HTML - Security Intelligence

A businessman checking his email inbox while on the phone.

news

ROPEMAKER Exploit Could Allow Fraudsters to Alter Emails Post-Delivery

A new vulnerability called ROPEMAKER could enable threat actors to replace a benign URL with a malicious one after an email has already been sent.

August 24, 2017 | By Shane Schick

news

It's important to be aware of this software vulnerability, but it's somewhat uncommon and ineffective given the degree of difficulty in modifying proxy traffic. An unskilled criminal looking for a quick buck is unlikely to use this type of attack.

news

Proxy Connects Show Evidence of a Software Vulnerability

A security researcher recently discovered a software vulnerability that allows attackers to exploit the way applications respond to HTTP CONNECT requests.

August 18, 2016 | By Larry Loeb

news

Today's organizations are frequently the target of malware via botnets, including the Angler exploit kit, which is responsible for many attacks carried out by cybercriminals. Users should know the best practices for defending against these attacks.

article

How to Stop a Botnet Created by Angler Exploit Kits

The Angler exploit kit has been responsible for the vast majority of botnets created over the past year. Here's how it works and how to stop it.

September 2, 2015 | By David Strom

article

New research showed how HTML5 may be used by malicious attackers to prevent the detection of malware by antivirus tools. Exposing the existing bugs in certain Web applications should raise security awareness among Internet users and developers.

news

Research Proves HTML5 Could Be Used to Hide Malware for Drive-By Download Attacks

Researchers have shown how HTML5 could be used to hide malware through a series of obfuscation techniques that antivirus tools can't detect.

July 17, 2015 | By Shane Schick

news

article

Bitcoin Exchange in China: ‘Gameover?’

As the mainstream media continues to cover bitcoin exchange as a popular Web currency, cyber criminals are increasingly doing the same to launder money.

December 18, 2013 | By Etay Maor

article

With so many layers of defense in place against these attackers, how do they keep getting through?

article

Multistage Exploit Kits Boost Effective Malware Delivery

Like ICBM missiles, multistage exploit kits first launch a nonthreatening stage and then use the second stage to inflict damage without raising suspicion.

May 2, 2013 | By Amit Klein

article

Tatanga Trojan Bypasses Mobile Security to Steal Money From Online Banking Users in Germany

A new Tatanga Trojan recently emerged, which uses a MitB attack to bypass mobile security in bank transactions. The scam is commiting fraud in Germany.

May 22, 2012 | By Amit Klein

article

Using a technique called HTML injection, a new variant on the SpyEye Trojan presents an authentic-looking billing page to unsuspecting Verizon customers. It uses the page to capture billing and payment information to commit card-not-present fraud.

article

SpyEye HTML Injection Attack on Verizon Exposes PCI Shortcomings

SpyEye uses a technique called HTML injection to modify the pages presented in victims' browsers and capture credit card information.

May 18, 2011 | By Amit Klein

article

Tag: HTML