phishing


As global cyberattacks persist, cybersecurity is becoming a main focus in the C-suite. Gone are the days where it’s just a concern for IT teams. These rapid, sophisticated attacks across industries have demonstrated that cybersecurity is the responsibility of the entire organization as they seek to avoid the crippling effects associated with data breaches. [Read More]
by RSS Drew Del Matto  |  Dec 26, 2017  |  Filed in: Industry Trends
FortiGuard Labs continues to investigate a series of attacks on Bitcoin users. In our first blog, we provided a deep analysis of malicious samples from the Bitcoin Orcus RAT campaign. In this second part, we recreate the full path of a multistage complex attack, shed some light on some other activities of these criminal actors, and reveal their possible identities. Failed attempt Bitcointalk.org is a popular place to trade for bitcoins. In 2015 there was a simple and straightforward attack on its users. Somebody registered a... [Read More]
by RSS Artem Semenchenko and Evgeny Ananin  |  Dec 22, 2017  |  Filed in: Security Research
Educational institutions have become regular targets for cybercriminals. In fact, the education sector accounted for 13 percent of data breaches in the first half of 2017, resulting in the compromise of around 32 million records. One of the top reasons that schools are targeted is the diverse data they store on students and staff, including personally identifiable information (PII), healthcare information, and financial information. These records can then be sold on the dark web to be used for purposes of identity theft and fraud. As educational... [Read More]
by RSS Susan Biddle  |  Dec 13, 2017  |  Filed in: Business and Technology, Industry Trends
The holiday shopping season is also a big event for cybercriminals. Fake web sites, intercepting your financial data, charity scams, email phishing attacks, fake shopping sites, texting and SMS scams, and more are all designed to steal you personal and financial information. So, in addition to checking your credit card balances and making out your shopping lists, you also need to take precautions before doing your holiday shopping online. If done right, it can be a safe and convenient way to buy gifts – if you follow a few simple rules. [Read More]
by RSS Anthony Giandomenico  |  Nov 13, 2017  |  Filed in: Industry Trends
FortiGuard Labs has been tracking a tax refund phishing scam in Malaysia. Let’s get into the details of how this works. [Read More]
by RSS Nelson Ngu  |  Nov 12, 2017  |  Filed in: Security Research
Recently, FortiGuard Labs found a phishing campaign targeting French Nationals. In this campaign, a PDF file with an embedded javascript is used to download the payload from a Google Drive shared link. As it turns out, the downloaded file is an HTA (HTML Application) file, a format that is becoming more and more common as a malware launch point. It is usually used as a downloader for the actual binary payload. However in this campaign,... [Read More]
by RSS Joie Salvio and Rommel Joven  |  Oct 12, 2017  |  Filed in: Security Research
Cybercriminals have increasingly taken notice of schools and universities as profitable targets for cyberattacks. A key reason for this is the types of information schools keep on students, parents, and staff. Typically, upon infiltrating an institution’s network, cybercriminals will probe for, find, and exfiltrate valuable user data. This could be anything from health records, financial information, or any other personally identifiable information, such as social security numbers. Cybercriminals typically then take this data and sell it... [Read More]
by RSS Susan Biddle  |  Oct 06, 2017  |  Filed in: Industry Trends
Introduction CVE-2017-0199 is a remote code execution vulnerability that exists in the way that Microsoft Office and WordPad parse specially crafted files. An attacker who successfully exploits this vulnerability can take control of an affected system and then install programs, view, change, or delete data, or create new accounts with full user rights. Microsoft issued a patch for this vulnerability April, and most security vendors have published alarms for it. Unfortunately, attacks targeting this vulnerability are still widely being used... [Read More]
by RSS Bahare Sabouri and He Xu  |  May 30, 2017  |  Filed in: Security Research
One of the main reasons for the rapid growth in tax refund fraud is that it takes little effort to file a false return. A valid name, date of birth, and Social Security number are all one needs to file a return. Given the unprecedented number of data thefts last year, it is obvious this information is readily available. A quick trip to the Dark Web can provide criminals with the ability to purchase millions of files with this data. [Read More]
by RSS Anthony Giandomenico  |  Mar 30, 2017  |  Filed in: Industry Trends
As a product manager, the start of the year is a time to take a few breaths and reflect on the successes or failures of the past year and plan for future projects.  When we have invested so much effort into our products, we know their strengths, but spending so much time in such close proximity to a solution can also make one a bit blinkered. Which is why it is always important to get outside opinions on your progress as a sanity check. Of course, customer feedback is essential, and always very welcome, but it was particularly satisfying to... [Read More]
by RSS Carl Windsor  |  Mar 15, 2017  |  Filed in: Business and Technology