A Quarter of Phishing Emails Bypass Office 365 Anti-Phishing Defenses
Microsoft Office 365 default anti-phishing defenses are bypassed by a quarter of all phishing emails, according to new research from cybersecurity firm Avanan. Avanan conducted a study of 52 million emails which had been assessed by Office 365 Exchange Online Protection (EOP). 25% of phishing emails were determined to be non-malicious and were delivered to inboxes. In addition, a further 5.3% of emails were delivered as they had been...
Cryptocurrency Mining Malware Still Dominates the Malware Threat Landscape
The latest Global Threat Index report from Check Point shows cryptocurrency mining malware continues to be the biggest malware threat, even with the demise of Coinminer. Coinminer has topped the list of the most prevalent malware since December 2017. Coinminer is no longer active, but its code is still present on many websites and could be reactivated at any point. In its place, is another cryptocurrency mining malware variant –...
The Baldr Information Stealer: A Dangerous New Malware Threat
A new information stealer has been detected which could become a long-term threat. The Baldr information stealer is not especially sophisticated and lacks persistence, but it can exfiltrate data quickly once downloaded in a ‘smash and grab’ attack. The Baldr information stealer will not survive a reboot and is incapable of spreading to other devices, but for most threat actors that will not pose any problems. Once downloaded, Baldr...
Adobe Patches 24 Critical RCE Vulnerabilities
Adobe has patched 43 vulnerabilities on April 2019 Patch Tuesday. 24 of the vulnerabilities have been rated critical and are remote code execution vulnerabilities. They are present in Acrobat Reader, Adobe Shockwave Player, and Adobe Flash. The remainder of the vulnerabilities have been rated Important or moderate and affect Adobe Flash Player, Shockwave Player, Dreamweaver, Adobe XD CC, Adobe Experience Manager Forms, InDesign, and...
April 2019 Patch Tuesday: Microsoft Fixes 74 Vulnerabilities
Microsoft has released fixes for 74 vulnerabilities on April 2019 Patch Tuesday, two of which are being actively exploited in the wild. The two zero-day Windows vulnerabilities that are being actively exploited are CVE-2019-0803 and CVE-2019-0859. Both of these are elevation of privilege vulnerabilities and are due to how the Win32k component handles objects in the memory. If exploited, an attacker could execute malicious code in...