Author Archives: Jérôme Segura

New Flash Player zero-day comes inside Office document

Posted on by

Threat actors are targeting South Korea with a Flash Player zero-day in limited attacks, according to Adobe.
Categories:

Cybercrime
Exploits

Tags: CVE-2018-4878Flash Player zero-dayKorean

(Read more…)

The post New Flash Player zero-d… Continue reading New Flash Player zero-day comes inside Office document

Fake Spectre and Meltdown patch pushes Smoke Loader malware

Posted on by

German users are being targeted with a rogue patch for the recently announced Meltdown and Spectre flaws.
Categories:

Cybercrime
Social engineering

Tags: germanmalwareMeltdownphishingsmoke loaderSmoke Loader MalwaresmokeloaderSpectre

(Read m… Continue reading Fake Spectre and Meltdown patch pushes Smoke Loader malware

RIG exploit kit campaign gets deep into crypto craze

Posted on by

We take a look at a prolific campaign that is focused on the distribution of coin miners via drive-by download attacks. We started to notice larger-than-usual payloads from the RIG exploit kit around November 2017, a trend that has continued more … Continue reading RIG exploit kit campaign gets deep into crypto craze

Tech support scammers make browser lockers more resilient

Posted on by

Closing tech support scam pop-ups is becoming more challenging as crooks come up with more tricks for browser lockers.
Categories:

Cybercrime
Social engineering

Tags: browlockbrowser lockerpopundertech support scamsTSS

(Read more…)

Continue reading Tech support scammers make browser lockers more resilient

Seamless campaign serves RIG EK via Punycode

Posted on by

The most prolific gate to the RIG exploit kit is coming in a different flavor. The Seamless campaign is now using a domain name with foreign characters translated by Punycode.
Categories:

Exploits
Threat analysis

Tags: phishingPunycoderamnitRam… Continue reading Seamless campaign serves RIG EK via Punycode

Persistent drive-by cryptomining coming to a browser near you

Posted on by

If you think closing your browser window to leave a site that runs a cryptominer will stop the mining process, think again. Persistent drive-by cryptomining has arrived.
Categories:

Cybercrime
Malware

Tags: coinhiveCryptojackingcryptominingDriv… Continue reading Persistent drive-by cryptomining coming to a browser near you

Terror exploit kit goes HTTPS all the way

Posted on by

A look at some techniques used by the Terror exploit kit to evade traffic-based detection.
Categories:

Exploits
Threat analysis

Tags: exploit kitsmalvertisingPropeller Ads Mediasmoke loaderTerror EKTerror exploit kit

(Read more…)

The… Continue reading Terror exploit kit goes HTTPS all the way

Disdain exploit kit served with a side of social engineering

Posted on by

Exploits may not be enough as threat actors combine them with social engineering in a new Disdain exploit kit attack method.
Categories:

Exploits
Threat analysis

Tags: DisdainEKexploit kitneutrino

(Read more…)

The post Disdain exploi… Continue reading Disdain exploit kit served with a side of social engineering

A look into the global drive-by cryptocurrency mining phenomenon

Posted on by

As drive-by downloads slow down, drive-by cryptocurrency mining emerges as the latest annoyance that hijacks our PCs’ CPU.
Categories:

Cybercrime
Exploits
Privacy

Tags: coinhivecryptocurrenciesCryptojackingDrive-by miningJsMinermonero

(Read … Continue reading A look into the global drive-by cryptocurrency mining phenomenon

Stay away from the Bitcoin multiplier scam

Posted on by

Bitcoin multiplier scams: same old scam, different commodity. Scammers want your Bitcoins, and to get them, they promise to make you rich in less than an hour. Too good to be true? Absolutely.
Categories:

Cybercrime
Social engineering

Tags: bit… Continue reading Stay away from the Bitcoin multiplier scam