Cyren Security Blog

Double Deceit: Bad Things Come in Pairs

by Maharlito Aquino and Kervin Alintanahin

The chinese proverb may say that good things come in pairs, but in what appears to be a clever bit of social and technical engineering, we’ve discovered a new email threat carrying not one, but two different malicious attachments as bait, specifically a PDF file and a Microsoft Template file (OpenXML/DOTX), targeting a previously reported Microsoft Office vulnerability in order to deliver the remote access trojan (RAT) known as NetWiredRC. We believe the use of two attachments is intended to make the email seem more legitimate to recipients. Typically hackers only send one malicious attachment—by sending two, the hackers increase the chances that the target will open at least one of them. In addition, the techniques applied within the attachments add a few layers of complexity in both the delivery of the exploit and the final payload, and are intended to help evade detection.

Cybercriminals see real estate firms as profitable

by John Callon

For the last two to three years, stories about real estate hacking and particularly phishing have appeared with increasing frequency in newspaper and blog headlines. Take for example the cybercriminals who stole client contact information from a DC-area real estate company, and then created a “business email compromise” (BEC) scam, which resulted in $1.5 million being stolen in a phishing/wire fraud scheme from a couple about to close on a home.

Cyber pirates targeting logistics and transportation companies

by John Callon

In June of 2017, the logistics and transport industry experienced a ‘first’ when almost 80 ports and terminals around the globe either came to a standstill or experienced significant delays, including the Port of New York and New Jersey, the Port of Los Angeles, the port of Rotterdam (Europe’s largest), and the port near Mumbai—India’s largest container port.

Why is the security industry telling you that your users should protect themselves?

by Duncan Mills

I’m a technology marketer, and the annual RSA security event is an opportunity for me to understand what my peers and competitors are saying to customers and potential customers. My takeaway this year is that many in the industry appear to be telling customers to shift the burden of protection to the end-user. 

Construction Industry Security Threatened by Weak Links

by John Callon

Remember the big Target breach in 2013, when 40 million credit and debit cards and as many as 110 million email addresses stolen? It cost Target $292 million (according to their annual report), led to 80 lawsuits which took four years to resolve, and cost the CEO his job.

Have Email Threats Finally Worn Down IT Professionals? 80 Opinions on the State of Email Security

by Duncan Mills

Cyren recently gathered opinions from the Spiceworks IT community membership about the state of email security. We received almost 80 responses and were surprised at what appears to be a general feeling that the respondents are losing the battle against email threats.