182 matches found
A week in security (October 14 – 20)
Last week on Malwarebytes Labs, we tried to unlock the future of the password its vulnerabilities, current alternatives, and possible future disappearance, analyzed the lagging response by many businesses in adopting a patch for Pulse VPN vulnerability, looked at Instagram’s bulked-up security...
MyPayrollHR CEO Arrested, Admits to $70M Fraud
Earlier this month, employees at more than 1,000 companies saw one or two paycheck's worth of funds deducted from their bank accounts after the CEO of their cloud payroll provider absconded with $35 million in payroll and tax deposits from customers. On Monday, the CEO was arrested and allegedly...
Cybercriminals Adding Sophistication to BEC Threats
Cybercriminals are boosting their game and employing new tactics to move up the chain of command with more sophisticated business email compromise BEC threats that pose a greater threat to organizations, according to a new report. Advanced BEC attacks–including impersonation attacks and CEO...
How Twitter CEO Jack Dorsey's Account Was Hacked
Like so many Twitter attacks lately, it was a SIM swap...
Cloudflare Ditches 8chan. What Happens Now?
In an interview with WIRED, Cloudflare CEO Matthew Prince explains his decision to stop protecting 8chan—and where the notorious forum goes from here...
Honda's Security 'Soft Spots' Exposed in Unsecured Database
An unsecured database belonging to Honda Motor Company was found leaking crucial information about its global systems, including which devices aren’t up-to-date or protected by security solutions. The exposed ElasticSearch database contained approximately 134 million documents, and amounted to...
Hit the Easy Button for Your Organization’s Gmail Security
Fifteen years ago, Gmail was launched by Google. The web-based service now has 1.5 billion users a month. In addition to being the extremely popular personal email service, Gmail is also a key component of G Suite for organizations. One of the many reasons of Gmail’s popularity is its security...
Video: HackerOne CEO on the Evolving Bug Bounty Landscape
The bug bounty landscape continues to change along with the concept and rules around vulnerability disclosure. Meanwhile, companies such as GitHub, Microsoft and others continue to keep pace, launching or expanding bounty programs. Even the European Commission is getting in on the action. On...
Cryptocurrency Firm Loses $145 Million After CEO Dies With Only Password
QuadrigaCX, the largest bitcoin exchange in Canada, has claimed to have lost CAD 190 million nearly USD 145 million worth of cryptocurrency after the exchange lost access to its cold offline storage wallets. Reason? Unfortunately, the only person with access to the company's offline wallet, found...
Shipping Firms Speared with Targeted 'Whaling' Attacks
Scammers are honing in on the shipping industry, using “whaling,” a.k.a. business email compromise BEC attacks, to scoop up credentials, or worse, compromise critical systems. Hackers are launching whaling attacks to target various types of employees with some serious online and sometimes...
Shipping operators, what you need to know about phishing and CEO fraud
Maybe second only to ransomware, the most likely type of attack a shipping operator will experience will be a phishing scam. Usually this will be carried out by email, or social media, or even messaging apps. It will likely include a link to what seems a plausible website, and/or have an...
Man arrested for stealing $1m from Silicon Valley Exec via SIM-swapping
By ghostadmin A 21-year old Manhattan resident has been accused of SIM-swapping the mobile number of Robert Ross, a Silicon Valley executive, and managed to steal $1 million. The accused, Nicholas Truglia, not only targeted Ross’s phone number with SIM-swapping attacks but many others too includi...
Are Deepfakes coming to a scam near you?
Your boss contacts you over Skype. You see her face and hear her voice, asking you to transfer a considerable amount of money to a firm you've never ever heard of. Would you ask for written confirmation of her orders? Or would you simply follow through on her instructions? I would certainly be...
Closing the Gap: An Exciting Initiative to Drive More Gender Diversity in Tech
We all know there’s a global IT skills crisis. In cybersecurity things are even worse, with a shortfall of nearly three million roles estimated today — 500,000 of which are in North America. Today women comprise just 24% of the workforce yet half of the global population. Why is this? Women were...
Business email compromise scam costs Pathé $21.5 million
Recently released court documents show that European-based cinema chain Pathé lost a small fortune to a business email compromise BEC scam in March 2018. How much? An astonishing US$21.5 million roughly 19 million euros. The attack, which ran for about a month, cost the company 10 percent of its...
ThreatList: Half of Execs Feel Unprepared to Respond to a Cyber-Incident
Nearly half 46 percent of executives in a Deloitte poll say their organizations have experienced a cybersecurity incident over the past year — and that they’re still no closer to being ready for the next event. The survey, of more than 3,150 professionals taken during a Deloitte Dbriefs webcast o...
The Twenty Minute VC with Carbon Black CEO Patrick Morley
Editor's Note: This post originally appeared on TheTwentyMinuteVC.com. Patrick Morley is the President and CEO @ Carbon Black, the company that combines unfiltered data collection, predictive analytics, and cloud-based delivery to provide superior endpoint protection. Prior to their IPO in April...
Stop Impersonations of Your CEO by Checking the Writing Style
If one of your employees receives an email that looks like it’s from the CEO asking to send sensitive data or to make a wire transfer, could that employee spot it as a fake based on how it is written? He or she may be so concerned with pleasing the CEO that they may urgently respond without a...
Podcast: enSilo CEO on Black Hat USA 2018 Trends
Las Vegas – Threatpost’s Lindsey O’Donnell sits down with enSilo CEO Roy Katmor to talk about the top trends that we are seeing this week at Black Hat USA 2018 – from machine learning to connected-car security. Download here:...
Podcast: The Industrial World is Facing a Security Crisis
As more industrial systems become connected, so follows increased awareness of security issues surrounding industrial control systems, programmable logic controllers and SCADA. These once rare worlds of operational technology OT and IoT have now become part of the mainstream cybersecurity...