Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Citing evidence of active exploitation against five specific vulnerabilities, the U.S. cybersecurity agency warned that further delays in applying fixes “pose significant risk to the federal enterprise. [Read More]
The surge in venture capital investments in the attack surface management space continues with Israeli risk management firm CyCognito announcing a new $100 million funding round. [Read More]
Soveren is building technology for businesses to detect and resolve privacy incidents and stay compliant with GDPR and other regulations. [Read More]
Cryptocurrency trading powerhouse Coinbase has announced plans to acquire Unbound Security, an Israeli startup providing protection for cryptographic keys and credentials. [Read More]
Security experts warn that the 'Sabbath' ransomware group is targeting organizations in education, health and natural resources in both the United States and Canada. [Read More]
Axiado raises $25 million to build a new class of security processors that provide platform root-of-trust for large enterprise customers. [Read More]
Google Project Zero's Natalie Silvanovich reports a pair of Zoom security defects that expose Windows, macOS, Linux, iOS and Android users to malicious hacker attacks. [Read More]
The Singapore company says an unauthorized party accessed confidential proprietary commercial information and personal data. [Read More]
Proof-of-concept (PoC) exploit code has been published for recently patched vulnerability in Microsoft Exchange Server. [Read More]
Claroty researchers document a series of severe code execution vulnerabilities affecting virtual private network (VPN) solutions relying on OpenVPN. [Read More]

FEATURES, INSIGHTS // Phishing

rss icon

Jeff Orloff's picture
Most organizations rely too heavily on their cybersecurity pros to protect them from threats, ignoring the painful reality that human error is by far the most common cause of security breaches.
Keith Ibarguen's picture
Leveraging humans for detection makes it hard for the attackers to predict whether or not their malicious emails will be identified and using technology to automate response provides scale and speed in resolution.
Torsten George's picture
Vishing is a form of criminal phone fraud, combining one-on-one phone calls with custom phishing sites.
Alastair Paterson's picture
The barriers to entering the field of cybercrime have been significantly lowered, and for modest amounts of money, would-be scammers can buy high-quality phishing tools online.
Torsten George's picture
Most of today’s cyber-attacks are front ended by phishing campaigns. So, what can organizations do to prevent their users from falling for the bait of these attacks?
Laurence Pitt's picture
Many of us are familiar with the two most common types of socially engineered attacks – phishing and spear-phishing – but there are many more to be aware of.
Alastair Paterson's picture
Domain name typo-squatting is an established tactic in the world of cybercrime.
Alastair Paterson's picture
Cybercriminals rely on tried and trusted methods for phishing; as long as there is even a four percent chance that phishing techniques will be successful, they will continue to use them.
Siggi Stefnisson's picture
“Evasive phishing" is not a term much heard, but we all will—and need to—start talking a lot more about it than we have in the past.
Alastair Paterson's picture
BEC is becoming increasingly profitable for threat actors as organizations are making it easy for adversaries to gain access to the valuable information that sits within these inboxes.