two-factor authentication

Thomas Reed May 1, 2020

What to do when you receive an extortion e-mail

In the last few weeks, there has been an upswing in people receiving threatening, extortion e-mail messages, demanding payment to avoid release of sensitive information. Most of the time, these e-mails are what we call “sextortion” e-mails, as they claim that malware on your computer has captured embarrassing photos of you through the webcam, but there can be other variants on the same … [Read more...]

Filed Under: 2fa, Bitcoin sextortion, extortion, Malwarebytes news, online extortion, passphrase, password manager, password managers, sextortion, sextortion email, sextortion scams, two factor, two-factor authentication

Malwarebytes Labs November 20, 2019

Disney+ security and service issues: Here’s what we know so far

The long wait is over. Disney+, the new video-streaming service to rival Netflix and Amazon Prime, debuted last week to much fanfare, racking up 10 million subscribers within a single day of launch. Unfortunately, it wasn’t the kind of splash the majority of users predicted, as they were met with connection and performance issues out the gate—soon to be followed by reports of hacked accounts … [Read more...]

Filed Under: 2fa, account compromise, amazon prime, Disney Plus, Disney+, Disney+ hacked, Hacking, Hulu, netflix, password manager, password sharing, two-factor authentication, Walt Disney, ZDNet

David Ruiz September 4, 2019

5 simple steps to securing your remote employees

As remote working has become standard practice, employees are working from anywhere and using any device they can to get the job done. That means repeated connections to unsecured public Wi-Fi networks—at a coffee shop or juice bar, for example—and higher risks for data leaks from lost, misplaced, or stolen devices. Think about it. Let’s say your remote employee uses his personal smart … [Read more...]

Filed Under: 2fa, approved device list, bring your own device, Business, BYOD, encryption, Find my iPhone, Find my Mobile, governance, IDG Connect, jailbreak, man-in-the-middle, man-in-the-middle attack, multi-factor authentication, passcode, password, public wi-fi, RBAC, remote, remote employees, remote wiping, remote workforce, role-based access control, single sign-on, sso, two-factor authentication, vpn

Jovi Umawing September 3, 2019

TrickBot adds new trick to its arsenal: tampering with trusted texts

Researchers from Dell Secureworks saw a new feature in TrickBot that allows it to tamper with the web sessions of users who have certain mobile carriers. According to a blog post that they published early last week, TrickBot can do this by “intercepting network traffic before it is rendered by a victim’s browser.” If you may recall, TrickBot, a well-known banking Trojan we detect as … [Read more...]

Filed Under: 2fa, account takeover fraud, ATO, Authy, C&C, Dell Secureworks, dynamic webinject, dyreza, emotet, Eternal Romance, EternalBlue, EternalChampion, Gold Blackburn, Google Authenticator, hasherezade, point-of-sale, port-out fraud, POS, SIM hijacking, SIM swapping, Sprint, T-Mobile, thetrick, trickbot, trickloader, trickster, Trojan.TrickBot, Trojans, two-factor authentication, Verizon Wireless

David Ruiz August 13, 2019

Data and device security for domestic abuse survivors

For more than a month, Malwarebytes has worked with advocacy groups, law enforcement, and cybersecurity researchers to deliver helpful information in fighting stalkerware—the disturbing cyber threat that enables domestic abusers to spy on their partners’ digital and physical lives. While we’ve ramped up our detections, written a safety guide for those who might have stalkerware on their … [Read more...]

Filed Under: 2fa, Android, App Store, Cloud Storage, Data Security, device security, domestic abuse, domestic abuse survivor, domestic violence, encryption, end-to-end encryption, Google Play, Google Play Store, iMessage, iOS, national domestic violence hotline, National Network to End Domestic Violence, passcode, privacy, secure messaging, security, signal, spyware, stalkerware, two-factor authentication, whatsapp, wire

Malwarebytes Labs January 21, 2019

Has two-factor authentication been defeated? A spotlight on 2FA’s latest challenge

Multiple news reports about the defeat of two-factor authentication (2FA) have been making rounds lately. In November 2018, our friends at ESET discovered a purported Android battery utility tool called “Optimization Android” from a third-party app store. This app was designed to steal money from a user’s PayPal account without relying on stolen credentials. It operates by modifying a device’s … [Read more...]

Filed Under: 2fa, 2FA modlishka, Amnesty International, CERTFA, cybercrime, defeat 2FA, mantis, modlishka, password manager, pgp, Social engineering, the return of charming kitten, totp, two-factor authentication

Christopher Boyd January 7, 2019

Australia’s Early Warning Network compromised

An early warning network designed to notify subscribers about dangerous weather in Australia has been compromised. The hacker sent many bogus messages via phone, SMS, and email, telling users that the service had been hacked. Early Warning Network, a service used by local governments to send notifications about weather hazards, found itself firing these rogue missives into the void late on … [Read more...]

Filed Under: 2fa, compromise, cybercrime, danger, early warning network, early warning system, email, login, PAGASA, PHIVOLCS, phonemail, privacy, sms, two-factor authentication, weather

Christopher Boyd December 4, 2018

Humble Bundle alerts customers to subscription reveal bug

You’ll want to check your mailbox if you have a Humble Bundle account, as they’re notifying some customers of a bug used to gather subscriber information. Click to enlarge The mail reads as follows: Hello, Last week, we discovered someone using a bug in our code to access limited non-personal information about Humble Bundle accounts. The bug did not expose email addresses, but the person … [Read more...]

Filed Under: 2-Step Verification, 2fa, breach, bug, cybercrime, games, Gaming, humble bundle, phish, phishing, Social engineering, spear phishing, two-factor authentication, video games

Christopher Boyd November 19, 2018

Business email compromise scam costs Pathé $21.5 million

Recently released court documents show that European-based cinema chain Pathé lost a small fortune to a business email compromise (BEC) scam in March 2018. How much? An astonishing US$21.5 million (roughly 19 million euros). The attack, which ran for about a month, cost the company 10 percent of its total earnings. What is business email compromise? Business email compromise is a type of phishing … [Read more...]

Filed Under: 2fa, authentication, bec, Business Email Compromise, CEO, CFO, cybercrime, mfa, pathe, phish, scam, Social engineering, two-factor authentication

Malwarebytes Labs September 17, 2018

A week in security (September 10 – 16)

Last week on Malwarebytes Labs, we assessed the security of a portable router, identified ways to waste a scammer’s time, named the many faces of omnichannel fraud, questioned the security of 2FAs, profiled a massive tech support scam operation, and exposed a new HMRC phishing campaign. Other cybersecurity news: Trend Micro addressed the burning questions related to their Mac App store apps … [Read more...]

Filed Under: 2fa, a week in security, Android, android browser, banking Trojan, banking Trojans, botnets, hmrc phish, Microsoft, omnichannel fraud, phishing, portable router, project verify, ram nit, Ramnit Trojan, ransomware, recap, recon malware, scammer, security of portable router, Security world, tech support scam, tech support scams, tor, trojan, two-factor authentication, Week in security, weekly blog roundup

What to do when you receive an extortion e-mail

5 simple steps to securing your remote employees

TrickBot adds new trick to its arsenal: tampering with trusted texts

Data and device security for domestic abuse survivors

A week in security (September 10 – 16)

SEARCH

RECENT POSTS

Archives

DISCLAIMER