Business Email Compromise attack imitates vendors, targets supply chains

Today we have a fascinating tale of a business email compromise (BEC) group steering clear of targeting executives, in favour of fouling up supply chains instead. The attack, which may sound overly complicated, is a fairly streamlined attack with the intention of making a lot of money. BEC: What is it? BEC follows a few different patterns, but primarily...

1d

How the CISA catalog of vulnerabilities can help your organization

The Cybersecurity and Infrastructure Security Agency (CISA) maintains a “known exploited vulnerabilities catalog” which can be useful if you need help prioritizing the patching of vulnerabilities. In essence it is a long list of vulnerabilities that are actually being used by criminals to do harm, with deadlines for fixing them. Many organizations...

1d

Cyberthreats facing UK finance sector "a national security threat"

As the reports covering all of 2022 start trickling in, we can see that cybercrime and other types of fraud had a major impact last year. Take for example the 2022 half year fraud update by UK Finance, which tells us that criminals stole a total of £609.8 million (roughly $750 million) through authorized and unauthorized fraud and scams in the UK...

1d

The rise of multi-threat ransomware

Today we have a ten minute YouTube expedition into the murky world of ransomware. In the video, "The rise of multi-threat ransomware" (embedded below), I cover a couple of key talking points that always seem to come up in conversation. Single, double, triple? The video covers how ransomware made the leap from “just” encrypting your files to double-...

1d

Cybersecurity and privacy tips you can teach your 5+-year-old

Everything we teach our kids starts at home—we parents are their first teachers, after all. So, why wait for them to start going to school to start learning about cybersecurity and online privacy? Though it's hardly news that more and more children are being introduced to mobile computing devices like tablets, smartphones, and laptops at an early...

2d

Ransomware in December 2022

Malwarebytes Threat Intelligence builds a monthly picture of ransomware activity by monitoring the information published by ransomware gangs on their dark web leak sites. This information represents victims who were successfully attacked but opted not to pay a ransom. Lockbit has rebounded from its unusual fall from grace in November, snatching the...

2d

GitHub revokes several certificates after unauthorized access

In a call to action, GitHub warned users of GitHub Desktop for Mac and Atom that it will revoke certificates which were exposed during unauthorized access to a set of repositories used in the planning and development of GitHub Desktop and Atom. Revoking these certificates will invalidate some versions of GitHub Desktop for Mac and Atom. Mitigation...

3d

Up to 10 million people potentially impacted by JD Sports breach

We’re at the start of February, and news of breaches keeps on coming. In this case, though, while the news that 10 million JD Sports customers may have been impacted by a cyber attack has only just arrived, the data potentially accessed in that attack is already several years old. The danger zone If you made an online purchase from some of the companies...

3d

How to protect your business from supply chain attacks

Threat actors know that attacking the supply chain is not just a smart strategy but also a winning one. When American store Target found a Trojan designed to steal card details on its POS (point-of-sale) systems in 2013, no one expected that the route into its secure environment was its heating, ventilation, and air conditioning (HVAC) supplier, Fazio...

3d

40% of online shops tricking users with “dark patterns”

The European Commission has been looking at retail websites to see if they're misleading consumers with "dark patterns". Spoiler: Yes, they are. The Commission, along with the national consumer protection authorities of 23 EU member states, plus Norway and Iceland, have released the results of their screening of online shops. In a sweep of 399 sites...

4d