Phishing
Actively exploited open redirect in Google Web Light
· โ˜• 9 min read
An open redirect vulnerability exists in the remains of Google Web Light service, which is being actively exploited in multiple phishing campaigns. Google decided not to fix it, so it might be advisable to block access to the Web Light domain in corporate environments...

SANS ISC Diary - A new spin on the ZeroFont phishing technique
· โ˜• 1 min read
A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at a novel phishing technique, in which text written in zero-size font is used in order to make messages appear more trustworthy…

SANS ISC Diary - The low, low cost of (committing) cybercrime
· โ˜• 1 min read
A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at a simple phishing which demonstrates quite well that the cost of committing cybercrime can unfortunately be extremely low…

SANS ISC Diary - 'Passive' analysis of a phishing attachment
· โ˜• 1 min read
A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at a “passive”, OPSEC-friendly approach to the analysis of HTML phishing attachments…