Hackers – they’re both smart and sloppy at the same time. Previously we’ve talked about cybercriminals using tool kits and automated scripts to streamline their operations. This week, your favorite security team found another method being used: Steganography. Steganography is the practice of concealing a file, message, image or video within another file, message, image …Read more
If you haven’t heard about “Zoom bombing” yet, you’re probably not using Zoom conferencing. Here’s what you need to know. The usage of Zoom video conferencing exploded when more people started working remotely due to the outbreak of COVID-19 (Coronavirus). Because of Zoom’s limited free licensing, the platform has become popular among companies for video …Read more
If you haven’t fallen for the $5,000 COVID-19 vaccine, $400 COVID-19 self-testing test kit or the $150 bottle of Lysol scams, then congratulations, you’ve stood your ground. But now is not the time to let your guard down – new tricks are coming to defraud you. On March 27, the president signed a bill to …Read more
In the past, I’ve revealed that one evasion technique cybercriminals use to avoid being blocked by email security technologies, is using legitimate (Microsoft) websites. This week Threatpost.com shared this new interesting twist: attackers are using YouTube and redirect features to get you to click on malicious links. Redirector URLs are commonly used by legitimate organizations …Read more
Criminals are no different from the rest of us, at least when it comes to what’s top of mind. They’re thinking about whatever’s in the news. For the last few months, that’s been Coronavirus. Hackers always play on the victim’s curiosity, fear or anxiety, and COVID-19, by nature, checks all those boxes. Communities around the …Read more
Today’s phish-of-the-week is nothing special, but there are two lessons to learn. At first glance, it’s a very plain and straightforward phishing email (Figure 1) attempting to steal user credentials by portraying itself as a closing document. Nothing out of the ordinary, yet it came with a lot of other emails and with perfect timing …Read more
One email, four different attack vectors. I’ve covered the different elements in the past, but it was interesting to see multiple techniques combined. The email (1) immediately meets the definition of spam/phish: obscure sender, no recipient, no greeting and a real estate-relevant attachment name. The first red flag is the attachment extension. Html is a …Read more
Here’s on old trick with a new twist. We’ve talked about how cybercriminals are abusing encrypted email communications. They’ve been adding headers and footers that include “encrypted email” to try and convince you that the message is trustworthy. Most of them include a (malicious) link within the instructions. Recently, for the first time, we saw …Read more
Cybercriminals follow our every move. With every countermeasure we put in place, they create a workaround shortly thereafter. This week I picked an interesting email to demo. At first glance, nothing is out of the ordinary in this email. It meets all the qualifications of a typical spam or phishing email: unrecognized sender, no recipient …Read more
Apple released iOS 13 for iPhone Thursday, September 27. Here are a few highlights you were waiting for. Better performance Dark mode – This is an alternative color scheme designed to reduce eye strain. It can be triggered manually or be set up to adjust on a schedule (dusk-to-dawn, for example). Many app developers have …Read more