Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

The U.S. Department of Defense has put all public-facing websites and applications in scope for an expanded vulnerability disclosure program. [Read More]
Organizations in the United States and other countries have been targeted by a new cybercrime group that uses sophisticated malware. [Read More]
Apple’s problems with zero-day attacks continued this week with news of another mysterious in-the-wild compromise on iPhones and macOS devices. [Read More]
The embattled VPN vendor provides cover for CVE-2021-22893, a major security flaw being exploited by advanced threat actors. [Read More]
Researchers at Cybereason say they have discovered an undocumented malware targeting the Russian military sector. [Read More]
A task force from the Institute for Security and Technology recommends a comprehensive framework for preparing for, disrupting, and responding to ransomware attacks. [Read More]
Late-sage anti-fraud startup Sift is the 11th cybersecurity company to reach “unicorn” status in 2021, following a new $50 million round of venture capital funding. [Read More]
Targeting Linux-based systems of different architectures, the Tor-based botnet deploys all of the legitimate tools it needs. [Read More]
CISA warns of a new cyber-attack in which both a Pulse Secure VPN appliance and the SolarWinds Orion platform were abused for malicious purposes. [Read More]
Trend Micro confirms attackers are exploiting a critical security vulnerability in its Apex One, Apex One as a Service, and OfficeScan product lines. [Read More]

FEATURES, INSIGHTS // Phishing

rss icon

Torsten George's picture
Vishing is a form of criminal phone fraud, combining one-on-one phone calls with custom phishing sites.
Alastair Paterson's picture
The barriers to entering the field of cybercrime have been significantly lowered, and for modest amounts of money, would-be scammers can buy high-quality phishing tools online.
Torsten George's picture
Most of today’s cyber-attacks are front ended by phishing campaigns. So, what can organizations do to prevent their users from falling for the bait of these attacks?
Laurence Pitt's picture
Many of us are familiar with the two most common types of socially engineered attacks – phishing and spear-phishing – but there are many more to be aware of.
Alastair Paterson's picture
Domain name typo-squatting is an established tactic in the world of cybercrime.
Alastair Paterson's picture
Cybercriminals rely on tried and trusted methods for phishing; as long as there is even a four percent chance that phishing techniques will be successful, they will continue to use them.
Siggi Stefnisson's picture
“Evasive phishing" is not a term much heard, but we all will—and need to—start talking a lot more about it than we have in the past.
Alastair Paterson's picture
BEC is becoming increasingly profitable for threat actors as organizations are making it easy for adversaries to gain access to the valuable information that sits within these inboxes.
Siggi Stefnisson's picture
We should be thinking about how users work, what they do and how it affects the security posture of the business, but does security really start with them?
Devon Kerr's picture
If phishing attacks slip past the first line of defense, security teams need to be able to identify suspicious activity and stop it before hackers can learn enough about their enterprise to execute a full attack.