dcsimg

Nude photo theft offers lessons in selfie security

Two former college graduates are in a lot of trouble after breaking into other students’ accounts and stealing sensitive personal data. They’re facing some serious charges with restitution payments of $35,430, potential jail time, and the threat of very big fines thrown into the mix. What happened? A man from New York has pleaded guilty to one count of aggravated identity theft, and … [Read more...]

A week in security (February 1 – February 7)

Last week on Malwarebytes Labs, we dug into a load of security events. We first peered into how Fonix ransomware was giving up the ghost, swearing off a life of crime and even apologizing for past actions. We looked at a credit card skimmer that found opportunity in the latest Magento 1 hacking spree, we warned about the risks of browser sync, and we pondered whether or not real identities make … [Read more...]

Zoom watermarking: pros and cons

Metadata, which gives background information on pieces of data, is typically hidden. It becomes a problem when accidentally revealed. Often tied to photography mishaps, it can be timestamps. It might be location. In some cases, it can be log analysis. Many tutorials exist to strip this information out. This is because it can reveal more than intended when it hits the public domain. Default … [Read more...]

What’s up with WhatsApp’s privacy policy?

WhatsApp has been in the news recently after changes to its privacy policy caused a surge of interest in rival messaging app Signal. Initial reports may have worried a lot of folks, leading to inevitable clarifications and corrections. But what, you may ask, actually happened? Is there a problem? Are you at risk? Or should you keep using your apps as you were previously? Setting the … [Read more...]

Cloud workload security: Should you worry about it?

Due to the increasing use of the cloud, organizations find themselves dealing with hybrid environments and nebulous workloads to secure. Containerization and cloud-stored data have provided the industry with a new challenge. And while you can try to make the provider of cloud data storage responsible for the security of the data, you will have a hard time trying to convince the provider that they … [Read more...]

Maze: the ransomware that introduced an extra twist

An extra way to create leverage against victims of ransomware has been introduced by the developers of the Maze ransomware. If the victim is not convinced that she should pay the criminals because her files are encrypted, there could be an extra method of extortion. Over time, more organizations have found ways to keep safe copies of their important files or use some kind of rollback technology to … [Read more...]

Cybersecurity for journalists: How to defeat threat actors and defend freedom of the press

When you’re a journalist or work for the press, there may be times when you need to take extra cybersecurity precautions—more so than your Average Joe. Whether a reporter is trying to crowd-source information without revealing their story or operating in a country where freedom of the press is a pipe dream, cybersecurity plays an important role for any journalist producing work online—which is … [Read more...]

What role does data destruction play in cybersecurity?

When organization leaders think about cybersecurity, it’s usually about which tools and practices they need to add to their stack—email protection, firewalls, network and endpoint security, employee awareness training, AI and machine-learning technology—you get the idea. What’s not often considered is which items should be taken away. Nearly as important to an organization’s … [Read more...]

Hacking with AWS: incorporating leaky buckets into your OSINT workflow

Penetration testing is often conducted by security researchers to help organizations identify holes in their security and fix them, before cybercriminals have the chance. While there’s no malicious intent for the researcher, part of his job is to think and act like a cybercriminal would when hacking, or attempting to breach, an enterprise network. Therefore, in this article, I will review … [Read more...]

British Airways fine could be the start of GDPR tidal wave

Earlier this week, the ICO (Information Commissioner’s Office), the UK’s data protection authority, announced that it would be fining British Airways £183.4 million (about €204 million) for a data breach that occurred last year.  The incident, which affected 500,000 customers, involved a sophisticated attack in which criminals diverted traffic from British Airways’ website to a bogus replica, … [Read more...]