Elizabeth Hernandez

Many businesses concentrate on technical measures to protect them against cyberattacks. They invest in firewalls, multifactor authentication, advanced email security solutions, and web filters to block attacks at source, yet often neglect the human factor and do not provide adequate … Read more

There are many ways that cybercriminals gain access to business networks, including phishing attacks and exploiting unpatched vulnerabilities. Many businesses now provide security awareness training to employees to improve phishing awareness, but it is also important to teach the workforce … Read more

Email is commonly used by threat actors for initial contact with victims and while most attacks attempt to steal credentials or distribute malware distribution, another type of scam has been steadily increasing. Sextortion scams have increased by 178% year over … Read more

Ransomware attacks have increased significantly in 2023 and the file encrypting malware is now used in around 20% of cyberattacks. Ransomware is used to encrypt business-critical files to prevent access, and a ransom demand is issued for the keys to … Read more

Employees are being targeted in a new malvertising campaign that uses Google and Bing Ads offering a variety of trojanized installers for software solutions such as AnyDesk, Cisco AnyConnect VPN, and WinSCP. These campaigns deliver malware that establishes initial access … Read more

RomCom malware is being distributed via a range of websites that claim to offer downloads of popular software solutions such as AstraChat, GIMP, Go To Meeting, and ChatGPT, and traffic is being sent to those websites by malicious Google Ads … Read more

Malicious actors are abusing Google Ads to drive traffic to malicious websites where malware is downloaded, and abuse of Google Ads for malware distribution is increasing. Google places its Ad blocks at the top of the page, so the adverts … Read more

While many phishing scams target Microsoft 365 credentials due to the usefulness of the accounts and the data they hold, social media credentials are also highly prized. If a phisher is able to steal Facebook credentials, they can gain access … Read more

Security experts have long recommended that multi-factor authentication be implemented to protect against phishing attacks and for good reason. Single-factor authentication – a password – provides a degree of protection against unauthorized account access; however, with modern GPUs, it is … Read more

Now that Microsoft has started blocking macros in Office documents delivered via the Internet, distributing malware via email has become more difficult and hackers have been forced to change their tactics, techniques, and procedures. This has been seen in phishing … Read more

Several new phishing trends were evident in 2022 as cybercriminals changed their tactics for stealing credentials and distributing malware. The same tried and tested techniques were used in many phishing campaigns, including delivery failure notifications, fictitious charges to accounts, security … Read more

Phishing can take many forms and while email phishing is by far the most common way that threat actors phish for sensitive information and distribute malware, other forms of phishing are increasingly being used in attacks on businesses. Cybercriminals are … Read more

Biomedical firms and their partners are being targeted by an Advanced Persistent Threat (APT) actor in a campaign that delivers Tardigrade malware. Initial analyses of Tardigrade malware suggest it is a sophisticated threat from the SmokeLoader malware family. SmokeLoader is … Read more

A new Android banking Trojan named SharkBot has been identified that has capabilities that go beyond most mobile banking Trojans. This new Android malware stands out due to its use of an Automatic Transfer System (ATS) technique that allows it … Read more

In November 2018 the Rockingham school district in North Carolina suffered an Emotet malware infection that cost a massive $314,000 to resolve. The malware was delivered using spam emails, which were sent to multiple users’ inboxes. The attack included an often-used … Read more

Following the ransomware attacks on critical infrastructure in the United States, several ransomware-as-a-service operations went quiet. The attacks attracted a lot of heat for ransomware gangs and several groups responded by either implementing new restrictions on the types of entities … Read more

A flaw in the mobile Safari browser has been targeted by cybercriminals and used to extort money from people who have previously used their mobile device to access pornography or other illegal content. The Safari scareware stops the user from … Read more

The disruption to learning from a pandemic that has lasted more than a year is bad enough, but many schools have experienced even more disruption just as many have opened their gates and allowed students back into classrooms.  The SARS-CoV-2 … Read more

There has been an increase in the use of a JavaScript-based infection framework known as Gootloader for delivering malware payloads. Gootloader, as the name suggests, has been used to deliver the Gootkit banking Trojan, but also REvil ransomware, Cobalt Strike, … Read more

Compromised email accounts take place many times around the world every day of the week and it is estimated that 2.5 billion accounts were hacked during 2019 which equates to 6.85 million accounts being hacked every day. Cybercriminals are always … Read more

The U.S. National Security Agency (NSA) has released a cybersecurity advisory alert informing the public that Russian state-sponsored hackers are focusing on a flaw in VMWare virtual workspaces used to support remote working. The flaw, labelled as CVE-2020-4006, is present … Read more

The Advanced Persistent Threat (APT) group APT32 – aka OceanLotus – is conducting a malware campaign targeting Apple MacOS users. APT32 is a nation-state hacking group that primarily targets foreign companies operating in Vietnam. The data exfiltrated by the hackers … Read more

A recent phishing campaign has been discovered that deceived the US Internal Revenue Service (IRS) and tells recipients that their are facing immediate legal action to take back a huge tax repayment. These emails are expertly written and demand immediate … Read more

It is fair to say that more people are now working from home than ever before and the number is growing rapidly due to the coronavirus pandemic. Here we explore some of the key cybersecurity challenges for remote working and … Read more

In the rush to buy Christmas gifts online, security awareness often is disregarded and hackers are waiting to take advantage. Hidden among the countless emails sent by retailers to inform past customers of the most recent special offers and deals … Read more

A spam email campaign is being conducted focusing on targeting corporate email accounts to share Loki Bot malware. Loki Bot malware is a data stealer capable of obtaining passwords stored in browsers, obtaining email account passwords, FTP client logins, cryptocurrency … Read more

Although many reports seem to indicate that email spam is dropping, email spam and botnet infection is still a major danger for most U.S organizations and people – with criminal practices netting hacking gangs billions of dollars every year. Estimating … Read more

Sextortion scams have proven popular with hackers in 2019. A well-composed email and an email list are all that is necessary. The latter can easily be bought for next to nothing via darknet marketplaces and hacking forums. Next to no … Read more

Anatova ransomware is a new cryptoransomware variant that appears to have been released on January 1, 2019. It is stealthy, can infect network shares, has already been used in attacks in many countries around the world. It could well prove … Read more

Hackers are taking advantage of poor Wi-Fi security to attack small businesses. This post covers simple steps to take to improve Wi-Fi security to block cyberattacks. Small businesses can implement a robust firewall to protect against cyberattacks, but the Wi-Fi … Read more

Hackers are increasingly targeting small businesses. These 10 cybersecurity tips for small businesses can be implemented to improve security, prevent successful cyberattacks, and avoid costly data breaches. Many small business owners misguidedly think that their company is too small to … Read more

A new form of MongoLock ransomware is actively being used in a global campaign. A 0.1 BTC ransom is demanded, although file recovery may not be possible. The ransomware immediately deletes files and formats backup drives and a recoverable copy … Read more

Home purchasers and real estate agents in the United Kingdom and Ireland are being targeted by cybercriminals using a new solicitor email campaign. The scam, which includes mimicking a solicitor, is costing victims thousands. Additionally, there have some cases seen … Read more

The final weekend of 2018 has seen a significant newspaper cyberattack in the United States that has disrupted production of several newspapers published by Tribune Publishing. The attacks were malware-related and impacted the Saturday editions of the Los Angeles Times, … Read more

Police in Iceland have said a highly complex phishing attack is the biggest ever cyberattack the country has ever witnessed. The campaign saw thousands of messages sent that tried to get Icelanders to download a remote access tool that would … Read more

Hackers have been targeted universities extensively in the last year according to figures recently released by Kaspersky Lab. Universities store very valuable information. As research group collate valuable proprietary data. The results of research studies are particularly valuable. It may … Read more

A new ransomware threat has been detected called FilesLocker which is currently being offered as ransomware-as-a-service (RaaS) on a TOR malware forum. FilesLocker ransomware is not a particularly sophisticated ransomware variant, but it still poses a significant threat. FilesLocker ransomware … Read more

The past few months have seen an increase in new, versatile malware downloaders that gather a significant amount of data about users’ systems before deploying a malicious payload. That payload is determined on the users’ system. Marap malware and Xbash … Read more

Using fake software updates to spread malware is not a new phenomenon, but a new malware campaign has been discovered that is quite different. Fake Adobe Flash updates are being spread that actually do update the user’s Flash version, albeit … Read more

Spam or junk email may be the primary method of sharing delivering banking Trojans, however there are many other ways of convincing employees to download and install malware on their computers. The CamuBot Trojan the method used is vishing. Vishing … Read more

The CamuBot Trojan is a new malware variant that is being used in vishing campaigns on employees to obtain banking credentials. Cybercriminals Use Vishing to Convince Employees to Install CamuBot Trojan Spam email may be the primary method of delivering … Read more

Hotels, restaurants, and telecommunications businesses are being focused on in  a new spam email campaign that sends a new variety of malware called AdvisorsBot. AdvisorsBot is a malware downloader which, like many malware variants, is being shared vis spam emails … Read more