December saw a rise in Google Docs being used to send malicious emails as threat actors abused the comments feature to send messages which are hard to differentiate from legitimate messages from colleagues. According to a new report from security firm Avanan, the comments feature of Google Docs and Google Sheets can be abused toRead more
Blog
Europol called Emotet “the world’s most dangerous malware” – and it is back in the security news this week – but what is Emotet, and how can you protect your network from Emotet based attacks? Emotet is the name given to a strain of malware and the cyber-crime organisation that created it. First detected inRead more
A zero-day Remote Code Execution attack targeting Office 365 and Office 2019 users has prompted Microsoft to issue a security advisory with a workaround to protect your network until a patch is available. According to the security advisory released by Microsoft: Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affectsRead more
Business Email Compromise, and its evil brother CEO Fraud, are both email based fraud attacks that seek to trick the victim into paying a fake invoice or transferring or diverting funds through some other kind of deception. Read on to learn how to protect your business from BEC Fraud. What is BEC fraud? Business EmailRead more
New research into the market for exploits on the Dark Web reveals that 61% of exploits sold target Microsoft products including Windows OS, Office, RDP and Internet Explorer. The research presented by Trend Micro at the RSA 2021 Conference this week is the result of a year-long study of 600 dark web forums and marketsRead more
A large phishing campaign has captured 400,000 Office 365 credentials by using compromised commercial email marketing services to avoid spam filters. The Compact Phishing operation has been using compromised accounts with services including SendGrid, MailGun and Amazon SES. Commercial email marketeers work hard to ensure their email systems have a high reputation, so their emailsRead more
A report published by Barracuda Networks and researchers at UC Berkley which examines email compromise attacks at 111 organisations sheds light on how email is abused in cyber-attacks – often as the opening shot in the attack. The research reveals that 30% of the attacks were part of the emerging economy of ‘accounts for sale’Read more
After analysing dozens of ransomware incidents over the last 4 years, researchers have identified their defining common characteristics – which can help security managers design targeted defences. Mandiant Intelligence have published a report that reveals the common attributes of ransomware incidents from around the world and across the industrial spectrum. The key findings are:Read more
A new report from Amnesty International highlights how reverse proxies are being used to bypass 2FA and phish the credentials of journalists and human rights defenders. Amnesty has been tracking the way journalists and human rights defenders in Uzbekistan are being targeted in sophisticated phishing attacks that include man in the middle and session high-jackingRead more
The release of the final Star Wars movie this month has been accompanied by a surge in fake download sites offering early or free access to the film while really depositing malware onto fans computers. For organisations that allow employees to take laptops home for the holidays, this may pose an additional risk if theRead more
