Email obfuscation tactics elude security protections

Email obfuscation tactics elude security protections

Cyber attackers have used email obfuscation techniques for decades to conceal malicious code or data within a file, script or network traffic. There are many email obfuscation methods, such as putting addresses into images, captchas or texts that bots cannot read. Such traditional email obfuscation tactics are well known, and security controls have historically been good at patching and stopping them. But recently our threat researchers have uncovered some newly evolving techniques that are designed…

Read More

How to Spot a Business Email Compromise Scam

How to Spot a Business Email Compromise Scam

So this is the first step: Take control of your emotions. Yes, it can be difficult if you work in a demanding field. But it’s your best first defense, and your employer will thank you for it (or, at least, they should). Always Confirm Through a Second Channel Now that you’re skeptically questioning the legitimacy of the urgent request, check to make sure the email is coming from the person it claims to be from….

Read More

How to Avoid Being Phished by Your Phone | McAfee Blog

How to Avoid Being Phished by Your Phone | McAfee Blog

By now you’ve probably heard of the term “phishing”—when scammers try to fool you into revealing your personal info or sending money, usually via email — but what about “vishing”? Vishing, or voice phishing, is basically the same practice, but done by phone. There are a few reasons why it’s important for you to know about vishing. First off, voice phishing scams are prevalent and growing. A common example around tax season is the IRS scam,…

Read More

Untrained users are the greatest weakness in a cyber defense plan

Untrained users are the greatest weakness in a cyber defense plan

KnowBe4 has released its 2024 Phishing by Industry Benchmarking Report. This report measures the likelihood that an organization’s employees would fall for a phishing or social engineering scam, assessing the status of security preparedness and awareness across global industries such as government, healthcare and critical infrastructure.  54 million simulated phishing tests were analyzed in the report. These tests involved more than 11.9 million individuals from 55,675 organizations across 19 industries. Through this analysis, the report found…

Read More

Navigating political polarization in the workplace

Navigating political polarization in the workplace

In this episode of The Security Podcasts featuring Scott McHugh, retired CSO at LyondellBasell Chemical Company and Faculty at Rice University, we discuss the challenges security leaders face when navigating political polarization in the workplace. “This is actually not a new phenomenon,” Scott McHugh says. “It really started in the late ’90s, in the Clinton administration, and it’s just been manifesting itself through the years ever since then. And it’s become much more of a…

Read More

Downtime Costs Large Companies $400 Billion a Year, According to Splunk Report

Downtime Costs Large Companies 0 Billion a Year, According to Splunk Report

Unplanned downtime is costing the world’s largest companies $400 billion a year, or roughly 9% of their profits, a new report has found. This is the equivalent of about $9,000 lost for every minute of system failure or service degradation. The report, published by the data management platform Splunk, also revealed that it takes 75 days for revenue for a Forbes Global 2000 company to recover to where it stood financially prior to the incident….

Read More

Cisco Talos: LilacSquid Threat Actor Targets Multiple Sectors Worldwide With PurpleInk Malware

Cisco Talos: LilacSquid Threat Actor Targets Multiple Sectors Worldwide With PurpleInk Malware

A new report from Cisco Talos exposed the activities of a threat actor known as LilacSquid, or UAT-4820. The threat actor exploits vulnerable web applications or uses compromised Remote Desktop Protection credentials to successfully compromise systems by infecting them with custom PurpleInk malware. So far, organizations in various sectors in the U.S., Europe and Asia have been impacted for data theft purposes, though more sectors might have been impacted but not identified yet. Who is…

Read More

Olympics 2024: Cyber Attackers are Targeting Companies Associated With Paris Games

Olympics 2024: Cyber Attackers are Targeting Companies Associated With Paris Games

Organisations linked to the Paris Olympics 2024 have an increased risk of cyber attacks, including ransomware, credential leaks and phishing campaigns, a study has found. Insikt Group, the threat research division of security firm Recorded Future, has already observed posts advertising access to Games-related organisations in France and compromised credentials using “paris2024[dot]org” domains on the Dark Web. These findings were published in a new report highlighting high-priority threats to the Games, based on an assessment…

Read More

International Malware Takedown Seized 100+ Servers

International Malware Takedown Seized 100+ Servers

An international coalition of police organized by the European Union’s justice and police agencies has revealed an ongoing operation against malware droppers that Europol calls the “largest ever operation” of its kind. Called “Operation Endgame,” the ongoing initiative targets malware delivery “droppers” and “loaders,” and is an attempt to disrupt large-scale malware deployments. Between May 27 and May 29, police arrested four people, seized more than 100 servers and took control of more than 2,000…

Read More

International Malware Takedown Seized 100+ Servers

International Malware Takedown Seized 100+ Servers

An international coalition of police organized by the European Union’s justice and police agencies has revealed an ongoing operation against malware droppers that Europol calls the “largest ever operation” of its kind. Called “Operation Endgame,” the ongoing initiative targets malware delivery “droppers” and “loaders,” and is an attempt to disrupt large-scale malware deployments. Between May 27 and May 29, police arrested four people, seized more than 100 servers and took control of more than 2,000…

Read More
1 2 3 4 5 15