Blog

I’ve been very busy this summer, which is why I’m just now reading the 2021 Verizon Data Breach Investigations Report. Here are a few takeaways from the section about the “Social Engineering” attack pattern (read: phishing). “Phishing is responsible for the vast majority of breaches in this pattern, with cloud-based

The top NFT Ethereum-based game Axie infinity, is a Pokemon-like play-to-earn game that lets its users earn SLP (Smooth Love Potion). This potion can be traded as a crypto currency and has recently reached its all-time high value of $0.40+. Many people are trying to get into this hot crypto

What is the first thing that comes to mind when we see sites using HTTPS protocol? Subconsciously we tend to trust these sites presuming that all that we see and/or enter there is checked, secured, and verified. However, what is meant to protect has now turned into one of the

Threat actors are always on the lookout for inconspicuous ways to execute malicious attacks. One such tactic that has become common is the use of legitimate services as part of phishing campaigns. Since April this year, researchers at Cyren have seen a rise in phishing URLs linked from spark.adobe.com pages.

Following the highly publicized (and successful) $4M+ ransom of Colonial Pipeline, attacks like these will only get more popular. Indeed this week, the New York Times reported “Ransomware Disrupts Meat Plants in Latest Attack on Critical U.S. Business.“ These attacks are here to stay. Are you ready?  Related: Security Awareness

The modified installer of legit “PDFescape Desktop Installer” app looks like this:  Fake PDFescape Desktop Installer AppSHA-256: 0c933001de544ebc071d175d9f8e3bfad8066b532dc69dea4c713c52eb6a64a0 Cyren detects this kind of malware as W32/SolarMarker.A.gen!Eldorado. Upon execution, It creates an encoded file under %Userdir%<randomchars><randomchars><randomchars><randomchars><randomchars><randomchars><randomchars> (encoded file). It then executes a Power Shell Script command to decode and execute the

We have been seeing email notifications about login attempts to UnionBank online accounts, prompting users to reset their password if they found the login attempts were suspicious. Below are screenshots of some of the most recent phishing emails that were seen. Figure 1.0 Phishing emails notifying a user about a

We recently received samples that we suspected were “phishy” in nature, but after analyzing the email attachment a severe threat was exposed.  Figure 1.0 Email sample The emails had a ZIP attachment containing an HTML that was designed to look like an invoice signed by DocuSign, which is a well-known

The “Purchase” themed email is a commonly used subject in phishing campaigns. Threat actors can easily scrape the internet, in other words, specific data is very easily gathered and copied from the web. This makes company emails a very easy target, as they are available in their websites, especially the