Category: cyren

Domain Validation (DV) SSL Certificate used for PayPal Phishing

As users become more aware of phishing and data theft, they become more cautious. Unfortunately as users become more cautious, attackers must become more devious. In a recent discovery, we found a phishing website that had been issued a valid SSL Certificate. SSL Certificates are small data files that activate

Q2 Cyber Threats Report: The Enterprise Under Attack

While high-profile data breaches may have declined in frequency during the quarter, they most definitely rose in impact. The fallout from the US Government Office of Personnel Management (OPM) data breaches continues to be felt, the latest example of which being that GSA has placed contracts for post-breach protection for

Phishing for the big phish in United Kingdom’s plentiful waters

In 2014, the phishing URLs tracked by CYREN increased dramatically, rising 233% from the previous year. Why did this number increase? One reason is the potential for monetary gain. Cyber criminals use phishing attacks to steal personally sensitive and identifiable information from users. Sometimes this is to gain access to

New Tricks of Macro Malware

In the past few months, we have noticed a rise in spam emails that have an attachment of “.DOC” extension filename but actually is a “.MHT” file. This trending trick seems to be a new way to spread macro malware. A file with “.MHT” extension is a Web page archive

Lessons Learned from the Slack & Hipchat Breaches

In late March Slack confirmed they had suffered a security breach where “there was unauthorized access to a Slack database storing user profile information”. Slack is a recently launched team collaboration tool that offers organizations a way to simplify communications, file-sharing, project management and more. Organizations sign up their employees

Analyzing an Outlook phishing attack

It is in my routine to read emails before starting my daily work while enjoying my cup of coffee. While browsing for important emails I need to separate spam emails from legitimate emails and analyze the spam emails. I was trying to sort out the spam emails when I came

New Macro Malware Uses Fake Google Enterprise Support Email

In the past months of analyzing malware samples, Macro malware has been on the rise. Last week, we received a fake email of Google Enterprise Support with an attachment file “Info I44185821.zip-> Wire_info_60255.doc”. See the email snapshot below.  The file “Wire_info_60255.doc” is indeed a Word document which contains a malicious

AN ASSESSMENT OF INDUSTRIAL IOT THREATS IN 2015 AND BEYOND

The Internet of Things (IoT) is hot. From light bulbs to refrigerators to smart TVs, companies are under tremendous pressure to get new IoT devices to market and consumers are instantly snapping them up. In fact, the number of devices that are or will shortly be connected to the Internet