February 15, 2019 Mac Users Targeted with New Shlayer Malware Variant A new Shlayer malware variant has been detected that infects Mac computers and disables macOS Gatekeeper security software. The latest version of the malware was ... Read more
February 11, 2019 Phishing Campaign Leverages Google Translate to Steal Google and Facebook Credentials A phishing campaign has been detected that abuses Google Translate to make the phishing webpage appear to be an official login page for Google. The ... Read more
February 6, 2019 Office 365 Phishing Campaign Uses SharePoint Collaboration Request as Lure A single Office 365 username/password combination can give a hacker access to a vast quantity of sensitive information. Information detailed in emails can be of ... Read more
February 4, 2019 Xvideos Sextortion Scam Threatens to Expose Porn Viewing Habits An xvideos sextortion scam threatens to expose users’ porn viewing habits to friends, family, and work colleagues. The scammer claims to have recorded the ... Read more
January 28, 2019 Fake Google Update Installer Used to Install AZORult Trojan Researchers at Minerva Labs have identified a new AZORult Trojan campaign that installs the malware through a fake Google update installer. The AZORult Trojan is ... Read more
January 21, 2019 Cryptocurrency Mining Malware Tops Most Wanted Malware List Check Point’s Most Wanted Malware report for December 2018 shows that cryptocurrency mining malware was the leading malware threat in December. The top four malware ... Read more
January 8, 2019 Phishing Website Uses Custom Web Fonts to Evade Detection Phishers are constantly developing new ways to prevent their websites from being detected. One threat actor is now using custom web fonts to disguise malicious ... Read more
January 1, 2019 FTC Issues Warning About New Netflix Phishing Scam The U.S. Federal Trade Commission has issued a warning about a new global Netflix phishing scam that attempts to fool Netflix subscribers into disclosing their ... Read more
December 20, 2018 Actively Exploited Internet Explorer Flaw Patched by Microsoft Microsoft has issued an out of band update for Internet Explorer to correct a vulnerability that is being actively exploited in the wild. The Internet ... Read more
December 17, 2018 Fortinet FortiMail Given AAA Rating in SE Labs Phishing Detection Test Fortinet’s FortiMail Secure Email Gateway has recently been independently tested by SE Labs and has been shown to be highly effective at identifying and blocking ... Read more
December 6, 2018 Adobe Patches Actively Exploited 0-Day Vulnerability in Flash Player On Wednesday, December 5, 2018, Adobe issued an update to correct a vulnerability in Adobe Flash Player that is being leveraged by a threat group ... Read more
November 29, 2018 49% of All Phishing Sites Have SSL Certificates and Display Green Padlock Almost half of phishing sites now have SSL certificates, start with HTTPS, and display the green padlock to show the sites are secure, according to ... Read more
November 22, 2018 APT28 Group Uses New Cannon Trojan in Spear Phishing Campaign Targeting US and EU Government Agencies A new spear phishing campaign is being conducted by the AP28 (Sofacy Group/Fancy Bear/Sednit) on government organizations in the United States, Europe, and a former ... Read more
November 21, 2018 Gmail Flaw Allows Phishing Emails to Be Sent Anonymously A Gmail flaw has been discovered that allows emails to be sent anonymously with no information included in the sender field. The flaw could easily ... Read more
November 20, 2018 Critical AMP for WP Plugin Vulnerability Allows Any User to Gain Admin Rights A new critical WordPress plugin vulnerability has been identified that could allow site users to escalate privileges to admin level, giving them the ability to ... Read more
November 20, 2018 TA505 APT Group Spreading tRat Malware in New Spam Campaigns The prolific APT group TA505 is conducting spam email campaigns spreading a new, modular malware variant named tRAT. tRAT malware is a remote access Trojan ... Read more
November 7, 2018 Zero-Day VirtualBox Vulnerability and Exploit Published Details of a zero-day VirtualBox vulnerability have been published online along with a step by step exploit. The vulnerability in the Oracle open source hosted ... Read more
October 30, 2018 U.S. Treasury Investigating $700,000 Loss to Phishing Scam In July 2018, the Washington D.C. government fell for an email scam that resulted in wire transfers totaling nearly $700,000 being sent to a scammer’s ... Read more
October 25, 2018 Cloud-Based Threat Analytics Firm ZoneFox Acquired by Fortinet Fortinet has announced it has acquired the cloud-based threat analytics firm ZoneFox and will be using the company’s machine learning threat detection technology to enhance ... Read more
October 24, 2018 Zero-Day Windows Data Sharing Service Vulnerability Discovered A Windows zero-day vulnerability has been discovered that allows hackers to delete application dlls and cause a system to crash and potentially hijack systems. The ... Read more
October 22, 2018 Exploits Published for LibSSH Vulnerability: Immediate Patching Required A recently discovered LibSSH vulnerability, that has been described as ‘comically bad’ by the security researcher who discovered it, has been patched. The flaw is ... Read more
October 11, 2018 Sophisticated Phishing Attack Inserts Malware into Existing Email Conversation Threads A new sophisticated phishing tactic has been identified that involves a malicious actor gaining access to an email account, monitoring a conversation thread, and then ... Read more
October 10, 2018 Microsoft Addresses 49 Flaws Including One Actively Exploited Vulnerability Almost 50 vulnerabilities have been patched by Microsoft on October Patch Tuesday including one zero-day vulnerability that is being actively exploited in the wild by ... Read more
October 8, 2018 Phishers Using Azure Blog Storage to Host Phishing Forms with Valid Microsoft SSL Certificate Cybercriminals are using Microsoft Azure Blog storage to host phishing forms. The site hosting the malicious files has a genuine Microsoft SSL certificate which adds ... Read more
October 3, 2018 Danabot Banking Trojan Used in U.S. Campaign The DanaBot banking Trojan was first detected by security researchers at Proofpoint in May 2018. It was being used in a single campaign targeting customers ... Read more
September 26, 2018 Q2, 2018 Saw an 86% Rise in Cryptocurrency Mining Malware Detections 2018 has proven to be the year of cryptocurrency mining malware. Cybercriminals are increasingly abandoning other forms of malware and ransomware in favor of malware ... Read more
September 19, 2018 Pegasus Spyware Campaigns Gather Pace: Infections Detected in 45 Countries Pegasus spyware is a legitimate surveillance tool that has been attributed to the Israeli cyber-intelligence firm NSO Group. The spyware works on both Android smartphones ... Read more
September 18, 2018 New Python Ramsomware Threat Detected Security researchers at Trend Micro have identified a new Python ransomware threat that piggybacks on the success of Locky ransomware. The threat actors behind the ... Read more
September 10, 2018 New Brazilian Banking Trojan Hides in Plain Sight An innovative new Brazilian banking Trojan has been detected by security researchers at IBM X-Force. The Trojan has been named CamuBot due to its use ... Read more
September 6, 2018 Zero-Day Windows Task Scheduler Vulnerability Exploited by Threat Group On August 27, a security researcher with the online moniker SandboxEscaper discovered a zero-day vulnerability in Windows Task Scheduler (Windows 7-10) and published a proof-of-concept ... Read more