Just a quick post about an interesting file found in a phishing kit. Bad guys use common techniques to prevent crawlers, scanners or security companies from accessing their pages. Usually, they deploy a .htaccess file to achieve this. Today, I found a phishing kit related to a bank (ANZ) with such protection. But, in this case, the attackers took the time to

With thousands of infected computers and millions of dollars lost, the latest ransomware attacks are surely marking the trends to come in the increasingly lucrative field of cybercrime. This, together with the exponential proliferation of connected devices on the IoT, as well as covert cyberwar, sets the stage for cybercrime to come. More malware, more sophi

Endpoints have traditionally proven to be the Achilles heel of any corporate network’s security. Protecting them is vital to any security strategy. The MO of traditional antivirus solutions is to classify software using black-and-white lists. But this is not enough, as threats continue to find new ways to wriggle their way into our systems. Modern times, new

To fight phishing attacks, Google has introduced a security measure for its Gmail app for iOS that will help users identify and delete phishing emails. Phishing continues to be one of the most dangerous threats, crooks continue to devise new techniques to trick victims into providing sensitive information. The technique is still the privileged attack vector

According to a new research conducted by experts at Rapid7, there are 4.1 million Windows endpoints exposed online via Remote Desktop Protocol (RDP). The researchers discovered that there are 11 million open 3389/TCP endpoints, and that 4.1 million of them are RDP. “We analyzed the responses, tallying any that appeared to be from RDP speaking endpoints

George is in his office responding to his morning emails when he notices an unusual message. The subject is concise: “Security Alert”. Obviously, he wants to know what’s going on. He opens it, reads the first paragraph to see what the problem is, then clicks the link ostensibly taking him to the company page where he will have to confirm his data

SAP just released another set of security patches for its products to address a total of 19 vulnerabilities, most common vulnerability type is XSS. On Tuesday, SAP released a set of security patches to address a total of 19 software vulnerabilities, most of them are rated medium. The most common vulnerability type is cross site scripting (XSS). Among the mo

Adobe released security updates to address more than 80 flaws in products, including Flash Player, Reader, Acrobat, Digital Editions and Experience Manager. Adobe released security updates for its Flash Player, Reader, Acrobat, Digital Editions and Experience Manager products. The company addressed more than 80 vulnerabilities. Adobe has updated Flash Player

The CDT urged US federal trade authorities to investigate VPN provider AnchorFree for deceptive and unfair trade practices. The digital rights advocacy group Center for Democracy & Technology (CDT) urged US federal trade authorities to investigate VPN provider AnchorFree for deceptive trade practices. AnchorFree provides the Hotspot Shield VPN app claimi

When we think of threats to our company’s cybersecurity, the first thing that comes to mind is attacks from the outside. But this line of thinking sometimes leads us to forget another crucial feature of the threat landscape: internal threats. Only about half of companies are aware of the risk of falling victim to cyberattacks due to employee negligence or ev

Mozilla Send service allows users to make an encrypted copy of a local file, store it on a remote server, and share it with a single recipient. Mozilla has presented Send, an experimental service that allows users to make an encrypted copy of a local file, store it on a remote server, and share it with a single recipient. The service allows to easily share l

Cisco addressed 15 flaws in its products, including 2 flaws that could be exploited by attackers to trigger a DoS condition or bypass local authentication. Cisco addressed 15 vulnerabilities affecting a dozen products, including two high severity flaws that could be exploited by attackers to trigger a denial of service condition or bypass local authenticatio

After all recent attacks, what is the current cybersecurity status? 2017 has already seen a number of high profile cybersecurity events, and we expect many more before the year is out. As an evidence of this, PandaLabs records a 40% increase in attacked devices this quarter. Cybercriminals have been carrying out attacks on an unprecedented scale, even bringi

What to keep in mind when booking your next trip? Planning your next trip has never been easier. You just go online, browse around until you find a price that works for you, and book your flights, room, and rent-a-car. Once it is all done, you save all your reservations, and you truly believe you are all set for the next big adventure in your life! You see t

When it comes to ransomware, big businesses get all the attention in the press, which might lead one to think that this kind of cyberattack only targets companies with a big name. But this is far from the truth. On a global level, 43% of attacks are aimed at small and medium-sized businesses (SMBs). In fact, as we’ve recently seen in PandaLabs’ quarterly rep