two-factor authentication

David Ruiz September 4, 2019

5 simple steps to securing your remote employees

As remote working has become standard practice, employees are working from anywhere and using any device they can to get the job done. That means repeated connections to unsecured public Wi-Fi networks—at a coffee shop or juice bar, for example—and higher risks for data leaks from lost, misplaced, or stolen devices. Think about it. Let’s say your remote employee uses his personal smart … [Read more...]

Filed Under: 2fa, approved device list, bring your own device, Business, BYOD, encryption, Find my iPhone, Find my Mobile, governance, IDG Connect, jailbreak, man-in-the-middle, man-in-the-middle attack, multi-factor authentication, passcode, password, public wi-fi, RBAC, remote, remote employees, remote wiping, remote workforce, role-based access control, single sign-on, sso, two-factor authentication, vpn

Jovi Umawing September 3, 2019

TrickBot adds new trick to its arsenal: tampering with trusted texts

Researchers from Dell Secureworks saw a new feature in TrickBot that allows it to tamper with the web sessions of users who have certain mobile carriers. According to a blog post that they published early last week, TrickBot can do this by “intercepting network traffic before it is rendered by a victim’s browser.” If you may recall, TrickBot, a well-known banking Trojan we detect as … [Read more...]

Filed Under: 2fa, account takeover fraud, ATO, Authy, C&C, Dell Secureworks, dynamic webinject, dyreza, emotet, Eternal Romance, EternalBlue, EternalChampion, Gold Blackburn, Google Authenticator, hasherezade, point-of-sale, port-out fraud, POS, SIM hijacking, SIM swapping, Sprint, T-Mobile, thetrick, trickbot, trickloader, trickster, Trojan.TrickBot, Trojans, two-factor authentication, Verizon Wireless

David Ruiz August 13, 2019

Data and device security for domestic abuse survivors

For more than a month, Malwarebytes has worked with advocacy groups, law enforcement, and cybersecurity researchers to deliver helpful information in fighting stalkerware—the disturbing cyber threat that enables domestic abusers to spy on their partners’ digital and physical lives. While we’ve ramped up our detections, written a safety guide for those who might have stalkerware on their … [Read more...]

Filed Under: 2fa, Android, App Store, Cloud Storage, Data Security, device security, domestic abuse, domestic abuse survivor, domestic violence, encryption, end-to-end encryption, Google Play, Google Play Store, iMessage, iOS, national domestic violence hotline, National Network to End Domestic Violence, passcode, privacy, secure messaging, security, signal, spyware, stalkerware, two-factor authentication, whatsapp, wire

Malwarebytes Labs January 21, 2019

Has two-factor authentication been defeated? A spotlight on 2FA’s latest challenge

Multiple news reports about the defeat of two-factor authentication (2FA) have been making rounds lately. In November 2018, our friends at ESET discovered a purported Android battery utility tool called “Optimization Android” from a third-party app store. This app was designed to steal money from a user’s PayPal account without relying on stolen credentials. It operates by modifying a device’s … [Read more...]

Filed Under: 2fa, 2FA modlishka, Amnesty International, CERTFA, cybercrime, defeat 2FA, mantis, modlishka, password manager, pgp, Social engineering, the return of charming kitten, totp, two-factor authentication

Christopher Boyd January 7, 2019

Australia’s Early Warning Network compromised

An early warning network designed to notify subscribers about dangerous weather in Australia has been compromised. The hacker sent many bogus messages via phone, SMS, and email, telling users that the service had been hacked. Early Warning Network, a service used by local governments to send notifications about weather hazards, found itself firing these rogue missives into the void late on … [Read more...]

Filed Under: 2fa, compromise, cybercrime, danger, early warning network, early warning system, email, login, PAGASA, PHIVOLCS, phonemail, privacy, sms, two-factor authentication, weather

Christopher Boyd December 4, 2018

Humble Bundle alerts customers to subscription reveal bug

You’ll want to check your mailbox if you have a Humble Bundle account, as they’re notifying some customers of a bug used to gather subscriber information. Click to enlarge The mail reads as follows: Hello, Last week, we discovered someone using a bug in our code to access limited non-personal information about Humble Bundle accounts. The bug did not expose email addresses, but the person … [Read more...]

Filed Under: 2-Step Verification, 2fa, breach, bug, cybercrime, games, Gaming, humble bundle, phish, phishing, Social engineering, spear phishing, two-factor authentication, video games

Christopher Boyd November 19, 2018

Business email compromise scam costs Pathé $21.5 million

Recently released court documents show that European-based cinema chain Pathé lost a small fortune to a business email compromise (BEC) scam in March 2018. How much? An astonishing US$21.5 million (roughly 19 million euros). The attack, which ran for about a month, cost the company 10 percent of its total earnings. What is business email compromise? Business email compromise is a type of phishing … [Read more...]

Filed Under: 2fa, authentication, bec, Business Email Compromise, CEO, CFO, cybercrime, mfa, pathe, phish, scam, Social engineering, two-factor authentication

Malwarebytes Labs September 17, 2018

A week in security (September 10 – 16)

Last week on Malwarebytes Labs, we assessed the security of a portable router, identified ways to waste a scammer’s time, named the many faces of omnichannel fraud, questioned the security of 2FAs, profiled a massive tech support scam operation, and exposed a new HMRC phishing campaign. Other cybersecurity news: Trend Micro addressed the burning questions related to their Mac App store apps … [Read more...]

Filed Under: 2fa, a week in security, Android, android browser, banking Trojan, banking Trojans, botnets, hmrc phish, Microsoft, omnichannel fraud, phishing, portable router, project verify, ram nit, Ramnit Trojan, ransomware, recap, recon malware, scammer, security of portable router, Security world, tech support scam, tech support scams, tor, trojan, two-factor authentication, Week in security, weekly blog roundup

Pieter Arntz September 14, 2018

Is two-factor authentication (2FA) as secure as it seems?

Two-factor authentication (2FA) was invented to add an extra layer of security to the—now considered old-fashioned and insecure—simple login procedure of entering a username and password. One of the most well-known examples of 2FA is when you try to log into a familiar website from a different machine or from a different location, which results in a different IP. With 2FA-enabled login procedures, … [Read more...]

Filed Under: 101, 2fa, biometrics, brute force, facebook, fake login, FYI, mfa, multi-factor authentication, password reset, phishing, Social engineering, third-party login, totp, two-factor authentication

Malwarebytes Labs May 14, 2018

A week in security (May 7 – May 13)

Last week on Labs, we looked at the case of a fake Android AV, an annoying adware that goes by the name of Kuik, the return of threat actors behind the Shopper Stop tech scam, a new Netflix phishing scam, the recent zero-day vulnerability in Internet Explorer, and the insufficiency of merely relying on the presence of the green padlock. Also, in a brief blog post, we talked about why we removed … [Read more...]

Filed Under: 7zip, facebook, fake android av, HTTPS, javascript excel, JS excel, kuik adware, Microsoft, Microsoft Excel, netflix phish, nigerian scam, Security world, shopper stop tech scam, signal, tech support scam, two-factor authentication, vulnerability, Week in security

5 simple steps to securing your remote employees

TrickBot adds new trick to its arsenal: tampering with trusted texts

Data and device security for domestic abuse survivors

A week in security (September 10 – 16)

A week in security (May 7 – May 13)

SEARCH

RECENT POSTS

Archives

DISCLAIMER