Security Experts:
LATEST SECURITY NEWS HEADLINES
NEWS & INDUSTRY UPDATES
A high-powered joint advisory calls attention to gaping holes in perimeter-type devices like VPN appliances, network access gateways and enterprise cloud applications. [Read More]
Google shares bug-bounty financial data and launches a new initiative to bring all of its vulnerability reporting programs into a single online platform. [Read More]
Apple ships an out-of-band security update and warns of active zero-day attacks targeting macOS and iOS users. [Read More]
Mozilla has completely removed support for the File Transfer Protocol (FTP) from in the latest release of its flagship Firefox browser. [Read More]
Intezer warns that threat actors are abusing Argo Workflows to target Kubernetes deployments and deploy crypto-miners. [Read More]
The 24-year-old and a 15-year-old accomplice created and sold phishing frameworks targeting the users of Dutch and Belgian banks. [Read More]
European bug bounty platform YesWeHack has banked $18.8 million in Series B funding to fuel international expansion. [Read More]
New Google Cloud offerings aim to help federal, state, and local government organizations in the U.S. implement zero-trust architecture. [Read More]
The CloudKnox deal is Microsoft’s fourth cybersecurity acquisition over the last 12 months and comes just weeks after Redmond announced plans to purchase threat-intelligence vendor RiskIQ. [Read More]
Microsoft secures a court order to take down malicious domains that impersonate legitimate organizations. [Read More]
- 1 of 51
- ››
FEATURES, INSIGHTS // Phishing
Leveraging humans for detection makes it hard for the attackers to predict whether or not their malicious emails will be identified and using technology to automate response provides scale and speed in resolution.
Vishing is a form of criminal phone fraud, combining one-on-one phone calls with custom phishing sites.
The barriers to entering the field of cybercrime have been significantly lowered, and for modest amounts of money, would-be scammers can buy high-quality phishing tools online.
Most of today’s cyber-attacks are front ended by phishing campaigns. So, what can organizations do to prevent their users from falling for the bait of these attacks?
Many of us are familiar with the two most common types of socially engineered attacks – phishing and spear-phishing – but there are many more to be aware of.
Domain name typo-squatting is an established tactic in the world of cybercrime.
Cybercriminals rely on tried and trusted methods for phishing; as long as there is even a four percent chance that phishing techniques will be successful, they will continue to use them.
“Evasive phishing" is not a term much heard, but we all will—and need to—start talking a lot more about it than we have in the past.
BEC is becoming increasingly profitable for threat actors as organizations are making it easy for adversaries to gain access to the valuable information that sits within these inboxes.
We should be thinking about how users work, what they do and how it affects the security posture of the business, but does security really start with them?
- 1 of 4
- ››
Get the Daily Briefing
- Potential RCE Flaw Patched in PyPI’s GitHub Repository
- OT Security Firm Nozomi Networks Raises $100 Million
- Chipotle's Email Marketing Account Hacked to Spread Malware
- Cybersecurity M&A Roundup: 38 Deals Announced in July 2021
- Cisco, Sonatype and Others Join Open Source Security Foundation
- Amazon Fined 746 Mn Euros in Luxembourg Over Data Privacy
- NSA Shares Guidance for Government Employees on Securing Wireless Devices in Public
- Flaws in Pneumatic Tube System Can Facilitate Cyberattacks on North American Hospitals
- Zoom to Settle US Privacy Lawsuit for $85 Mn
- Justice Department Says Russians Hacked Federal Prosecutors
Copyright © 2021 Wired Business Media. All Rights Reserved. Privacy Policy