Safe Links is a feature of Microsoft Defender for Office 365 (formerly known as Advanced Threat Protection) that helps protect from users clicking on malicious URLs. Proofpoint calls their version, URL Defense. Mimecast calls theirs, URL Protect. All these feature...
Cyren Security Blog
Featured Post
Latest Posts
How Phishers Abuse Hypertext Transfer Protocol Secure (HTTPS) Protocol
What is the first thing that comes to mind when we see sites using HTTPS protocol? Subconsciously we tend to trust these sites presuming that all that we see and/or enter there is checked, secured, and verified. However, what is meant to protect has now turned into...
Phishing on Adobe Spark
Threat actors are always on the lookout for inconspicuous ways to execute malicious attacks. One such tactic that has become common is the use of legitimate services as part of phishing campaigns. Since April this year, researchers at Cyren have seen a rise in...
Ransomware Attacks Are Here to Stay
Following the highly publicized (and successful) $4M+ ransom of Colonial Pipeline, attacks like these will only get more popular. Indeed this week, the New York Times reported "Ransomware Disrupts Meat Plants in Latest Attack on Critical U.S. Business." These attacks...
SolarMarker Backdoor Pretends to be Legit PDFescape Installer
The modified installer of legit "PDFescape Desktop Installer" app looks like this: Fake PDFescape Desktop Installer AppSHA-256: 0c933001de544ebc071d175d9f8e3bfad8066b532dc69dea4c713c52eb6a64a0 Cyren detects this kind of malware as W32/SolarMarker.A.gen!Eldorado. Upon...
Dissecting a UnionBank Phishing Campaign
We have been seeing email notifications about login attempts to UnionBank online accounts, prompting users to reset their password if they found the login attempts were suspicious. Below are screenshots of some of the most recent phishing emails that were seen. Figure...
Fake DocuSign Download Page Leads to Hentai Onichan Ransomware
We recently received samples that we suspected were “phishy” in nature, but after analyzing the email attachment a severe threat was exposed. Figure 1.0 Email sample The emails had a ZIP attachment containing an HTML that was designed to look like an invoice signed by...
A Dridex Phishing Campaign
The “Purchase” themed email is a commonly used subject in phishing campaigns. Threat actors can easily scrape the internet, in other words, specific data is very easily gathered and copied from the web. This makes company emails a very easy target, as they are...
Phishing campaign masquerading Excel template in the html attachment
Phishing remains one of the most popular types of corporate attacks in terms of its prevalence, and therefore it is not surprising that attackers are coming up with increasingly sophisticated methods to obtain the victim's personal data. One of the most recent...
Loose SPF, DKIM, DMARC, and ARC Settings Sabotage Security
It’s safe to say that all of our Cyren Inbox Security customers use the native Office 365 security capabilities of Exchange Online Protection and Advanced Threat Protection (now collectively called Microsoft Defender for Office 365). If you follow this blog, you can’t...