New Exploit Uses Office Documents

A new exploit is using Microsoft Office documents to deliver malware.  This is different from the reanimated macro exploits.  If this exploit, the target will receive an Office document, such as a Word file, as an email attachment.  Opening the attachment causes a malicious HTML application to be downloaded from the attackers C2 server.  This is executed as an .hta file, disguised as an RTF file.  The result is the attacker ...

Continue Reading →
0

Scam Claims Your Tax Preparer Was Breached

We heard about a new twist all the Income Tax refund scam that is popular with cyber-criminals this time of year.  A March 27th email from the Minnesota Society of CPAs, warns about a scam that is appearing on the east coast, but could spread anywhere in the US.

“…the email scam claims a tax preparer has been victimized [or breached] and asks users to open a PDF ...

Continue Reading →
0

Protecting Your Financial Assets

Almost all cyber-crime is about making money for the crooks.  Often this involves stealing valuable information that can be sold.  But many criminal gangs are going straight for the cash, and often this involves bank and financial account fraud or financial account access.

Below we have a list of strategies you can use to protect your financial resources.

  • Use a credit card ...
Continue Reading →
0

Keeping Your Personal Data Safe – Is It Impossible?

Believe it or not, two out of three people in the United States have had their personal information stolen by cyber-criminals.  The likelihood is that this has already happened to you, and if not, it will happen eventually.  And if it has happened, it will probably happen again.  Why is this?

Even if you never click on a phishing email, and ...

Continue Reading →
0

Top Cyber Threats for 2017

2017 is promising to be another difficult year for cyber-defenders who are protecting company and government networks from attack.  Here are what I think will be the top attack vectors this year.

Business Email Compromise

CEOs and other C suite officers will increasingly be targeted for email account hijacking.  This is an easy exploit to run because high ranking employees and officers often are ...

Continue Reading →
0

Should You Use Domain Privacy?

I will start out by admitting that I hate Domain Privacy.  But I just read a story in Naked Security on February 9th that is causing me to reevaluate my opinion.  It turns out that the new White House press secretary, Sean Spicer, has a personal website at www.seanspicer.com.   The website has been turned into a private site, but the WHOIS record ...

Continue Reading →
0

Credential Stealing Malware in PDF Attachments

On Wednesday we talked about a phishing exploit that used malware to provide remote access and steal the personal information of the victims.  Today we continue the story with a similar exploit, called “Fareit” to “ferret out” the user credentials and other personal information the victims.

This exploit uses a phishing email to send the target either a PDF attachment or a Word attachment.  The PDF variant uses Windows Powershell to install.  The ...

Continue Reading →
0

Why The Bad Guys Love Ransomware

Crypto-ransomware continues to be one of the most popular money making exploits for cyber criminals.  The reason for this is simple; its works, and the return on investment is quite high.  According to a recent article in Naked Security, the score will reach $1 billion in 2017.

A poll by the IBM company found that nearly 50% of the businesses polled had been hit by ransomware, and of those 70% paid ...

Continue Reading →
0
Page 1 of 2 12