Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

The newly discovered Android banking trojan targets international banks and five different cryptocurrency services. [Read More]
Microsoft's threat hunters have caught Iranian threat actors breaking into IT services shops in India and Israel and stealing credentials for downstream software supply chain attacks. [Read More]
Public cloud data protection provider Laminar has emerged from stealth with $32 million in Series A funding led by Insight Partners. [Read More]
Google paid roughly $60,000 in bug bounty rewards to the external security researchers reporting high-severity vulnerabilities in Chrome. [Read More]
Mandiant researchers says narratives used in the Ghostwriter information operations campaign are aligned with Belarusian government interests, suggesting at least partial involvement. [Read More]
Researchers showcase new attack that relies on non-uniform and frequency-based Rowhammer access patterns to bypass Target Row Refresh (TRR) on DDR4 DRAM. [Read More]
Microsoft-owned GitHub warns that a pair of newly discovered vulnerabilities continue to expose the soft underbelly of the open-source software supply chain. [Read More]
Redmond says the evasive malware delivery method is being leveraged in attacks to deliver remote access Trojans (RATs), banking malware, and other malicious payloads. [Read More]
Cloudflare said the multi-vector distributed denial of service attack combined DNS amplification attacks and UDP floods and lasted just one minute. [Read More]
Chipmakers Intel and AMD release patches for multiple vulnerabilities in multiple products, including a series of high severity issues in software drivers. [Read More]

FEATURES, INSIGHTS // Phishing

rss icon

Jeff Orloff's picture
Most organizations rely too heavily on their cybersecurity pros to protect them from threats, ignoring the painful reality that human error is by far the most common cause of security breaches.
Keith Ibarguen's picture
Leveraging humans for detection makes it hard for the attackers to predict whether or not their malicious emails will be identified and using technology to automate response provides scale and speed in resolution.
Torsten George's picture
Vishing is a form of criminal phone fraud, combining one-on-one phone calls with custom phishing sites.
Alastair Paterson's picture
The barriers to entering the field of cybercrime have been significantly lowered, and for modest amounts of money, would-be scammers can buy high-quality phishing tools online.
Torsten George's picture
Most of today’s cyber-attacks are front ended by phishing campaigns. So, what can organizations do to prevent their users from falling for the bait of these attacks?
Laurence Pitt's picture
Many of us are familiar with the two most common types of socially engineered attacks – phishing and spear-phishing – but there are many more to be aware of.
Alastair Paterson's picture
Domain name typo-squatting is an established tactic in the world of cybercrime.
Alastair Paterson's picture
Cybercriminals rely on tried and trusted methods for phishing; as long as there is even a four percent chance that phishing techniques will be successful, they will continue to use them.
Siggi Stefnisson's picture
“Evasive phishing" is not a term much heard, but we all will—and need to—start talking a lot more about it than we have in the past.
Alastair Paterson's picture
BEC is becoming increasingly profitable for threat actors as organizations are making it easy for adversaries to gain access to the valuable information that sits within these inboxes.