Security Experts:
LATEST SECURITY NEWS HEADLINES
NEWS & INDUSTRY UPDATES
Over the past year, a Russian cybercrime group has launched over 200 business email compromise (BEC) campaigns targeting multinational organizations. [Read More]
A harmless-looking currency converter application downloaded by more than 10,000 users from Google Play was designed to deliver the Cerberus banking Trojan. [Read More]
Hackers linked to the North Korean government are believed to be behind the Magecart attacks on Claire’s and other online stores. [Read More]
Redwood, California-based anti-phishing firm Area 1 Security has raised $25 million in a Series D funding round led by ForgePoint Capital. [Read More]
Magecart web skimmers were found on the websites of eight cities in the United States and one thing they have in common is that they all use the Click2Gov platform. [Read More]
A group of cybercriminals managed to hide their web skimmer in the EXIF metadata of an image that was then surreptitiously loaded by compromised online stores. [Read More]
COVID-19 is fueling phishing and scams while BEC attacks continue to evolve and increase, according to a report from Abnormal Security. [Read More]
Magecart hackers targeted the online stores of retailers Claire’s and Intersport with skimmers designed to steal payment card information. [Read More]
The increase in mobile banking application usage is expected to lead to a rise in exploitation too, the FBI warns. [Read More]
Thousands of individuals and hundreds of organizations across six continents have been targeted by an India-based hack-for-hire group. [Read More]
- 1 of 30
- ››
FEATURES, INSIGHTS // Phishing
The barriers to entering the field of cybercrime have been significantly lowered, and for modest amounts of money, would-be scammers can buy high-quality phishing tools online.
Most of today’s cyber-attacks are front ended by phishing campaigns. So, what can organizations do to prevent their users from falling for the bait of these attacks?
Many of us are familiar with the two most common types of socially engineered attacks – phishing and spear-phishing – but there are many more to be aware of.
Domain name typo-squatting is an established tactic in the world of cybercrime.
Cybercriminals rely on tried and trusted methods for phishing; as long as there is even a four percent chance that phishing techniques will be successful, they will continue to use them.
“Evasive phishing" is not a term much heard, but we all will—and need to—start talking a lot more about it than we have in the past.
BEC is becoming increasingly profitable for threat actors as organizations are making it easy for adversaries to gain access to the valuable information that sits within these inboxes.
We should be thinking about how users work, what they do and how it affects the security posture of the business, but does security really start with them?
If phishing attacks slip past the first line of defense, security teams need to be able to identify suspicious activity and stop it before hackers can learn enough about their enterprise to execute a full attack.
Even organizations with the most robust defense solutions and advanced automated technologies cannot effectively combat threats such as BEC without the adequate support and nuanced expertise of humans.
- 1 of 4
- ››
Get the Daily Briefing
- Chinese Researchers Show How They Remotely Hacked a Mercedes-Benz
- TikTok and WeChat: Chinese Apps Dogged by Security Fears
- Trump Bans Dealings With Chinese Owners of TikTok, WeChat
- Qualcomm, MediaTek Wi-Fi Chips Vulnerable to Kr00k-Like Attacks
- Capital One Fined $80 Million in Data Breach
- Researchers Revive 'Foreshadow' Attack by Extending It Beyond L1 Cache
- Intel Investigating Data Leak of Technical Documents, Tools
- US Senate Votes to Ban TikTok on Government Phones
- Twitter Moves to Reduce Reach of 'State-affiliated' Media
- The Integration Imperative for Security Vendors
Copyright © 2020 Wired Business Media. All Rights Reserved. Privacy Policy