BLOG
Spambot weaponizes 711M accounts to spread Ursnif malware
Malware Breach Credential Theft A spambot has been discovered collecting stolen email credentials and server login info stemming from previous data breaches, such as the LinkedIn hacks as as well also other unknown sources…
read moreTwo RCE zero-day vulnerabilities discovered in freemium Foxit Reader PDF tool
The first one (CVE-2017-10951) is a command injection flaw that exists within the app.launchURL method, and arises because the method accepts more than just URLs as arguments. It does not filter file extensions, and therefore can be made to launch executables…
read moreBEC campaigns target organisations across sectors with credential phishing
A Business Email Compromise (BEC) campaign targeted a range of verticals, including universities, software and technology companies, retailers, engineering organisations, real estate firms, with the goal of harvesting user credentials has been ongoing, according to Flashpoint researchers…
read moreBankbot dropper hiding on Google Play
An application in the Google Play store called “Earn Real Money Gift Cards” has been identified to contain the “Bankbot” trojan, according to SfyLabs researchers. Another application, from the same developer, was identified to be a potential dropper for the Bankbot trojan called…
read moreWant access to the latest advisories, opinion pieces and free security tools?
Join MAGNIFY, a LinkedIn Group for cyber security professionals.
Malspam continues pushing Trickbot Banking Trojan
A few weeks ago, we reported that Trickbot had been expanded to incorporate a worm infection capability which makes it difficult to discern, on the basis of infected hosts alone, which system or application is actually targeted…
read moreThe Cost of Failing to Patch… $5.5M
This significant sum is the settlement Nationwide Mutual Insurance Co. must pay to 32 states and the District of Columbia in the wake of a 2012 data breach that exposed personal information of over 1 million people…
read moreSyncCrypt: New ransomware variant undetectable by almost all antivirus vendors on VirusTotal
A new ransomware variant discovered this week is being distributed by attachments containing .wsf (Windows Script Files). The use of WSF files to distribute malware is not uncommon, however, the method being used to download and install the ransomware is…
read moreNew Malware abuses PowerPoint Slide Show files, exploiting Microsoft bug to deliver REMCOS RAT
A new spear phishing campaign has been observed. The emails claim to be from a cable manufacturing provider that is seeking a response on whether the recipient can provide supplies listed in the attachment…
read more