November 15, 2018 Threat Actors Exploit Equation Editor to Distribute Hawkeye Keylogger 2 min read - A recent Hawkeye keylogger campaign leveraged an old Microsoft Office Equation Editor vulnerability to steal user credentials, passwords and clipboard content.
November 7, 2018 NARWHAL SPIDER Uses Steganography to Deliver URLZone Malware in Cutwail Spam Campaign 2 min read - A new Cutwail spam campaign is leveraging steganography — hiding data within images — to compromise devices and download URLZone.
Incident Response October 17, 2018 Why You Should Practice and Drill to Prepare for a Cyber Emergency 6 min read - The U.S. Fire Administration's five key components of a fire safety education program serve as a useful framework for CISOs looking to boost their company's ability to respond to a cyber emergency.
Malware October 10, 2018 The Many Faces of Necurs: How the Botnet Spewed Millions of Spam Emails for Cyber Extortion 5 min read - IBM X-Force researchers observed the Necurs botnet spewing millions of spam emails from more than 30,000 malicious IPs to extort bitcoin from victims who may or may not have viewed adult content.
October 4, 2018 Viro Botnet Uses Spamming and Keylogging Capabilities to Spread Ransomware 2 min read - Researchers observed the Viro botnet spreading spam, spying on users' keystrokes and distributing ransom notes written in French to victims in the U.S.
September 18, 2018 Spam Campaigns Using IQY Files Infect Japanese Users With BEBLOH and URSNIF Malware 2 min read - Researchers discovered spam campaigns last month that exploited IQY files to flood Japanese users with BEBLOH and URSNIF malware.
August 24, 2018 Spammers Target Financial Institutions With IQY Files That Conceal New Downloader Malware 2 min read - Spammers are targeting financial institutions using Excel Web Query (IQY) files that conceal a new downloader malware, according to security researchers.
Fraud Protection May 1, 2018 Analyzing PDF and Office Documents Delivered Via Malspam 6 min read - Endpoint detection and antiphishing tools can help users filter basic spam email, but detecting malspam in PDF and Microsoft Office documents requires a more thorough investigation.
October 23, 2017 Banking Trojan Uses Malware Macros to Evade Sandbox Detection 2 min read - Security researchers observed a spam campaign that leverages PowerShell's AutoClose feature to deliver a banking Trojan while eluding sandbox detection.
October 16, 2017 No Macros? No Problem for New Malware Attack 2 min read - Security researchers discovered a new malware attack that exploits Dynamic Data Exchange, an outdated Office feature, to infect corporate devices.