dcsimg

A week in security (February 17 – 23)

Last week on Malwarebytes Labs, we highlighted the benefits and concerns of identity-as-a-service (IDaaS), an identity management scheme deployed from the cloud; reported on scammers and squatters taking advantage of Rudy Giuliani’s Twitter typos; and gave a high-level overview of RobbinHood, the latest ransomware baddie to specifically target organizations. Other cybersecurity news Hundreds … [Read more...]

Rudy Giuliani’s Twitter mishaps invite typosquatters and scammers

Former cybersecurity czar Rudy Giuliani has been targeted by typosquatters on Twitter, thanks to copious misspellings and other keyboarding errors made in a number of his public tweets. In a tweet sent out on Sunday, Giuliani meant to send his 650,000-plus followers to his new website, RudyGiulianics.com. Instead, a space added after “Rudy” sent users on a redirection quest that … [Read more...]

A week in security (November 4 – November 10)

Last week on Malwarebytes Labs, we announced the launch of Malwarebytes 4.0, tackled data privacy legislation, and explored some of the ways robocalls come gunning for your data and your money. We also laid out the steps involved in popular vendor email compromise attacks. Other cybersecurity news Bug bounty bonanza: Rockstar Games open up their bounty program to include the newly-released Red … [Read more...]

ACCESS Act might improve data privacy through interoperability

Data privacy is back in Congressional lawmakers’ sights, as a new, legislative proposal focuses not on data collection, storage, and selling, but on the idea that Americans should be able to more easily pack up their user data and take it to a competing service—perhaps one that better respects their data privacy. The new bill would also require certain tech companies, including Facebook, … [Read more...]

A week in security (October 7 – 13)

Last week on Malwarebytes Labs, we peered into the possible future of cybersecurity insurance, described the process for securing today’s managed service provider, and provided an in-depth explainer on the business espionage tactic known as “war shipping.” Further, in considering the intersection of National Cybersecurity Awareness Month and National Domestic Violence Awareness Month, we gave … [Read more...]

A week in security (August 19 – 25)

Last week on Malwarebytes Labs, we reported on the presence of Magecart on a type of poker software; outlined how the Key Negotiation of Bluetooth (KNOB) attack works; followed the money on a Bitcoin sextortion campaign; looked back at DEF CON 27; and reported on continuing ransomware attacks on several US cities. Other cybersecurity news After turning away two vulnerability reports brought … [Read more...]

Good Twitter Samaritans accidentally prevent shoeshine scam

A few days ago, Indian news portals were buzzing with tales of a well-worn shoeshine scam making its way into social media. It’s a great example of how good-natured gestures can unwittingly aid scammers when we combine high-visibility accounts with potential lack of fact checking. Thankfully, it comes with a happy ending for a change. What happened? A Twitter user dragged this offline scam into … [Read more...]

Malaysia Airlines Flight 17 investigation shows Russian disinformation campaigns have global reach

A little background: on July 17, 2014, Malaysia Airlines Flight 17 was shot from the sky on its way from Amsterdam to Kuala Lumpur above the Ukraine. The plane was hit by a surface-to-air missile, and as a result, all 298 people on board were killed. At that time, there was a revolt of pro-Russian militants against the Ukrainian government. Both the Ukrainian military and the separatists … [Read more...]

Cooperating apps and automatic permissions are setting you up for failure

“Hey you. Someone from HR has invited you to a meeting on Thursday. Would you like me to add the appointment to the calendar?” Receiving an email notification when someone has invited you to a meeting is a feature that many professionals would not like to miss. Being able to log in at certain sites with your Facebook profile might be less indispensable, but nevertheless, it’s a heavily-used … [Read more...]

A week in security (June 17 – 23)

Last week on the Malwarebytes Labs blog, we took a look at the growing pains of smart cities, took a deep dive into AI, jammed along to Radiohead, and looked at the lessons learned from Chernobyl in relation to critical infrastructure. We also explored a new Steam phish attack, and pulled apart a Mac cryptominer. Other cybersecurity news Florida City falls to ransomware: Riviera Beach City … [Read more...]