ConnectWise Quietly Patches Flaw That Helps Phishers

Credit to Author: BrianKrebs| Date: Thu, 01 Dec 2022 19:35:11 +0000

ConnectWise, a self-hosted, remote desktop software application that is widely used by Managed Service Providers (MSPs), is warning about an unusually sophisticated phishing attack that can let attackers take remote control over user systems when recipients click the included link. The warning comes just days after the company quietly patched a vulnerability that makes it easier for phishers to launch these attacks.

Read more

A week in security (August 22 – August 28)

Categories: News

Tags: cryptojackers

Tags: CISA

Tags: Reddit

Tags: social engineering

Tags: Google

Tags: PLex

Tags: Hikvision

Tags: patch management

Tags: ChromeOS

Tags: Twitter

Tags: Binance

Tags: Gitlab

Tags: TrickBot

Tags: LastPass

The important security news of this week

(Read more…)

The post A week in security (August 22 – August 28) appeared first on Malwarebytes Labs.

Read more

Source code of password manager LastPass stolen by attacker

Categories: News

Tags: LastPass

Tags: source code

Tags: MFA

Tags: random

Tags: password manager

LastPass let the public know that an unauthorized party gained access to portions of the LastPass development environment

(Read more…)

The post Source code of password manager LastPass stolen by attacker appeared first on Malwarebytes Labs.

Read more

A week in security (November 19 – 25)

Credit to Author: Malwarebytes Labs| Date: Mon, 26 Nov 2018 18:21:37 +0000

A roundup of last week’s security news from November 19–25, including a business email compromise attack, deep dive into DNA testing kits, and more troubles for Tesla.

Categories:

Tags:

(Read more…)

The post A week in security (November 19 – 25) appeared first on Malwarebytes Labs.

Read more

The Year Targeted Phishing Went Mainstream

Credit to Author: BrianKrebs| Date: Thu, 02 Aug 2018 15:11:45 +0000

A story published here on July 12 about a new sextortion-based phishing scheme that invokes a real password used by each recipient has become the most-read piece on KrebsOnSecurity since this site launched in 2009. And with good reason — sex sells (the second most-read piece here was my 2015 scoop about the Ashley Madison hack). But beneath the lurid allure of both stories lies a more unsettling reality: It has never been easier for scam artists to launch convincing, targeted phishing and extortion scams that are automated on a global scale. And given the sheer volume of hacked and stolen personal data now available online, it seems almost certain we will soon witness many variations on these phishing campaigns that leverage customized data elements to enhance their effectiveness.

Read more

Google: Security Keys Neutralized Employee Phishing

Credit to Author: BrianKrebs| Date: Mon, 23 Jul 2018 11:34:38 +0000

Google has not had any of its 85,000+ employees successfully phished on their work-related accounts since early 2017, when it began requiring all employees to use physical Security Keys in place of passwords and one-time codes, the company told KrebsOnSecurity.

Read more