Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Venafi has uncovered over 100,000 fake domains with valid TLS certificates that mimic the domains of 20 major retailers in the US, UK, Australia, Germany and France. [Read More]
While there are policy, technology and training solutions that can help mitigate the spear phishing threat, it doesn't seem as if any are foolproof. [Read More]
A currently ongoing mobile-aware phishing campaign is targeting various non-governmental entities worldwide, including United Nations humanitarian organizations such as UNICEF. [Read More]
Texas man found guilty of hacking into the Los Angeles Superior Court computer system and abusing it to send phishing emails was sentenced to 145 months in federal prison. [Read More]
The Iranian state-sponsored threat actor known as Charming Kitten employed new spear-phishing methods in a recent campaign. [Read More]
An analysis of more than 2.2 billion emails between April and June (Q2) 2019 exposes the current tactics, techniques and targets of contemporary attackers. [Read More]
A large number of spam messages recently sent by the same botnet were observed featuring randomized headers and even different templates, with some emails resembling phishing. [Read More]
A threat actor referred to as POISON CARP has targeted senior members of Tibetan groups via WhatsApp for around six months. [Read More]
Smarter phishing campaigns are popping up as cybercriminals leverage emerging technologies and tools like spoofing, automation, machine learning and social engineering. [Read More]
A Magecart threat actor has compromised the websites of two hotel chains to inject scripts targeting Android and iOS users. [Read More]

FEATURES, INSIGHTS // Phishing

rss icon

Laurence Pitt's picture
Many of us are familiar with the two most common types of socially engineered attacks – phishing and spear-phishing – but there are many more to be aware of.
Alastair Paterson's picture
Domain name typo-squatting is an established tactic in the world of cybercrime.
Alastair Paterson's picture
Cybercriminals rely on tried and trusted methods for phishing; as long as there is even a four percent chance that phishing techniques will be successful, they will continue to use them.
Siggi Stefnisson's picture
“Evasive phishing" is not a term much heard, but we all will—and need to—start talking a lot more about it than we have in the past.
Alastair Paterson's picture
BEC is becoming increasingly profitable for threat actors as organizations are making it easy for adversaries to gain access to the valuable information that sits within these inboxes.
Siggi Stefnisson's picture
We should be thinking about how users work, what they do and how it affects the security posture of the business, but does security really start with them?
Devon Kerr's picture
If phishing attacks slip past the first line of defense, security teams need to be able to identify suspicious activity and stop it before hackers can learn enough about their enterprise to execute a full attack.
Josh Lefkowitz's picture
Even organizations with the most robust defense solutions and advanced automated technologies cannot effectively combat threats such as BEC without the adequate support and nuanced expertise of humans.
Siggi Stefnisson's picture
Even though I've been analyzing malware for the past 20 years, I do understand that internet security is not merely a technical problem, but also a business problem.
Markus Jakobsson's picture
DMARC is an email authentication standard designed to eliminate phishing and other types of attack that use spoofing to misrepresent an email sender identity.