45 matches found
This Week in Security News: Trend Micro’s Zero Day Initiative Celebrates 15 Years and 24 Million Customers Affected after Experian Data Breach
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, read how the Zero Day Initiative ZDI has awarded more than $25 million in bounty rewards to security researchers over the past decade and a...
How CISOs Should Prepare for Coronavirus Related Cybersecurity Threats
The Coronavirus is hitting hard on the world's economy, creating a high volume of uncertainty within organizations. Cybersecurity firm Cynet today revealed new data, showing that the Coronavirus now has a significant impact on information security and that the crisis is actively exploited by thre...
The Coronavirus is Already Taking Effect on Cyber Security– This is How CISOs Should Prepare
The Coronavirus is hitting hard on the world’s economy, creating a high volume of uncertainty within organizations. Cynet has revealed new data, showing that the Coronavirus now has a significant impact on information security and that the crisis is actively exploited by threat actors. In light o...
Iran-Linked 'Charming Kitten' Touts New Spearphishing Tactics
An Iran-linked advanced persistent threat APT group tied to attacks on President Trump’s 2020 re-election campaign has added new spearphishing techniques to its arsenal in an apparent ramp-up in operations. Charming Kitten—which goes by a number of names, including APT35, Ajax Security Team,...
This Week in Security News: IoT Devices Are a Target in Cybercriminal Underground
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn how fileless malware abuses PowerShell. Also, read how Trend Micro researchers are pulling back the curtain on the cybercriminal...
PT-2019-3009 · Microsoft · Outlook
Name of the Vulnerable Software and Affected Versions: Microsoft Outlook affected versions not specified Description: A remote code execution issue exists due to improper handling of objects in memory. An attacker could exploit this by using a specially crafted file, allowing them to perform...
A Spate of University Breaches Highlight Email Threats in Higher Ed
Oregon State University announced Friday that hackers potentially made off with 636 student records and family records of students containing personally identifiable information PII, after a successful email attack in early May. This comes on the heels of email-based breaches at Graceland...
Microsoft Warns of Email Attacks Executing Code Using an Old Bug
Microsoft is warning of a fresh email campaign that distributes malicious RTF files boobytrapped with an exploit dating back to a 2017 vulnerability, CVE-2017-11882. The exploit allows attackers to automatically run malicious code without requiring user interaction. “The CVE-2017-11882...
Threatlist: Email Attacks Surge, Targeting Execs
There was a 36 percent increase in email attacks against businesses between the first and second quarters of 2018, with retail, healthcare and government experiencing the most business email compromise BEC attempts, according to a new report. Several trends emerged in the analysis period, includi...
Multiple Cobalt Personality Disorder
Introduction Despite the notion that modern cybersecurity protocols have stopped email-based attacks, email continues to be one of the primary attack vectors for malicious actors — both for widespread and targeted operations. Recently, Cisco Talos has observed numerous email-based attacks that ar...
Creative Spam Thinks Outside the Macro with .IQY Attachments
The Necurs botnet is driving a fresh spam campaign that uses Excel Web Query .IQY file attachments to skim under the antivirus radar. If successful, the attack ultimately delivers the remote access trojan RAT known as FlawedAmmyy. This is the third wave in an offensive that started in late May. T...
Enhancing Office 365 Advanced Threat Protection with detonation-based heuristics and machine learning
Email, coupled with reliable social engineering techniques, continues to be one of the primary entry points for credential phishing, targeted attacks, and commodity malware like ransomware and, increasingly in the last few months, cryptocurrency miners. Office 365 Advanced Threat Protection ATP...
Rubella Crimeware Kit: Cheap, Easy and Gaining Traction
A crimeware kit dubbed the Rubella Macro Builder is betting on a “dirty deeds done dirt cheap” approach to gain popularity in the criminal underground. The kit does two things: with a point-and-click builder functionality, it generates an initial malware payload for social-engineering spam...
Part 1: Reading SPAM for Research
I recently wrote an article for Information Security Magazine where I explained how internet security researchers could use their spam folders as a resource tool. It got me thinking about going into greater detail on what I've found in my inbox. Phishing Sites I noticed an increase in "free gift...
CVE-2013-3906: a graphics vulnerability exploited through Word documents
Recently we become aware of a vulnerability of a Microsoft graphics component that is actively exploited in targeted attacks using crafted Word documents sent by email. Today we are releasing Security Advisory 2896666 which includes a proactive Fix it workaround for blocking this attack while we...
Cyber security scenario according to WebSense
It's time of stocktaking, principal security firm are proposing their analysis to synthesize actual situation on cyber security, 2012 is widely considered a year when the malware has increased significantly thanks to the contributions of various actors that we will analyze shortly. WebSense has...
E-mail Trends Show Hackers Working Weekends Less and Less
While there are an increasing number of weekends catered to hacking, even hackers need a day off – and it shouldn’t surprise many that increasingly, that day is usually Sunday. Network security company FireEye reviewed statistics on email-based attacks for 2012 that suggest that Sunday has slowed...
Phishing Season: Spam on the rise
Within the past two weeks there have been several reports on the increase in email spam, which can be directly correlated to an increase in phishing schemes and malware attacks. These attacks are frequently being delivered under the guise of legitimate business: they come in the form of shipment...
UK foreign secretary : "We are under Cyber attack" !
Yesterday, the UK adopted secretary, William Hague, explained to a aegis appointment in Munich how cyber abyss were aggravating to access the UK government and aegis contractors. According to a BBC report, Mr. Hague explained that attackers had adulterated government computers with the Zeus troja...
Mantis Bug Tracker 0.x - New Account Signup Mass Emailing
Mantis Bug Tracker 0.x - New Account Signup Mass Emailing source: https://www.securityfocus.com/bid/10995/info Mantis is reportedly susceptible to a vulnerability in its signup process allowing mass email attacks. When a new user signs up to Mantis, the system automatically sends an email message...