Security Experts:
LATEST SECURITY NEWS HEADLINES
NEWS & INDUSTRY UPDATES
Researchers at Kaspersky warn that a new rootkit is being used as part of the ongoing 'TunnelSnake' campaign targeting entities in Asia and Africa since 2019. [Read More]
Twilio joins HashiCorp in confirming collateral damage from the CodeCov supply chain attack but details remain scarce. [Read More]
Security researchers at Qualys have discovered multiple gaping security holes in Exim, a widely deployed mail server that has been targeted in the past by advanced nation state-based threat actors. [Read More]
Apple’s problems with zero-day attacks continued this week with news of another mysterious in-the-wild compromise on iPhones and macOS devices. [Read More]
The embattled VPN vendor provides cover for CVE-2021-22893, a major security flaw being exploited by advanced threat actors. [Read More]
Researchers at Cybereason say they have discovered an undocumented malware targeting the Russian military sector. [Read More]
A task force from the Institute for Security and Technology recommends a comprehensive framework for preparing for, disrupting, and responding to ransomware attacks. [Read More]
Late-sage anti-fraud startup Sift is the 11th cybersecurity company to reach “unicorn” status in 2021, following a new $50 million round of venture capital funding. [Read More]
Enterprise security vendor Proofpoint has agreed to be acquired by private equity firm Thoma Bravo in an all-cash transaction that values Proofpoint at approximately $12.3 billion. [Read More]
Celebrated security researcher Dan Kaminsky has died at 42. He is widely hailed for his groundbreaking work on DNS security. [Read More]
- 1 of 44
- ››
FEATURES, INSIGHTS // Email Security
Organizations may not be able to mitigate BEC scams entirely; however, tightening up processes will ensure data exposure is kept to a minimum.
By learning from the past there are many steps we can take to strength our approach to security as attackers continue to turn to email to help accomplish their mission.
“Evasive phishing" is not a term much heard, but we all will—and need to—start talking a lot more about it than we have in the past.
BEC is becoming increasingly profitable for threat actors as organizations are making it easy for adversaries to gain access to the valuable information that sits within these inboxes.
We should be thinking about how users work, what they do and how it affects the security posture of the business, but does security really start with them?
Ninety percent of breaches may begin with an email, but today most of the action happens well after an inbound email has been scanned and delivered.
Even organizations with the most robust defense solutions and advanced automated technologies cannot effectively combat threats such as BEC without the adequate support and nuanced expertise of humans.
To mitigate the risk of attacks, IT teams should disable unused tools and components, while deploying endpoint protection that doesn’t rely solely on file scanning or whitelisting.
DMARC is an email authentication standard designed to eliminate phishing and other types of attack that use spoofing to misrepresent an email sender identity.
Endpoint protection will never be able to catch up with “known wolves,” but machine learning and artificial perception can change the rules of engagement with models of “known good.”
- 1 of 4
- ››
Get the Daily Briefing
- Microsoft Build Engine Abused for Fileless Malware Delivery
- Ireland's Health Service Executive Held to Ransom by Conti Gang
- Despite Warnings, Cloud Misconfiguration Problem Remains Disturbing
- QNAP Investigating New Attacks Targeting NAS Devices
- AXA Confirms Ransomware Attack Impacted Operations in Asia
- Ireland Rejects Facebook Bid to Block Regulatory Data Probe
- CISA: Disconnect Internet for 3-5 Days to Evict SolarWinds Hackers From Network
- Cybersecurity M&A Roundup for May 10-16, 2021
- Adam Ely Joins Fidelity as New CISO
- French Appeal Set for Convicted Russian Money Launderer
Copyright © 2021 Wired Business Media. All Rights Reserved. Privacy Policy