Fake IRS notice delivers customized spying tool
Threat actors leverage a Microsoft Office exploit to spy on their victims. In this blog post, we will review its delivery mechanism and analyze the malware we observed, a modified version of a commercial Remote Administration Tool (RAT).
A week in security (September 11 – September 17)
A compilation of security news and blog posts from the 11th – 17th September. We look at 0days, more Equifax developments, our usual smattering of blog posts, and more!
Compromised LinkedIn accounts used to send phishing links via private message and InMail
A recent attack uses existing LinkedIn user accounts to send phishing links to their contacts via private message but also to external members via email.
Google reminds website owners to move to HTTPS before October deadline
To encourage website owners and service providers to move to HTTPS, Google began sending out emails to remind them that their sites will be marked as insecure if they don’t comply. This is the latest step in the search giant’s long-term effort of creating a safer web experience for every user.
Insider threats in your work inbox
A new phishing campaign that targets businesses goes beyond business email compromise or CEO fraud.