dcsimg

Lock and Code S1Ep15: Safely using Google Chrome Extensions with Pieter Arntz

This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Pieter Arntz, malware intelligence researcher for Malwarebytes, about Google Chrome extensions. These sometimes helpful online tools that work directly with the Google Chrome browser can pull off a variety of tricks—checking your grammar, scouring the … [Read more...]

PCI DSS compliance: why it’s important and how to adhere

PCI DSS is short for Payment Card Industry Data Security Standard. Every party involved in accepting credit card payments is expected to comply with the PCI DSS. The PCI Standard is mandated by the card brands, but administered by the Payment Card Industry Security Standards Council (PCI SSC). The standard was created to increase controls around cardholder data to reduce credit card fraud. The … [Read more...]

A week in security (June 8 – 14)

Last week on Malwarebytes Labs, we looked into nasty search hijackers that worried a lot of Chrome users; a list of considerations for MSPs when looking for an RMM platform; the complaint faced by ParetoLogic, the company that issues SpeedyPC, a product that claims to find and remove various PC errors; and a ransomware attack that affected car manufacturers like Honda and Enel. Other … [Read more...]

Hospital patients’ medical records found on roadside

Hospital notes of patients who attended Craigavon Area Hospital, Co. Armagh were discovered scattered on a local roadside on 7 February. The records contained the information of 18 patients who visited ward 2 South Medicine at the hospital, including their name, age, reason for admission, and medical and social history. A man and a six-year-old child, who wish to remain anonymous, discovered the … [Read more...]

Unlawful data processing practices cost Italian telecoms organisation more than €27 million

The Italian Data Protection Authority (Garante per la protezione dei dati personali) last month issued a €27,802,946 fine to telecoms company TIM S.p.A for several GDPR (General Data Protection Regulation) infringements and a lack of accountability. The unlawful practices, which occurred between 2017 and 2019, affected millions of individuals, some of whom were not even TIM S.p.A customers. They … [Read more...]

Ireland’s DPC begins investigation into Google and Tinder

Ireland’s DPC (Data Protection Commission) is investigating Internet giant Google and matchmaking app Tinder over the way they process and retain users’ data. Inquiry into Google The DPC has commenced an own-volition Statutory Inquiry into Google Ireland Limited following complaints from several EU consumer organisations about its processing of users’ location data and the transparency of the … [Read more...]

250 million Microsoft customer records exposed in latest breach

In its latest data breach, Microsoft has exposed nearly 14 years of customer service and support records, equating to the details of nearly 250 million records. The breach was discovered by Comparitech’s security research team, which is headed by Bob Diachenko, who immediately informed Microsoft. The corporation took swift action; in total, the data was exposed from 28–31 December 2019. Diachenko … [Read more...]

Securing the MSP: their own worst enemy

We’ve previously discussed threats to managed service providers (MSPs), covering their status as a valuable secondary target to both an assortment of APT groups as well as financially motivated threat groups. The problem with covering new and novel attack vectors, however, is that behind each new vector is typically a system left unpatched, asset management undone, a security officer not … [Read more...]

Cyber attacks and data breaches in review: January 2020

The new decade is off to a promising start, with only 61 disclosed data breaches or cyber attacks. It’s not all good news, though, as a handful of massive incidents – including the ongoing leaks of medical files in the US – has helped push the number of breached records to 1.5 billion. There were also several worrying incidents involving European organisations. Let’s take a look at some of them … [Read more...]

Frankfurt’s IT networks grinds to a halt amid Emotet attack

The week before Christmas, Frankfurt saw the unwelcome return of Emotet, a banking trojan that recently came out of hiding to terrorise organisations across the globe.  The malware spread through the city’s systems, forcing officials to shut down its IT network, causing huge delays to government services.  This is the fourth time in recent weeks that Emotet has struck in Germany, following attacks … [Read more...]