Are professional social media sites the weak link in companies’ security strategies? Before (and during) a targeted attack, information about the target organization and its employees is useful to an attacker. This can be used to craft well-designed social engineering attacks that are more likely to be opened by its targets. It can also provide more…
Read MoreJust how effective is it for cybercriminals to keep using Google Chrome and Facebook to infect their victims with malware? We’ve already seen both platforms be used as parts of malicious social engineering schemes. Both Google and Facebook are aware of this and have taken steps to protect their users. The number of times malicious…
Read MoreWe recently talked about recent improvements to the CTB-Locker ransomware. To recap, the malware now offers a “free decryption” service, extended deadline to decrypt the files, and an option to change the language of the ransom message. We are seeing another wave of CTB-Locker ransomware making their way into the wild. What’s highly notable about…
Read MoreA few months back, we discussed the Android Same Origin Policy (SOP) vulnerability, which we later found to have a wider reach than first thought. Now, under the collaboration of Trend Micro and Facebook, attacks are found which actively attempt to exploit this particular vulnerability, whose code we believe was based in publicly available Metasploit code. This attack targets Facebook…
Read MoreMalicious browser extensions bring about security risks as these often lead to system infection and unwanted spamming on Facebook. Based on our data, these attacks have notably affected users in Brazil. We have previously reported that cybercriminals are putting malicious browsers in the official Chrome Web store. We also came across malware that bypasses a Google security…
Read More