November 17, 2024 at 11:37AM Threat actors are increasingly using Scalable Vector Graphics (SVG) files for phishing and malware distribution due to their ability to evade detection. Unlike traditional image formats, SVGs use code to create images and can embed JavaScript, allowing attackers to hide malicious content. Users should treat unexpected SVG attachments as suspicious. … Read more
January 30, 2024 at 12:47PM A recent phishing attack leverages Microsoft Teams group chat requests to distribute DarkGate malware via deceptive file attachments. Attackers exploit the default external messaging access and employ tactics such as double file extensions to trick victims. Organizations are advised to consider disabling External Access and to educate users on recognizing … Read more
December 20, 2023 at 11:08AM Attackers exploit a 6-year-old Microsoft Office flaw, CVE-2017-11882, in an email campaign delivering spyware via malicious Excel attachments. Zscaler revealed that the end goal is to load Agent Tesla, a remote access Trojan, in a unique attack vector that pairs a longstanding vulnerability with new complexity and evasion tactics. Organizations … Read more