A week in security (May 7 – May 13)

Credit to Author: Malwarebytes Labs| Date: Mon, 14 May 2018 17:18:24 +0000

A roundup of security news from May 7 – May 13, including a new zero-day for Internet Explorer, a Netflix phishing scam, a worm found in Facebook’s Messenger, and more.

Categories:

Tags:

(Read more…)

The post A week in security (May 7 – May 13) appeared first on Malwarebytes Labs.

Read more

Cybersecurity New Year’s resolutions, you say? Why not.

Credit to Author: Jovi Umawing| Date: Fri, 19 Jan 2018 16:00:00 +0000

It’s no surprise that our resolutions are usually about health, finances, relationships, and self-improvement. As all of us live digital lives, too, why not think up cybersecurity New Year’s resolution that concern our online health and safety?

Categories:

Tags:

(Read more…)

The post Cybersecurity New Year’s resolutions, you say? Why not. appeared first on Malwarebytes Labs.

Read more

Fraudsters Exploited Lax Security at Equifax’s TALX Payroll Division

Credit to Author: BrianKrebs| Date: Thu, 18 May 2017 20:23:13 +0000

Identity thieves who specialize in tax refund fraud had big help this past tax year from Equifax, one of the nation’s largest consumer data brokers and credit bureaus. The trouble stems from TALX, an Equifax subsidiary that provides online payroll, HR and tax services. Equifax says crooks were able to reset the 4-digit PIN given to customer employees as a password and then steal W-2 tax data after successfully answering personal questions about those employees. In a boilerplate text sent to several affected customers, Equifax said the unauthorized access to customers’ employee tax records happened between April 17, 2016 and March 29, 2017. Beyond that, the extent of the fraud perpetrated with the help of hacked TALX accounts is unclear, and Equifax refused requests to say how many consumers or payroll service customers may have been impacted by the authentication weaknesses.

Read more

SSA.GOV To Require Stronger Authentication

Credit to Author: BrianKrebs| Date: Wed, 10 May 2017 13:01:13 +0000

The U.S. Social Security Administration will soon require Americans to use stronger authentication when accessing their accounts at ssa.gov. As part of the change, SSA will require all users to enter a username and password in addition to a one-time security code sent their email or phone. In this post, we’ll parse this a bit more and look at some additional security options for SSA users.

Read more

Amazon third party sellers: A new threat

Credit to Author: William Tsing| Date: Fri, 14 Apr 2017 15:00:06 +0000

On Monday, the Wall Street Journal reported a wave of hijacked Amazon seller accounts that proceeded to fleece buyers for large sums of money. As reported here, attackers would use credentials harvested from other breaches to take over the account, then either simply redirect funds to their own deposit account or create lots of fake…

Categories:

Tags:

(Read more…)

The post Amazon third party sellers: A new threat appeared first on Malwarebytes Labs.

Read more

How to Protect Your iCloud Account, Juuust in Case Those Hackers Aren’t Joking

Credit to Author: Lily Hay Newman| Date: Sun, 26 Mar 2017 11:00:55 +0000

How to Protect Your iCloud Account, Juuust in Case Those Hackers Aren’t Joking

Hackers claim that they’ll wipe out hundreds of millions of iCloud accounts on April 7. Apple says there’s no breach. Here’s what to do in the meantime. The post How to Protect Your iCloud Account, Juuust in Case Those Hackers Aren’t Joking appeared first on WIRED.

Read more

Phishing 101 at the School of Hard Knocks

Credit to Author: BrianKrebs| Date: Fri, 24 Mar 2017 16:03:21 +0000

A recent, massive spike in sophisticated and successful phishing attacks is prompting many universities to speed up timetables for deploying mandatory two-factor authentication (2FA) — requiring a one-time code in addition to a password — for access to student and faculty services online. This is the story of one university that accelerated plans to require 2FA after witnessing nearly twice as many phishing victims in the first two-and-half months of this year than it saw in all of 2015.

Read more