Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

The new anti-phishing feature currently being tested in the experimental version of Google Chrome does not work as well as intended and poses security risks.
Cisco issued an alert for five separate buffer overflow security flaws that exist in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players.
Mining companies, government agencies and manufacturing firms were hit hard by phishers in 2013, with one in three such organizations suffering at least one attack.
Cybercriminals are settling into a comfortable place in the "Dark Web" where they test, refine and distribute malware for online thievery.
Google has quietly acquired Redwood City, California-based Impermium, a company that protects SaaS application users from account hijacking and account compromise.
A Ponemon study found that 75% of the respondents identified mobile devices such as smart phones as "the greatest risk of potential IT security risk within the IT environment."
The free Windows tool is actually a data-theft Trojan capable of stealing log-in credentials and bitcoins.
Cloud servers -- called Database as a Service (DBaaS) -- are offering a rich environment for malicious hackers to anonymously set up command-and-control servers and store stolen corporate data.
France's cyber-security agency created fraudulent certificates to spoof Google domains and intercept encrypted traffic on a private network
A new study by the Ponemon Institute finds malware installed via zero-day exploits presents the biggest threat to corporate data.

FEATURES, INSIGHTS // Phishing

rss icon

Marc Solomon's picture
Many continue to click on links or attachments sent via email without taking any steps to verify the origin of the email or the validity of the link or attachment. It only takes one click to for an attacker to establish a foothold in the target’s systems.
Jon-Louis Heimerl's picture
For a month, I kept all of my spam, then looked at the subject matter, where it was from and tried to analyze some additional characteristics of the spam.
Jon-Louis Heimerl's picture
Social engineering attacks can happen at any time. Here are some strategies you can use to help reduce the chances of a successful social engineering/phishing attack you or your organization.
Jon-Louis Heimerl's picture
What do you do when your organization has been victimized by a phishing attack? If you wait until you are actually under an attack it is too late.
Jon-Louis Heimerl's picture
Organizationally, there are things you can do to help avoid becoming a victim, and to minimize damage if you are victimized.
Ram Mohan's picture
The semiannual “Global Phishing Survey” from the Anti-Phishing Working Group (APWG) provides powerful insight into what is happening in phishing worldwide.
Idan Aharoni's picture
Cooperation in the underground economy could enable a fraudster in Russia who masters the art of phishing to team up with another fraudster who already has the infrastructure of cashing out compromised online banking accounts of US banks.
Chris Hinkley's picture
Businesses usually don’t think about social engineering when securing company data. It used to be believed that social engineering was reserved for governments and organizations with enemies. That's not the case anymore.
Ram Mohan's picture
Domain name typo squatting, a decade-old headache for marketing and legal departments, is putting corporate data at risk. But evidence suggests that it is becoming a risk that also needs to be on the CSO's radar.
Irida Xheneti's picture
The risks are real, and growing more complex by the month. That doesn't mean you're powerless to keep your infrastructure and data secure.