Cyber Attacks

This Operation Pawn Storm attack scenario involves the use of phishing emails. See how one line of Javascript code could place millions of Outlook Web Access (OWA) users at risk of becoming victims of a simple, but clever phishing attack.

Despite the availability of fixes related to the Sandworm vulnerability (CVE-2014-4114), new attacks related to this flaw are still being spotted. These attacks contain a new routine that could prevent detection.

This Trend Micro paper unravels a series of attacks that targets military officials and defense contractors. Dubbed as “Operation Pawn Storm,” the group of threat actors use two known attack vectors: spear phishing emails and a network of phishing websites.

A recent investigation revealed that the Sandworm zero day exploit could likely be used to target GE Intelligent Platform CIMPLICITY users. Find out what it does and how you can safeguard your systems against this emerging attack.

After beginning an investigation into the affiliated malware samples and domains used by the Sandworm team, we found that the group is likely targeting SCADA-centric victims using GE Intelligent Platform’s CIMPLICITY HMI solution suite.

The breach of investment banking firm JP Morgan Chase has caused the leak of one of the largest number of records to date, reportedly affecting an estimated 76 million households and 7 million small businesses.

Around a year after the massive Target data breach, two more well-known brands have confirmed that they have been breached through infected point-of-sale systems.

As agents of online hacktivist movements continue to target the websites of government, education, health, and other industries, what can web administrators do to prepare for them?

Earlier this year, a website was compromised and used to spread online baking malware to approximately 7,000 victims in a span of two hours. This video describes how the site was compromised, the details of the attack, and the capabilities of the payloads.