Cyren Security Blog

Protect From Evasive Phishing with Email Security Defense-in-Depth


Email security is broken. Companies are attempting to defend against today’s sophisticated attacks using technology developed to block spam and malware.

In the late 1990s, spam had become a serious problem and propagation of malware by email started to increase. In response, email security software was created. The popular open source spam filtering software, SpamAssassin, was first made available in 2001. It included various detection techniques, such as Bayesian filtering, IP reputation and blocklists. The Secure Email Gateway (SEG), a product category that came into being in the early 2000s, still uses these techniques today.

Emotet Still Evolving—New Variants Detected


Emotet malware campaigns continue to evolve, below we share a breakdown of samples of two new malicious downloader variants that appeared toward the end of January, as can be seen in this chart of the samples detected by Cyren per day during the month of January. We list IOCs and payload detections for each below.

Top 20 Brands Targeted for Yuletide Phishing


Internet platforms, financial sites, and shopping brands are still the most popular targets for phishing, according to new research from the Cyren Security Lab.

Exploiting CAPTCHA: The Latest Evasive Phishing Tactic


The Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) has been used in commercial applications since the early 2000s. As its name suggests, it is a mechanism for ascertaining that a real, live human is performing an action at a web site. CAPTCHA is generated by distorting letters and numbers in such a way that a computer using OCR cannot resolve it. Typical applications were originally centered on authentication. For example, if you enter an incorrect password multiple times, you might be presented with a CAPTCHA to ensure that a bot is not attempting to brute force a login. Today there are other applications, such as preventing bots automatically posting good product reviews to falsify scores on review sites. 

Suspected BEC Campaign Targeting Banks


In the past week we've been receiving reports of different—but seemingly related—email malware campaigns targeting banks in both the US and Europe, specifically in the form of Excel Workbooks containing a malicious macro being sent as an attachment to emails. What's interesting is that even though the email themes used are varied, the attached bait documents are mostly similar.

Is The Email Security Industry About To Lose Another Major Vendor?


Symantec’s acquisition by Broadcom, announced recently, represents yet another major change for this cyber security vendor and service provider.