Credit to Author: Malwarebytes Labs| Date: Mon, 26 Nov 2018 18:21:37 +0000
A roundup of last week’s security news from November 19–25, including a business email compromise attack, deep dive into DNA testing kits, and more troubles for Tesla.
Credit to Author: BrianKrebs| Date: Thu, 02 Aug 2018 15:11:45 +0000
A story published here on July 12 about a new sextortion-based phishing scheme that invokes a real password used by each recipient has become the most-read piece on KrebsOnSecurity since this site launched in 2009. And with good reason — sex sells (the second most-read piece here was my 2015 scoop about the Ashley Madison hack). But beneath the lurid allure of both stories lies a more unsettling reality: It has never been easier for scam artists to launch convincing, targeted phishing and extortion scams that are automated on a global scale. And given the sheer volume of hacked and stolen personal data now available online, it seems almost certain we will soon witness many variations on these phishing campaigns that leverage customized data elements to enhance their effectiveness.
Google has not had any of its 85,000+ employees successfully phished on their work-related accounts since early 2017, when it began requiring all employees to use physical Security Keys in place of passwords and one-time codes, the company told KrebsOnSecurity.