Malware that uses macros as part of its infection method has been around for more than a decade, and was one of the first major techniques to drive changes at software vendors such as Microsoft. The tactic has been making a comeback of late, and Microsoft is seeing a major spike in the volume of[…]
Browsing Category: Social Engineering
IBM warns banks and corporate officers of a change to the dangerous Dyre banking Trojan that involves the phone scam used to bypass fraud detection, and a DDoS attack that distracts security teams away from big-money transfers.
A security researcher says there is a bug in the Instagram API that could enable an attacker to post a message with a link to a page he controls that hosts a malicious file, but when the user downloads the file it will appear to come from a legitimate Instagram domain, leading the victim to trust[…]
UPDATE–A security researcher has identified a pair of security issues in Facebook, one of which can be used to to upload an arbitrary file to the site, and the other of which can allow an attacker to gain control of a victim’s machine under some limited circumstances with user interaction. The more serious of the vulnerabilities, which[…]
There is a new wave of attacks delivering the CTB-Locker or Critroni crypto ransomware, arriving through spam messages with a variety of lures in several different countries. CTB-Locker is one of the newer variants in the crypto ransomware family, a kind of malware that encrypts victims’ hard drives and demands a relatively large payment in order[…]
A cyberespionage campaign pulled off by pro-Syrian hackers against Assad opposition fighters used social engineering to steal military planning documents.
UPDATE: A new piece of malware is making the rounds on Facebook, infecting users after luring them in with a link to a salacious video.
Business email compromise scams trick corporate executives, employees and clients into transferring business funds to criminal bank accounts in China.
Gitrob, an open source intelligence tool, helps security analysts search Github organization repositories for files not meant for public consumption.
Spam campaigns in the U.K. are using Office macros to spread the Dridex banking Trojan, researchers at Trustwave report.