December saw a rise in Google Docs being used to send malicious emails as threat actors abused the comments feature to send messages which are hard to differentiate from legitimate messages from colleagues. According to a new report from security firm Avanan, the comments feature of Google Docs and Google Sheets can be abused to […]
Google Docs phishing emails hard to spot Read More »
Europol called Emotet “the world’s most dangerous malware” – and it is back in the security news this week – but what is Emotet, and how can you protect your network from Emotet based attacks? Emotet is the name given to a strain of malware and the cyber-crime organisation that created it. First detected in
What is Emotet malware? Read More »
A zero-day Remote Code Execution attack targeting Office 365 and Office 2019 users has prompted Microsoft to issue a security advisory with a workaround to protect your network until a patch is available. According to the security advisory released by Microsoft: Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects
Microsoft warns Office 365 targeted by zero-day RCE Read More »
Business Email Compromise, and its evil brother CEO Fraud, are both email based fraud attacks that seek to trick the victim into paying a fake invoice or transferring or diverting funds through some other kind of deception. Read on to learn how to protect your business from BEC Fraud. What is BEC fraud? Business Email
The rise and rise of BEC fraud Read More »
New research into the market for exploits on the Dark Web reveals that 61% of exploits sold target Microsoft products including Windows OS, Office, RDP and Internet Explorer. The research presented by Trend Micro at the RSA 2021 Conference this week is the result of a year-long study of 600 dark web forums and markets
Criminals favour Microsoft exploits above all Read More »
A large phishing campaign has captured 400,000 Office 365 credentials by using compromised commercial email marketing services to avoid spam filters. The Compact Phishing operation has been using compromised accounts with services including SendGrid, MailGun and Amazon SES. Commercial email marketeers work hard to ensure their email systems have a high reputation, so their emails
Phishing attacks use email senders to avoid spam filters Read More »
A report published by Barracuda Networks and researchers at UC Berkley which examines email compromise attacks at 111 organisations sheds light on how email is abused in cyber-attacks – often as the opening shot in the attack. The research reveals that 30% of the attacks were part of the emerging economy of ‘accounts for sale’
91% of targeted cyber-attacks start with email Read More »
After analysing dozens of ransomware incidents over the last 4 years, researchers have identified their defining common characteristics – which can help security managers design targeted defences. Mandiant Intelligence have published a report that reveals the common attributes of ransomware incidents from around the world and across the industrial spectrum. The key findings are:
Ransomware trends 2020 Read More »
A new report from Amnesty International highlights how reverse proxies are being used to bypass 2FA and phish the credentials of journalists and human rights defenders. Amnesty has been tracking the way journalists and human rights defenders in Uzbekistan are being targeted in sophisticated phishing attacks that include man in the middle and session high-jacking
Amnesty warns of 2FA weaknesses Read More »
The release of the final Star Wars movie this month has been accompanied by a surge in fake download sites offering early or free access to the film while really depositing malware onto fans computers. For organisations that allow employees to take laptops home for the holidays, this may pose an additional risk if the
Spike in Star Wars themed malware campaigns Read More »
SecureTeam Ltd,
Kemp House, 152 City Road,
London,
EC1V 2NX
10257784
GB 249480968
SecureTeam Ltd, Kemp House, 152 City Road,
London, EC1V 2NX
Mon – Fri: 09:00 – 17:00
Company Number: 10257784
VAT Registration No: GB 249480968
© SecureTeam 2023. All rights reserved.