dcsimg

Gang arrested for SIM-swapping celebrities, stealing $100 million

The UK’s National Crime Agency (NCA)—working alongside the US Secret Service, Homeland Security, the FBI, Europol, and the District Attorney’s Office of Santa Clara California—spearheaded the arrest of eight British citizens in the UK and Scotland, aged between 18 to 26, for a string of SIM swapping attacks that occurred in 2020. These attacks targeted thousands of people and netted … [Read more...]

What to do when you receive an extortion e-mail

In the last few weeks, there has been an upswing in people receiving threatening, extortion e-mail messages, demanding payment to avoid release of sensitive information. Most of the time, these e-mails are what we call “sextortion” e-mails, as they claim that malware on your computer has captured embarrassing photos of you through the webcam, but there can be other variants on the same … [Read more...]

5 simple steps to securing your remote employees

As remote working has become standard practice, employees are working from anywhere and using any device they can to get the job done. That means repeated connections to unsecured public Wi-Fi networks—at a coffee shop or juice bar, for example—and higher risks for data leaks from lost, misplaced, or stolen devices. Think about it. Let’s say your remote employee uses his personal smart … [Read more...]

Data and device security for domestic abuse survivors

For more than a month, Malwarebytes has worked with advocacy groups, law enforcement, and cybersecurity researchers to deliver helpful information in fighting stalkerware—the disturbing cyber threat that enables domestic abusers to spy on their partners’ digital and physical lives. While we’ve ramped up our detections, written a safety guide for those who might have stalkerware on their … [Read more...]

Has two-factor authentication been defeated? A spotlight on 2FA’s latest challenge

Multiple news reports about the defeat of two-factor authentication (2FA) have been making rounds lately. In November 2018, our friends at ESET discovered a purported Android battery utility tool called “Optimization Android” from a third-party app store. This app was designed to steal money from a user’s PayPal account without relying on stolen credentials. It operates by modifying a device’s … [Read more...]

Humble Bundle alerts customers to subscription reveal bug

You’ll want to check your mailbox if you have a Humble Bundle account, as they’re notifying some customers of a bug used to gather subscriber information. Click to enlarge The mail reads as follows: Hello, Last week, we discovered someone using a bug in our code to access limited non-personal information about Humble Bundle accounts. The bug did not expose email addresses, but the person … [Read more...]

Business email compromise scam costs Pathé $21.5 million

Recently released court documents show that European-based cinema chain Pathé lost a small fortune to a business email compromise (BEC) scam in March 2018. How much? An astonishing US$21.5 million (roughly 19 million euros). The attack, which ran for about a month, cost the company 10 percent of its total earnings. What is business email compromise? Business email compromise is a type of phishing … [Read more...]