) and Saint-Dizier (Haute-Marne).

**The attack**

On April 19, staff discovered a network breach in the systems of the GHT. During that breach, the attackers managed to copy essential administrative data. As a result, the GHT decided to cut all incoming and outgoing internet connections until the situation was resolved.

The applications and software used internally on a daily basis were not affected by the attack and remain operational, but certain services like making online appointments aren’t possible at the moment. The computerized patient file system is fully functional.

The hospitals said the IT team is working to assess and identify the damage and, as quickly as possible, re-establish secure links with the outside world. The information flows that come from outside, mainly lab results, are handled in old-fashioned paper format or, as was done years ago, by fax.

**Vigilance**

The GHT has warned customers to be vigilant, saying there is no guarantee that the exfiltrated files will not be shared and used by malicious people.

GHT customers should stay on the lookout for targeted phishing attempts and scams that may look more trustworthy because the scammers have information you wouldn’t expect them to have.

*   Pay attention to the sender of messages, even if they appear to be an official sender.
*   Be careful with attachments. Don’t open them until you verified the origin.
*   Never respond to a request for confidential information, in particular banking information.
*   Pay attention to the content and wording of the message received. Phishing attempts often introduce some kind of urgency by scaring the receiver or putting time pressure behind the response.
*   Be wary of phone calls or texts from unknown numbers.

**Stolen data for sale**

While the hospital center’s announcement doesn’t contain any attribution clues, Bleeping Computer spotted a new entry on Industrial Spy’s website, a new marketplace for stolen data.

![listing on Industrial Spy platform](https://blog.malwarebytes.com/wp-content/uploads/2022/04/IndustrialSpy-600x62.png)

_image courtesy of Bleeping Computer_

Industrial Spy is a dark web platform that promotes itself as a marketplace for buying corporate data that contain sensitive information like schematics, financial reports, trade secrets, and client databases.

In this case, however, Industrial Spy isn’t offering anything that could draw the attention of a competitor. Instead, the data set exposes patient data among other administrative documents. The threat actors claim that the stolen personal data of patients includes social security numbers, passport scans, banking information, email addresses, and phone numbers.

Stay safe, everyone!

**RELATED ARTICLES**

![News Corp falls victim to cyberattack](https://blog.malwarebytes.com/wp-content/uploads/2022/02/NewsCorp_header-604x270.png)

February 7, 2022 - Media giant News Corp says it fell victim to a cyberattack that it discovered in January. Investigators suspect China to be behind the attack.

![50 percent of schools did not prepare for secure distance learning, Labs report reveals](https://blog.malwarebytes.com/wp-content/uploads/2019/06/MB_LABS-01-1-604x270.png)

December 7, 2020 - Schools faced a crisis this year, as the coronavirus forced educators across the country to suffer through lacking cybersecurity, our new report reveals.

![8 everyday technologies that can make you vulnerable to cyberattacks](https://blog.malwarebytes.com/wp-content/uploads/2018/08/everydaytechnologies-604x270.jpg)

August 9, 2018 - The security vulnerabilities of the latest developments in tech have been well documented. But what about everyday technologies that have been around for a while or are widely adopted? Here are eight commonly-used tech conveniences that are not as ironclad as you might hope.

![Singles’ Day deal seekers beware](https://blog.malwarebytes.com/wp-content/uploads/2017/11/shutterstock_7491459792-1-604x270.jpg)

November 9, 2017 - Originally a day set aside for singles in China to be proud of their singlehood, Singles’ Day has been transformed into what is arguably the world’s single largest e-commerce festival, thanks to the involvement of The Alibaba Group. In fact, the Alibaba Group alone reported $17.8 billion in sales; six times higher than what was...

![Remediation vs. prevention: How to place your bets](https://blog.malwarebytes.com/wp-content/uploads/2017/09/shutterstock_436847836-604x270.jpg)

September 13, 2017 - Building a security environment for businesses is a gamble these days. It's remediation vs. prevention. Which should you bet on?

Hospitals taken offline after cyberattack

Phishers racked up an enormous haul of stolen cryptocurrency via rogue Google ads. Time to check if you're free from bad ad worry.
The post Rogue ads phishing for cryptocurrency: Are you secure? appeared first on Malwarebytes Labs.

Bad ads are at it again. Rogue Google ads caused no end of misery for cryptocurrency enthusiasts, costing them roughly $4.31 million between the 12th and the 21st of April. This is an astonishing slice of cryptocurrency cash to lose for the sake of clicking on something in a search engine.

The bogus links were at the top of results for Terra blockchain projects. Searches for projects like Astroport or Anchor resulted in the below search results:

> Our security team conducted an analysis of this incident and discovered that the bulk of this attack was from google phishing ads. Users would search well know projects on the Terra blockchain such as @anchor\_protocol or @astroport\_fi only to click on the first link by google. pic.twitter.com/aucIcnsCd7
> 
> — SlowMist (@SlowMist\_Team) April 21, 2022

The design of the phish page is quite similar to many that we’ve seen. They’re quite basic, and include little beyond a set of “connect your wallet” buttons. However, as you can see in the below tweet, they’re after people’s seed phrase:

> These may look like normal ads and some even show the same domain names, but once you click on the link, the domain name actually changes. When clicked, it'll prompt you to connect your wallet, however instead of connecting, users are asked to input their seed phrase. pic.twitter.com/OZjifaJ17m
> 
> — SlowMist (@SlowMist\_Team) April 21, 2022

We’ve talked about seed/recovery phishing several times. Seed phrases are your keys to the kingdom, and giving them to a phisher could have serious consequences. It’s no wonder these phishers made off with so much money.

**The problem with bad ads**

Rogue adverts have been around pretty much for as long as paid adverts have existed. They’ve been the stomping ground of exploit kits, ransomware, fake tech support scams, and much more for years.

One of the main ways to hurt yourself in a search engine used to be SEO poisoning. That didn’t involve ads, but rather involved the search results themselves being bad. If a site got compromised and the content altered, innocent looking results could end up whisking you away to spam or malware. Alongside SEO poisoning, which search engines really tried to clamp down on, bogus ads started making major inroads.

**Big numbers, big rewards**

Ad fraud costs billions each year. Any network could potentially allow a bad actor onboard, and that’s before you consider that there are rogue ad networks who simply don’t care what’s being pushed to end-users. Slow, cumbersome static ads were replaced by real time bidding, and techniques to push bad content became ever more inventive.

On top of that, you have the usual tricks like fingerprinting and browser search string agents to ensure your bad content reaches specific people. For example, only allowing certain mobile users to land on your mobile-centric scam page. Or how about stopping users at a gateway to see if they run exploitable types of software before letting them progress to the exploit page?

The SEO poisoning tactics all look a bit antiquated next to the “paid-for ad might lose you a fortune” merry-go-round.

**Blink and you’ll miss it?**

The big problem with paid ads in search engines is one of assumed legitimacy. The fact that they usually appear at the top of the page originally led to complaints that they were being mixed up with “proper” results. This brought about many changes to make it clearer that paid ads were just that.

Sadly, people still struggle with figuring out paid ads vs organic. Close to 60% in one survey didn’t know the difference. This is despite changes from search engine providers for both desktop and mobile platforms.

> Last year, our search results on mobile gained a new look. That’s now rolling out to desktop results this week, presenting site domain names and brand icons prominently, along with a bolded “Ad” label for ads. Here’s a mockup: pic.twitter.com/aM9UAbSKtv
> 
> — Google SearchLiaison (@searchliaison) January 13, 2020

Does the word “Ad” next to the result in Google really leap out enough to be noticeable? Or when “Ad” appears in Yahoo! or the additional “Ads related to…” under the main ads? How about Bing’s very tiny “Ad” next to the results?

I vaguely recall a search engine placing paid results in a prominent box a few years back, but I suppose I could just be mixing it up with a screenshot of someone _highlighting_ a rogue advert instead.

**Avoiding bad ads**

There’s multiple ways to avoid bad ads, but some of them come at a cost to either yourself or the sites serving the ads. It’s one of those very personal choices for which there’s no single fit. I’m not going to suggest you do any of these; I’m merely going to give you examples of what people do and leave the decision in your hands.

1.  Some folks have simply had enough of adverts. They’ll install ad-blockers, hit the “disallow all” button, and that’s that. However, one drawback is that sites you like may not work. You’ve definitely seen a “please unblock our ads to continue” message at this point. Some sites take a hard line on this, and it’s a case of unblock or go elsewhere. Others will allow you to choose whether to view the site with the ads still blocked, or add them to your “safe site” list. Sometimes this goodwill gesture is enough to have the visitor unblock the ads. If it doesn’t and someone becomes a repeat visitor anyway (with ads still blocked), then the site loses ad revenue.
2.  Others may go down the script blocker route. This may allow ads, but will potentially contribute to preventing forms of redirect and/or malicious script loading. Script blocking tools are a lot better than they used to be, with more customisation available than ever before. In the bad old days, it was mostly a case of “enable this and break hundreds of websites”. The trade-off here is that you may end up enabling something that renders the site usable, but also allows for bad things to happen.
3.  Security tools. This is one of the more hands-on ways to shut bad things down. Browser extensions, security tools with real-time protection, regular security scans, and keeping your system (and programs) up to date will all help keep exploits, phishing pages, and malware far away, even with all adverts enabled. Nothing is guaranteed, of course, and that’s why several layers of defence tailored to your specific requirements will do significant heavy lifting on your behalf.

Rogue ad attacks are sadly a fact of internet life, and targeting cryptocurrency enthusiasts means potentially massive payouts in comparison to some other forms of phishing. With no way to get your stolen coins back in most cases, it’s not something you can afford to ignore. Start shoring up those defences now, and have a long think about the level of advert exposure you’re comfortable with.

Rogue ads phishing for cryptocurrency: Are you secure?

We take a look at a round of phishing mails being sent to people in Belgium, promising tax-related refunds.
The post Watch out for this SMS phish promising a tax refund appeared first on Malwarebytes Labs.

Imagine logging into your bank’s website after responding to a text message claiming you’re due a refund, only to see a warning to watch out for bogus texts:

![](https://blog.malwarebytes.com/wp-content/uploads/2022/04/dbphish7-600x365.jpg)

Beware of SMS phishing!

For those who don’t read Dutch, the warning reads:

> Never respond to unusual emails or texts!
> 
> Fraudsters often send e-mails under the guise of renewing your debit card or digipas. Never go into that. They refer to websites that are not owned by Argenta. Argenta will also never ask you to provide your card number by telephone because you will allegedly receive a new debit card or digipas.
> 
> Do you still receive suspicious messages?
> 
> Have you already passed on codes over the phone? Or has money already been withdrawn from your account? Please contact us immediately on (available 24/7 for victims of phishing).

The warning above is genuine, on a real bank’s website. But the warning, in this case, comes too late because this is the last and only legitimate stop in a victim’s passage through a phishing scam.

**The bogus SMS trail begins**

Here’s one of the suspect SMS messages, as tweeted by Twitter user @ypselon:

> it has been decided that you will receive a refund. to receive this amount you can visit our website \[url removed\]

The text claims to be from “FOD”. This is the Federale Overheidsdienst Financien in Belgium. The suspect URL includes a domain registered just this month (often a red flag), in India, rather than Belgium.

Visiting the site presents you with a message that says:

![](https://blog.malwarebytes.com/wp-content/uploads/2022/04/dbphish1-600x551.jpg)

A fake FOD website offering fake refunds

> Refund:
> 
> In order to receive a refund of your personal income tax, you must verify your account so that we can transfer the full amount of €278.35 to the correct account.
> 
> It is important to carry out a one-time verification as a check. Afterwards you will receive the amount on your account within a few working days.

For “one-time verification” read “send us money”.

We all love a tax refund so it’s an effective hook to lure in potential victims. Continuing reveals a large assortment of banks commonly used in Belgium.

**A slippery phish**

The scam site includes customised pages for each popular bank. Some ask for card details, others for account numbers. All are fake, all are trying to hoover up information that can be used to steal your money.

![](https://blog.malwarebytes.com/wp-content/uploads/2022/04/dbphish5.jpg)

A phishing site asks for credit card details for a “one-time verification”

No matter which route you go down, entering your details will neither verify your identity nor secure you a tax refund. But all will leave you poorer and eventually redirect you to your bank’s real website (where you might encounter a warning about falling for scams like the one you’ve just fallen for).

At this point, your only option is to contact the bank for real, and tell them what’s happened. If you’re lucky, you may be able to have them shut things down. If not, days or weeks of hassle might lie in wait.

**Faking it to make it**

Fake tax refunds are hugely popular. They’re especially rampant during (or immediately following) any tax season. The Federale Overheidsdienst Financien has some advice for avoiding scams like this..

*   **If the FOD helped you with a tax return the previous year**, it may contact you by phone. The organisation warns that if the caller doesn’t know your name; asks for payment for assistance; asks to come to your home; or requests passwords, PINs, email, or address, then you should hang up.
*   **Report any request to provide confidential data** related to banking you receive by email, text, or WhatsApp.
*   **If you’re asked to make a payment to the FOD directly**, check their site because there’s only a limited number of ways to make a payment to an official account.

Watch out for this SMS phish promising a tax refund

Today on Lock and Code, we speak with returning guest Tanya Janca about why so much of our software comes packaged with vulnerabilities.
The post Why our software has so many vulnerabilities, with Tanya Janca: Lock and Code S03E09 appeared first on Malwarebytes Labs.

Less than one year ago, the worst ransomware attack in history struck dozens of organizations. Threat actors had exploited a serious flaw in the remote monitoring and management tool Kaseya VSA that, when discussed on the Lock and Code podcast, was revealed to be “not advanced at all.”

This was far from the only software vulnerability that the public learned about last year.

When Lock and Code discussed the efforts by agricultural companies to turn their physical equipment, like tractors and combines, into smart devices, we learned about simple flaws that allowed a group of hackers to uncover user IDs for pretty much every registered device in a company’s database. And we learned that the IDs could, through a simple comparison search with the Fortune 500, reveal what companies were clients of that agricultural company.

And when we discussed the famous app Clubhouse, we learned about an eavesdropping flaw that was discovered with no technical hacking requirements—all that was necessary was two iPhones.

These examples and many, many more throughout cyber-history beg the question: What is going on with how our applications are developed?

Today on the Lock and Code podcast with host David Ruiz, we speak to returning guest Tanya Janca to understand the many stages of software development and how security trainers can better work with developers to build safe, secure products. According to Janca, a good security team takes the security of their developers’ products as their own responsibility.

> “It’s our job to help them make their software secure. If at the end, they have all these things wrong, guess what, it’s because our team, the security team, is not doing a good job”
> 
> Tanya Janca, Director of developer relations of Bright, founder of the online training academy We Hack Purple and author of Alice and Bob Learn Application Security.

Tune in to hear all this and more on this week’s Lock and Code podcast by Malwarebytes Labs.

This video cannot be displayed because your _Functional Cookies_ are currently disabled.

To enable them, please visit our _privacy policy_ and search for the Cookies section. Select _“Click Here”_ to open the Privacy Preference Center and select _“Functional Cookies”_ in the menu. You can switch the tab back to _“Active”_ or disable by moving the tab to _“Inactive.”_ Click _“Save Settings.”_

You can also find us on Apple Podcasts, Spotify, and Google Podcasts, plus whatever preferred podcast platform you use.

Why our software has so many vulnerabilities, with Tanya Janca: Lock and Code S03E09

Apple will soon be rolling out its promised child safety features in the Messages app for users in Australia, Canada, New Zealand, and the UK
The post Apple’s child safety features are coming to a Messages app near you appeared first on Malwarebytes Labs.

![Apple’s child safety features are coming to a Messages app near you](https://blog.malwarebytes.com/wp-content/uploads/2022/04/GettyImages-1200217290-900x506.jpg)

Posted: April 25, 2022 by

Apple will soon be rolling out its promised child safety features in the Messages app for users in Australia, Canada, New Zealand, and the UK. The announcement comes four months after the features’ initial launch in the US on the iOS, iPad, and macOS devices.

To make communicating with Messages safer for Apple’s youngest users in the countries getting the rollout, it will start using machine learning to scan messages sent to and from an Apple device, looking for nudity to blur. Because scanning is done on-device, meaning the images are analyzed by the phone rather than in the Cloud, end-to-end encryption is not compromised.

“Messages analyses image attachments and determines if a photo contains nudity, while maintaining the end-to-end encryption of the messages,” Apple said in a statement. “The feature is designed so that no indication of the detection of nudity ever leaves the device. Apple does not get access to the messages, and no notifications are sent to the parent or anyone else.”

Of course, parents would have to enable this feature on their child’s iPhones first.

![](https://blog.malwarebytes.com/wp-content/uploads/2022/04/apple-child_safety-600x378.jpg)

Children are given the power to make a safe choice with what they want to see and do on Messages. (Source: Apple)

If the setting for this feature is on and a child receives a nude photo, Messages blurs it, warns the child of sensitive content, and points them to resources supported by child safety groups. If the child is about to send nude photos, the feature flags the picture and encourages them not to send the image. They could also talk to an adult they trust using the “Message a Grown-Up” button.

Note that the AI does not scan photos your child keeps in their Photo Library.

There have been some changes to these features since they were initially reported in August last year. Originally parents were also alerted if their young child (a child under 13) sent or received images that contained nudity. Privacy advocates and critics quickly pointed out that doing this could out queer kids to their parents, which could expose them to harm.

Apple is also delaying the rollout of an AI component that can scan photos in iCloud and compare them to a child sexual abuse material (CSAM) database. The company has yet to announce the date of this component’s release.

According to The Guardian, Apple will also introduce features that will kick in when users search for child exploitation content in Spotlight, Siri, and Safari.

**How to enable Apple’s safety features**

Parents/Carers/Guardians, you need to set up Apple’s Screen Time feature on your child’s phone first, which requires Family Sharing (If you haven’t done that already, go to the Set up Family Sharing help page for the steps).

Once you have Screen Time enabled and the communications safety features are already available in your country, please do the following:

1.  On your Apple device, open **Settings**.
2.  Choose **Screen Time**.
3.  Swipe down and choose your child’s device.
4.  Choose **Communications Safety**.
5.  Toggle **Check for Sensitive Photo**.

Stay safe!

**RELATED ARTICLES**

![“Your AppI‌e‌ ‌l‌D‌ ‌‌h‌‌a‌‌s‌‌ ‌‌b‌‌e‌‌e‌‌n‌‌ ‌‌l‌‌ocke‌‌d‌‌” spam email takes you on a website mystery tour](https://blog.malwarebytes.com/wp-content/uploads/2019/03/shutterstock_711671914-604x270.jpg)

April 14, 2022 - We take a look at what appears to be a phish, but ends up directing you to endless random websites instead.

![A week in security (March 28 – April 3)](https://blog.malwarebytes.com/wp-content/uploads/2018/01/shutterstock_610335074-604x270.jpg)

April 4, 2022 - The most important and interesting security stories from the last seven days.

![Update now! Apple patches two zero-day vulnerabilities that may have been actively exploited](https://blog.malwarebytes.com/wp-content/uploads/2021/06/patch_Apple-604x270.png)

April 1, 2022 - Apple released security updates for macOS Monterey 12.3.1, iOS 15.4.1, iPadOS 15.4.1, tvOS 15.4.1, and watchOS 8.5.1 patching 2 vulnerabilities that may have been exploited in the wild.

![De-Googling Carey Parker’s (and your) life: Lock and Code S03E06](https://blog.malwarebytes.com/wp-content/uploads/2021/12/Lock-and-Code-logo-2021-604x270.jpg)

March 14, 2022 - This week on Lock and Code, we talk about taking the right steps to removing Google and its many services from your life.

![Apple fixes Mac bug that could have allowed takeover of webcams and browser tabs](https://blog.malwarebytes.com/wp-content/uploads/2016/04/apple-mac-macbook-feature-604x270.jpg)

January 27, 2022 - A researcher discovered a way to gain control of both webcams and any open session in Safari. How did they do it?

Apple’s child safety features are coming to a Messages app near you

The latest MITRE ATT&CK results can guide any SMB into finding a cybersecurity product that works best for them.
The post Why MITRE matters to SMBs appeared first on Malwarebytes Labs.

Running a small- to medium-sized business (SMB) requires expertise in everything, from marketing and sales to management and hiring, but in the ever-expanding list of executive responsibilities, one particular item demands attention: Cybersecurity.

Cyberattacks can—and have—shuttered entire businesses. Cyberattacks can ruin reputations. Cyberattacks can lock up your workforce, grind revenue to a halt, send clients and customers looking for alternatives, and cost millions of dollars in recovery.

Running an SMB today, then, requires effective cybersecurity. But cybersecurity vendors don’t make it easy. Every few months another vendor promises the best, fastest, and most effective protection, appending new, three-letter acronyms to features that may not appropriately serve your business, or may require a level of time and resources that your business can’t afford.

For SMBs, one particular third-party evaluation can help clear up some of the clutter. The MITRE ATT&CK Evaluation, run by cybersecurity researchers at MITRE Engenuity, analyzes the performance of dozens of cybersecurity vendors against known, real-world attacks, testing their capabilities not against theoretical damage, but actual harm.

According to the researchers at MITRE:

“While organizations know that robust security solutions are imperative, determining what’s best is no easy feat. There is often a disconnect between security solution providers and their users, particularly related to how these solutions address real-world threats.

Our mission is to bridge this gap by enabling users to better understand and defend against known adversary behaviors through a transparent evaluation process and publicly available results – leading to a safer world for all.”

Though the MITRE ATT&CK results are not quick to comprehend—after all, MITRE does not rank or select any “winners” or “losers” in its testing—they are important to understand. MITRE results can reveal which vendors can best prevent incoming cyberattacks, which can provide high visibility into current problems, and which can detail the most information about those problems.

Crucially, MITRE results can detail which cybersecurity vendor will offer your business the most effective “out-of-the-box” experience, protecting your business from cyberattacks while requiring less daily input from you and your team.

Here’s what the MITRE researchers evaluate in their testing and why it matters to your SMB.

****Protection****

“Protection” is a term that describes whether a cybersecurity product can prevent an attack before it even reaches your computers or systems. Protection is the first line of defense for any business and its significance cannot be overstated. Preventing an attack is always preferrable to responding quickly to an attack after it has happened.

The MITRE ATT&CK Evaluation does not require its participants to be tested on their protection capabilities. In the most recent testing by MITRE, 22 out of 30 vendors entered the protection test. Just 10, including Malwarebytes, scored 100 percent on protection.

While no cybersecurity product can stop every single cyberthreat in existence—it just isn’t possible as cybercriminals constantly advance their tactics—a good cybersecurity product will still rank highly on MITRE’s protection analysis.

****Visibility and alert quality****

Cyberattacks do not happen in seconds. Instead, cybercriminals can plan their attacks for days or even weeks, brute-forcing their way into an insecure Remote Desktop Protocol port or simply tricking an employee into opening a malicious email attachment which then allows them to gain remote control of a machine, where they will then spread laterally through a network, deploying dangerous hacking tools along the way, until they launch a massive attack that can derail any business.

Any decent cybersecurity product should be able to flag any malicious or suspicious behavior happening on a network and deliver related warnings to the end-user. This capability to see potential attacks as they’re happening and then signal those attacks to users is called “Visibility,” and MITRE tests this in its own evaluations. The Visibility score reflects the number of dangerous steps that a cybersecurity solution caught and sent warnings about during a simulated attack.

Visibility is just one half of a cybersecurity response, though. The other half is “Alert quality.”

As we explained in our previous article describing the most recent MITRE ATT&CK Evaluation results:

“Not every alert is equal. Some provide far more detailed information that can be acted upon by security teams, while other alerts only notify a security team of a problem. In the MITRE ATT&CK evaluation results, alerts are given three tiers of specificity, from least to most specific—General, Tactic, and Technique.

Techniques are the types of alerts that empower security teams to solve problems faster. Going beyond a basic description of what happened, a Technique alert will explain the surrounding context. That can include what threat actors are trying to accomplish with a malicious script.”

Cybersecurity products that achieved both high Visibility and Alert Quality in the most recent MITRE testing can equip SMBs with the support they need: A product that will not only tell you when something is wrong, but also what, specifically, is happening, and what the outcome could be.

Malwarebytes detected  83 out of 90 steps involved in the MITRE ATT&CK Evaluation—a rate of 92 percent—and of those 83 alerts, 82 were Technique alerts.

****“Out-of-the-box” experience****

The reality that many SMBs face is that they do not have the time or the budget for an in-house security team or even a single devoted security hire. But that shouldn’t mean that these same SMBs are left vulnerable to cyberattacks. What they need most is a cybersecurity product that works seemingly “out of the box,” which could approach a level of “set it and forget it” ease.

The MITRE ATT&CK Evaluation does not incorporate any of this rhetoric in its testing, but there is a way to interpret MITRE results that takes into account just how engaged a business must be to achieve solid cybersecurity.

Here, we have to explain “configuration changes.” Configuration changes are settings that a cybersecurity vendor can change while MITRE is actually analyzing that vendor’s product. These configuration changes reflect the real-world use of cybersecurity products by some enterprise companies—changes in what a product notifies its end-users about that may help catch emerging threats as they evolve every few weeks.

But, as we wrote before, such configuration changes are not universally applied by businesses everywhere, and in fact, these changes could lead to adverse results:

“Importantly, these customers may actually lose some value if they try to implement the same types of configuration changes that MITRE Engenuity allows, as these changes will likely produce a greater quantity of alerts, leaving these customers to spend more time deciphering the importance of these alerts and how to respond. This adversely affects the visibility and alert quality components as customers spend time sifting through a potentially significant number of additional, low-quality alerts in order to determine priority actions. A productivity loss no organization—big or small—is willing to accept.”

Configuration changes can be a powerful tool specifically for the businesses that have the resources to implement them responsibly and nimbly. But for the countless number of businesses that would not realistically take advantage of these settings, any cybersecurity product worth its cost should provide efficient and effective cybersecurity with zero configuration changes made during the MITRE ATT&CK Evaluation.

Malwarebytes is one of the few cybersecurity vendors that achieved its results with zero configuration changes. For a full breakdown on how Malwarebytes ranks with this frame of analysis, read our full blog here.

****Understanding MITRE for your SMB****

The MITRE ATT&CK Evaluation can be overwhelming to understand at first glance, but interpreting the results is worth the effort. By looking at what products can offer your business effective cybersecurity while respecting your limited resources, you can better protect your business for the future.

Why MITRE matters to SMBs

The most important and interesting stories in security from the last seven days
The post A week in security (April 18 – 24) appeared first on Malwarebytes Labs.

![A week in security (April 18 – 24)](https://blog.malwarebytes.com/wp-content/uploads/2018/01/shutterstock_610335074-900x506.jpg)

Posted: April 25, 2022 by

**RELATED ARTICLES**

![The fake Elon Musk Bitcoin giveaway marathon will NOT make you rich](https://blog.malwarebytes.com/wp-content/uploads/2021/12/ReturnFunds-604x270.png)

April 20, 2022 - We take a look at a supposed Bitcoin giveaway marathon from somebody that isn't Elon Musk on a Twitter list. All is not as it seems.

![A week in security (July 12 – July 18)](https://blog.malwarebytes.com/wp-content/uploads/2018/01/shutterstock_610335074-604x270.jpg)

July 19, 2021 - A roundup of all the most interesting cybersecurity news stories, articles, and happenings of the previous seven days.

![Nope, that isn’t Elon Musk, and he isn’t offering a free Topmist Dust watch either](https://blog.malwarebytes.com/wp-content/uploads/2015/03/photodune-9321211-apps-on-wearables-s-604x270.jpg)

July 12, 2021 - We take a look at a peculiar batch of spam on social media, claiming to show Elon Musk recommending we go searching for watch brands.

![Teen behind 2020 Twitter hack pleads guilty](https://blog.malwarebytes.com/wp-content/uploads/2021/03/Twitter-dark-finger-604x270.jpeg)

March 17, 2021 - The teen behind the Twitter hack of 2020 pleaded guilty to several charges as part of a deal in which he will serve three years in prison.

![VideoBytes: Twitter gets hacked!](https://blog.malwarebytes.com/wp-content/uploads/2020/09/shutterstock_1779315221-604x270.jpg)

October 1, 2020 - Today, we're talking about the Twitter hack, in which 130 high-profile accounts, like those belonging to Barack Obama and Elon Musk, were accessed.

**ABOUT THE AUTHOR**

![](https://secure.gravatar.com/avatar/08d5edde926eb9c13cb36804ee5e5316?s=96&d=identicon&r=g)

A week in security (April 18 – 24)

The NSO Group's flagship spyware was found on a device in 10 Downing Street's network.
The post Pegasus spyware found on UK government office phone appeared first on Malwarebytes Labs.