Security Awareness Training Blog

Malware Blog

Covering the latest malware threats affecting software, hardware, cloud networks, etc. Keeping you informed so you can keep your users safe.

Scam Of The Week: See Jeffrey Epstein Last Words On Video

This weekend, news broke that Jeffrey Epstein was found dead in his cell, apparently a suicide. This is a celebrity death that the bad  guys are going to be exploiting in a variety of ...
Continue Reading

Here Are Some Interesting Headlines I Found During Black Hat

Black Hat 2019 - The Craziest, Most Terrifying Things We Saw: I ran into Neil Rubenking when I went to the Qualys party which was in the Foundation Room all the way on top of the ...
Continue Reading

Iranian Hacker Group APT34 Use New ‘Tonedeaf’ Malware over LinkedIn in Latest Phishing Campaign

Targeting several key industries, this new campaign likely seeks to aid the Iranian government with information that could be of use to further Iran’s economic and security goals.
Continue Reading

U.S. Coast Guard Warns of Phishing Attacks Designed for Data Theft and Malware Infection

A new Marine Safety Information Bulletin from the U.S. Coast Guard demonstrates that cybercriminals aren’t just after land-based businesses.
Continue Reading

Microsoft Discovers New Excel-Based Attack to Deliver the FlawedArmmyRAT Malware

A new set of tweets from Microsoft Security Intelligence walks through an attack that uses a number of built-in Windows toolsets to infect machines with the notorious malware.
Continue Reading

Dridex Credential Stealer Returns With New Antivirus Evasion - Including Application Whitelisting

SCMag reported that a new strain of the notorious Dridex malware has been spotted using polymorphism antivirus evasion techniques in phishing emails. The Dridex credential-stealer that ...
Continue Reading

New Malware Pretends to Be You by Matching Your Keystroke Characteristics

Cybersecurity researchers have developed a new keystroke impersonation attack that avoids being detected by keystroke-based biometric security solutions.
Continue Reading

Get Ready for the First Wave of AI Malware

This is an excerpt from an article in SecurityWeek by Gunter Ollmann, who is currently the CSO of Microsoft’s Cloud and AI Security division. He is a seasoned information security leader.
Continue Reading

A Powerful Malware That Tried To Blow Up A Saudi Plant Strikes Again

A highly capable malware reportedly used in a failed plot to blow up a Saudi petrochemical plant has now been linked to a second compromised facility.
Continue Reading

Rietspoof Malware Attack Uses Messaging Apps to Distribute Ransomware

Researchers at antivirus vendor Avast have identified a new malware attack that leverages Skype, Facebook Messenger, and other messaging applications.
Continue Reading

Malware Blindness in the Enterprise

A growing percentage of cyberattacks are using encryption to avoid detection, according to a new report by Zscaler’s ThreatLabZ researchers. Their report, summarized by Help Net Security, ...
Continue Reading

[Heads-up] 40 Percent Of Malicious URLs Found On Good Domains. YIKES!

Webroot revealed the results of their 2019 Threat Report, showing that tried-and-true attack methods are still going strong, but new threats emerge daily, and cybercrime is highly ...
Continue Reading

Remote Access Credentials Are the Latest Malware Attack Target

The latest iteration of notable banking trojan, Trickbot, now includes a password grabbing module designed to provide cybercriminals with remote access to internal systems.
Continue Reading

Online Job Offer Turns Would-Be Applicant into Unwitting Conspirator in Malware Attack

The context of contacting the victim via a credible website may be all that was needed to trick one job seeker into installing malware on the network of a bank.
Continue Reading

Malicious Memes Trigger Malware Functions

Cybercriminals are using steganography to deliver commands to malware via malicious memes, according to researchers at Trend Micro. Steganography is the art of hiding messages inside ...
Continue Reading

DNSpionage Malware Targets Domains in Lebanon and United Arab Emirates

A new threat actor is targeting Lebanon and United Arab Emirates (UAE) government domains, as well as a Lebanese airline company, according to Warren Mercer and Paul Rascagneres at Cisco ...
Continue Reading

Malware Targets 67 Online Brands Ahead of Black Friday

14 malware families have been discovered as part of an elaborate scam aimed at users shoppers of major e-commerce sites looking for pre-Black Friday deals. We’re all gearing up for some ...
Continue Reading

[Heads-up] Now In The Wild: New Super Evil Rootkit Survives Even "Nuke From Orbit" And HD Swap

This thing is a nightmare that escaped into daylight. The Russian GRU—aka Fancy Bear—probably was riveted reading the Wikileaks CIA Vault 7 UEFI Rootkit docs (PDF) and built one of these ...
Continue Reading

Microsoft Office Macros Remain Top Choice for Malware Delivery

Microsoft Office documents containing malicious macros accounted for 45 percent of malware loaders in August 2018, according to a blog post by Cofense. These macros were used to deliver a ...
Continue Reading

Bad guys use Google's Golang to cross-compile multi-platform malware

Here is the bad news: The use of Google's Golang (also called Go) programming language allows attackers to cross-compile malware for use on multiple platforms, making potential attacks on ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews