dcsimg

Seedworm Operation Spreads Malware via Phishing Attacks

2018 has been a busy year for new threats spread via email, with spear-phishing and Business-Email-Compromise (CEO fraud) the rising star for cyber-criminals intent on draining your bank account. Recent victims include Google and Facebook ($100 million lost), McEwan University (almost $12 million lost), a New York judge ($1 million), and a Dutch cinema chain (over $21.5 million). These threats … [Read more...]

Something else is phishy: How to detect phishing attempts on mobile

In a report published in 2011, IBM revealed that mobile users are three times more likely to fall for phishing scams compared to desktop users. This claim was based on accessed log files found on Web servers used to host websites involved in phishing campaigns. Almost a decade later, we continue to see different organizations reporting an increased trend in phishing attacks targeting the mobile … [Read more...]

Humble Bundle alerts customers to subscription reveal bug

You’ll want to check your mailbox if you have a Humble Bundle account, as they’re notifying some customers of a bug used to gather subscriber information. Click to enlarge The mail reads as follows: Hello, Last week, we discovered someone using a bug in our code to access limited non-personal information about Humble Bundle accounts. The bug did not expose email addresses, but the person … [Read more...]

A week in security (November 19 – 25)

Last week on Malwarebytes Labs, we took a look at a devastating business email compromise attack, web skimming antics, and the fresh perils of Deepfakes. We also checked out some Chrome bug issues, and took the deepest of deep dives into DNA testing. Other cybersecurity news Adobe Flash bug—get patching! (Source: Adobe) Accidental Tesla forum access granted (Source: Dan’s Deals) JavaScript … [Read more...]

Four-Step Swindle: The Anatomy of a Business Email Compromise Attack

This week, we continue our series on Business Email Compromise. Click here to read Part 1, which includes an overview and various statistics on this growing threat. It takes time and effort to launch a successful Business Email Compromise (BEC) attack. In a typical attack, several messages are exchanged in an attempt to convince the target to authorize large payments to the attacker’s bank … [Read more...]

Secure your infrastructure with a network penetration test

Penetration testing is a systematic process of probing for vulnerabilities in your applications and networks. It is essentially a controlled form of hacking in which the ‘attackers’ operate on your behalf to find the sorts of weaknesses that criminals exploit.  Findings from a network penetration test could include the discovery of weak or default passwords, systems that are unpatched or poorly … [Read more...]

Compromising vital infrastructure: transport and logistics

Back when I was a dispatcher for a courier and trucking company, we used to joke that it only took a few strategically-placed accidents to cause a traffic jam that could completely stop circulation around the city of Rotterdam. Rotterdam is one of the major ports in the world and consequently, there is a lot of traffic coming in and out. The roads around the city can handle normal traffic, but … [Read more...]

A week in security (October 29 – November 4)

Last week on Malwarebytes Labs, we looked at a rogue cryptocurrency app installing backdoors, took a dive into the world of printer security, explored browser privacy tweaks, highlighted a music festival–themed breach, and introduced Malwarebytes for Chromebook. Other cybersecurity news Memory hacks? (Source: Secure List) Gandcrab: hugely popular (Source: BitDefender) Huge fines for cold callers … [Read more...]

Tomorrowland festival goers affected by data breach

Tomorrowland, a major international music festival, has revealed a data breach potentially affecting around 60,000 attendees. This one is a little different though, as the data accessed without permission isn’t recent. In fact, it dates back four years to an event long since come and gone. According to a Tomorrowland spokesperson, the managers of the Paylogic ticketing system noticed … [Read more...]