Security Experts:

long dotted


COVID-19 is fueling phishing and scams while BEC attacks continue to evolve and increase, according to a report from Abnormal Security. [Read More]
Magecart hackers targeted the online stores of retailers Claire’s and Intersport with skimmers designed to steal payment card information. [Read More]
The increase in mobile banking application usage is expected to lead to a rise in exploitation too, the FBI warns. [Read More]
Thousands of individuals and hundreds of organizations across six continents have been targeted by an India-based hack-for-hire group. [Read More]
A company that helps Germany procure personal protective equipment (PPE) for the care of COVID-19 patients has been targeted in an ongoing phishing campaign. [Read More]
College Park, MD-based phish prevention firm INKY has raised $20 million in a Series B funding round led by Insight Partners. [Read More]
Amtrak is informing some customers that their personal information may have been compromised after someone accessed their Guest Reward account. [Read More]
Threat actors have targeted industrial suppliers in Japan and several European countries in sophisticated attacks that employed various techniques to make malware detection and analysis more difficult. [Read More]
Google says an Iran-linked hacker group known as Charming Kitten has targeted healthcare and medical professionals, including WHO employees. [Read More]
Researchers have analyzed the GhostDNS exploit kit (EK), which is used to compromise a wide range of routers to facilitate phishing attacks targeting banking credentials. [Read More]


rss icon

Alastair Paterson's picture
The barriers to entering the field of cybercrime have been significantly lowered, and for modest amounts of money, would-be scammers can buy high-quality phishing tools online.
Torsten George's picture
Most of today’s cyber-attacks are front ended by phishing campaigns. So, what can organizations do to prevent their users from falling for the bait of these attacks?
Laurence Pitt's picture
Many of us are familiar with the two most common types of socially engineered attacks – phishing and spear-phishing – but there are many more to be aware of.
Alastair Paterson's picture
Domain name typo-squatting is an established tactic in the world of cybercrime.
Alastair Paterson's picture
Cybercriminals rely on tried and trusted methods for phishing; as long as there is even a four percent chance that phishing techniques will be successful, they will continue to use them.
Siggi Stefnisson's picture
“Evasive phishing" is not a term much heard, but we all will—and need to—start talking a lot more about it than we have in the past.
Alastair Paterson's picture
BEC is becoming increasingly profitable for threat actors as organizations are making it easy for adversaries to gain access to the valuable information that sits within these inboxes.
Siggi Stefnisson's picture
We should be thinking about how users work, what they do and how it affects the security posture of the business, but does security really start with them?
Devon Kerr's picture
If phishing attacks slip past the first line of defense, security teams need to be able to identify suspicious activity and stop it before hackers can learn enough about their enterprise to execute a full attack.
Josh Lefkowitz's picture
Even organizations with the most robust defense solutions and advanced automated technologies cannot effectively combat threats such as BEC without the adequate support and nuanced expertise of humans.