dcsimg
January 21, 2019

Has two-factor authentication been defeated? A spotlight on 2FA’s latest challenge

Multiple news reports about the defeat of two-factor authentication (2FA) have been making rounds lately. In November 2018, our friends at ESET discovered a purported Android battery utility tool called “Optimization Android” from a third-party app store. This app was designed to steal money from a user’s PayPal account without relying on stolen credentials. It operates by modifying a device’s … [Read more...]

Filed Under: 2fa, 2FA modlishka, Amnesty International, CERTFA, cybercrime, defeat 2FA, mantis, modlishka, password manager, pgp, Social engineering, the return of charming kitten, totp, two-factor authentication
January 7, 2019
December 4, 2018

Humble Bundle alerts customers to subscription reveal bug

You’ll want to check your mailbox if you have a Humble Bundle account, as they’re notifying some customers of a bug used to gather subscriber information. Click to enlarge The mail reads as follows: Hello, Last week, we discovered someone using a bug in our code to access limited non-personal information about Humble Bundle accounts. The bug did not expose email addresses, but the person … [Read more...]

Filed Under: 2-Step Verification, 2fa, breach, bug, cybercrime, games, Gaming, humble bundle, phish, phishing, Social engineering, spear phishing, two-factor authentication, video games
November 19, 2018

Business email compromise scam costs Pathé $21.5 million

Recently released court documents show that European-based cinema chain Pathé lost a small fortune to a business email compromise (BEC) scam in March 2018. How much? An astonishing US$21.5 million (roughly 19 million euros). The attack, which ran for about a month, cost the company 10 percent of its total earnings. What is business email compromise? Business email compromise is a type of phishing … [Read more...]

Filed Under: 2fa, authentication, bec, Business Email Compromise, CEO, CFO, cybercrime, mfa, pathe, phish, scam, Social engineering, two-factor authentication
September 17, 2018

A week in security (September 10 – 16)

Last week on Malwarebytes Labs, we assessed the security of a portable router, identified ways to waste a scammer’s time, named the many faces of omnichannel fraud, questioned the security of 2FAs, profiled a massive tech support scam operation, and exposed a new HMRC phishing campaign. Other cybersecurity news: Trend Micro addressed the burning questions related to their Mac App store apps … [Read more...]

Filed Under: 2fa, a week in security, Android, android browser, banking Trojan, banking Trojans, botnets, hmrc phish, Microsoft, omnichannel fraud, phishing, portable router, project verify, ram nit, Ramnit Trojan, ransomware, recap, recon malware, scammer, security of portable router, Security world, tech support scam, tech support scams, tor, trojan, two-factor authentication, Week in security, weekly blog roundup
September 14, 2018
May 14, 2018

A week in security (May 7 – May 13)

Last week on Labs, we looked at the case of a fake Android AV, an annoying adware that goes by the name of Kuik, the return of threat actors behind the Shopper Stop tech scam, a new Netflix phishing scam, the recent zero-day vulnerability in Internet Explorer, and the insufficiency of merely relying on the presence of the green padlock. Also, in a brief blog post, we talked about why we removed … [Read more...]

Filed Under: 7zip, facebook, fake android av, HTTPS, javascript excel, JS excel, kuik adware, Microsoft, Microsoft Excel, netflix phish, nigerian scam, Security world, shopper stop tech scam, signal, tech support scam, two-factor authentication, vulnerability, Week in security
January 19, 2018

Cybersecurity New Year’s resolutions, you say? Why not.

It’s mid-January, and oh, how time flies. It wasn’t long since we bid farewell to 2017 and welcomed the new year with renewed hope and vigor. Of course, with such positivity comes a sense of an equally favorable outlook for the year ahead. However good that may sound, being faced with a tabula rasa may pose a challenge equivalent to writer’s block: We simply don’t know where to begin. This … [Read more...]

Filed Under: 101, cyber, cybersecurity, cybersecurity resolutions, FYI, HTTPS, new year's resolution, two-factor authentication
November 15, 2017

Why Passwords May Not Keep Your Email Safe

We live in an era where the amount of valuable data businesses must store is increasing at an unprecedented pace. Consequently, the number of “bad guys” trying to gain access to that data is also increasing, and hackers have some pretty sophisticated tools at their disposal to try to force their way into your data. They use a variety of tactics, including social engineering, brute force attacks … [Read more...]

Filed Under: 2fa, Email How To, Email Security, two-factor authentication, Webmail, WorldClient