cybercrime – Computer Security Articles

Has two-factor authentication been defeated? A spotlight on 2FA’s latest challenge

January 21, 2019 admin 0 Comments 2fa, 2FA modlishka, Amnesty International, CERTFA, cybercrime, defeat 2FA, mantis, modlishka, password manager, PGP, Social engineering, the return of charming kitten, totp, two-factor authentication

Credit to Author: Malwarebytes Labs| Date: Mon, 21 Jan 2019 16:15:30 +0000

While many tech-savvy folks are familiar with two-factor authentication (2FA), more are unaware that there are several ways around it. A tactic called Modlishka, the English pronunciation for the Polish word for “mantis,” is the latest in this list.

Categories:

Tags: 2fa 2FA modlishka Amnesty International CERTFA defeat 2FA mantis modlishka password manager PGP Social Engineering the return of charming kitten totp two-factor authentication

MalwareBytes Security

Hosting malicious sites on legitimate servers: How do threat actors get away with it?

January 18, 2019 admin 0 Comments cybercrime, hosting, malicious sites, malware, takedowns, web security

Credit to Author: Pieter Arntz| Date: Fri, 18 Jan 2019 16:00:00 +0000

Is money all hosting providers care about when it comes to allowing malicious sites on their servers? Or is there more at play? We embark on an investigation to discover their motives.

Categories:

Tags: hosting malicious sites malware takedowns web security

Security TrendMicro

This Week in Security News: Risky Radio Remotes and Cybercrime

January 18, 2019 admin 0 Comments Current News, cybercrime, Pwn2Own, Security, SingHealth

Credit to Author: Jon Clay (Global Threat Communications)| Date: Fri, 18 Jan 2019 15:18:00 +0000

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about Trend Micro’s new research on radio frequency technology and the risks of radio remote controllers. Also, understand why there is a rise in physical crime…

The post This Week in Security News: Risky Radio Remotes and Cybercrime appeared first on .

MalwareBytes Security

The Advanced Persistent Threat files: APT10

January 16, 2019 admin 0 Comments Advanced Persistent Threat, Advanced persistent threats, aerospace, APT, APT10, APTs, China, Chinese Ministry of State Security, construction, cybercrime, engineering, FireEye, hacking, MSS, PlugX, Poison Ivy, scanbox, sogu, telecoms, threat actors

Credit to Author: William Tsing| Date: Wed, 16 Jan 2019 17:00:00 +0000

While security companies are getting good at analyzing the tactics of nation-state threat actors, they still struggle with placing these actions in context and making solid risk assessments. So in this series, we’re going to take a look at a few APT groups, and see how they fit into the larger threat landscape—starting with APT10.

Categories:

Tags: advanced persistent threat advanced persistent threats aerospace APT APT10 APTs china Chinese Ministry of State Security construction engineering FireEye MSS PlugX Poison Ivy scanbox sogu telecoms threat actors

(Read more…)

The post The Advanced Persistent Threat files: APT10 appeared first on Malwarebytes Labs.

MalwareBytes Security

Luas data ransom: the hacker who cried wolf?

January 11, 2019 admin bitcoin, cybercrime, data breach, hacked, hacking, haveibeenpwned, luas, ransom, ransomware

Credit to Author: Christopher Boyd| Date: Fri, 11 Jan 2019 18:00:00 +0000

Irish tram firm Luas were recently compromised and told to pay 1 Bitcoin, or risk user data being fired into the void. The deadline for paying the ransom has now passed: So what happens next? And is anyone out there really at risk?

Categories:

Tags: bitcoin data breach hacked hacking haveibeenpwned luas ransom ransomware

(Read more…)

The post Luas data ransom: the hacker who cried wolf? appeared first on Malwarebytes Labs.

MalwareBytes Security

Social Security Number scammers are at it again

January 10, 2019 admin cybercrime, Federal Trade Commission, FTC, robocall scam, Security Disability, Social engineering, Social Security Administration, social security number scam, social security scam, SSA, ssa scam, SSD, ssd vulnerability, SSN, ssn scam

Credit to Author: Jovi Umawing| Date: Thu, 10 Jan 2019 21:05:26 +0000

The Federal Trade Commission recently released a warning about a sharp increase in Social Security Number scammers. Have you gotten one of their robocalls? Here’s how to recognize the scam and what to do about it.

Categories:

Tags: Federal Trade Commission FTC robocall scam Security Disability Social Security Administration social security number scam social security scam SSA ssa scam SSD ssd vulnerability SSN ssn scam

(Read more…)

The post Social Security Number scammers are at it again appeared first on Malwarebytes Labs.

MalwareBytes Security

Ryuk ransomware attacks businesses over the holidays

January 8, 2019 admin attribution, BitPaymer ransomware, christmas, cybercrime, data resolution, dataresolution.net, emotet, exploit, Hermes, Holiday, Lazarus, malicious office documents, malspam, malware, malwarebytes anti-exploit, malwarebytes anti-ransomware, NORTH KOREA, Onslow water and sewer authority, OWASA, protection, ransom, ransomware, ryuk, stats, Tips, tribune publishing, trickbot

Credit to Author: Adam Kujawa| Date: Tue, 08 Jan 2019 19:49:45 +0000

Over the holiday, a little-known ransomware family called Ryuk caused serious damage to numerous organizations. The attacks leave a lot of questions unanswered. What do we know so far?

Categories:

Tags: attribution BitPaymer ransomware Christmas data resolution dataresolution.net emotet exploit Hermes holiday Lazarus malicious office documents malspam malwarebytes anti-exploit malwarebytes anti-ransomware North Korea Onslow water and sewer authority OWASA protection ransom ransomware ryuk stats tips tribune publishing trickbot

MalwareBytes Security

Australia’s Early Warning Network compromised

January 7, 2019 admin 2fa, compromise, cybercrime, danger, early warning network, early warning system, email, login, Pagasa, Phivolcs, phonemail, privacy, sms, two-factor authentication, Weather

Credit to Author: Christopher Boyd| Date: Mon, 07 Jan 2019 17:59:03 +0000

An Australian Early Warning System notifying subscribers of severe weather alerts was compromised over the weekend, with messages sent across a variety of formats. What did the hackers get up to? And why did they do it?

Categories:

Tags: 2fa compromise danger early warning network early warning system email login PAGASA PHIVOLCS phonemail sms two-factor authentication weather

(Read more…)

The post Australia’s Early Warning Network compromised appeared first on Malwarebytes Labs.

Security TrendMicro

Server Security for the Modern IT Ecosystem

January 3, 2019 admin AWS, Azure, Business, cybercrime, devops, Hybrid Cloud Security, IT Ecosystem, microservice, Security, server security, VMware

Credit to Author: Trend Micro| Date: Thu, 03 Jan 2019 15:30:46 +0000

A Changing Landscape In recent years we’ve seen a fundamental shift in the IT landscape, accelerated towards cloud and containerized infrastructures. According to Forbes, by 2020 it is predicted that 83 percent of enterprise workloads will be in the cloud. Moving beyond the cloud, software development teams are driving further change with the adoption of…

The post Server Security for the Modern IT Ecosystem appeared first on .

MalwareBytes Security

The new landscape of pre-installed mobile malware: malicious code within

January 2, 2019 admin adups, Android, auto installer, cybercrime, Mobile, monitoring app, preinstalled, preinstalled malware

Credit to Author: Nathan| Date: Wed, 02 Jan 2019 18:15:46 +0000

We are now seeing malware authors target system apps that are required for mobile devices to function properly. By injecting malicious code within these necessary apps, threat actors have reshaped the landscape of pre-installed malware for the worse.

Categories:

Tags: adups Android auto installer Mobile monitoring app preinstalled preinstalled malware

Security TrendMicro

Incident Response In The Public Eye

December 31, 2018 admin Compliance & Regulations, Current News, cybercrime, Incident Response, vulnerabilities

Credit to Author: Mark Nunnikhoven (Vice President, Cloud Research)| Date: Mon, 31 Dec 2018 17:00:44 +0000

Cyberattacks happen constantly. Every day organizations are attackers online whether they realize it or not. Most of these attacks are passing affairs. The mere fact that systems are on to the internet makes them a target of opportunity. For the most part, these attacks are non-events. Security software, bugs in attack code, and updated applications…

The post Incident Response In The Public Eye appeared first on .

← Previous