Just when it looked like the Emotet spamming/malware operation had stopped, there are widespread reports that it has restarted. Emotet botnet starts blasting malware again after 5 month break (bleepingcomputer.com) Infected Microsoft Office documents are Emotet’s favoured method of malware distribution. Once the email has slipped past your technical defences, …
Steal the code… Dropbox
Dropbox has admitted that 130 of its confidential private GitHub repositories were coped by a threat actor. Among the haul were secret APUI codes. They do reassure users that no user content, usernames or passwords were stolen. Well of course not. That is not the issue. Why bother stealing those …
Catching up with US Cybersecurity and Infrastructure Security Agency latest advisories
Whilst I have been away CISA has continued issuing useful advice. It added a Google Chromium vulnerability to the Known Exploited Vulnerabilities Catalog. Google Chromium is an open–source browser project and is behind many widely used browsers including Google Chrome and Microsoft Edge. CISA Has Added One Known Exploited Vulnerability …
What are the most spoofed brands in social engineering/phishing attacks?
It is not really a surprise, with the exponential rise in home shopping and deliveries because of the pandemic, that the delivery service DHL is the most impersonated organisation when it comes to cyber attacks: DHL named most-spoofed brand in phishing • The Register Microsoft and LinkedIN are close behind. …
Continue reading “What are the most spoofed brands in social engineering/phishing attacks?”
A phishing email leads to a £4.4m fine
I write a lot about phishing emails and social engineering attacks, because it is probably the way threat actors could most easily get malware inside your defences and from there compromise your security, your information and ultimately your wallet! The Berkshire based construction company, Interserve Group Ltd, with an employee …