CYREN Security Blog




Phishing Emails Targeting Chinese Users

by Sylvain Lejeune

Filed under Malware Analysis, Phishing, Security Research & Analysis.

Chinese people are increasingly getting online and adopting mobile services. 2014 was a pivotal year, with the massive adoption of mobile services by over 560 million users.  It is anticipated that more than half of the entire population of China will have a smartphone by 2018 as the number edges past 700 million.

Q3 Cyber Threat Report: Cyber Security Awareness

by Lior Kohavi

Filed under Email Security, malware, Phishing, Security Research & Analysis.

October was Cybersecurity Awareness Month. Out of curiosity, I looked online to see what sort of information was available on the topic. I wasn't surprised by the results; there were thousands of links, including newspaper articles, infographics, and general awareness notices, with sources that included the U.S. Department of Homeland Security (DHS), the Federal Bureau of Investigation (FBI), major news publications, expert blogs, and notices from scientific and educational institutions. The overwhelming majority of these links contained meaningful, useful, and valuable recommendations for both businesses and individuals on how to avoid becoming victims of cyber attacks.

Bartallex special delivery: Fareit and Vawtrak

by Erwin Balunsat

Filed under Anti-Malware, Malware Analysis, Security Research & Analysis.

Earlier this year we have witnessed several enterprises being targetted by Bartallex by sending spam emails. It uses Microsoft Word document and employs social engineering technique to trick enterprise users to open and execute the embedded macro code in the document. When enabled, the macro code downloads and executes banking malware Dridex, a password-stealing trojan that targets banks and other financial institution.

Rise of Malicious Resumes in the Fall Hiring Season

by Maharlito Aquino

Filed under Anti-Malware, Malware Analysis, Security Research & Analysis.

Summer is finally over and it’s time for employers to refocus and take advantage of the remaining budget for the year to get new recruits in before the holiday season starts. Essentially, Fall season is the time when people like fresh college graduates come into the market looking for new jobs. Apparently, cyber criminals also take advantage of this season to blend in with the bulk of applicants that send in their applications and resumes.

Domain Validation (DV) SSL Certificate used for PayPal Phishing

by Þröstur Thorarensen

Filed under Email Security, Phishing, Web Security.

As users become more aware of phishing and data theft, they become more cautious. Unfortunately as users become more cautious, attackers must become more devious. In a recent discovery, we found a phishing website  that had been issued a valid SSL Certificate. SSL Certificates are small data files that activate the HTTPS protocol and allows secure connections between a web browser and a web server. Most users don’t realize that there are actually different levels of security when it comes to SSL certificates.