Spam: quarterly highlights Delivery service Trojans At the start of Q2 2017, we registered a wave of malicious mailings imitating notifications from well-known delivery services. Trojan downloaders were sent out in ZIP archives, and after being launched they downloaded other malware – Backdoor.Win32.Androm and Trojan.Win32.Kovter. The usual trick of present

Just a quick post about an interesting file found in a phishing kit. Bad guys use common techniques to prevent crawlers, scanners or security companies from accessing their pages. Usually, they deploy a .htaccess file to achieve this. Today, I found a phishing kit related to a bank (ANZ) with such protection. But, in this case, the attackers took the time to

IBM X-Force Kassel is a research team that operates massive spam honeypots and monitoring, gleaning data from billions of unsolicited emails every year. With such large amounts of spam coming in, we can more easily map trends. We looked at one recently when analyzing the spammer’s workweek. Our goal in this analysis was to delve into six months of data

Developer accounts of popular chrome extensions being hijacked by cyber criminals, over 4.7 million users are at a risk of cyber attack. Over 4.7 million users could be at risk after being exposed to malicious adverts and credentials theft due to developer accounts of popular chrome extensions being hijacked by cyber criminals. A phishing campaign run by Cyb

Layered schemes are used in most information security strategies, and it is essential to establish a similar approach to protecting the organization from unwanted email. In fact, spam and phishing are some of the biggest problems IT security managers face today. According to LinkedIn’s “2017 Cybersecurity Trends Report,” phishing attacks ar

To fight phishing attacks, Google has introduced a security measure for its Gmail app for iOS that will help users identify and delete phishing emails. Phishing continues to be one of the most dangerous threats, crooks continue to devise new techniques to trick victims into providing sensitive information. The technique is still the privileged attack vector

George is in his office responding to his morning emails when he notices an unusual message. The subject is concise: “Security Alert”. Obviously, he wants to know what’s going on. He opens it, reads the first paragraph to see what the problem is, then clicks the link ostensibly taking him to the company page where he will have to confirm his data

This week’s SecurityIQ feature release includes several exciting new capabilities for improved functionality. Updates include data-housing capabilities for European clients, improved reporting tools and simplified language preference management. Read on for complete release details. Download the complete SecurityIQ features overview.Increased Learner-P

Traditionally, BEC attacks have used keyloggers to steal saved account information from target machines. However, using an executable file for the attachment usually flags a user not to click them as there is a high chance that the file is malicious. As a result, we’ve seen a trend wherein the attached files are no longer executable files but HTML pages: Fi

How can you protect yourself against phishing? Email is one of the most popular ways people stay in touch, for both at work and at home. One report found that there were 205 billion emails sent every day in 2015 – and this is expected to rise to 246 billion by 2019. Much of our day-to-day business is conducted online now – take banking for instance. Many ban

Renato Marinho detailed an unusual SMS phishing campaign that hit Brazilian users. All started with an SMS message supposedly sent from his bank. Introduction Today I faced quite an unusual SMS phishing campaign here in Brazil. A friend of mine received an SMS message supposedly sent from his bank asking him to update his registration data through the given

Did you receive a WhatsApp subscription ending email or text? Watch out! It is a scam to steal your payment and personal data. Researcher Graham Cluley is warning of bogus ‘WhatsApp subscription ending’ emails and texts. Internet users are receiving an email pretending to be from WhatsApp and warning them of the ending for an alleged WhatsApp subscription. A

The experts from Netskope Threat Research Labs discovered the Hackshit PhaaS platform, another interesting case of crimeware-as-a-service. A few days ago, we discussed the Katyusha scanner,a powerful and fully automated SQLi vulnerability scanner discovered by researchers at security firm Recorded Future that was available for $500 in the cyber crime undergr

In today’s cybercrime landscape, threats come not only from all sides, but also from within. In its annual Threat Intelligence Index, IBM X-Force called 2016 the “year of the mega breach.” As threat actors become more sophisticated, enterprises must deal with outsiders who target corporate networks to steal product, client and customer data

Think before you share.You may be suspicious of the emails you receive in your inbox daily. Sharing photos and videos of friends and family is fun though. So, what are some things you can do to protect yourself while sharing files? Before you easily agree to share files with a friend through a USB drive or online account, make sure your computer’s anti