Cyren Security Blog

Subscribe to this Blog

VelvetSweatshop Revival with Excel4 Macro Malware Delivers Gozi/Ursnif Amidst Covid-19 Chaos

by Maharlito Aquino and Carlo Panganiban

In the past month, we have been seeing a surge in Excel malware using Excel4 Macros (XLM) in hidden worksheets. Just a few weeks ago, malicious actors started reviving an age-old technique to further hide the malicious XLM code by leveraging the VelvetSweatshop secret password in Excel workbooks.

File-less (almost) and Confused

by Maharlito Aquino and Kervin Alintanahin

Amidst the crisis the world is going through because of the Covid-19 pandemic, malicious actors continue to take advantage of the situation to lure unsuspecting online consumers into installing malware into their systems.

Protect From Evasive Phishing with Email Security Defense-in-Depth

by John Callon

Email security is broken. Companies are attempting to defend against today’s sophisticated attacks using technology developed to block spam and malware.

In the late 1990s, spam had become a serious problem and propagation of malware by email started to increase. In response, email security software was created. The popular open source spam filtering software, SpamAssassin, was first made available in 2001. It included various detection techniques, such as Bayesian filtering, IP reputation and blocklists. The Secure Email Gateway (SEG), a product category that came into being in the early 2000s, still uses these techniques today.

Emotet Still Evolving—New Variants Detected

by Maharlito Aquino and Kervin Alintanahin

Emotet malware campaigns continue to evolve, below we share a breakdown of samples of two new malicious downloader variants that appeared toward the end of January, as can be seen in this chart of the samples detected by Cyren per day during the month of January. We list IOCs and payload detections for each below.

Top 20 Brands Targeted for Yuletide Phishing

by Duncan Mills

Internet platforms, financial sites, and shopping brands are still the most popular targets for phishing, according to new research from the Cyren Security Lab.

Exploiting CAPTCHA: The Latest Evasive Phishing Tactic

by Duncan Mills

The Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) has been used in commercial applications since the early 2000s. As its name suggests, it is a mechanism for ascertaining that a real, live human is performing an action at a web site. CAPTCHA is generated by distorting letters and numbers in such a way that a computer using OCR cannot resolve it. Typical applications were originally centered on authentication. For example, if you enter an incorrect password multiple times, you might be presented with a CAPTCHA to ensure that a bot is not attempting to brute force a login. Today there are other applications, such as preventing bots automatically posting good product reviews to falsify scores on review sites.