Cybercrime against high-profile entities like eBay and Target is on the rise, and the media has conjured up nightmarish scenarios of cyber-criminals going on shopping sprees with our well-earned cash – easily obtained through stolen credit card information. The risks that the general public faces vary and should not be applied equally.
Advanced threat and exploit detection is critical to cybersecurity and network defense. zvelo’s Malicious Detection capabilities empower MSSPs, ISPs, TELCOs, network security providers, and VARs to provide world-class protection. Gain advanced insight with the most accurate URL database for malicious exploit detection to better understand the cyber threat landscape. Categories include Command and Control, Malware, Spyware, Spam URLs, Cryptocurrency Mining, Phishing and Fraud, and more.
The importance of the Alexa top websites can never be discounted in zvelo’s day-to-day operations. Providing contextual data sets about the Alexa top sites is a vital element for the online advertising market because it can assist in determining the most ideal and brand-safe placement of online ads and other promotional materials.
Given the dynamic nature of the majority of today’s websites, categorization at the full path URL versus the base domain is superior and now required. Parts of a website include the top-level domain (.com, .org, etc.), the base domain (example.com), sub-domain (subdomain.example.com) or sub-path (example.com/page). When categorizing content, it is highly important to recognize exactly what is being classified within a website because content can differ dramatically across full path URLs.
Prior to this blog post, zveloLABS published a phishing URL alert about fake Apple account verification websites. Now, zvelo’s team of engineers and researchers has unearthed a new phishing attack campaign using fraudulent Facebook log-in sites.
Instances of large-scale compromises of both private industry and public institutions in 2013 prompted a flurry of activity among security researchers to identify emerging and established threats. Commonly identified as Advance Persistent Threats (APTs), this phenomenon is expected to continue well into the foreseeable future. Fundamental to the spread of these threats is one of their foremost methods of propagation – a water hole attack.
zveloLABS discovered a phishing website masquerading as an account verification page for Apple IDs, as depicted in the following screenshot and explained in this blog post.
Static HTML websites are becoming increasingly rare, and nowadays sites pack quite the punch. We’ve grown accustomed to photo and video slideshows, widgets, feeds, social network integrations, and other dynamic elements. Websites come overloaded with media, are more interactive, and the content can vary dramatically from page-to-page and can differ even more between end-users or browsing sessions. Much of the content is pulled in dynamically from external sources and most of us fuel the Internet’s growth by creating and uploading content of our own daily and at extremely high upload rates. Making sense of it all can be quite the challenge for technology vendors “needing to know” and following are insights into zvelo’s content categorization approach.
Once again, zveloLABS participated in the 2013 ROOTCON annual hacker conference and security gathering in Cebu City, Philippines. It aims to share best practices and technologies through talks by qualified speakers and demos of exciting hacks, tools, tips, and more.
The Anti-Phishing Working Group (APWG) released their quarterly Phishing Attack Trends Report for the first quarter of 2013. Payment Services were reported as the most phished industry sector, followed by Financial Services.
I got my hands on a copy of a Northwestern University research paper titled “Evaluating Android Anti-malware against Transformation Attacks.” After digging into it, my zveloLABS colleagues and I decided to conduct an experiment of our own based on the information provided in the research paper.