dcsimg
May 1, 2020

What to do when you receive an extortion e-mail

In the last few weeks, there has been an upswing in people receiving threatening, extortion e-mail messages, demanding payment to avoid release of sensitive information. Most of the time, these e-mails are what we call “sextortion” e-mails, as they claim that malware on your computer has captured embarrassing photos of you through the webcam, but there can be other variants on the same … [Read more...]

Filed Under: 2fa, Bitcoin sextortion, extortion, Malwarebytes news, online extortion, passphrase, password manager, password managers, sextortion, sextortion email, sextortion scams, two factor, two-factor authentication
November 20, 2019
October 25, 2019

How to protect yourself from doxing

“Abandon hope all ye who enter.” This ominous inscription affixed atop the gates to Hell in Dante’s Divine Comedy applies peculiarly well to describe the state of the Internet today. It’s hard to draw a parallel to the utility that the Internet has offered to modern civilization—perhaps no other technological innovation has brought about greater change. Yet, one of its many consequences is … [Read more...]

Filed Under: dox, doxer, doxing, How-tos, ip address, mobile VPNs, online privacy, password manager, personal data, personally identifiable information, privacy, Social engineering, social media, vpn, VPNs, WHOIS
October 17, 2019

Why all organizations must better protect sensitive data

About two weeks ago, National Cybersecurity Awareness Month (NCSAM) kicked off with a new message stressing personal responsibility for users keeping themselves safe online: “Own IT. Secure IT. Protect IT.” NCSAM asked users to consider best practices for both securing their own devices and protecting sensitive data. But personal responsibility in cybersecurity extends beyond … [Read more...]

Filed Under: Business, cybersecurity, cybersecurity awareness, Data Security, device security, domestic abuse, domestic abuse survivor, domestic abuse survivors, domestic violence, end-to-end encryption, gps, location history, location tracking, national cybersecurity awareness month, National domestic violence awareness month, National Network to End Domestic Violence, NNEDV, passcode, password manager, remote wiping, secure messaging, single sign-on, sso, stalkerware
February 21, 2019

The lazy person’s guide to cybersecurity: minimum effort for maximum protection

Are you tired of that acquaintance who keeps bugging you with computer questions? Do you avoid visiting certain people because you know you will spend most of the evening cleaning up their machine? My uncle Bob is one of those people. He’s a nice guy, but with computers, he’s not just an accident waiting to happen—he’s an accident waiting to become a catastrophe. To keep Uncle Bob’s … [Read more...]

Filed Under: 101, cybersecurity, How-tos, password manager, potentially unwanted programs, push notifications, tech support scams, user awareness, user education
January 21, 2019

Has two-factor authentication been defeated? A spotlight on 2FA’s latest challenge

Multiple news reports about the defeat of two-factor authentication (2FA) have been making rounds lately. In November 2018, our friends at ESET discovered a purported Android battery utility tool called “Optimization Android” from a third-party app store. This app was designed to steal money from a user’s PayPal account without relying on stolen credentials. It operates by modifying a device’s … [Read more...]

Filed Under: 2fa, 2FA modlishka, Amnesty International, CERTFA, cybercrime, defeat 2FA, mantis, modlishka, password manager, pgp, Social engineering, the return of charming kitten, totp, two-factor authentication
October 8, 2018

A week in security (October 1 – 7)

Last week, Malwarebytes welcomed National Cybersecurity Awareness Month by renewing our pledge to do what we do best: offer the best protection for our customers and promote security awareness for all. On Labs, we raised the question of whether it is a good idea to bring your own security or not, talked a little bit more about fileless malware, homed in on a malware campaign targeting Fortnite … [Read more...]

Filed Under: adobe, Android, anti-swatting, blockchain, bring your own security, byos, Chrome Extension, Fake Fortnite, fortnite, hack the marine corps, IoT, IoT botnet, Lojack, national cybersecurity awareness month, NCSAM, not botnet, password manager, phishing, phishing campaign, rdp, recap, rip attacks, SC Magazine, Security world, swatting, Torii, voice phishing, vulnerabilities, Week in security, weekly blog roundup, ZDNet
December 6, 2017

Internet of Things (IoT) security: what is and what should never be

The Internet has penetrated seemingly all technological advances today, resulting in Internet for ALL THE THINGS. What was once confined to a desktop and a phone jack is now networked and connected in multiple devices, from home heating and cooling systems like the Nest to AI companions such as Alexa. The devices can pass information through the web to anywhere in the world—server farmers, company … [Read more...]

Filed Under: 101, Hacking, How-tos, Internet of Things, IoT, IoT security, password manager