Fake Elder Scrolls Online developers go phishing on PlayStation

Credit to Author: Christopher Boyd| Date: Fri, 06 Dec 2019 20:29:26 +0000

We take a look at a pressure-filled phishing attempt sent to players of the Elder Scrolls Online video game.

Categories:

Tags:

(Read more…)

The post Fake Elder Scrolls Online developers go phishing on PlayStation appeared first on Malwarebytes Labs.

Read more

New version of IcedID Trojan uses steganographic payloads

Credit to Author: Threat Intelligence Team| Date: Tue, 03 Dec 2019 18:06:13 +0000

We take a deep dive into the IcedID Trojan, describing the new payloads of this advanced malware.

Categories:

Tags:

(Read more…)

The post New version of IcedID Trojan uses steganographic payloads appeared first on Malwarebytes Labs.

Read more

IoT bills and guidelines: a global response

Credit to Author: Christopher Boyd| Date: Fri, 22 Nov 2019 16:27:47 +0000

IoT laws and guidelines abound, as we take a look what’s happening around the world in the name of securing Internet-connected devices.

Categories:

Tags:

(Read more…)

The post IoT bills and guidelines: a global response appeared first on Malwarebytes Labs.

Read more

Memory-Lane Monday: Please tell me his name wasn’t Jones

Credit to Author: Sharky| Date: Mon, 28 Oct 2019 03:00:00 -0700

Pilot fish and his help desk colleagues do a lot of password resets and have learned that it’s best to sympathize with the callers and normalize forgetting those strings of letters, numbers and symbols. It can happen to anybody is the message.

But some forgetfulness is more normal than others, finds fish, who told one user, “I’m going to reset your password to your last name, with the first letter capitalized.”

Reports fish: “He said, ‘Wait a minute. Let me get a pencil and paper to write that down.

“I then spelled his last name for him and reminded him to capitalize the first letter. He thanked me and hung up the phone.

“Surreal doesn’t even begin to describe how this felt!”

To read this article in full, please click here

Read more

Name game

Credit to Author: Sharky| Date: Fri, 25 Oct 2019 03:00:00 -0700

This pilot fish builds a lot of Linux systems that have to be compliant with U.S. Department of Defense/Defense Information Systems Agency STIG security requirements, but he tries to lessen the pain by assigning root passwords that are secure but easily remembered. Naturally, he sends them to the owner via encrypted email.

When the Nvidia driver in one of those machines gets corrupted after the system goes down hard in a power outage, fish needs root access to reinstall the driver. Unfortunately, the user of that machine (who, just incidentally, had ignored the warnings about that planned power outage) has no recollection of the root password, and he can’t get it from his email. Why? He has uninstalled all his old encryption certs, so older encrypted emails can no longer be decrypted.

To read this article in full, please click here

Read more

A week in security (October 14 – 20)

Credit to Author: Malwarebytes Labs| Date: Mon, 21 Oct 2019 15:45:45 +0000

Cybersecurity news for October 14 – 20, including the future of the password, the lingering threat of ransomware, and new security features from Instagram.

Categories:

Tags:

(Read more…)

The post A week in security (October 14 – 20) appeared first on Malwarebytes Labs.

Read more

But I’m still me

Credit to Author: Sharky| Date: Mon, 21 Oct 2019 03:00:00 -0700

Longtime user at a big bank can’t access the archiving system, the intranet kicks her back to the login screen, and the attendance system that pilot fish supports never heard of her. She’s frantic to be recognized by the system, and she starts flooding the IT department with calls — not just the help desk, but operations and individual IT employees as well.

Everyone who gets a call is solicitous and sympathetic, and they all run down the list of questions that could rule out scenarios. Did she get a new PC? No. Did she change offices? No. Is anyone else affected? No. So what is going on?

The answer is simple after all. The woman had just gotten married, and upon her return from her honeymoon, she started using her new last name with every application — without first requesting to have her name changed in any applications. What isn’t so simple is understanding why she never thought to try logging in with her maiden name.

To read this article in full, please click here

Read more