Cyren Security Blog

Subscribe to this Blog

Exploiting CAPTCHA: The Latest Evasive Phishing Tactic

by Duncan Mills

The Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) has been used in commercial applications since the early 2000s. As its name suggests, it is a mechanism for ascertaining that a real, live human is performing an action at a web site. CAPTCHA is generated by distorting letters and numbers in such a way that a computer using OCR cannot resolve it. Typical applications were originally centered on authentication. For example, if you enter an incorrect password multiple times, you might be presented with a CAPTCHA to ensure that a bot is not attempting to brute force a login. Today there are other applications, such as preventing bots automatically posting good product reviews to falsify scores on review sites. 

Suspected BEC Campaign Targeting Banks

by Maharlito Aquino and Kervin Alintanahin

In the past week we've been receiving reports of different—but seemingly related—email malware campaigns targeting banks in both the US and Europe, specifically in the form of Excel Workbooks containing a malicious macro being sent as an attachment to emails. What's interesting is that even though the email themes used are varied, the attached bait documents are mostly similar.

Is The Email Security Industry About To Lose Another Major Vendor?

by Duncan Mills

Symantec’s acquisition by Broadcom, announced recently, represents yet another major change for this cyber security vendor and service provider.

Open Source Ransomware Targets Fortnite Users

by Maharlito Aquino and Kervin Alintanahin

The global gaming phenomenon Fortnite has a huge global user base – last reported in March at 250 million gamers – and the just-concluded Fortnite World Cup with its $30 million prize pool and an online viewing audience of over two million has certainly only added to its allure. Over 40 million Fortnite gamers competed in qualifying rounds to get one of the 100 coveted spots in the World Cup and a guaranteed $50,000 payout, plus a shot at the $3 million top prize (won by a 16-year old!). Given the size of the global player pool and the evident motivation to up one’s game, it comes as no surprise that cybercriminals are now targeting Fortnite users by leveraging their competitive zeal.

Test the Effectiveness of Your Email Security

by Duncan Mills

Do you keep seeing phishing emails getting through to users, and wish you could quantify how effective your email security is—or isn't? Email is the main vehicle for introducing malware into an organization, and is practically synonymous with phishing these days, so it is a sensible idea to get a grasp on whether your security is doing its job well or poorly — but lots of people don't. Here at Cyren we know how eye-opening such an evaluation can be, as the email security "gap analyses" that we performed for a series of organizations in 2018 showed that an average 7.2% of email protected by a number of email security products, but still reaching users, was spam or contained a threat. 

Evasive Phishing Driven by Phishing-as-a-Service

by Tinna Thuridur Sigurdardottir and Magni Sigurdsson

Cyren’s research lab has turned up 5,334 new, unique phishing kits deployed to the web so far this year, an indication of the scope and scale of turn-key phishing offerings.