Cyren Security Blog

Delve into the world of cybersecurity and cybercrime as Cyren experts explore the latest threats targeting businesses, as well as industry trends and technological advances, and how these pressures, risks, and changes impact business reputation and growth.

Subscribe to this Blog

File-less (almost) and Confused

by

Amidst the crisis the world is going through because of the Covid-19 pandemic, malicious actors continue to take advantage of the situation to lure unsuspecting online consumers into installing malware into their systems.

Protect From Evasive Phishing with Email Security Defense-in-Depth

by

Email security is broken. Companies are attempting to defend against today’s sophisticated attacks using technology developed to block spam and malware.

In the late 1990s, spam had become a serious problem and propagation of malware by email started to increase. In response, email security software was created. The popular open source spam filtering software, SpamAssassin, was first made available in 2001. It included various detection techniques, such as Bayesian filtering, IP reputation and blocklists. The Secure Email Gateway (SEG), a product category that came into being in the early 2000s, still uses these techniques today.

Emotet Still Evolving—New Variants Detected

by

Emotet malware campaigns continue to evolve, below we share a breakdown of samples of two new malicious downloader variants that appeared toward the end of January, as can be seen in this chart of the samples detected by Cyren per day during the month of January. We list IOCs and payload detections for each below.

Top 20 Brands Targeted for Yuletide Phishing

by

Internet platforms, financial sites, and shopping brands are still the most popular targets for phishing, according to new research from the Cyren Security Lab.

Exploiting CAPTCHA: The Latest Evasive Phishing Tactic

by

The Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) has been used in commercial applications since the early 2000s. As its name suggests, it is a mechanism for ascertaining that a real, live human is performing an action at a web site. CAPTCHA is generated by distorting letters and numbers in such a way that a computer using OCR cannot resolve it. Typical applications were originally centered on authentication. For example, if you enter an incorrect password multiple times, you might be presented with a CAPTCHA to ensure that a bot is not attempting to brute force a login. Today there are other applications, such as preventing bots automatically posting good product reviews to falsify scores on review sites. 

Suspected BEC Campaign Targeting Banks

by

In the past week we've been receiving reports of different—but seemingly related—email malware campaigns targeting banks in both the US and Europe, specifically in the form of Excel Workbooks containing a malicious macro being sent as an attachment to emails. What's interesting is that even though the email themes used are varied, the attached bait documents are mostly similar.