When Low-Tech Hacks Cause High-Impact Breaches

Credit to Author: BrianKrebs| Date: Mon, 27 Feb 2023 04:15:15 +0000

Web hosting giant GoDaddy made headlines this month when it disclosed that a multi-year breach allowed intruders to steal company source code, siphon customer and employee login credentials, and foist malware on customer websites. Media coverage understandably focused on GoDaddy’s admission that it suffered three different cyberattacks over as many years at the hands of the same hacking group.  But it’s worth revisiting how this group typically got in to targeted companies: By calling employees and tricking them into navigating to a phishing website.

Read more

The Original APT: Advanced Persistent Teenagers

Credit to Author: BrianKrebs| Date: Wed, 06 Apr 2022 17:55:38 +0000

Many organizations are already struggling to combat cybersecurity threats from ransomware purveyors and state-sponsored hacking groups, both of which tend to take days or weeks to pivot from an opportunistic malware infection to a full blown data breach. But few organizations have a playbook for responding to the kinds of virtual “smash and grab” attacks we’ve seen recently from LAPSUS$, a juvenile data extortion group whose short-lived, low-tech and remarkably effective tactics are putting some of the world’s biggest corporations on edge.

Read more

A week in security (October 1 – 7)

Credit to Author: Malwarebytes Labs| Date: Mon, 08 Oct 2018 16:31:56 +0000

A roundup of the security news from October 1–7 including National Cybersecurity Awareness Month, LoJack, fileless malware, and BYOS.

Categories:

Tags:

(Read more…)

The post A week in security (October 1 – 7) appeared first on Malwarebytes Labs.

Read more