Security Experts:

long dotted


A threat group linked to Iran has targeted a U.S.-based research company whose services are used by businesses and government organizations. [Read More]
A targeted phishing campaign against government entities in Persian Gulf and Middle East countries is leveraging the killing of Iranian general Qasem Suleimani. [Read More]
16Shop offers its phishing kit as a malware-as-a-service (MaaS) and includes several features designed to make it more resilient against defenders, and easier to use by wannabe hackers. [Read More]
A phishing campaign apparently aimed at Ukrainian gas company Burisma has been linked by researchers to the Russian hacker group APT28. [Read More]
Google sent out over 12,000 state-sponsored phishing warnings to users in 149 countries in the third quarter of 2019. [Read More]
Louisiana governor reveals that a ransomware attack hit state servers, prompting a response from the state’s cyber-security team. [Read More]
Venafi has uncovered over 100,000 fake domains with valid TLS certificates that mimic the domains of 20 major retailers in the US, UK, Australia, Germany and France. [Read More]
While there are policy, technology and training solutions that can help mitigate the spear phishing threat, it doesn't seem as if any are foolproof. [Read More]
A currently ongoing mobile-aware phishing campaign is targeting various non-governmental entities worldwide, including United Nations humanitarian organizations such as UNICEF. [Read More]
Texas man found guilty of hacking into the Los Angeles Superior Court computer system and abusing it to send phishing emails was sentenced to 145 months in federal prison. [Read More]


rss icon

Torsten George's picture
Most of today’s cyber-attacks are front ended by phishing campaigns. So, what can organizations do to prevent their users from falling for the bait of these attacks?
Laurence Pitt's picture
Many of us are familiar with the two most common types of socially engineered attacks – phishing and spear-phishing – but there are many more to be aware of.
Alastair Paterson's picture
Domain name typo-squatting is an established tactic in the world of cybercrime.
Alastair Paterson's picture
Cybercriminals rely on tried and trusted methods for phishing; as long as there is even a four percent chance that phishing techniques will be successful, they will continue to use them.
Siggi Stefnisson's picture
“Evasive phishing" is not a term much heard, but we all will—and need to—start talking a lot more about it than we have in the past.
Alastair Paterson's picture
BEC is becoming increasingly profitable for threat actors as organizations are making it easy for adversaries to gain access to the valuable information that sits within these inboxes.
Siggi Stefnisson's picture
We should be thinking about how users work, what they do and how it affects the security posture of the business, but does security really start with them?
Devon Kerr's picture
If phishing attacks slip past the first line of defense, security teams need to be able to identify suspicious activity and stop it before hackers can learn enough about their enterprise to execute a full attack.
Josh Lefkowitz's picture
Even organizations with the most robust defense solutions and advanced automated technologies cannot effectively combat threats such as BEC without the adequate support and nuanced expertise of humans.
Siggi Stefnisson's picture
Even though I've been analyzing malware for the past 20 years, I do understand that internet security is not merely a technical problem, but also a business problem.