dcsimg

Four-Step Swindle: The Anatomy of a Business Email Compromise Attack

This week, we continue our series on Business Email Compromise. Click here to read Part 1, which includes an overview and various statistics on this growing threat. It takes time and effort to launch a successful Business Email Compromise (BEC) attack. In a typical attack, several messages are exchanged in an attempt to convince the target to authorize large payments to the attacker’s bank … [Read more...]

Secure your infrastructure with a network penetration test

Penetration testing is a systematic process of probing for vulnerabilities in your applications and networks. It is essentially a controlled form of hacking in which the ‘attackers’ operate on your behalf to find the sorts of weaknesses that criminals exploit.  Findings from a network penetration test could include the discovery of weak or default passwords, systems that are unpatched or poorly … [Read more...]

Compromising vital infrastructure: transport and logistics

Back when I was a dispatcher for a courier and trucking company, we used to joke that it only took a few strategically-placed accidents to cause a traffic jam that could completely stop circulation around the city of Rotterdam. Rotterdam is one of the major ports in the world and consequently, there is a lot of traffic coming in and out. The roads around the city can handle normal traffic, but … [Read more...]

A week in security (October 29 – November 4)

Last week on Malwarebytes Labs, we looked at a rogue cryptocurrency app installing backdoors, took a dive into the world of printer security, explored browser privacy tweaks, highlighted a music festival–themed breach, and introduced Malwarebytes for Chromebook. Other cybersecurity news Memory hacks? (Source: Secure List) Gandcrab: hugely popular (Source: BitDefender) Huge fines for cold callers … [Read more...]

Tomorrowland festival goers affected by data breach

Tomorrowland, a major international music festival, has revealed a data breach potentially affecting around 60,000 attendees. This one is a little different though, as the data accessed without permission isn’t recent. In fact, it dates back four years to an event long since come and gone. According to a Tomorrowland spokesperson, the managers of the Paylogic ticketing system noticed … [Read more...]

A week in security (October 22 – 28)

Last week on Malwarebytes Labs, we took a look at some new Mac malware,  gave you a roundup of 2018 exploit kits, and dispensed some advice on sextortion scams. We also looked at the Cathay Pacific breach, groaned at the revival of an old browser trick, and explained how voting machines and elections are vulnerable to attack. Other cybersecurity news More problems for British Airways (Source: … [Read more...]

Sextortion emails: They’re probably not watching you

Back in July, Krebs on Security reported on a rather novel scam, where the threat actor would use credentials from old data dumps to suggest that they had directly hacked the victim and obtained the victim’s presumably sensitive browser history. Stolen credentials aside, sex-based extortion scams are actually fairly old and not all that sophisticated. A user on the Malwarebytes Forums … [Read more...]

A week in security (October 8 – 14)

Last week, we warned you away from some dubious Doctor Who streams, explained how Endpoint Detection and Response may not be enough, and explored what happens during a confusing supply chain story. We also showed you how to keep up with security, explained the risks of fake browser updates, and explored the unpleasant world of workplace violence. Other cybersecurity news: Google Plus suffers a … [Read more...]

A week in security (October 1 – 7)

Last week, Malwarebytes welcomed National Cybersecurity Awareness Month by renewing our pledge to do what we do best: offer the best protection for our customers and promote security awareness for all. On Labs, we raised the question of whether it is a good idea to bring your own security or not, talked a little bit more about fileless malware, homed in on a malware campaign targeting Fortnite … [Read more...]