Search
Close this search box.

Blog

Email spoofing BEC attack targeting numerous employees at once

Spear-phishing spoofed attacks have been and remain one of the most substantial cyber threats that organizations face nowadays. And once we talk about spear-phishing, we can’t help but mention business email compromise (BEC) attacks which if successful result in staggering losses for the companies: the FBI’s Internet Crime Complaint Center

Read More >

Phishers abusing Google App Engine

Over the last few weeks Cyren has observed a massive spike in phishing sites hosted on the appspot.com domain that Google uses for its free Google App Engine. Taking advantage of soft routing on Google App Engine Google App Engine is a cloud-based development platform used to host and develop

Read More >

Microsoft reports a “leap in attack sophistication”

Last month Microsoft released a sobering Digital Defense Report. From their perch powering 600,000 enterprises’ cloud inboxes (in the United States alone), they report: Malware attacks are decreasing. Instead 70% of attacks are through phishing emails, largely to harvest credentials. Attackers are laying long-term traps that scour the internet looking

Read More >

Anatomy of a Phishing Attack: Stolen Microsoft 365 Credentials

Phishing attacks designed to steal Microsoft 365 credentials are launched every day and growing more sophisticated. We recently detected a massive attack that hid a fake Microsoft 365 login page in the incoming emails’ attachments. Related: Microsoft 365 Is Wildly Successful and Profoundly Vulnerable – Here’s Why The attack On

Read More >

PEMPEMPEM – Hiding Behind Fake Certificates!

Over the years, enterprise security teams and threat actors have been involved in a never-ending game of cat and mouse. Organizations pour millions of dollars to stop advanced threats, but threat actors continue finding ways to evade detection by either enhancing their code or simply repackaging malware in more ways

Read More >