dcsimg

A week in security (August 31 – September 6)

Last week on Malwarebytes Labs, we dug into security hubris on the Lock and Code podcast, explored ways in which Apple’s notarization process may not be hitting all the right notes, and detailed a new web skimmer. We also explained how to keep distance learners secure, talked about PCI DSS compliance, and revealed that SMB security posture is weakened by COVID-19. Other cybersecurity … [Read more...]

Missing person scams: what to watch out for

Social media has a long history of people asking for help or giving advice to other users. One common feature is the ubiquitous “missing person” post. You’ve almost certainly seen one, and may well have amplified such a Facebook post, or Tweet, or even blog. The sheer reach and virality of social media is perfect for alerting others. It really is akin to climbing onto a rooftop with a foghorn … [Read more...]

A week in security (August 17 – 23)

Last week on Malwarebytes Labs, we looked at the impact of COVID-19 on healthcare cybersecurity, dug into some pandemic stats in terms of how workforces coped with going remote, and served up a crash course on malware detection. Our most recent Lock and Code podcast explored the safety of parental monitoring apps. Other cybersecurity news Under lock and key: Researchers showed how the sound … [Read more...]

Lock and Code S1Ep13: Monitoring the safety of parental monitoring apps with Emory Roane

This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Emory Roane, policy counsel at Privacy Rights Clearinghouse, about parental monitoring apps. These tools offer parents the capabilities to spot where their children go, read what their kids read, and prevent them from, for instance, visiting websites … [Read more...]

SBA phishing scams: from malware to advanced social engineering

A number of threat actors continue to take advantage of the ongoing coronavirus pandemic through phishing scams and other campaigns distributing malware. In this blog, we look at a specific organization, namely the US Small Business Administration (SBA), and how threat actors have been impersonating it in a number of phishing attempts targeted at business owners, CEOs, and CFOs. GuLoader … [Read more...]

A week in security (May 25 – 31)

Last week on Malwarebytes Labs, we published our most recent episode of our podcast Lock and Code, providing an in-depth discussion on web browser privacy, looked at the membership bump for the Coalition against Stalkerware, and dug into EDR solutions. We also looked at twists added to the threat scene by Maze Ransomware. Other cybersecurity news Breach affects major service provider: A … [Read more...]

Spear phishing 101: what you need to know

Phishing, a cyberattack method as old as viruses and Nigerian Princes, continues to be one of the most popular means of initiating a breach against individuals and organizations, even in 2020. The tactic is so effective, it has spawned a multitude of sub-methods, including smishing (phishing via SMS), pharming, and the technique du jour for this blog: spear phishing. But first, a quick parable. A … [Read more...]

Fake Elder Scrolls Online developers go phishing on PlayStation

A player of popular gaming title Elder Scrolls Online recently took to Reddit to warn users of a phish via Playstation messaging. This particular phishing attempt is notable for ramping up the pressure on recipients—a classic social engineering technique taken to the extreme. A terms of service violation? In MMORPG land, the scammers take a theoretically plausible deadline, crunch it into … [Read more...]

Sextortion scammers getting creative

We’ve covered sextortion before, focusing in on how the core of the threat is an exercise in trust. The threat actor behind the campaign will use whatever information available on the target that causes them to trust that the threat actor does indeed have incriminating information on them. (They don’t.) But as public awareness of the scam grows, threat actors have to pivot to less … [Read more...]