dcsimg

A week in security (September 12 – September 18)

Last week on Malwarebytes Labs, we looked at journalism’s role in cybersecurity on our Lock and Code podcast, gave tips for safer shopping on Amazon Prime day, and discussed an APT attack springing into life as Academia returned to the real and virtual campus environment. We also dug into potential FIFA 21 scams, the return of QR code scams, Covid fatigue, and the absence of Deepfakes from … [Read more...]

QR code scams are making a comeback

Just when we thought the QR code was on its way out, the pandemic has led to a return of the scannable shortcut. COVID-19 has meant finding a digital equivalent to things normally handed out physically, like menus, tour guides, and other paperwork, and many organizations have adopted the QR code to help with this. And so, it would seem, have criminals. Scammers have dusted off their book of tricks … [Read more...]

Phishers spoof reliable cybersecurity training company to garner clicks

“It happens to the best of us.” And, indeed, no adage is better suited to a phishing campaign that recently made headlines. Fraudsters used the brand, KnowBe4—a trusted cybersecurity company that offers security awareness training for organizations—to gain recipients’ trust, their Microsoft Outlook credentials, and other personally identifiable information (PII). This is … [Read more...]

Dutch ISP Ziggo demonstrates how not to inform your customers about a security flaw

“Can you have a look at this email I got, please?” my brother asked. “It looks convincing enough, but I don’t trust it,” he added and forwarded me the email he received from Ziggo, his Internet Service Provider (ISP). Shortly after, he informed me that despite its suspicious aura, he found confirmation that the email was, in fact, legitimate. In the suspect email, the Dutch ISP informed … [Read more...]

SBA phishing scams: from malware to advanced social engineering

A number of threat actors continue to take advantage of the ongoing coronavirus pandemic through phishing scams and other campaigns distributing malware. In this blog, we look at a specific organization, namely the US Small Business Administration (SBA), and how threat actors have been impersonating it in a number of phishing attempts targeted at business owners, CEOs, and CFOs. GuLoader … [Read more...]

A week in security (July 20 – 26)

Last week on Malwarebytes Labs, our Lock and Code podcast delved into Bluetooth and beacon technology. We also dug into APT groups targeting India and Hong Kong, covered a law enforcement bust, and tried to figure out when, exactly, a Deepfake is a Deepfake. Other cybersecurity news Insecure email addresses resulted in big-bucks sporting targets (Source: Silicon)What do you do when a lack of … [Read more...]

A week in security (July 6 – 12)

Last week on Malwarebytes Labs, we took an in-depth look at card skimmers targeting ASP sites, we released another episode of Lock and Code exploring the Internet of Things, and we dug into a Mac mystery. We also examined some pre-installed malware, and put out a threat spotlight on some customized ransomware. Other cybersecurity news Social media went head to head with lawmakers: User data … [Read more...]

Coronavirus campaigns lead to surge in malware threats, Labs report finds

In the first three months of 2020, as the world clamped down to limit coronavirus, cyber threats ramped up. Our latest, special edition for our quarterly CTNT report focuses on recent, increased malware threats which all have one, big thing in common—using coronavirus as a lure. Our report, “Cybercrime tactics and techniques: Attack on home base,” analyzes the trojans, info stealers, and … [Read more...]

When the coronavirus infodemic strikes

Social media sites are stepping up their efforts in the war against misinformation… specifically, the coronavirus/COVID-19 infodemic. There’s a seemingly endless stream of potentially dangerous misinformation flying around online related to the COVID-19 pandemic, and that could have fatal results.It’s boomtown in fake-news land riding high on the wave of people being left with their tech … [Read more...]

RevenueWire to pay $6.7 million to settle FTC charges

What can you do as a scammer when no legitimate payment provider wants to process your payments anymore? Or, what if you are growing sick and tired of these same payment providers reimbursing disgruntled customers who claim that your products didn’t fix computers, like—you know—you said they would? Simple. You rely on some novel help. That is, until you get caught. Let us tell you a … [Read more...]