Krishnan Subramanian
Menlo Security Blog

Have You Been Smished? Mass Smishing Operation Targeting Mobile Users with Fake Amazon and USPS Update Messages

| | Fake Giveaways, mobile devices, scam, smishing
Summary Earlier this month, mobile users began being targeted with smishing messages in what appears to be an organized spam operation campaign. Smishing is much like phishing, except rather than sending email, the attackers send text messages using SMS (Short Message Service). The smishing campaign has been sending fake United ... Read More
Menlo Security Blog

Credential Phishing: Themes and Tactics

| | credential phishing, Decoy Files, Phishing Attacks, phishing kit, Phishing Tactics
In the last month, the Menlo Labs team has observed a steady rise in credential phishing attacks. This method of attack is quite popular—attackers create fake login pages or forms to steal users’ credentials for commonly used services in a corporate environment ... Read More
Menlo Security Blog

Increase In Attack: SocGholish

| | browser update, Chrome update, drive-bys, firefox update, Flash update, malicious download, malicious ZIP file, Microsoft Teams update, SocGholish, social engineering
Menlo Labs has uncovered a increase in a drive-by attack that impersonates legitimate browser, Flash, and Microsoft Teams updates   In the last two months, the Menlo Labs team has witnessed a surge in drive-by download attacks that use the “SocGholish” framework to infect victims. This particular framework is known ... Read More
Menlo Security Blog

New Attack Alert: Duri

| | DataURI, Duri, Isolation Core
HTML Smuggling Campaign Is Stopped by the Menlo Security Cloud Platform Menlo Security has been closely monitoring an attack we are naming “Duri.” Duri leverages HTML smuggling to deliver malicious files to users’ endpoints by evading network security solutions such as sandboxes and legacy proxies. Isolation prevents this attack from ... Read More
Menlo Security Blog