What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-05-19 18:03:23 | Securing work-at-home apps (lien direct) | In today's post, I answer the following question:Our customer's employees are now using our corporate application while working from home. They are concerned about security, protecting their trade secrets. What security feature can we add for these customers?The tl;dr answer is this: don't add gimmicky features, but instead, take this opportunity to do security things you should already be doing, starting with a "vulnerability disclosure program" or "vuln program".GimmicksFirst of all, I'd like to discourage you from adding security gimmicks to your product. You are no more likely to come up with an exciting new security feature on your own as you are a miracle cure for the covid. Your sales and marketing people may get excited about the feature, and they may get the customer excited about it too, but the excitement won't last.Eventually, the customer's IT and cybersecurity teams will be brought in. They'll quickly identify your gimmick as snake oil, and you'll have made an enemy of them. They are already involved in securing the server side, the work-at-home desktop, the VPN, and all the other network essentials. You don't want them as your enemy, you want them as your friend. You don't want to send your salesperson into the maw of a technical meeting at the customer's site trying to defend the gimmick.You want to take the opposite approach: do something that the decision maker on the customer side won't necessarily understand, but which their IT/cybersecurity people will get excited about. You want them in the background as your champion rather than as your opposition.Vulnerability disclosure programTo accomplish this goal described above, the thing you want is known as a vulnerability disclosure program. If there's one thing that the entire cybersecurity industry is agreed about (other than hating the term cybersecurity, preferring "infosec" instead) is that you need this vulnerability disclosure program. Everything else you might want to do to add security features in your product come after you have this thing.Your product has security bugs, known as vulnerabilities. This is true of everyone, no matter how good you are. Apple, Microsoft, and Google employ the brightest minds in cybersecurity and they have vulnerabilities. Every month you update their products with the latest fixes for these vulnerabilities. I just bought a new MacBook Air and it's already telling me I need to update the operating system to fix the bugs found after it shipped.These bugs come mostly from outsiders. These companies have internal people searching for such bugs, as well as consultants, and do a good job quietly fixing what they find. But this goes only so far. Outsiders have a wider set of skills and perspectives than the companies could ever hope to control themselves, so find things that the companies miss.These outsiders are often not customers.This has been a chronic problem throughout the history of computers. Somebody calls up your support line and tells you there's an obvious bug that hackers can easily exploit. The customer support representative then ignores this because they aren't a customer. It's foolish wasting time adding features to a product that no customer is asking for.But then this bug leaks out to the public, hackers widely exploit it damaging customers, and angry customers now demand why you did nothing to fix the bug despite having been notified about it.The problem here is that nobody has the job of responding to such problems. The reason your company dropped the ball was that nobody was assigned to pick it up. All a vulnerability disclosure program means that at least one person within the company has the responsibility of dealing with it.How to set up vulnerability disclosure program | Spam Vulnerability Threat Guideline | ★★★ | |
 |
2020-05-16 11:00:00 | How to Avoid Spam-Using Disposable Contact Information (lien direct) | The next time you sign up for a coupon code or retail promotion, use these apps to avoid spam text and email messages. | Spam | ||
 |
2020-05-12 10:06:33 | U.S. Targets hit by returning Sphinx malware (lien direct) | The banking trojan has upgraded and is seeing a resurgence on the back of coronavirus stimulus payment themes. The Zeus Sphinx banking trojan has seen a recent resurgence in the United States, sporting some modifications and using COVID-19 spam as a lure. Sphinx re-emerged in December but saw a big spike in March via the […] | Spam Malware | ||
 |
2020-05-11 11:00:09 | April 2020\'s Most Wanted Malware: Agent Tesla Remote Access Trojan Spreading Widely In COVID-19 Related Spam Campaigns (lien direct) | Check Point's researchers find sharp increase in attacks using new version of Agent Tesla capable of stealing Wi-Fi passwords, while Dridex banking trojan is most common threat Our latest Global Threat Index for April 2020 has found several COVID-19 related spam campaigns distributing a new variant of the Agent Tesla remote access trojan, moving it… | Spam Threat | ||
 |
2020-05-09 11:08:51 | Microsoft Edge is getting a new feature to reduce web spam (lien direct) | Microsoft Edge is now giving users the ability to hide those pesky browser notification dialog boxes that are commonly used by web sites to push their content, or even spam, on visitors. [...] | Spam | ||
 |
2020-05-06 19:00:28 | How to protect yourself from coronavirus-related SMS spam (lien direct) | Spammers are sending text messages with deceptive links designed to exploit interest and fear around COVID-19, says AdaptiveMobile Security. | Spam | ||
 |
2020-05-05 07:03:00 | Firefox Private Relay : comment Mozilla veut tuer le spam dans l\'oeuf (lien direct) | Cette nouvelle extension permettra d'utiliser des adresses e-mail aléatoires pour s'inscrire à des services en ligne. Ce qui permet de ne pas se retrouver sur des listes de spams avec sa véritable adresse.  |
Spam | ★★★★★ | |
 |
2020-05-04 23:09:04 | Microsoft spotted multiple malspam campaigns using malware-laced ISO and IMG files (lien direct) | Microsoft warns of threat actors targeting organizations with malware-laced ISO and IMG files aimed at delivering a remote access trojan. Microsoft advanced machine learning threat detection models detected multiple malspam campaigns distributing malware-laced ISO. Last week experts from Microsoft detected a COVID-19-themed spam campaign, the messages are crafted to trick users into downloading and mounting […] | Spam Threat | ★★ | |
|
2020-05-02 21:58:02 | TrickBot operators exploit COVID-19 as lures (lien direct) | IBM X-Force researchers spotted a new COVID-19-themed campaign spreading the infamous TrickBot trojan through fake messages. IBM X-Force researchers uncovered a new COVID-19-themed campaign that is spreading the infamous TrickBot trojan through fake messages. The spam messages pretend to be sent by the Department of Labor's Family and Medical Leave Act (FMLA) and attempt to […] | Spam | ||
 |
2020-04-30 10:00:25 | TrickBot Campaigns Targeting Users via Department of Labor FMLA Spam (lien direct) | Recent analysis from IBM X-Force spam traps uncovered a new Trickbot campaign that currently targets email recipients with fake messages purporting to come from the U.S. Department of Labor. | Spam | ||
|
2020-04-29 16:10:24 | Google updates Chrome Web Store policy to block extension spam (lien direct) | Google today updated the Chrome Web Store's spam policy to block extension spam so that users can have a real chance to avoid potentially malicious extensions while sifting through 200,000 add-ons available in the store. [...] | Spam | ||
|
2020-04-27 10:00:30 | SBA Spoofed in COVID-19 Spam to Deliver Remcos RAT (lien direct) | As the ongoing COVID-19 pandemic impacts small businesses in the U.S., cybercriminals are trusting that people will be more likely to open unsolicited emails purporting to come from relevant entities. | Spam | ||
 |
2020-04-24 16:45:41 | Unproven Coronavirus Therapy Proves Cash Cow for Shadow Pharmacies (lien direct) | Many of the same shadowy organizations that pay people to promote male erectile dysfunction drugs via spam and hacked websites recently have enjoyed a surge in demand for medicines used to fight malaria, lupus and arthritis, thanks largely to unfounded suggestions that these therapies can help fight the COVID-19 pandemic. A review of the sales figures from some of the top pharmacy affiliate programs suggests sales of drugs containing hydroxychloroquine rivaled that of their primary product -- generic Viagra and Cialis -- and that this as-yet-unproven Coronavirus treatment accounted for as much as 25 to 30 percent of all sales over the past month. | Spam | ||
|
2020-04-23 18:15:51 | How sextortion scam emails sneak past security filters (lien direct) | Scammers use text-based images, QR codes, and other tricks to evade spam filters, says email security provider Vade Secure. | Spam | ||
|
2020-04-23 12:42:08 | How businesses and individuals can be ensnared by coronavirus-related spam (lien direct) | Many people said they would respond to emails claiming to be from the IRS or WHO, according to IBM X-Force. | Spam | ||
|
2020-04-23 10:00:26 | New Study Shows Consumers Could Be Vulnerable to COVID-19 Spam (lien direct) | Since March 11, IBM X-Force has observed a more than 6,000 percent increase in COVID-19 spam, with lures ranging the full gamut of challenges and concerns facing individuals. | Spam | ||
|
2020-04-22 13:31:20 | How to better protect your organization against email threats (lien direct) | As most generic spam now gets blocked, attackers have turned to more targeted, personalized phishing emails to reel in their victims, according to security firm Trustwave. | Spam | ||
 |
2020-04-22 13:00:09 | This is what happens to cryptocurrency paid out in sextortion campaigns (lien direct) | Researchers have followed the trail of dirty coins generated through extorting sextortion spam victims. | Spam | ||
|
2020-04-22 04:25:55 | Les données de 267 millions d\'utilisateurs Facebook en vente pour... 500 euros (lien direct) | Vendue sur le Dark Web, cette base contient notamment des adresses e-mails, des noms et prénoms et des numéros de téléphone. Bref, tout ce qu'il faut pour envoyer du spam et faire du phishing.  |
Spam | ||
 |
2020-04-17 12:52:16 | Google Says It\'s Blocking Millions Of COVID-19 Phishing & Spam Emails – Expert Reaction (lien direct) | VentureBeat and ZDNet reported this afternoon that Google's saying it blocked 18 million COVID-19 themed phishing emails last week. The blocked COVID-19 phishing emails targeting Gmail users represent about 2.5% of the 100 million phishing emails Google blocks daily. They also say they're blocking 240 million COVID-related daily spam messages each day. The ISBuzz Post: This Post Google Says It’s Blocking Millions Of COVID-19 Phishing & Spam Emails – Expert Reaction | Spam | ||
|
2020-04-17 10:07:47 | KnowBe4 Launches PhishRIP to Remove Suspicious Emails From Inboxes (lien direct) | KnowBe4 has launched a new feature to its PhishER product called PhishRIPTM, which helps security professionals remove, inoculate and protect against email threats faster. Technical controls do not filter out all of the malicious emails that come into a user's inbox. Various research has shown that phishing, spam and malware attachments still make it through email filters. Mimecast notes filters are missing 12% of unwanted emails. According to research […] | Spam Malware | ||
|
2020-04-09 11:00:22 | March 2020\'s Most Wanted Malware: Dridex Banking Trojan Ranks On Top Malware List For First Time (lien direct) | Check Point's researchers find Dridex has been updated and spread via multiple spam campaigns to deliver targeted ransomware, increasing the risk from the long-established trojan Our latest Global Threat Index for March 2020 shows the well-known banking trojan Dridex, which first appeared in 2011, has entered the top ten malware list for the first time,… | Spam Malware Threat | ||
|
2020-03-30 22:35:59 | Coronavirus-themed spam surged 14,000% in two weeks says IBM (lien direct) | Since February, spam exploiting the novel coronavirus has jumped by 4,300% and 14,000% in the past 14 days, according to IBM X-Force, IBM's threat intelligence group. | Spam Threat | ||
|
2020-03-30 15:24:27 | Zeus Sphinx spam campaign attempt to exploit Coronavirus outbreak (lien direct) | The Zeus Sphinx malware is back, operators are now spreading it exploiting the interest in the Coronavirus outbreak. The Zeus Sphinx malware is back, it was observed in a new wave of attacks attempting to exploit the interest in the Coronavirus outbreak. Experts from IBM X-Force uncovered a hacking campaign employing the Zeus Sphinx malware, […] | Spam Malware | ||
|
2020-03-30 04:00:48 | Zeus Sphinx Trojan Awakens Amidst Coronavirus Spam Frenzy (lien direct) | The renewed Zeus Sphinx activity that IBM X-Force is seeing features a modified variant targeting online banking users in North America and Australia through the use of maldocs themed around COVID-19. | Spam | ||
|
2020-03-20 13:50:15 | FBI Warning: Phishing Emails Push Fake Govt Stimulus Checks (lien direct) | FBI's Internet Crime Complaint Center (IC3) today warned of an ongoing phishing campaign delivering spam that uses fake government economic stimulus checks as bait to steal personal information from potential victims. [...] | Spam | ||
|
2020-03-20 11:03:42 | (Déjà vu) Phishing attempts impersonate WHO to deliver HawkEye Malware (lien direct) | An ongoing phishing campaign delivering emails posing as official messages from the Director-General of the World Health Organization (WHO) is actively spreading HawkEye malware payloads onto the devices of unsuspecting victims. This spam campaign started today according to researchers at IBM X-Force Threat Intelligence who spotted it and it has already delivered several waves […] | Spam Malware Threat | ||
|
2020-03-10 21:10:28 | Microsoft disrupted US-Based Infrastructure of the Necurs botnet (lien direct) | Microsoft announced that it took over the US-based infrastructure used by the infamous Necurs spam botnet that infected millions of computers. Microsoft announced to have taken over the US-based infrastructure used by the Necurs botnet. The IT giant explained that success is the result of a coordinated legal and technical joint effort to disrupt the Necurs […] | Spam | ||
|
2020-03-10 13:29:45 | Microsoft Takes Control of Necurs U.S.-Based Infrastructure (lien direct) | Microsoft announced today that it took over the U.S.-based infrastructure used by the Necurs spam botnet for distributing malware payloads and infecting millions of computers. [...] | Spam Malware | ||
|
2020-03-10 13:15:01 | Paradise Ransomware Distributed via Uncommon Spam Attachment (lien direct) | Attackers have started to send Excel Web Query attachments in phishing campaigns to download and install the Paradise Ransomware on unsuspecting victims. [...] | Ransomware Spam | ||
|
2020-03-06 13:23:37 | (Déjà vu) TrickBot targets Italy using fake WHO Coronavirus emails as bait (lien direct) | Crooks continue to exploit the attention on the Coronavirus (COVID-19) outbreak, TrickBot operators target Italian users. A new spam campaign is targeting users in Italy by exploiting the interest on Coronavirus (COVID-19) in the attempt of delivering the TrickBot information-stealing malware. Crooks are attempting to exploit the fear of users of becoming infected with the Coronavirus, […] | Spam | ||
|
2020-03-06 03:30:01 | TrickBot Malware Targets Italy in Fake WHO Coronavirus Emails (lien direct) | A new spam campaign is underway that is preying on the fears of Coronavirus (COVID-19) to target people in Italy with the TrickBot information-stealing malware. [...] | Spam Malware | ||
 |
2020-03-05 14:21:44 | Coronavirus - Les SophosLabs ont découvert une nouvelle attaque de spam ciblant l\'Italie (lien direct) | Au cours des dernières 24 heures, les SophosLabs ont découvert une nouvelle attaque de spam par e-mail ciblant les italiens avec un document contenant une macro dotée du malware Trickbot. L'e-mail profite des craintes suscitées par le COVID-19 en proposant un document cliquable qui est censé contenir une liste de précautions à prendre pour éviter l'infection. Malheureusement, le document est piégé. Selon les SophosLabs, le pretexte COVID-19 du spam est peut-être nouveau, mais les mécanismes utilisés (...) - Malwares | Spam Malware | ||
|
2020-03-02 08:04:23 | Nemty ransomware “LOVE_YOU” malspam campaign (lien direct) | Security experts uncovered an ongoing campaign delivering Nemty Ransomware via emails disguised as messages from secret lovers. Researchers from Malwarebytes and X-Force IRIS have uncovered an ongoing spam campaign distributing the Nemty Ransomware via messages disguised as messages from secret lovers. The attackers employed messages with several subject lines and attachment filenames composed to appear […] | Ransomware Spam | ||
|
2020-02-27 14:16:53 | Nemty Ransomware Actively Distributed via \'Love Letter\' Spam (lien direct) | Security researchers have spotted an ongoing malspam campaign using emails disguised as messages from secret lovers to deliver Nemty Ransomware payloads on the computers of potential victims. [...] | Ransomware Spam | ||
|
2020-02-20 21:08:21 | Google removes 600 Android apps in Play Store adware crackdown (lien direct) | Google removes Android apps and bans app developers who used out-of-app ads to spam users. | Spam | ||
|
2020-02-19 11:35:04 | Report claims Coronavirus malware increasing (lien direct) | While the number of people affected by the coronavirus is climbing daily, it’s another form of virus that has analysts worried elsewhere. Coronavirus-themed malware is starting to spread, according to a report by cybersecurity software company Check Point. Several spam campaigns thematically linked to the global epidemic have emerged since the outbreak of the coronavirus […] | Spam Malware | ||
|
2020-02-19 11:30:27 | (Déjà vu) Italian Windows Users Hit by Dharma Ransomware Spam (lien direct) | Threat actors are distributing the Dharma Ransomware in a new spam campaign targeting Windows users in Italy. The Dharma Ransomware has been active for many years and is based on another ransomware family called Crysis. It is not common, though, to see this ransomware family distributed through malspam as it is more commonly installed via […] | Ransomware Spam | ||
|
2020-02-19 11:05:27 | Emotet SMiShing Uses Fake Bank Domains in Targeted Attacks, Payloads Hint at TrickBot Connection (lien direct) | Before a short lull in mid-February, Emotet was in the midst of a rise in activity that has been apparent since late 2019 - in terms of both spam and infecting potential victims via SMiShing attacks. | Spam | ||
|
2020-02-18 18:43:37 | Dharma Ransomware Attacks Italy in New Spam Campaign (lien direct) | Threat actors are distributing the Dharma Ransomware in a new spam campaign targeting Windows users in Italy. [...] | Ransomware Spam Threat | ||
|
2020-02-18 08:39:43 | Attention aux autres virus – propagation de logiciels malveillants sur le thème du coronavirus (lien direct) | Alors que le monde tente de freiner la propagation du coronavirus et de l'éliminer, des pirates du monde entier mettent à profit le coronavirus comme catalyseur de leurs activités. Notre tout dernier indice des menaces pour janvier 2020 montre que les cybercriminels tirent parti de l'intérêt pour l'épidémie mondiale afin de mener des activités malveillantes, avec plusieurs campagnes de spam liées à l'apparition du virus. Les virus peuvent être transmis de différentes façons, par la salive, le toucher ou (...) - Malwares | Spam | ||
|
2020-02-17 17:26:41 | How to report a phishing or spam email to Microsoft (lien direct) | Microsoft can analyze dangerous emails to determine why those messages made it past your spam filters. | Spam | ||
|
2020-02-17 13:55:55 | UK Anti-Doping Agency Hit With Over 11,000 Malicious Email Attacks – Expert Reaction (lien direct) | The UK's Anti-Doping agency has been hit with a total of 11,148 malicious emails in the final three months of last year, according to research fromParliament Street think tank. The data collected via the Freedom of Information (FoI) Act provided insight into the large number of spam and malicious emails blocked by UKAD in Q4 2019. The … The ISBuzz Post: This Post UK Anti-Doping Agency Hit With Over 11,000 Malicious Email Attacks – Expert Reaction | Spam | ||
|
2020-02-14 17:30:16 | Cybercriminals flooding web with coronavirus-themed spam and malware (lien direct) | Hackers have expanded their exploitation of the outbreak fears with hundreds of scams and operations. | Spam Malware | ★★ | |
|
2020-02-13 16:54:11 | (Déjà vu) Parallax RAT: Common Malware Payload After Hacker Forums Promotion (lien direct) | A remote access Trojan named Parallax is being widely distributed through malicious spam campaigns that when installed allow attackers to gain full control over an infected system. [...] | Spam Malware | ||
|
2020-02-13 16:54:11 | Parallax RAT: Popular Malware Payload After Hacker Forums Promotion (lien direct) | A remote access Trojan named Parallax is being widely distributed through malicious spam campaigns that when installed allow attackers to gain full control over an infected system. [...] | Spam Malware | ||
|
2020-02-13 12:10:00 | Sextortion Emails Sent by Emotet Earn 10 Times More Than Necurs (lien direct) | Sextortion scammers are now targeting potential victims with spam sent to their work emails via the Emotet botnet, a distribution channel 10 times more effective than previous ones according to research published today by IBM X-Force. [...] | Spam | ||
|
2020-02-13 11:00:31 | Sextortion Scams Delivered by Emotet Net 10 Times More Than Necurs Sextortion - Here\'s Why (lien direct) | Recent spam campaigns from Emotet featured sextortion content very similar to emails previously sent by the Necurs botnet. | Spam | ||
|
2020-02-13 10:00:49 | January 2020\'s Most Wanted Malware: Coronavirus-themed spam spreads malicious Emotet malware (lien direct) | Check Point's researchers also report an increase in exploits of the 'MVPower DVR Remote Code Execution' vulnerability, impacting 45% of organizations globally While the threat of Coronavirus grabs the attention of the world, our latest Global Threat Index for January 2020 shows cyber-criminals are also exploiting interest in the global epidemic to spread malicious activity,… | Spam Malware Threat | ||
 |
2020-02-12 04:47:20 | Emotet Malware Now Hacks Nearby Wi-Fi Networks to Infect New Victims (lien direct) | Emotet, the notorious trojan behind a number of botnet-driven spam campaigns and ransomware attacks, has found a new attack vector: using already infected devices to identify new victims that are connected to nearby Wi-Fi networks.
According to researchers at Binary Defense, the newly discovered Emotet sample leverages a "Wi-Fi spreader" module to scan Wi-Fi networks, and then attempts to |
Ransomware Spam Malware |
To see everything:
Our RSS (filtrered)
