Another day, another ICO-related scam. In an attack similar to that which fooled investors into the Enigma cryptocurrency investment platform, users who were aiming to buy Bee Tokens during a Token Generation Event (i.e., an initial coin offering) were tricked into sending the money to scammers instead. What is the […]

This example is an email containing the subject of “REF: Notification of payment collection” pretending to come from HMRC but actually coming from a look-a-like or typo-squatted domain < noreply@notificationsemailgovuk033.top >  with a malicious word doc attachment  is today’s latest spoof of a well-known company, bank or public authority delivering Trickbot banking Trojan. The initial […]

Just three months after Princeton researchers were warning users of the dangers of « session replay » attacks, developers of malicious Chrome extensions have incorporated this « trick » into their latest « releases. » The term « session replay » refers to JavaScript code that records user activity and then plays it back in exact detail. Over […]

GandCrab blends old and new threat resources as ransomware evolves A ransomware threat called GandCrab emerged during the last week of January, which itself not that newsworthy. However, it’s distribution method and ransom currency choice could be pointers to how 2018 ransomware will evolve. A ransomware threat called GandCrab has […]

Security researchers are seeing an ever-increasing number of malware samples that are experimenting with the Meltdown and Spectre vulnerabilities. According to experts at AV-TEST, Fortinet, and Minerva Labs, several individuals are experimenting with publicly released proof-of-concept (PoC) code for the Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5715, CVE-2017-5753) vulnerabilities. esearchers from AV-TEST […]

A piece of crypto-mining malware is using sophisticated tools for its operations, including a Windows exploit linked to the National Security Agency, security researchers warn. Dubbed WannaMine, the crypto-mining worm spreads using EternalBlue, the NSA-linked tool that became public in April 2017, just one month after Microsoft released a patch […]