The US government Cybersecurity and Infrastructure Security Agency (CISA) site is one of the “go to places” for me and my team to keep up with vulnerabilities in our client’s software. Although aimed at the US Government and US users it is still really useful. Here is a round-up of …
The anatomy of a spear phishing attack
A spear phishing attack is a malicious email (usually) with content aimed to exploit the specific recipient. Yee Ching Tok, over on SANS Internet Storm has an excellent article taking apart a spear phishing email targeting YouTube content creators. Analyzing a YouTube Sponsorship Phishing Mail and Malware Targeting Content Creators …
Microsoft seizes threat actor domains
The Microsoft Digital Crimes Unit has gone to court to seize 41 domains alleged to have been used by an Iranian cybercrime group called Bohrium. The Bohrium group ran a targeted email spear-phishing operation against organizations in the US, Middle East, and India. As part of the operation they would pose …