The other day, a WatchGuard employee received a text alert stating that Chase bank had limited access to their account. They right away knew the message was bogus and offered it to us to investigate. We found the link within the message sends the user to a fake Chase login. Fortunately, the employee knew better and didn't follow the link in the text message, but others might … [Read more...]
PayPal Phishing
The other day, a PayPal phish made it into the inbox of my personal email. It is not normal for phishing emails to make their way past my cloud email provider’s spam filter, so I decided to spin up a sandbox just in case any malware was involved and dive in. The phishing hook in the message body wasn’t anything special. The phish masqueraded as an email from PayPal notifying … [Read more...]
Malware Writeup: JS:Trojan:Cryxos.2550
While reviewing currently surging malware attacks back in January 2020, one in particular stood out: JS:Trojan:Cryxos.2550. Its appearances increased over 457% from the previous week. This isn’t a new malware by any means, as Trojan.Cryxos has been written about many times. However, this variant is rather new and since it’s surging, it is important to raise the question if you … [Read more...]
HSTS – A Trivial Response to sslstrip
Intro HTTP Strict Transport Security (HSTS) is an HTTP security mechanism that allows web sites to declare themselves as accessible only via secure connections and for users to direct user agents (UAs), or your browser, to interact with web sites only over a secure connection. A "secure connection" in this case means an SSL/TLS encrypted HTTP connection, or HTTPS. This … [Read more...]
MSPs Beware: Attackers Targeting MSP Infrastructure to Install Ransomware
In the past two weeks, sophisticated threat actors have targeted managed service providers (MSPs) and Cloud service providers (CSPs), intending to install ransomware within their infrastructure and customer base. Often, these attacks specifically target products and services MSPs use, such as ConnectWise/Kaseya software, the Webroot Management Console, RDP services and more. … [Read more...]