When Low-Tech Hacks Cause High-Impact Breaches

Credit to Author: BrianKrebs| Date: Mon, 27 Feb 2023 04:15:15 +0000

Web hosting giant GoDaddy made headlines this month when it disclosed that a multi-year breach allowed intruders to steal company source code, siphon customer and employee login credentials, and foist malware on customer websites. Media coverage understandably focused on GoDaddy’s admission that it suffered three different cyberattacks over as many years at the hands of the same hacking group.  But it’s worth revisiting how this group typically got in to targeted companies: By calling employees and tricking them into navigating to a phishing website.

Read more

Interpol’s First Light operation smashes crime on a global scale

Credit to Author: Christopher Boyd| Date: Thu, 16 Jun 2022 13:24:46 +0000

Interpol’s annual First Light project has gone global for the second time. We take a look at the results, findings, and trends.

The post Interpol’s First Light operation smashes crime on a global scale appeared first on Malwarebytes Labs.

Read more

The Original APT: Advanced Persistent Teenagers

Credit to Author: BrianKrebs| Date: Wed, 06 Apr 2022 17:55:38 +0000

Many organizations are already struggling to combat cybersecurity threats from ransomware purveyors and state-sponsored hacking groups, both of which tend to take days or weeks to pivot from an opportunistic malware infection to a full blown data breach. But few organizations have a playbook for responding to the kinds of virtual “smash and grab” attacks we’ve seen recently from LAPSUS$, a juvenile data extortion group whose short-lived, low-tech and remarkably effective tactics are putting some of the world’s biggest corporations on edge.

Read more

A week in security (January 21 – 27)

Credit to Author: Malwarebytes Labs| Date: Mon, 28 Jan 2019 18:00:14 +0000

A roundup of last week’s security news from January 21 to 27, including Modlishka, Crytekk, PUPs, and the State of Malware report.

Categories:

Tags:

(Read more…)

The post A week in security (January 21 – 27) appeared first on Malwarebytes Labs.

Read more

Something else is phishy: How to detect phishing attempts on mobile

Credit to Author: Jovi Umawing| Date: Mon, 10 Dec 2018 15:00:56 +0000

Phishing is more problematic on smartphones than on desktops. Not only that, approaches to handling phishing attacks on mobile are quite different because their techniques are also different. So, how can users sniff out a mobile phish? Let us count the ways.

Categories:

Tags:

(Read more…)

The post Something else is phishy: How to detect phishing attempts on mobile appeared first on Malwarebytes Labs.

Read more

Voice Phishing Scams Are Getting More Clever

Credit to Author: BrianKrebs| Date: Mon, 01 Oct 2018 14:02:27 +0000

Most of us have been trained to be wary of clicking on links and attachments that arrive in emails unexpected, but it’s easy to forget scam artists are constantly dreaming up innovations that put a new shine on old-fashioned telephone-based phishing scams. Think you’re too smart to fall for one? Think again: Even technology experts are getting taken in by some of the more recent schemes (or very nearly).

Read more

6 sure signs someone is phishing you—besides email

Credit to Author: Kayla Matthews| Date: Thu, 20 Sep 2018 16:00:00 +0000

Beyond the medium used to reach you (which is most often email), what are some of the common signs and behaviors of phishing? Conversations that focus on the inbox only leave users with an inadequate understanding of how to protect against this ubiquitous threat.

Categories:

Tags:

(Read more…)

The post 6 sure signs someone is phishing you—besides email appeared first on Malwarebytes Labs.

Read more