A new best practice to protect technology supply chain integrity
The success of digital transformation ultimately relies on trust in the security and integrity of information and communications technology (ICT).
Uncovering cross-process injection with Windows Defender ATP
Windows Defender Advanced Threat Protection (Windows Defender ATP) is a post-breach solution that alerts security operations (SecOps) personnel about hostile activity. As the nature of attacks evolve, Windows Defender ATP must advance so that it continues to help SecOps personnel uncover and address the attacks.
Breaking down a notably sophisticated tech support scam M.O.
The cornerstone of tech support scams is the deception that there is something wrong with your PC. To advance this sham, tech support scams have long abused browsers’ full screen function.
Detecting cyber threats
This post is authored by Joe Faulhaber, Senior Consultant ECG In today’s cyber threat landscape, it’s not a question of if an attack will occur, but who will attack and when. To keep enterprise data safe against global threats that include attackers as technically sophisticated as any defender, enterprises need to have world-class cyber defenses.
Phishers unleash simple but effective social engineering techniques using PDF attachments
The Gmail phishing attack is reportedly so effective that it tricks even technical users, but it may be just the tip of the iceberg.
Twin zero-day attacks: PROMETHIUM and NEODYMIUM target individuals in Europe
Targeted attacks are typically carried out against individuals to obtain intellectual property and other valuable data from target organizations. These individuals are either directly in possession of the targeted information or are able to connect to networks where the information resides.
Disrupting the kill chain
This post is authored by Jonathan Trull, Worldwide Executive Cybersecurity Advisor, Enterprise Cybersecurity Group. The cyber kill chain describes the typical workflow, including techniques, tactics, and procedures or TTPs, used by attackers to infiltrate an organization’s networks and systems.
Office 2013 can now block macros to help prevent infection
Office 365 client applications now integrate with AMSI, enabling antivirus and other security solutions to scan macros and other scripts at runtime to check for malicious behavior. This is part of our continued efforts to tackle entire classes of threats.
Beware of Hicurdismos: It’s a fake Microsoft Security Essentials installer that can lead to a support call scam
(Note: Our Tech support scams FAQ page has the latest info on this type of threat, including scammer tactics, fake error messages, and the latest scammer hotlines. You can also read our latest blog, Teaming up in the war on tech support scams.
Kovter becomes almost fileless, creates a new file type, and gets some new certificates
Trojan:Win32/Kovter is a well-known click-fraud malware which is challenging to detect and remove because of its file-less persistence on infected PCs. In this blog, we will share some technical details about the latest changes we have seen in Kovter’s persistence method and some updates on their latest malvertising campaigns.