How 1-Time Passcodes Became a Corporate Liability

Credit to Author: BrianKrebs| Date: Tue, 30 Aug 2022 14:53:39 +0000

Phishers are enjoying remarkable success using text messages to steal remote access credentials and one-time passcodes from employees at some of the world’s largest technology companies and customer support firms. A recent spate of SMS phishing attacks from one cybercriminal group has spawned a flurry of breach disclosures from affected companies, which are all struggling to combat the same lingering security threat: The ability of scammers to interact directly with employees through their mobile devices.

Read more

It Might Be Our Data, But It’s Not Our Breach

Credit to Author: BrianKrebs| Date: Thu, 11 Aug 2022 17:45:31 +0000

A cybersecurity firm says it has intercepted a large, unique stolen data set containing the names, addresses, email addresses, phone numbers, Social Security Numbers and dates of birth on nearly 23 million Americans. The firm’s analysis of the data suggests it corresponds to current and former customers of AT&T. The telecommunications giant stopped short of saying the data wasn’t theirs, but it maintains the records do not appear to have come from its systems and may be tied to a previous data incident at another company.

Read more

A week in security (July 25 – July 31)

Categories: A week in security

Tags: backdoor

Tags: blog recap

Tags: bytedance

Tags: cookies

Tags: data breach

Tags: Google

Tags: linux

Tags: microsoft

Tags: ransomware

Tags: SQL injection

Tags: T-Mobile

Tags: tiktok

Tags: Uber

Tags: week in security

The most important and interesting computer security stories from the last week.

(Read more…)

The post A week in security (July 25 – July 31) appeared first on Malwarebytes Labs.

Read more

A week in security (July 25 – July 31)

Credit to Author: Malwarebytes Labs| Date: Mon, 01 Aug 2022 09:51:04 +0000

The most important and interesting computer security stories from the last week.

The post A week in security (July 25 – July 31) appeared first on Malwarebytes Labs.

Read more

T-Mobile agrees to pay customers $350 million in settlement over data breach

Credit to Author: Pieter Arntz| Date: Wed, 27 Jul 2022 10:32:19 +0000

T-Mobile has proposed to settle its 2021 data breach by paying $350 million, along with an incremental spend of $150 million in security.

The post T-Mobile agrees to pay customers $350 million in settlement over data breach appeared first on Malwarebytes Labs.

Read more

Fighting Fake EDRs With ‘Credit Ratings’ for Police

Credit to Author: BrianKrebs| Date: Wed, 27 Apr 2022 14:27:35 +0000

When KrebsOnSecurity last month explored how cybercriminals were using hacked email accounts at police departments worldwide to obtain warrantless Emergency Data Requests (EDRs) from social media and technology providers, many security experts called it a fundamentally unfixable problem. But don’t tell that to Matt Donahue, a former FBI agent who recently quit the agency to launch a startup that aims to help tech companies do a better job screening out phony law enforcement data requests — in part by assigning trustworthiness or “credit ratings” to law enforcement authorities worldwide.

Read more