Credit to Author: Danny Bradbury| Date: Thu, 12 Dec 2019 17:03:59 +0000
Version 79 of Chrome is out, and it promises to do a better job of protecting you against phishing sites and credential stuffing attacks.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/kPx8Ii–vqQ” height=”1″ width=”1″ alt=””/>
Read moreCredit to Author: Christopher Boyd| Date: Fri, 06 Dec 2019 20:29:26 +0000
 | |
| We take a look at a pressure-filled phishing attempt sent to players of the Elder Scrolls Online video game. Categories: Tags: elder scrolls onlineESOgamersgaminggaming scamsgaming securityMMORPGpasswordsphishphishingplaystationscamscammersSocial Engineering |
The post Fake Elder Scrolls Online developers go phishing on PlayStation appeared first on Malwarebytes Labs.
Read moreCredit to Author: Threat Intelligence Team| Date: Tue, 03 Dec 2019 18:06:13 +0000
 | |
| We take a deep dive into the IcedID Trojan, describing the new payloads of this advanced malware. Categories: Tags: backdoorbanking Trojanbanking Trojanscredential stealingdownloaderhooking browsersIcedID Trojanmalwaremalware analysisman-in-the-browser attackspasswordsstealerstealer functionalitystealing passwordsstealthy malwaretrickbotTrojans |
The post New version of IcedID Trojan uses steganographic payloads appeared first on Malwarebytes Labs.
Read more
Credit to Author: Lisa Vaas| Date: Tue, 26 Nov 2019 11:30:16 +0000
We have to protect the constitutional rights of the innocent, and that can mean shielding guilty-as-hell child abusers, the court said.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/tytTDlPZrB0″ height=”1″ width=”1″ alt=””/>
Read moreCredit to Author: Christopher Boyd| Date: Fri, 22 Nov 2019 16:27:47 +0000
 | |
| IoT laws and guidelines abound, as we take a look what’s happening around the world in the name of securing Internet-connected devices. Categories: Tags: AustraliaCaliforniainternetInternet of ThingsIoTiot lawsiot legislationpasswordstechnology lawstechnology legislationukunited statesus |
The post IoT bills and guidelines: a global response appeared first on Malwarebytes Labs.
Read more
Credit to Author: Sharky| Date: Mon, 28 Oct 2019 03:00:00 -0700
Pilot fish and his help desk colleagues do a lot of password resets and have learned that it’s best to sympathize with the callers and normalize forgetting those strings of letters, numbers and symbols. It can happen to anybody is the message.
But some forgetfulness is more normal than others, finds fish, who told one user, “I’m going to reset your password to your last name, with the first letter capitalized.”
Reports fish: “He said, ‘Wait a minute. Let me get a pencil and paper to write that down.
“I then spelled his last name for him and reminded him to capitalize the first letter. He thanked me and hung up the phone.
“Surreal doesn’t even begin to describe how this felt!”
Credit to Author: Sharky| Date: Fri, 25 Oct 2019 03:00:00 -0700
This pilot fish builds a lot of Linux systems that have to be compliant with U.S. Department of Defense/Defense Information Systems Agency STIG security requirements, but he tries to lessen the pain by assigning root passwords that are secure but easily remembered. Naturally, he sends them to the owner via encrypted email.
When the Nvidia driver in one of those machines gets corrupted after the system goes down hard in a power outage, fish needs root access to reinstall the driver. Unfortunately, the user of that machine (who, just incidentally, had ignored the warnings about that planned power outage) has no recollection of the root password, and he can’t get it from his email. Why? He has uninstalled all his old encryption certs, so older encrypted emails can no longer be decrypted.
Credit to Author: Lisa Vaas| Date: Wed, 23 Oct 2019 12:43:57 +0000
The researchers’ “Smart Spies” apps showed how Amazon Alexa and Google Home users could be exposed to vishing and eavesdropping.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/2-76soYbixo” height=”1″ width=”1″ alt=””/>
Read more
Credit to Author: Lisa Vaas| Date: Tue, 22 Oct 2019 11:41:03 +0000
It’s not a violation of her Fifth Amendment rights, the court said, because it’s a “foregone conclusion” that she knows her phone passcode.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/DdWnZ_mEEBY” height=”1″ width=”1″ alt=””/>
Read moreCredit to Author: Malwarebytes Labs| Date: Mon, 21 Oct 2019 15:45:45 +0000
 | |
| Cybersecurity news for October 14 – 20, including the future of the password, the lingering threat of ransomware, and new security features from Instagram. Categories: Tags: amazonDark Webdomestic abusedomestic abuse survivordomestic abuse survivorsdomestic violencefacebookfacial recognitionInstagramjackpotjackpottingkindleMark Zuckerbergnational cybersecurity awareness monthNational domestic violence awareness monthOraclepasswordpasswordsphishphishingphishing scamransomwaretorTor browserUS Customs and Border Enforcementvpnvulnerabilitiesvulnerability |
The post A week in security (October 14 – 20) appeared first on Malwarebytes Labs.
Read more