374 matches found
Nigerian BEC Scams Hit 500 Companies in 50 Countries
Nigerian cybercriminals targeting industrial firms have stolen a slew of sensitive technical drawings, network diagrams, cost estimates, and project plans already this year. The data, exfiltrated by a cocktail of different spyware programs, wasn’t stolen from just executives, but also operators,...
Nigerian phishing: Industrial companies under attack
In late 2016, the Kaspersky Lab Industrial Control Systems Cyber Emergency Response Team Kaspersky Lab ICS CERT reported on phishing attacks that were primarily targeting industrial companies from the metallurgy, electric power, construction, engineering and other sectors. As further research...
Locky Ransomware Roars Back to Life Via Necurs Botnet
Cybercriminals behind the Locky ransomware and Necurs botnet are back in business. Last Friday researchers spotted both delivering nearly 35,000 emails in just a few hours, the first major Locky campaign researchers have seen in months, according to Cisco Talos. Researchers warn the latest Locky...
Combating a spate of Java malware with machine learning in real-time
In recent weeks, we have seen a surge in emails carrying fresh malicious Java .jar malware that use new techniques to evade antivirus protection. But with our research team’s automated expert systems and machine learning models, Windows 10 PCs get real-time protection against these latest threats...
Github Repository Owners Targeted by Data-Stealing Malware
Phishing emails zeroing in on developers who own Github repositories were infecting victims with malware capable of stealing data through keyloggers and modules that would snag screenshots. Researchers at Palo Alto Networks this week said that in mid-January, an unknown number of developers were...
New Cerber Variant Leverages Tor2Web Proxies, Google Redirects
Criminals behind the latest Cerber ransomware variant are leveraging Google redirects and Tor2Web proxies in a new and novel way to evade detection. Researchers with Cisco Talos spotted the shifting tactic last week when it began tracking the latest Cerber 5.0.1 ransomware variant. The technique...
Nymaim Dropper Updates Delivery, Obfuscation Methods
A new variant of the Nymaim dropper has been identified that includes updated delivery and obfuscation methods, and the use of PowerShell routines to download its payloads. The updated dropper, used primarily to download banking Trojans in the past, has also been spreading ransomware, according t...
Hancitor Downloader Abusing APIs, PowerShell Commands
Developers behind the malicious downloader Hancitor have bolstered the malware again, this time with new delivery approaches that make it more difficult to detect. The downloader is still spread through malicious attachments, and distributing malware designed to steal data, such as Pony and...
Targeted Attacks against Banks in the Middle East
UPDATE Dec. 8, 2017: We now attribute this campaign to APT34, a suspected Iranian cyber espionage threat group that we believe has been active since at least 2014. Learn more about APT34 and their late 2017 targeting of a government organization in the Middle East. Introduction In the first week ...
Cerber Ransomware On The Rise, Fueled By Dridex Botnet
Starting in April security experts at FireEye spotted a massive uptick in Cerber ransomware attacks delivered via a rolling wave of spam. Researchers there link the Cerber outbreaks to the fact that attackers are now leveraging the same spam infrastructure credited for making the potent Dridex...
Phishers Going the Long Way Round to Avoid Filtering Systems
Any human with an email address likely has gotten thousands of spam messages that look like delivery notifications, invoices, or other alleged communications from shipping companies such as UPS or DHL. They typically contain malicious attachments with exploits for a browser or plug-in...
Dridex Banking Trojan Spreading Via Office Macros
The left-for-dead Office macro has apparently made a comeback with cybercriminals who have found them to be a good hiding place for banking malware. Recently, Microsoft reported a spike in the use of macros in hacking campaigns, peaking in mid-December. This has been corroborated by researchers a...
Microsoft Reports Massive Increase in Macros Enabled Threats
The Microsoft Malware Protection Center says there has been a dramatic increase in threats using macros to spread malware via spam and social engineering over the last month. Macros are used for automating frequently used tasks in Office. Macro-related infections were constant and near zero daily...
Ebola Phishing Scams and Malware Campaigns
US-CERT reminds users to protect against email scams and cyber campaigns using the Ebola virus disease EVD as a theme. Phishing emails may contain links that direct users to websites which collect personal information such as login credentials, or contain malicious attachments that can infect a...
Five Year Old Phishing Campaign Unveiled
UPDATE: A previous version of this story reported that Cyphort found 300,000 stolen credentials on a Gmail server. This figure was incorrectly reported by the firm and has been corrected to the adjusted number, 2,500 stolen credentials, in this story. Details have been disclosed on a five-year-ol...
Microsoft Internet Explorer 6.0 File Attachment Script Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5450/info An error has been reported in Microsoft Internet Explorer 6, which may allow malicious file attachments to execute arbitrary code in the context of the local system. HTM files are associated with Internet...
Threat Outbreak Alert: Email Messages with Malicious Attachments on May 28, 2014
Medium Alert ID: 34407 First Published: 2014 May 29 13:49 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that contain a malicious attachment for the recipient. The text in the email message attempts to convince the recipient to open the...
Threat Outbreak Alert: Email Messages with Malicious Attachments on May 29, 2014
Medium Alert ID: 34406 First Published: 2014 May 29 13:23 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain an attachment for the recipient. The email message attempts to convince the recipient to open the attachment and...
Threat Outbreak Alert: Email Messages with Malicious Attachments on May 29, 2014
Medium Alert ID: 34408 First Published: 2014 May 29 13:15 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages with a blank message body and an attachment for the recipient. The .zip attachment contains a malicious .exe file that, when executed,...
Threat Outbreak Alert: Fake Payment Details Email Messages on May 28, 2014
Medium Alert ID: 34404 First Published: 2014 May 29 13:13 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain payment details for the recipient. The email message attempts to convince the recipient to open the attachment and...