Cybercriminals have been spotted using HTML/CSS and Unicode tricks to bypass tools meant to block malicious emails, marking a new twist in phishing techniques, security researchers report. Attackers are continuously testing enterprise security systems and exploring new ways to get through. Some rely on hidden text and zero-font attacks, in which they put invisible characters…

All organizations wrestle with chronic phishing attacks that are the primary vectors through which malicious actors breach systems and spread malware. Most phishing attackers deliver their payloads on networks by crafting spoofed emails that look like they come from legitimate, authoritative senders. Those look-alike emails instead derive from domains deployed solely for malicious purposes. It’s…

RDP hijacking definition One means of compromising systems cherished by malware authors is Remote Desktop Protocol (RDP). It provides a convenient way for system administrators to manage Windows systems and help users with troubleshooting an issue. RDP hijacking attacks often exploit legitimate features of the RDP service rather than purely relying on a vulnerability or…

“People make mistakes” is a common and relatable phrase, but it’s also a malicious one in the hands of cybercriminals, more of whom are exploiting simple human errors to launch successful attacks. The Information Security Forum (ISF) explored the topic in “Human-Centered Security: Addressing Psychological Vulnerabilities,” a new report published today. Human vulnerabilities, whether triggered…

Cyber extortionists’ ransom demands have surged in recent years, as ransomware cotinues to cripple the operations of manufacturers, hospitals, and — most recently — local governments. Yet those demands may have hit an upper limit. On September 4, Mayor Jon Mitchell of New Bedford, Mass., announced that the town refused to pay a $5.3 million…

In cybersecurity, deception is redundant if it cannot fulfill its critical aim – to misdirect, confuse, and lure attackers into traps and dead-ends. It is the art of tricking attackers into overextending and exposing themselves. To deceive attackers, an organization’s security team must see things from the adversary’s perspective. Several key components are required to…

But a new report published by the SHERPA consortium – an EU project studying the impact of AI on ethics and human rights – finds that while human attackers have access to machine learning techniques, they currently focus most of their efforts on manipulating existing AI systems for malicious purposes instead of creating new attacks…

Making it harder for attackers to know when a system begins to deceive a bad actor

Can you deceive a deceiver? That’s the question that computer scientists at Binghamton University, State University of New York have recently been exploring. Assistant Professor of Computer Science Guanhua Yan and PhD student Zhan Shu are looking at how to make cyber deception a more effective tool against malicious hackers. Their study was inspired by…

PowerShell Threats Grow Further and Operate in Plain Sight

The preinstalled and versatile Windows PowerShell has become one of the most popular choices in cyber criminals’ arsenals. We have observed an increase of 661 percent in computers where malicious PowerShell activity was blocked from the second half of 2017 to the first half of 2018—a clear indication that attackers are still growing the use…

Internet of Things security issues bleed into 2018

In 2017 Internet of Things (IoT) devices rose to prominence as attackers have continued to target and use them to support various cyberattacks. IoT devices are almost the perfect target for cyberthieves. They sit on internal networks, have their own IP address, and allow communication with other internet connected devices and systems. Their ubiquity and large numbers…