Collaborate Disseminate
I receive a lot of spam email (probably from recent breaches). A lot of them contain text that looks a lot like the below text:
Why do they contain such weird characters? Is this part of an exploit? Is this to mislead spam filters? Or i… Continue reading Why do so many spam emails lately contain a lot of unicode characters?
We continue to see AgentTesla keylogger / Infostealer on a daily basis. The UK generally has been fairly quiet for malware over the last few months ( since Easter 2019) and we are only seeing the “commodity” malware like AgentTesla, Hawkeye… Continue reading new AgentTesla Keylogger install method – Choice.exe
We haven’t seen any Formbook malware / Trojan / Info-Stealer hitting the UK for ages, so it was quite surprising to see this one arrive overnight. Unlike previous versions who generally used exploits or macros / embedded ole objects in Microsoft … Continue reading Formbook back hitting UK in fake order emails
WeTransfer is being used by hackers to circumvent email gateways looking to zap malicious links. Continue reading Popular File-Sharing Service WeTransfer Used in Malicious Spam Campaigns
Scenario:
PHP Developer: email to : user@*.org or *@domain.org
Receiver opens the email:
Sender: PHP Developer:
************************
this is a spam email<br>
************************
So yes, what way?
Assume I have a public API endpoint which I’d like to protect against abuse. I’d like to implement a solution that ensures that the client spends some computational time before allowing the request to succeed.
What would be … Continue reading Rate limiting API with PBKDF2 challenge?
I received a rather interesting email earlier today. It pretends to be an email from Privatbank.com and written mainly in Ukranian. There is not a known bank using PrivatBank.com anywhere I can find listed although a website for this domain was… Continue reading Fake PrivatBank email delivers AgentTesla and Phishing
I want to implement a telemetry data sender into my electron app. The API which I want to connect to is public. So any crash reports or any other data from the user is sent to it. The problem is how do I secure the API to pre… Continue reading Public report/telemetry API
I am not entirely sure what the in initial binary download with this one is, but there are indications it might be Dark Comet RAT. What we do know is that it drops a Lokibot binary The word doc is actually a RTF file containing embedded ole objects. Th… Continue reading Fake order eventually drops Lokibot but something else happens
So here is the situation, we are trying to filter out spam emails within our organizations Exchange 2010 mail server and for the most part we have been pretty successful. Except for a few emails.
Under transportation rules … Continue reading Emails Bypassing Exchange Transportation Rules