Année : 2018

CVE-2018-4878, a Flash zero-day patched earlier this month, has resurfaced in another campaign as attackers capitalize on the bug. An Adobe Flash vulnerability CVE-2018-4878 patched earlier this month is being exploited in a new phishing campaign leveraging malicious Microsoft Word documents. This critical vulnerability is a use-after-free bug that enables […]

These days it is not uncommon to find both adware and miners being installed together through adware bundles. These programs, though, are typically not created by the same developer and are just being included as different « offers » by the software monetization company. After examining a new malware sample that was […]

The exploit kit landscape has continued its downfall started in the summer of 2016 and its leading player —the RIG exploit kit— has stopped delivering any ransomware strains in 2018, focusing now on spreading cryptocurrency miners (coinminers) and information-stealing trojans (infostealers). These are the main conclusions of months of observation by […]

Ransomware developers continue to release infections that are clearly not tested well and contain bugs that may make it difficult, if not impossible, for victims to recover their files. Such is the case with the new in the wild ransomware called Thanatos that has been discovered by security researcher MalwareHunterTeam. When […]

2,844 new data breaches with 80M records added to Have I Been Pwned Security researcher Troy Hunt has added more than 80 million records from nearly 3,000 new data breaches to Have I Been Pwned. That is so many records that it is currently ranked as the 15th biggest data […]

The sudden rise of cryptocurrency triggered a shift in the target landscape. Cybercriminals started adapting and using their resources to try acquiring cryptocurrencies, whether through pursuing repositories like Bitcoin wallets or by compromising networks and devices to mine the currency. This isn’t completely new — ransomware authors have been using bitcoin as their preferred currency […]

Private Equity Deal Values Cofense at $400 Million PhishMe, a security awareness firm that focuses on training employees on how to recognize and report phishing attacks, has been acquired by a private equity consortium in a deal that valued the company at $400 Million. The company has also re-branded and […]

On February 22, 2018, Morphisec Labs spotted several malicious word documents exploiting the latest Flash vulnerability CVE-2018-4878 in the wild in a massive malspam campaign. Adobe released a patch early February, but cyber criminals know that is will take some companies weeks, months or even years to rollout the patch. All the documents […]

Training employees to spot phishing emails, messages and phone calls can’t be done just once or once a year if the organization wants to see click rates decrease. For one thing, employees come and go (and change roles) with regularity. Secondly, threats change over time. Thirdly, knowledge and practices that […]