The Risk of Weak Online Banking Passwords

Credit to Author: BrianKrebs| Date: Mon, 05 Aug 2019 14:04:27 +0000

If you bank online and choose weak or re-used passwords, there’s a decent chance your account could be pilfered by cyberthieves — even if your bank offers multi-factor authentication as part of its login process. This story is about how crooks increasingly are abusing third-party financial aggregation services like Mint, Plaid, Yodlee, YNAB and others to surveil and drain consumer accounts online.

Read more

HTTPS: why the green padlock is not enough

Credit to Author: Pieter Arntz| Date: Wed, 09 May 2018 16:30:32 +0000

Cheap hosting deals offering free certificates have made the green padlock a less convincing sign of security. Here’s what to look for to ensure a website is safe to visit.

Categories:

Tags:

(Read more…)

The post HTTPS: why the green padlock is not enough appeared first on Malwarebytes Labs.

Read more

A week in security (November 27 – December 03)

Credit to Author: Malwarebytes Labs| Date: Mon, 04 Dec 2017 18:30:33 +0000

A compilation of notable security news and blog posts from Monday, November 27 to Sunday, December 3, including smart toys, another security breach, ransomware, and things to ponder when shopping for gifts this Christmas season.

Categories:

Tags:

(Read more…)

The post A week in security (November 27 – December 03) appeared first on Malwarebytes Labs.

Read more

PayPal phish asks to verify transactions—don’t do it

Credit to Author: Christopher Boyd| Date: Fri, 01 Dec 2017 19:35:26 +0000

We take a look at a batch of fake PayPal emails asking potential victims to visit a so-called resolution center to address unverified transactions.

Categories:

Tags:

(Read more…)

The post PayPal phish asks to verify transactions—don’t do it appeared first on Malwarebytes Labs.

Read more

Following the Money Hobbled vDOS Attack-for-Hire Service

Credit to Author: BrianKrebs| Date: Tue, 06 Jun 2017 12:12:47 +0000

A new report proves the value of following the money in the fight against dodgy cybercrime services known as “booters” or “stressers” — virtual hired muscle that can be rented to knock nearly any website offline. Last fall, two 18-year-old Israeli men were arrested for allegedly running a vDOS, perhaps the most successful booter service of all time. The pair were detained within hours of being named in a story on this blog as the co-proprietors of the service (this site would later suffer a three-day outage as a result of an attack that was alleged to have been purchased in retribution for my reporting on vDOS). That initial vDOS story was based on data shared by an anonymous source who had hacked vDOS and obtained its private user and attack database. The story showed how the service made approximately $600,000 over just two of the four years it was in operation. Most of those profits came in the form of credit card payments via PayPal. But prior to vDOS’s takedown in September 2016, the service was already under siege thanks to work done by a group of academic researchers who teamed up with PayPal to identify and close accounts that vDOS and other booter services were using to process customer payments. The researchers found that their interventions cut profits in half for the popular booter service, and helped reduce the number of attacks coming out of it by at least 40 percent.

Read more