Blog

First discovered in 2019, BRATA malware is contained in a malicious app which victims are tricked into installing on their phones. BRATA is a banking Trojan that gains access to your bank, withdraws your funds, and then wipes your phone with a factory reset to hide the evidence of its activities.  BRATA stands for “BrazilianRead more

The popularity of phishing emails using HTML attachments started spiking in 2019, but have continued to be a significant issue in 2022. In just the first 4 months of this year, cybersecurity provider Kaspersky detected almost 2 million malicious emails using HTML attachments, making it one of the most popular forms of attachment used inRead more

During March and April the NHS was embroiled in a phishing campaign – however the NHS was not the target – 139 compromised NHS email accounts were being used to send the phishing emails to external targets.  Coming from legitimate NHS email addresses on NHS servers meant the emails would pass many validation checks andRead more

The Russian attack on Ukraine is a new kind of war, being fought in cyber space as much as it is on the city streets of Ukraine. Microsoft reports that Ukrainian networks were targeted with FoxBlade malware several hours before the start of the invasion on the 24th February. Said Brad Smith, President & ViceRead more

Customers of Monzo and Revolut banks are being targeted in a phishing campaign which aims to steal their account credentials.  The attack starts with a fake SMS that claims to be from the bank. At the start of 2022, 27% of UK adults had an account with one of the digital only challenger banks, andRead more

December saw a rise in Google Docs being used to send malicious emails as threat actors abused the comments feature to send messages which are hard to differentiate from legitimate messages from colleagues. According to a new report from security firm Avanan, the comments feature of Google Docs and Google Sheets can be abused toRead more

Europol called Emotet “the world’s most dangerous malware” – and it is back in the security news this week – but what is Emotet, and how can you protect your network from Emotet based attacks? Emotet is the name given to a strain of malware and the cyber-crime organisation that created it.  First detected inRead more

A zero-day Remote Code Execution attack targeting Office 365 and Office 2019 users has prompted Microsoft to issue a security advisory with a workaround to protect your network until a patch is available. According to the security advisory released by Microsoft: Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affectsRead more

Business Email Compromise, and its evil brother CEO Fraud, are both email based fraud attacks that seek to trick the victim into paying a fake invoice or transferring or diverting funds through some other kind of deception.  Read on to learn how to protect your business from BEC Fraud. What is BEC fraud? Business EmailRead more

New research into the market for exploits on the Dark Web reveals that 61% of exploits sold target Microsoft products including Windows OS, Office, RDP and Internet Explorer. The research presented by Trend Micro at the RSA 2021 Conference this week is the result of a year-long study of 600 dark web forums and marketsRead more