INDUSTRY INSIGHTS YOUR PEERS ARE READING
Web Security Bug email glitch Gmail malicious actor PhishingThe issue comes from how Gmail automatically files messages into the "Sent" folder. MORE
Recent reports of a phishing attack on Mayfair art dealers have revealed that “at least nine galleries or individuals were affected, including Hauser & Wirth, and London-based dealers Simon Lee, Thomas Dane, Rosenfeld Porcini and Laura Bartlett”. MORE
Bitcoin Exchange Job Lure Traces to Hackers Tied to North Korea Bitcoin-seeking phishing attacks have been trying to socially engineer would-be cryptocurrency exchange executives, warn researchers at Secureworks. MORE
Phishing remains the top attack vector, and an organization's people of course remain the top target. But how can these same people be leveraged as a key component in your anti-phishing defense? Kurt Wescoe of Wombat shares insight MORE
However, this strength turns to weakness when it comes to phishing. By training employees on using strong passwords and being more vigilant at spotting phishing attacks, businesses can significantly increase the strength of their IT security.” . How to avoid phishing attacks . MORE
Maybe you were once advised to “look for the padlock” as a means of telling legitimate e-commerce sites from phishing or malware traps. A live Paypal phishing site that uses [link] (has the green padlock). A live Facebook phish that uses SSL (has the green padlock). MORE
Criminal hackers are taking advantage of the imminent General Data Protection Regulation (GDPR) with a phishing campaign targeting Airbnb customers. The phishing scam seeks to exploit this. How can I detect a phishing email? There are a number of ways to spot a phishing email. MORE
Angel Grant Analyzes Findings, Which Also Show a Surge in Mobile App Fraud RSA's most recent Quarterly Fraud Report shows that "newsjacking" is increasingly empowering phishing attacks, says Angel Grant, RSA's director of identity fraud and risk intelligence. MORE
Researchers are warning of a new Netflix phishing scam that leads to sites with valid TLS certificates. Hacks Privacy Netflix Netflix phishing Phishing phishing scam TLS sites MORE
Unannounced Exercise Stoked Voter Database Hacking Fears A website that appeared to be part of a phishing campaign designed to gain access to the Democratic National Committee's voter database has turned out to be part of an uncoordinated security exercise. MORE
Sophisticated nation-state groups now integrate phishing as a core component of their statecraft. Critical Infrastructure Government Hacks InfoSec Insider Web Security andrea little limbago election interference email scame infosec insider nation state Phishing sophisticated tactics State sponsored MORE
Botnet Also Pushes Ransomware, Cryptocurrency, 'Virtual Kisses' The operators of the Necurs botnet continue to target victims with phishing campaigns designed to infect them with banking malware, ransomware and cryptocurrency fever, as well as to generate profits via dating website referrals MORE
Phishing is big business for cyber criminals. According to PhishMe’s Enterprise Phishing Resiliency and Defense Report 2017 , phishing attacks rose by 65% last year, with the average attack costing mid-sized companies $1.6 Help your staff avoid phishing attacks. MORE
MetaCert has classified 10 billion URLs as either safe, a suspected source of phishes, or unknown. Business Security MORE
Arrests Came After a Two-Year Investigation of 'Highly Organized' Crime Group Police have charged 20 Romanian and Italian nationals with running spear-phishing attacks that stole more than $1 million from online bank customers. MORE
Cloud Security Web Security Azure blob campaign cloud storage Microsoft Netskope phishing techniqueA brand-new approach to harvesting credentials hinges on users' lack of cloud savvy. MORE
Russians Tied to Hack Attacks, But 'Two-Factor' No Silver Bullet, Google Warns Spear phishing attacks are in the news again following the Justice Department's indictment of Russian military intelligence officers for alleged attacks against U.S. Here's how to play better phishing defense MORE
Richard Conti of Children's Hospital of Philadelphia on Risk Mitigation Steps Because phishing attacks are so pervasive, aggressive staff educational efforts are essential, says Richard Conti of The Children's Hospital of Philadelphia, who also discusses other risk mitigation steps MORE
Well now, threat actors don’t even have to exert the effort to phish to land business email accounts. The post Attackers Are Landing Email Inboxes Without the Need to Phish appeared first on IG GURU. IG News Information Governance information privacy information security Security keylogging phishing Social Engineering spoofingBy Alastair Paterson on November 23, 2018 We’ve all heard the proverb: Give a man a fish and you feed him for a day. MORE
Thieves are combining SMS-based phishing attacks with new “cardless” ATMs to rapidly convert phished bank account credentials into cash. Phone-based phishing attacks are getting way more clever and are even snaring technology experts, as last month’s story shows. MORE
A story published here on July 12 about a new sextortion-based phishing scheme that invokes a real password used by each recipient has become the most-read piece on KrebsOnSecurity since this site launched in 2009. There are several interesting takeaways from this phishing campaign. MORE
The number of phishing attacks worldwide in the third quarter of 2018 reached more than 137 million, an increase of nearly 30 percent according to security company Kaspersky Lab. Phishing Data security Cyber security Cyber attacks MORE
Phishing emails purported to be commercial offers - but were really installing remote administration software on victims’ systems. Hacks Malware Uncategorized Web Security data theft email scam Industrial Security malware Phishing Phishing emails remote administration software MORE
Researchers at AppRiver uncovered a very trivial phishing campaign targeting the streaming service Spotify, anyway, it is important to share info about it. Security researchers at AppRiver uncovered a phishing campaign targeting the popular streaming service Spotify. MORE
A sophisticated phishing incident at a New York oncology and hematology practice went undetected for a week, affecting 128,400 individuals. Phishing Hacking Protected health information Data security MORE
Football world-governing body FIFA has admitted that its systems suffered a sustained phishing hack earlier this year. It is believed that the breach was caused by an employee falling for a phishing scam. MORE
Hacks Web Security Malicious URL microsoft phishing Microsoft SharePoint Office 365 Phishing phishing attack phishing campaign SharepointResearchers say the "PhishPoint" tactic has already impacted 10 percent of Office 365 users globally. MORE
Most of us have been trained to be wary of clicking on links and attachments that arrive in emails unexpected, but it’s easy to forget scam artists are constantly dreaming up innovations that put a new shine on old-fashioned telephone-based phishing scams. FULLY AUTOMATED PHONE PHISHING. MORE
Phishing has been used as a way for criminal hackers to gain sensitive information since the mid-1990s. Phishing emails can impersonate well-known brands or even people you know, such as colleagues. Phishing attacks are becoming more sophisticated, making them harder to detect. MORE
This tool, from Cofense, proactively engages employees via simulated attacks based on real-time threats for various phishing tactics. This methodology is distributed over a period of a year giving employees time to understand various phishing strategies. This is a platform for security awareness training and simulated phishing tests focusing on the problem of social-engineering. Organizations select the phishing templates and landing page for simulation. MORE
Arizona Cancer Center a Recent Victim of Major Phishing Attack As the year winds down, phishing and ransomware attacks continue to plague the healthcare sector, as illustrated by recent breach reports. MORE
Vulnerabilities Web Security "from" header forged sender Gmail gmail bug Phishing spearphishing Spoofing uxA glitch in the UX in Gmail allows the “from” field to be forged so there is no sender listed in the email's header. MORE
No Misuse of Exposed Data Has Been Reported - Yet Personal details for 30,000 Medicaid recipients in Florida may have been exposed after a government employee fell victim to a phishing attack, state officials warn. MORE
Brent Maher of Johnson Financial Group Offers Real-World Lessons Learned The key to lowering the risk of employees becoming victims of phishing is to adopt an "adult learning" approach to training, says Brent Maher, CISO at Johnson Financial Group MORE
Google has not had any of its 85,000+ employees successfully phished on their work-related accounts since early 2017, when it began requiring all employees to use physical Security Keys in place of passwords and one-time codes, the company told KrebsOnSecurity. MORE
Phishing attacks are on the rise, evolving in variety and sophistication and threatening email security. An IRONSCALES report has revealed that 90–95% of all successful cyber attacks begin with a phishing email. Widespread availability of low-cost phishing and ransomware tools. MORE
Cybercrime Gang Phoned Victims to Increase Phishing Attack Success Rates The FIN7 cybercrime gang regularly phoned victims, posing as buyers, to trick victims into opening phishing emails and attachments with malware, federal prosecutors allege. MORE
certificates machinelearning phishing spoofingReally interesting article : A trained eye (or even a not-so-trained one) can discern when something phishy is going on with a domain or subdomain name. MORE
Cyber criminals are taking advantage of TSB’s recent IT problems to exploit customers using mobile phishing attacks. According to Wired , the phishing attacks encourage TSB customers to click a fraudulent URL and enter their credentials to file a complaint against the company. MORE
Breach Tally Shows Hacking Attacks Involving Email Continue to Plague the Sector With the year nearly over, hacking attacks - especially those involving phishing and other email attacks - continue to rack up big victim counts for health data breaches reported to federal regulators in 2018 MORE
But OAuth Attack Defense Remains Tricky, Warns FireEye's Douglas Bienstock Just one click: That's all it takes for a victim to inadvertently grant attackers access to their email account via a third-party application. Here's how to spot signs of OAuth-related hacking and how to defend against it MORE
Phishing Related Topics Data Breach Today
DECEMBER 4, 2018
Richard Conti of Children's Hospital of Philadelphia on Risk Mitigation Steps Because phishing attacks are so pervasive, aggressive staff educational efforts are essential, says Richard Conti of The Children's Hospital of Philadelphia, who also discusses other risk mitigation steps
Krebs on Security
NOVEMBER 26, 2018
Maybe you were once advised to “look for the padlock” as a means of telling legitimate e-commerce sites from phishing or malware traps. A live Paypal phishing site that uses [link] (has the green padlock). A live Facebook phish that uses SSL (has the green padlock).
Data Breach Today
DECEMBER 5, 2018
Arizona Cancer Center a Recent Victim of Major Phishing Attack As the year winds down, phishing and ransomware attacks continue to plague the healthcare sector, as illustrated by recent breach reports.
Krebs on Security
OCTOBER 1, 2018
Most of us have been trained to be wary of clicking on links and attachments that arrive in emails unexpected, but it’s easy to forget scam artists are constantly dreaming up innovations that put a new shine on old-fashioned telephone-based phishing scams. FULLY AUTOMATED PHONE PHISHING.
Krebs on Security
NOVEMBER 2, 2018
Thieves are combining SMS-based phishing attacks with new “cardless” ATMs to rapidly convert phished bank account credentials into cash. Phone-based phishing attacks are getting way more clever and are even snaring technology experts, as last month’s story shows.
Data Breach Today
NOVEMBER 27, 2018
Breach Tally Shows Hacking Attacks Involving Email Continue to Plague the Sector With the year nearly over, hacking attacks - especially those involving phishing and other email attacks - continue to rack up big victim counts for health data breaches reported to federal regulators in 2018
Schneier on Security
OCTOBER 2, 2018
Brian Krebs is reporting on some new and sophisticated phishing scams over the telephone. fraud phishing scams socialengineeringI second his advice: "never give out any information about yourself in response to an unsolicited phone call."
Krebs on Security
JULY 23, 2018
Google has not had any of its 85,000+ employees successfully phished on their work-related accounts since early 2017, when it began requiring all employees to use physical Security Keys in place of passwords and one-time codes, the company told KrebsOnSecurity.
Data Breach Today
AUGUST 7, 2018
Cybercrime Gang Phoned Victims to Increase Phishing Attack Success Rates The FIN7 cybercrime gang regularly phoned victims, posing as buyers, to trick victims into opening phishing emails and attachments with malware, federal prosecutors allege.
Security Affairs
NOVEMBER 25, 2018
Researchers at AppRiver uncovered a very trivial phishing campaign targeting the streaming service Spotify, anyway, it is important to share info about it. Security researchers at AppRiver uncovered a phishing campaign targeting the popular streaming service Spotify.
IT Governance
NOVEMBER 9, 2018
Football world-governing body FIFA has admitted that its systems suffered a sustained phishing hack earlier this year. It is believed that the breach was caused by an employee falling for a phishing scam.
Data Breach Today
DECEMBER 18, 2017
Bitcoin Exchange Job Lure Traces to Hackers Tied to North Korea Bitcoin-seeking phishing attacks have been trying to socially engineer would-be cryptocurrency exchange executives, warn researchers at Secureworks.
Data Breach Today
JULY 11, 2018
Brent Maher of Johnson Financial Group Offers Real-World Lessons Learned The key to lowering the risk of employees becoming victims of phishing is to adopt an "adult learning" approach to training, says Brent Maher, CISO at Johnson Financial Group
Data Breach Today
JANUARY 8, 2018
No Misuse of Exposed Data Has Been Reported - Yet Personal details for 30,000 Medicaid recipients in Florida may have been exposed after a government employee fell victim to a phishing attack, state officials warn.
Data Breach Today
JULY 23, 2018
Russians Tied to Hack Attacks, But 'Two-Factor' No Silver Bullet, Google Warns Spear phishing attacks are in the news again following the Justice Department's indictment of Russian military intelligence officers for alleged attacks against U.S. Here's how to play better phishing defense
Data Breach Today
JUNE 21, 2018
Phishing remains the top attack vector, and an organization's people of course remain the top target. But how can these same people be leveraged as a key component in your anti-phishing defense? Kurt Wescoe of Wombat shares insight
IT Governance
MARCH 16, 2018
Phishing has been used as a way for criminal hackers to gain sensitive information since the mid-1990s. Phishing emails can impersonate well-known brands or even people you know, such as colleagues. Phishing attacks are becoming more sophisticated, making them harder to detect.
Data Breach Today
JUNE 21, 2018
But OAuth Attack Defense Remains Tricky, Warns FireEye's Douglas Bienstock Just one click: That's all it takes for a victim to inadvertently grant attackers access to their email account via a third-party application. Here's how to spot signs of OAuth-related hacking and how to defend against it
Threatpost
OCTOBER 29, 2018
Sophisticated nation-state groups now integrate phishing as a core component of their statecraft. Critical Infrastructure Government Hacks InfoSec Insider Web Security andrea little limbago election interference email scame infosec insider nation state Phishing sophisticated tactics State sponsored
WIRED Threat Level
DECEMBER 6, 2018
MetaCert has classified 10 billion URLs as either safe, a suspected source of phishes, or unknown. Business Security
Data Breach Today
AUGUST 17, 2018
A phishing attack on Wednesday fueled by the Necurs botnet targeted at least 2,700 banking institutions of various sizes in the U.S. and around the world, explains Aaron Higbee of Cofense, which detected the attack
Information Management Resources
NOVEMBER 29, 2018
The number of phishing attacks worldwide in the third quarter of 2018 reached more than 137 million, an increase of nearly 30 percent according to security company Kaspersky Lab. Phishing Data security Cyber security Cyber attacks
Threatpost
NOVEMBER 16, 2018
Web Security Bug email glitch Gmail malicious actor PhishingThe issue comes from how Gmail automatically files messages into the "Sent" folder.
Information Management Resources
NOVEMBER 20, 2018
A sophisticated phishing incident at a New York oncology and hematology practice went undetected for a week, affecting 128,400 individuals. Phishing Hacking Protected health information Data security
IT Governance
MARCH 21, 2018
Phishing attacks are on the rise, evolving in variety and sophistication and threatening email security. An IRONSCALES report has revealed that 90–95% of all successful cyber attacks begin with a phishing email. Widespread availability of low-cost phishing and ransomware tools.
Threatpost
AUGUST 15, 2018
Hacks Web Security Malicious URL microsoft phishing Microsoft SharePoint Office 365 Phishing phishing attack phishing campaign SharepointResearchers say the "PhishPoint" tactic has already impacted 10 percent of Office 365 users globally.
The Last Watchdog
NOVEMBER 27, 2018
This tool, from Cofense, proactively engages employees via simulated attacks based on real-time threats for various phishing tactics. This methodology is distributed over a period of a year giving employees time to understand various phishing strategies. This is a platform for security awareness training and simulated phishing tests focusing on the problem of social-engineering. Organizations select the phishing templates and landing page for simulation.
Threatpost
JUNE 20, 2018
Researchers are warning of a new Netflix phishing scam that leads to sites with valid TLS certificates. Hacks Privacy Netflix Netflix phishing Phishing phishing scam TLS sites
Data Breach Today
MARCH 30, 2018
Arrests Came After a Two-Year Investigation of 'Highly Organized' Crime Group Police have charged 20 Romanian and Italian nationals with running spear-phishing attacks that stole more than $1 million from online bank customers.
IT Governance
AUGUST 20, 2018
However, this strength turns to weakness when it comes to phishing. By training employees on using strong passwords and being more vigilant at spotting phishing attacks, businesses can significantly increase the strength of their IT security.” . How to avoid phishing attacks .
Data Breach Today
JUNE 5, 2018
Angel Grant Analyzes Findings, Which Also Show a Surge in Mobile App Fraud RSA's most recent Quarterly Fraud Report shows that "newsjacking" is increasingly empowering phishing attacks, says Angel Grant, RSA's director of identity fraud and risk intelligence.
Data Breach Today
JANUARY 22, 2018
Botnet Also Pushes Ransomware, Cryptocurrency, 'Virtual Kisses' The operators of the Necurs botnet continue to target victims with phishing campaigns designed to infect them with banking malware, ransomware and cryptocurrency fever, as well as to generate profits via dating website referrals
IT Governance
MAY 14, 2018
Criminal hackers are taking advantage of the imminent General Data Protection Regulation (GDPR) with a phishing campaign targeting Airbnb customers. The phishing scam seeks to exploit this. How can I detect a phishing email? There are a number of ways to spot a phishing email.
Threatpost
NOVEMBER 20, 2018
Vulnerabilities Web Security "from" header forged sender Gmail gmail bug Phishing spearphishing Spoofing uxA glitch in the UX in Gmail allows the “from” field to be forged so there is no sender listed in the email's header.
Dark Reading
SEPTEMBER 28, 2018
The most popular subject lines crafted to trick targets into opening malicious messages, gleaned from thousands of phishing emails
IT Governance
JUNE 12, 2018
Cyber criminals are taking advantage of TSB’s recent IT problems to exploit customers using mobile phishing attacks. According to Wired , the phishing attacks encourage TSB customers to click a fraudulent URL and enter their credentials to file a complaint against the company.
Schneier on Security
AUGUST 9, 2018
certificates machinelearning phishing spoofingReally interesting article : A trained eye (or even a not-so-trained one) can discern when something phishy is going on with a domain or subdomain name.
Threatpost
AUGUST 2, 2018
Phishing emails purported to be commercial offers - but were really installing remote administration software on victims’ systems. Hacks Malware Uncategorized Web Security data theft email scam Industrial Security malware Phishing Phishing emails remote administration software
IG Guru
NOVEMBER 30, 2018
Well now, threat actors don’t even have to exert the effort to phish to land business email accounts. The post Attackers Are Landing Email Inboxes Without the Need to Phish appeared first on IG GURU. IG News Information Governance information privacy information security Security keylogging phishing Social Engineering spoofingBy Alastair Paterson on November 23, 2018 We’ve all heard the proverb: Give a man a fish and you feed him for a day.
Threatpost
OCTOBER 10, 2018
Cloud Security Web Security Azure blob campaign cloud storage Microsoft Netskope phishing techniqueA brand-new approach to harvesting credentials hinges on users' lack of cloud savvy.
Data Breach Today
AUGUST 24, 2018
Unannounced Exercise Stoked Voter Database Hacking Fears A website that appeared to be part of a phishing campaign designed to gain access to the Democratic National Committee's voter database has turned out to be part of an uncoordinated security exercise.
IT Governance
JANUARY 7, 2018
Phishing is big business for cyber criminals. According to PhishMe’s Enterprise Phishing Resiliency and Defense Report 2017 , phishing attacks rose by 65% last year, with the average attack costing mid-sized companies $1.6 Help your staff avoid phishing attacks.
IT Governance
NOVEMBER 14, 2017
Recent reports of a phishing attack on Mayfair art dealers have revealed that “at least nine galleries or individuals were affected, including Hauser & Wirth, and London-based dealers Simon Lee, Thomas Dane, Rosenfeld Porcini and Laura Bartlett”.
82 
Let's personalize your content