Advanced Phishing Attacks Increased by 356% in 2022
May31

Advanced Phishing Attacks Increased by 356% in 2022

An analysis of by the cybersecurity firm Perception Point shows there was a major increase in advanced phishing attacks in 2022, which increased by 356% from 2021. Phishing accounted for 67.4% of cyberattacks in 2022, and there was an 83% increase in business email compromise (BEC) attacks. In total, cyberattacks increased by 87% from the previous year. While BEC attacks only account for a small percentage of attacks, the losses to...

Read More
Cybersecurity Awareness Month 2022 Focuses on People
Sep28

Cybersecurity Awareness Month 2022 Focuses on People

Cybersecurity Awareness Month 2022 runs from October 1 to October 31, with the month of October having been dedicated to improving awareness about cybersecurity since 2004. Throughout October, the U.S. Cybersecurity and Infrastructure Security (CISA) and the National Cybersecurity Alliance (NCA) will lead a collaborative effort  between government and industry to improve cybersecurity awareness in the United States and beyond. The...

Read More
TitanHQ Acquires Cyber Risk Aware to Add Security Awareness Training to its Cybersecurity Portfolio
Feb17

TitanHQ Acquires Cyber Risk Aware to Add Security Awareness Training to its Cybersecurity Portfolio

The Irish cybersecurity firm TitanHQ, a leading SaaS business offering a portfolio of cloud-based cybersecurity solutions, has announced the acquisition of the Dublin-based security awareness firm Cyber Risk Aware. Cyber Risk Aware was formed in 2016 and provides the only behavior-driven security awareness platform that provides real-time training to help counter the threat from phishing and other cybersecurity threats that target...

Read More
New JavaScript Malware Delivers Multiple Rats and Info Stealers
Nov25

New JavaScript Malware Delivers Multiple Rats and Info Stealers

A new JavaScript malware dubbed RATDispenser is being used to deliver at least 8 different Remote Access Trojans (RATs), information stealers, and keyloggers. According to an analysis by the HP Threat Research team, three different variants of RATDispenser have been detected in the past 3 months and 155 samples have been intercepted. All but 10 of those samples act as first-stage malware droppers that do not communicate with an...

Read More
The Emotet Botnet is Back: TrickBot Infrastructure Being Used to Rebuild the Botnet
Nov17

The Emotet Botnet is Back: TrickBot Infrastructure Being Used to Rebuild the Botnet

The infrastructure of the Emotet botnet was taken down in a Europol/Eurojust coordinated law enforcement operation in January 2021. Since the takedown it has been all quiet on the Emotet front, but the Emotet botnet has now returned. That law enforcement operation saw the infrastructure seized and taken down and two individuals believed to have played key roles in maintaining the infrastructure of the botnet were arrested. The Emotet...

Read More
Legitimate FBI System Hacked and Used to Send Spam Emails About Fake Cyberattack
Nov15

Legitimate FBI System Hacked and Used to Send Spam Emails About Fake Cyberattack

A spam email campaign involving at least 100,000 emails has been conducted using ‘hacked’ FBI-owned servers. The messages advised the recipients that their network had been breached and data was stolen. The emails were sent from the legitimate [email protected] email account and, as such, were passed by the DomainKeys Identified Mail (DKIM) mechanism. The Spamhaus project said the messages were delivered to at least 100,000 mailboxes,...

Read More
Amazon SES Token Stolen and Used to Send Phishing Emails from Kaspersky.com Email Accounts
Nov02

Amazon SES Token Stolen and Used to Send Phishing Emails from Kaspersky.com Email Accounts

A phishing campaign has been identified that abused a legitimate access token of a third-party contractor to send phishing emails from legitimate Kaspersky.com email accounts. The campaign was conducted using the Amazon Simple Email Service (SES) email service, which allows developers to send emails from any app, including apps used for mass email communications. Kaspersky’s Amazon SES token was provided to a third-party contractor in...

Read More
NHS Vaccination Proof Phishing Campaign Rife in the UK
Oct25

NHS Vaccination Proof Phishing Campaign Rife in the UK

Cybercriminals have stepped up their efforts to scam Brits according to new research, with one of the most common scams offering fake proof of COVID-19 vaccination. According to Tessian, the phishing scam spoofs the NHS and advises recipients that they are eligible to apply for a “Digital Passport” which can be used as proof that an individual has been vaccinated against COVID-19 or has contracted COVID-19 and has recently recovered....

Read More
Phishing Campaign Uses Mathematical Symbols to Fool Email Security Solutions
Oct14

Phishing Campaign Uses Mathematical Symbols to Fool Email Security Solutions

Analysts at email security firm INKY have identified a new phishing campaign that uses mathematical symbols in spoofed corporate logos in an attempt to fool email security solutions and ensure the phishing messages get delivered to inboxes. Many AI-based anti-phishing solutions can detect brand impersonation attacks and reject or quarantine messages rather than delivering to inboxes. If a message looks like it is from a known brand,...

Read More
Microsoft Discovers Large-scale Phishing-as-a-Service Operation
Sep23

Microsoft Discovers Large-scale Phishing-as-a-Service Operation

Microsoft has discovered a major phishing-as-a-service operation that it says is behind many phishing attacks on businesses over the past 3 years. Phishing is one of the easiest ways for cybercriminals to gain access to business networks. Attackers require a phishing email template to use, need to have a domain to send emails, and a webpage where credentials are harvested. Creating the infrastructure to support phishing campaigns can...

Read More
TitanHQ Adds Geo-Blocking in Latest Release of SpamTitan Email Security
Sep15

TitanHQ Adds Geo-Blocking in Latest Release of SpamTitan Email Security

TitanHQ has released of a new version of its award-winning SpamTitan email security solution. The Fall 2021 release – SpamTitan 7.11 – includes several enhancements to improve detection of threats such as malware, ransomware, APTs, spear phishing, and malicious URLs, with the updated version providing greater threat insights to help administrators mitigate risks more effectively. SpamTitan 7.11 includes a new feature –...

Read More
SolarWinds Hackers Conducting Spear Phishing Campaign Posing as USAID
Jun01

SolarWinds Hackers Conducting Spear Phishing Campaign Posing as USAID

The Russian Advanced Persistent Threat (APT) group Nobelium – aka APT29/The Dukes/Cozy Bear – that was behind the SolarWinds Orion supply chain attack has been conducting a spear phishing campaign masquerading as the U.S. Agency for International Development (USAID). The emails are used to deliver malware and gain persistent access to the internal networks of the targeted companies. The spear phishing attacks were identified by...

Read More
Patch These Actively Exploited SonicWall Vulnerabilities Now!
Apr20

Patch These Actively Exploited SonicWall Vulnerabilities Now!

SonicWall has released patches to correct three actively exploited vulnerabilities in its on-premises and hosted email security solutions. The vulnerabilities can be exploited remotely to gain access to SonicWall Email Security hardware and virtual appliances as well as software installations on Microsoft Windows Server. Successful exploitation of the vulnerabilities would allow threat actors to access files and emails, install...

Read More
BEC Gang Members who Scammed More Than 50,000 Organizations Arrested
Nov26

BEC Gang Members who Scammed More Than 50,000 Organizations Arrested

Image source: INTERPOL Three members of a cybercriminal gang that has attacked more 50,000 organizations have been arrested in Lagos, Nigeria. The arrests come at the end of a year-long investigation into the prolific business email compromise scammers by INTERPOL, Group-IB, and the Nigerian Police Force. The three gang members arrested are believed to be responsible for phishing scams, BEC attacks, and malware distribution on tens of...

Read More
October Threat Report Shows 1,200% Increase in Emotet Attacks in Q3, 2020
Nov05

October Threat Report Shows 1,200% Increase in Emotet Attacks in Q3, 2020

New data from HP Inc. shows cyberattacks involving the Emotet Trojan increased by more than 1,200% between Q2, 2020 and Q3, 2020. The data for the company’s October 2020 Threat Insights Report come from HP Sure Click Enterprise, a security solution used on enterprise desktops and laptops that captures malware and allows it to run in a secure container. Data were collected from 1 July to 30 September 2020, with the report proving...

Read More
Emotet Campaign Impersonates Democratic National Convention
Oct02

Emotet Campaign Impersonates Democratic National Convention

An Emotet malware campaign is underway which has already targeted hundreds of organizations in the United States. The emails spoof the Democratic National Convention with messages claiming to be a call to action to recruit DNC volunteers across the country to help elected Democrats in the upcoming presidential election, as part of the DNC Team Blue initiative. The threat group behind Emotet, TA542, usually uses lures such as shipping...

Read More
Losses to BEC Attacks Increased by 48% in Q2, 2020
Sep08

Losses to BEC Attacks Increased by 48% in Q2, 2020

New data released by Agari show there has been a significant increase in losses to business email compromise attacks in Q2, 2020, increasing by 48% from the previous quarter. Business email compromise (BEC) is a form of email fraud in which an attacker compromises an email account of an organization and uses that account to commit fraud against the organization or business contacts. Typically, these attacks aim to fraudulently obtain...

Read More
Phishing Campaign Offering PPE Delivers Agent Tesla RAT
Sep01

Phishing Campaign Offering PPE Delivers Agent Tesla RAT

Researchers at Area 1 Security have identified a phishing scam that spoofs legitimate chemical companies, exporters and importers to deliver the Agent Tesla Remote Access Trojan (RAT). The phishing emails offer the recipient personal protective equipment (PPE) such as forehead temperature thermometers, disposable face masks, and other medical supplies that have been in short supply. The emails claim that the company has started mass...

Read More
CISA Warns of Phishing Campaign Targeting SBA Loan Accounts
Aug17

CISA Warns of Phishing Campaign Targeting SBA Loan Accounts

The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert about an ongoing phishing campaign against government agencies that is attempting to obtain credentials for Small Business Administration COVID-19 loan relief accounts. The campaign uses a spoofed version of the SBA COVID-19 relief webpage to obtain credentials, with links to the fraudulent website distributed through...

Read More
Emotet Botnet Springs Back to Life with Massive Malspam Campaign
Jul20

Emotet Botnet Springs Back to Life with Massive Malspam Campaign

The Emotet botnet has sprung back to life after a 5-month break and is being used to send large volumes of spam emails containing malicious URLs and attachments. Emotet malware was the biggest malware threat in 2018 and 2019, but the botnet has been quiet for much of 2020. The Emotet botnet often has periods of dormancy, before springing back to life and sending huge volumes of spam email. When Emotet went quiet in early 2020, it was...

Read More
95% of Brits Unable to Correctly Distinguish Phishing and Genuine Messages
Jul10

95% of Brits Unable to Correctly Distinguish Phishing and Genuine Messages

A recent phishing study conducted by the UK firm, Computer Disposals Limited, has revealed British workers struggle to identify phishing attacks, with only 5% of participants in the study able to identify all phishing attempts in the test. The study was conducted on 1,000 individuals who were given a quiz consisting of messages and emails from well known brands such as Amazon, Netflix, Disney Plus, emails from the UK government and...

Read More
BEC Gangs Abandon C-Suite Executives in Favor of Attacks on Finance Employees
Jun23

BEC Gangs Abandon C-Suite Executives in Favor of Attacks on Finance Employees

A recent report from Abnormal Security suggests business email compromise gangs have changed tactics and have new targets in their sights. BEC gangs have historically targeted C-Suite executives using phishing emails to obtain their credentials to access their email accounts in what is often referred to as whaling attacks. C-Suite email accounts are valuable as they can be used to target other individuals in the organization. These...

Read More
Microsoft’s COVID-19 Threat Analysis Reveals Attackers Adapt Campaigns to Local Events
Jun18

Microsoft’s COVID-19 Threat Analysis Reveals Attackers Adapt Campaigns to Local Events

Many threat actors have adopted COVID-19 themed lures in phishing campaigns and for distributing malware, but the proportion of COVID-19 related threats is much lower than the headlines suggest, according to a recent report from Microsoft. In fact, Microsoft’s figures suggest only about 2% of all threats were related to COVID-19 and coronavirus over the past 4 months. Microsoft has previously reported that while there have been many...

Read More
Fake CVs, Medical Leave Forms, Voicemail Alerts Used as Lures in Phishing Attacks
Jun08

Fake CVs, Medical Leave Forms, Voicemail Alerts Used as Lures in Phishing Attacks

Researchers at Check Point have issued a warning that cybercriminals are using fake CVs, resumes, and medical leave forms to spread malware such as banking Trojans and information stealers. Many Americans have lost their jobs as a result of the COVID-19 pandemic. Unemployment is now at the highest level it has ever been in the United States, so a great many Americans will now be looking for work. It is therefore no surprise that...

Read More
Updated Valek Malware Used in Targeted Attacks on U.S and German Enterprises
May29

Updated Valek Malware Used in Targeted Attacks on U.S and German Enterprises

Enterprises in the United States and Germany are being targeted in a phishing campaign spreading Valek malware, according to researchers at Cybereason Nocturnus. Valek is a popular malware loader that was first identified in 2019. Valek has previously been distributed in phishing campaigns to deliver banking Trojans such as Ursnif and IcedID. Valek is active development and new versions are frequently released. According to a recent...

Read More
Massive Phishing Campaign Distributing Legitimate Remote Admin Tool as RAT
May21

Massive Phishing Campaign Distributing Legitimate Remote Admin Tool as RAT

A phishing campaign has been detected that exploits the COVID-19 pandemic to spread a legitimate remote administration tool which is being used as a remote access Trojan. If installed, the attacker will have full control of an infected device. The “massive campaign” was detected by the Microsoft Security Intelligence team, which intercepted emails using malicious Excel spreadsheets to install the NetSupport Manager remote...

Read More
COVID-19 Themed Cyberattacks Have Increased by 30% in the Past Two Weeks
May13

COVID-19 Themed Cyberattacks Have Increased by 30% in the Past Two Weeks

There has been a sharp increase in the number of COVID-19 themed cyberattacks in the past two weeks according to Check Point. Check Point has been tracking phishing attacks and other cybersecurity incidents and identified 192,000 COVID-19 themed attacks in the past two weeks. Most of the cyberattacks were phishing attacks where authorities on SARS-CoV-2 such as the World Health Organization (WHO) and the Centers for Disease Control...

Read More
13% of Organizations Have Experienced a Cyberattack During the COVID-19 Pandemic
May12

13% of Organizations Have Experienced a Cyberattack During the COVID-19 Pandemic

The transition from a largely office-based workforce to having most employees working from home has left many organizations exposed to cyberattacks. While having employees working from home does not necessarily mean a weakening of security defenses, the problem has been the speed at which the changes had to be made. The rapid change to an at-home workforce as a result of the Covid-19 pandemic has meant organizations have not had...

Read More
Clop Ransomware Gang Publishes ExecuPharm Data After Non-Payment of Ransom
Apr30

Clop Ransomware Gang Publishes ExecuPharm Data After Non-Payment of Ransom

The U.S. pharmaceutical company ExecuPharm recently announced it suffered a ransomware attack on March 13, in which certain corporate and employee information was compromised. The attack started with phishing emails sent to its employees, with the subsequent investigation indicating the attackers may have viewed or obtained sensitive data prior to the deployment of the ransomware. The types of data that were potentially compromised...

Read More
Phishing Campaign Claims Tens of Millions of Euros of Government COVID-19 Payouts
Apr21

Phishing Campaign Claims Tens of Millions of Euros of Government COVID-19 Payouts

A phishing campaign has resulted in losses of tens of millions of Euros for the German North-Rhine-Westphalia (NRW) government. The NRW government’s Ministry of Economic Affairs set up a website for self-employed individuals and businesses in the province to request financial relief due to the 2019 Novel Coronavirus pandemic. Requests could be submitted through the site to receive emergency aid funding. However, a copycat site was...

Read More
FTC: Coronavirus and COVID-19 Scams Result in Losses of $12.78 Million in 2020
Apr14

FTC: Coronavirus and COVID-19 Scams Result in Losses of $12.78 Million in 2020

Figures released by the U.S. Federal Trade Commission (FTC) have revealed the extent of losses to coronavirus and COVID-19 scams in 2020. The FTC received 16,778 reported complaints of consumer fraud in relation to the 2019 Novel Coronavirus between January 1, 2020 and April 12, 2020. Around 46% of those reported cases of fraud involved financial losses, which totaled $12.78 million during that period. The median loss was $570. The...

Read More
INTERPOL Issues Warning About Increase in Ransomware Attacks on Hospitals
Apr13

INTERPOL Issues Warning About Increase in Ransomware Attacks on Hospitals

Hospitals, research facilities and other healthcare organizations on the front line in the fight against the 2019 Novel Coronavirus and Covid-19 are not only facing incredible challenges treating patients, they are also having to fend off ransomware attacks. Some threat groups have publicly stated that they will not be attacking healthcare organizations during the COVID-19 public health emergency, but there are still some highly...

Read More
Lokibot Information Stealer Distributed in Spear Phishing ampaign Impersonating WHO
Apr06

Lokibot Information Stealer Distributed in Spear Phishing ampaign Impersonating WHO

Researchers at Fortinet’s FortiGuard Labs have identified a new spear phishing campaign that impersonates the World Health Organization (WHO) to distribute the LokiBot information stealer. The emails incorporate the WHO logo and claim to offer important advice about COVID-19 infection control and give recommendations. The email states that the information in the email attachment is intended to address misinformation about the 2019...

Read More
Beware of New Coronavirus Wiper Malware
Apr03

Beware of New Coronavirus Wiper Malware

A new wiper malware has been detected that uses a similar method to the 2017 NotPetya wiper malware to trash computers by overwriting the Master Boot Record (MBR) to render computers useless. Named Coronavirus, this wiper malware is being used purely for the purpose of sabotage. The malware variant was analyzed by researchers at SonicWall Capture Labs Threat Research. The researchers report that the malware variant is not as...

Read More
Phishing Campaigns Using Offer of Coronavirus Financial Relief as Lure
Apr02

Phishing Campaigns Using Offer of Coronavirus Financial Relief as Lure

Governments around the world are developing financial relief packages to help citizens that have been unable to work due to the coronavirus and are facing extreme financial difficulties, and cybercriminals are taking advantage. Campaigns have been detected that use the offer of financial relief due to the coronavirus pandemic as a lure to trick people into disclosing sensitive information or installing malware. Over the past few...

Read More
Database Containing Extensive Information of 200 Million Americans Exposed Online
Mar24

Database Containing Extensive Information of 200 Million Americans Exposed Online

A database on the Google Cloud platform containing 800 gigabytes of data and over 200 million user records has been misconfigured and was exposed online, according to researchers at CyberNews. The database contained a folder that included detailed information on around 200 million Americans, including full names, phone numbers, email addresses, dates of birth, credit ratings, home addresses, mortgaged property addresses, number of...

Read More
WHO Director-General Impersonated in Spam Campaign Delivering HawkEye Keylogger and Malware Downloader
Mar20

WHO Director-General Impersonated in Spam Campaign Delivering HawkEye Keylogger and Malware Downloader

Another coronavirus-themed phishing campaign has been detected impersonating the World Health Organization (WHO), or more specifically, the Director-General of WHO, Dr. Tedros Adhanom Ghebreyesus. The campaign was identified by security researchers at IBM X-Force Threat Intelligence who report that several waves of spam have already been delivered. The threat actors behind the campaign are using spam emails to distribute a malware...

Read More
Microsoft Announces Takedown of Necurs Botnet
Mar11

Microsoft Announces Takedown of Necurs Botnet

Microsoft has announced it has seized the U.S. command and control infrastructure of the Necurs botnet and has taken steps to prevent the infrastructure from being recreated. The Necurs botnet is one of the largest spamming and malware distribution networks ever created. The botnet consists of more than 9 million zombie devices that have been infected with Necurs malware and are under the control of the botnet operators. The botnet is...

Read More
74% of Phishing Sites Now Use HTTPS
Feb27

74% of Phishing Sites Now Use HTTPS

The latest phishing activity trends report from the Anti-Phishing Working Group (APWG) shows a decline in the number of detected phishing sites after the 3-year high seen in Q3, 2019. Between October 2019 and December 2019, 162,155 phishing sites were detected, down from 266,387 in Q3. In Q4, 2019, the number of phishing site detections was closer to the mean level in 2019. An average of 333 brands were impersonated in phishing...

Read More
Phishers’ Favorite Report Reveals Massive Increase in WhatsApp Phishing URLs
Feb26

Phishers’ Favorite Report Reveals Massive Increase in WhatsApp Phishing URLs

The Q4, 2019 Phishers’ Favorite report from email security firm Vade Secure shows PayPal is the most impersonated brand in phishing attacks, making it two successive quarters at the top of the list. In Q4, 2019, Vade Secure detected 11,392 new PayPal phishing URLs at a rate of 124 new URLs a day. While the number of new PayPal URLs fell 31.2% from Q3, 2019, detections are up 23% on this time last year. Second place went to Facebook,...

Read More
Q4 2019 Threat Report Reveals Emotet Dominates Threat Landscape
Feb20

Q4 2019 Threat Report Reveals Emotet Dominates Threat Landscape

The Q4, 2019 Threat Report from cybersecurity firm Proofpoint has confirmed Emotet was the biggest malware threat in 2019, accounting for 37% of all malicious payloads in 2019, even though for several months of 2019 Emotet was inactive. Emotet activity is up considerably from 2018, when it accounted for 28% of malicious payloads for the year. In Q4, 2019, Emotet accounted for 31% of all malicious payloads. Banking Trojans also proved...

Read More
LokiBot Trojan Masquerades as Epic Games Software Installer
Feb19

LokiBot Trojan Masquerades as Epic Games Software Installer

Threat actors behind the LokiBot Trojan, an information stealer and a backdoor that gives attackers access to Windows systems, are using a new tactic to install their Trojan: Impersonation of a legitimate software installer used by EPIC Games, the gaming company behind the hugely popular free-to-play game Fortnite. LokiBot was first identified around 5 years ago and it is constantly tweaked and updated. LokiBot can steal sensitive...

Read More
Fresh Warnings Issued About Coronavirus Phishing Scams
Feb18

Fresh Warnings Issued About Coronavirus Phishing Scams

Fresh warnings have been issued about coronavirus phishing scams that are being conducted to steal sensitive data and spread malware. Multiple threat actors are taking advantage of fear about COVID-19 to conduct attacks, and as February has progressed, the number of COVID-19-themed phishing campaigns has increased dramatically. Earlier this month, the U.S. Federal Trade Commission (FTC) issued an alert warning that cybercriminals were...

Read More
Phishing Attack Results in $2.6 Million Loss for Puerto Rico Government
Feb17

Phishing Attack Results in $2.6 Million Loss for Puerto Rico Government

A Puerto Rican government employee has been duped by a phishing scam and wired more than $2.6 million to an account controlled by the scammers. The money had been allocated for remittance payments and was sent to a seemingly legitimate bank account on January 17, but it was later discovered that the transfer was fraudulent. The Puerto Rico government has managed to freeze some of the funds, and efforts are ongoing to recover the...

Read More
BEC Attacks Account for More Than Half of All Losses to Cybercrime
Feb13

BEC Attacks Account for More Than Half of All Losses to Cybercrime

Business email compromise attacks are the most financially damaging form of cybercrime, according to the 2019 Internet Crime Report from the FBI’s Internet Crime Complaint Center (IC3). In 2019, IC3 received 467,361 complaints about cybercrime and victims of those crimes reported losses of $3.5 billion. BEC attacks only accounted for 23,775 of those attacks (5.08%), yet they resulted in losses of $1.77 billion – 50.57% of all reported...

Read More
UK Community Housing Firm Suffers £932,000 Loss to BEC Scam
Feb05

UK Community Housing Firm Suffers £932,000 Loss to BEC Scam

High Wickham-based Red Kite Community Housing recently announced it has lost £932,000 ($1.2 million) to a business email compromise (BEC) scam. BEC is the leading cause of financial losses due to cybercrime. The attacks involve compromising or spoofing a corporate or vendor’s email account and using the account to send messages to individuals responsible for wire transfers. The scammers arrange fraudulent wire transfers or change the...

Read More
Ashley Madison Extortion Scams Show Repercussions from Data Breaches Can Last Forever
Feb04

Ashley Madison Extortion Scams Show Repercussions from Data Breaches Can Last Forever

Almost five years ago, Ashley Madison experienced a massive data breach. Hackers stole the information from 32 million accounts and the data was dumped online. Included in that data set were names, phone numbers, addresses, credit card details, passwords and other sensitive information. That information was used in a plethora of scams, spam campaigns, and many users suffered fraud as a result. There were even several suicides as a...

Read More
Beware of Coronavirus Themed Phishing Attacks
Jan31

Beware of Coronavirus Themed Phishing Attacks

The novel coronavirus that originated in the province of Wuhan in China has now spread to other countries, with Japan and Thailand the worst affected so far with 14 cases. People are naturally worried about infection and with good reason. More than 200 people are known to have died so far. In Japan, people have been receiving emails warning of new infections in their prefectures. The emails have file attachments that appear to be...

Read More
55% of Organizations Were Successfully Phished in 2019
Jan27

55% of Organizations Were Successfully Phished in 2019

Phishing is the most common method of attacking organizations and it continues to cause problems for IT departments and considerable losses for organizations. A new report from Proofpoint has revealed the extent of phishing and how often the attacks succeed. The data for the report came from a survey of more than 3,500 working adults and 600 cybersecurity professionals in Australia, France, Germany, Japan, Spain, the United States,...

Read More
CISA Warns of Increase in Emotet Malware Activity
Jan24

CISA Warns of Increase in Emotet Malware Activity

The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning over an increase in Emotet malware activity. The Emotet botnet sprung back to life on January 13, 2020 with largescale spamming campaigns detected spreading the Emotet Trojan. The Emotet Trojan is a modular malware that serves as a banking Trojan, information stealer, and malware downloader. The Trojan can move...

Read More
The Emotet Botnet is Back in Action Sending Spam with New Lures to Fool the Unwary
Jan22

The Emotet Botnet is Back in Action Sending Spam with New Lures to Fool the Unwary

There was a welcome Christmas break from the Emotet botnet, but life has returned to normal and it is well and truly back in action. Millions of malspam emails are now being sent spreading the Emotet Trojan in more than 80 countries. The emails contain attachments that are used to install the information stealing Emotet Trojan. Since Emotet is itself a malware downloader, that may not be the only malicious payload that is deployed....

Read More
TitanHQ’s Web and Email Security Solutions Now Available for Pax8 Partners
Jan22

TitanHQ’s Web and Email Security Solutions Now Available for Pax8 Partners

Pax8, the multi-award-winning cloud distribution company, has formed a new strategic partnership with TitanHQ, the leading provider of cloud-based email and web security solutions for managed service providers serving the SMB market. In order to block an increasingly diverse range of cyberthreats and effectively mitigate risk, a layered approach to security is required. Cybersecurity solutions need to be used to protect mobile...

Read More
Microsoft Takes Down 50 Phishing Domains Used by North Korea-Backed Threat Group
Jan02

Microsoft Takes Down 50 Phishing Domains Used by North Korea-Backed Threat Group

Microsoft has sought help from the courts to take down domains used by the North Korea-backed hacking group, Thallium (APT37). After securing the court order from the U.S. District Court for the Eastern District of Virginia, 50 that were being used by the hacking group to attack the United States have now been seized. Microsoft’s Digital Crimes Unit (DCU) and Threat Intelligence Center (MSTIC) have been tracking the activity of the...

Read More
SpamTitan Scores Big on Business Review Websites
Dec16

SpamTitan Scores Big on Business Review Websites

TitanHQ is the leading provider of cloud-based email security to Managed Service Providers (MSPs) serving the SMB market and its email security solution, SpamTitan, is well loved by SMBs and MSPs alike. SpamTitan is consistently rated highly by end users on the leading business software review sites and is routinely awarded scores in excess of 4.5 out of 5 by end users, with a high percentage giving top marks across all rating...

Read More
Microsoft Issues Warning About Spear Phishing Attacks
Dec03

Microsoft Issues Warning About Spear Phishing Attacks

Phishing attacks have been increasing steadily throughout 2019. Most of the phishing emails being sent are part of large campaigns sent randomly using huge lists of email addresses, but not all. Some of the campaigns are far more targeted and are sent to only a handful of individuals – To individuals in a specific department in a company, for instance. Some of the attacks are even more targeted and are just sent one person. These...

Read More
Google Sent 12,000 Warnings About State-Sponsored Phishing and Hacking Campaigns in Q3, 2019
Nov29

Google Sent 12,000 Warnings About State-Sponsored Phishing and Hacking Campaigns in Q3, 2019

A recent report from Google’s Threat Analysis Group (TAG) has shed light on the extent to which government-sponsored hacking and phishing campaigns are being conducted. In Q3, 2019, Google sent more than 12,000 warnings to users about state-sponsored phishing campaigns. These hacking, phishing, and disinformation campaigns have remained steady over the past two years, with a similar number of warnings issued in the corresponding...

Read More
Phishing Attacks at Highest Level Since 2016
Nov20

Phishing Attacks at Highest Level Since 2016

A new report from the Anti-Phishing Working Group (APWG) shows phishing attacks are occurring at levels not seen since 2016. The quarterly phishing reports from APWG are compiled from data supplied by APWG members such as Agari, MarkMonitor, RIskIQ, and PhishLabs. The reports provide insights into the methods used by phishers and the extent to which businesses and consumers are being attacked. In Q3, 2019, more than 86,000 unique...

Read More
New Phishing Campaign Detected Targeting Office 365 Administrators
Nov19

New Phishing Campaign Detected Targeting Office 365 Administrators

PhishLabs has identified an ongoing phishing campaign targeting Office 365 administrators. The aim of the campaign is to obtain Office 365 admin credentials. Phishers face several challenges. Their own domains are likely to have a low trust score, which makes it easy for antispam solutions to identify their messages as malicious. To get around this issue, they need to obtain the credentials for a legitimate email account on a clean...

Read More
TitanHQ Releases SpamTitan Version 7.06 and New RESTapi
Nov18

TitanHQ Releases SpamTitan Version 7.06 and New RESTapi

On November 12, 2019, TitanHQ released a new version of its award-winning anti-phishing and anti-spam solution, SpamTitan. SpamTitan v7.06 includes a new RESTapi to help clients and partners ensure seamless integrations. The latest version of SpamTitan has already been applied for users of the cloud-based spam filtering service. Users of the software solution, SpamTitan Gateway, have had the new version downloaded, although they will...

Read More
Fortinet Threat Landscape Report Confirms Increase in Malware-as-a-Service Edge Surface Attacks
Nov14

Fortinet Threat Landscape Report Confirms Increase in Malware-as-a-Service Edge Surface Attacks

The recently released Fortinet Threat Landscape Report for Q3, 2019 shows hackers are targeting edge services and malware-as-a-service continues to grow in popularity. While there are many methods of delivering malware, email remains the most common delivery vector, being implicated in 90% of malware attacks. Businesses are realizing the importance of implementing powerful email security solutions to block email threats. End users are...

Read More
CISA Issues Warning About Holiday Season Scams
Nov12

CISA Issues Warning About Holiday Season Scams

‘Tis the season to be jolly, especially if you are a scammer. In the run up to holiday season, cybercriminals go into overdrive and are ready and waiting to take advantage of the millions of online shoppers looking to secure a bargain. Holiday season scams are plentiful, highly varied, convincing, and often successful. This year, the U.S. government is warning consumers to be on high alert for holiday season scams that aim to obtain...

Read More
Highly Convincing Phishing Scam Uses Fake WebEx Client to Deliver RAT
Nov11

Highly Convincing Phishing Scam Uses Fake WebEx Client to Deliver RAT

A new phishing scam has been detected that uses a WebEx meeting request as a lure to get business users to download a remote access Trojan that masquerades as the WebEx client (WebEx.exe). The campaign was detected by Alex Lanstein and shared on Twitter. The meeting request is a carbon copy of a genuine WebEx meeting notification email. As with the real meeting requests, the email contains a Join Meeting button, which the user needs...

Read More
Proofpoint Acquires ObserveIT in $225 Million Deal
Nov05

Proofpoint Acquires ObserveIT in $225 Million Deal

The Sunnydale, CA-based cybersecurity firm Proofpoint has announced it has entered into a definitive agreement to acquire the data loss prevention (DLP) and insider threat management firm ObserveIT for $225 million. For several months there has been speculation that Proofpoint will be moving into DLP to better protect its clients from sophisticated cyberattacks and insider threats. The announcement has confirmed that that those...

Read More
7.5 Million Adobe Creative Cloud Users Warned of Data Breach
Oct28

7.5 Million Adobe Creative Cloud Users Warned of Data Breach

Adobe has announced that a vulnerability has exposed the private information of approximately 7.5 million Adobe Creative Cloud users. The information was contained in an Elasticsearch database, which could be accessed by anyone via a web browser without any authentication required. Fortunately, only basic customer information was exposed. No financial information or passwords were stored in the database, only basic information about...

Read More
TitanHQ Enjoys Record Breaking Growth in MSP Business
Oct23

TitanHQ Enjoys Record Breaking Growth in MSP Business

It has been a busy quarter for TitanHQ. Q3, 2019 has been the busiest ever month for MSP growth in the Irish cybersecurity company’s 20-year history. From humble beginnings selling spam filtering appliances to businesses in its native Ireland, TitanHQ developed its own cybersecurity solutions for SMBs and managed service providers serving the SMB market and is now a global brand and the leading provider of cloud-based email security...

Read More
Gartner Peer Insights Customers’ Choice for Email Security for 2019
Oct23

Gartner Peer Insights Customers’ Choice for Email Security for 2019

The Lexington, MA-based email security company Mimecast has been named a Gartner Peer Insights Customers’ Choice for Email Security for 2019. Gartner Peer Insights is a review platform for IT products and services where users of software and services can submit reviews of their experiences with the solutions. The platform includes more than 215,000 verified customer reviews in 340 markets. When sufficient numbers of reviews are...

Read More
Phorpiex Botnet Sending 30,000 Sextortion Emails an Hour
Oct18

Phorpiex Botnet Sending 30,000 Sextortion Emails an Hour

Sextortion may be nothing new, but it has certainly proven popular with cybercriminals in recent months. Sextortion emails threaten to expose sordid details of the activities of their victims unless payment is made. One of the most common scams claims that the sender of the email is a hacker who has hijacked the victim’s webcam and recorded footage of a user viewing pornography. The supposed hacker claims to have also recorded the...

Read More
Business Email Compromise Attacks Increased by 269% in Q2, 2019
Oct09

Business Email Compromise Attacks Increased by 269% in Q2, 2019

Figures from Mimecast show there has been a sharp rise in business email compromise (BEC) attacks in Q2, 2019. Compared to Q1, 2019, BEC attacks increased by 269% in Q2. Business email compromise attacks involve the use of a compromised business email account to conduct attacks on employees within the organization or their customers. The latter are now much more common than CEO fraud attacks, which involve impersonating the CEO and...

Read More
Agari Announces Fall 2019 Release of its Secure Email Cloud Email Security Solution
Sep26

Agari Announces Fall 2019 Release of its Secure Email Cloud Email Security Solution

Agari has announced the Fall 2019 release of its AI-powered email security solution, Secure Email Cloud. The latest updates include new features to improve protection against advanced email security threats. The Agari Secure Email Cloud leverages threat intelligence gathered from trillions of emails which is used to keep inboxes free from phishing and spear phishing emails. The solution also provides protection against business email...

Read More
SpamTitan Named Leader in G2 Crowd 2019 Summer Grid Report for Cloud Email Security
Sep19

SpamTitan Named Leader in G2 Crowd 2019 Summer Grid Report for Cloud Email Security

The independent business software review platform, G2 Crowd, has named SpamTitan leader in cloud email security in its Grid Summer 2019 Report. This is the third consecutive quarter where SpamTitan has been named leader in cloud-based email security, and this quarter is joined by Proofpoint Email Security Protection and Barracuda Email Security Gateway. The G2 Crowd Grid reports rate companies based on market presence and customer...

Read More
New Distribution Agreement Between GFI Software and Infinigate
Sep18

New Distribution Agreement Between GFI Software and Infinigate

GFI Software has announced it has signed a new distribution agreement with Infinigate, one of Europe’s largest Value Added Distributors. GFO Software already has distribution agreements with Infinigate covering Germany, the Netherlands, Scandinavia, and the United Kingdom. The new agreement will cover France and is expected to see GFI Software solutions pushed to customers throughout the country. “We have established successful...

Read More
Emotet is Back in Action and Delivering TrickBot and Ryuk Ransomware
Sep18

Emotet is Back in Action and Delivering TrickBot and Ryuk Ransomware

It has been all quiet on the Emotet front for the past four months, but the infamous botnet is back with a vengeance. A large-scale spam campaign has been detected that is distributing the versatile Emotet banking Trojan via malicious Word macros. The malspam campaign was detected by researchers at Malwarebytes who identified an uptick in command and control server activity and an email campaign distributing malicious messages in...

Read More
Don’t Neglect the Human Factor – Employee Security Awareness Training is Essential
Sep13

Don’t Neglect the Human Factor – Employee Security Awareness Training is Essential

Cybercriminals are attacking businesses by exploiting the weakest link in the security chain – Employees. Attacks exploiting the human factor are far easier to pull off that attempting to find remote code execution vulnerabilities. They are also much quicker and less resource-heavy than brute force attacks. A single phishing email can be all it takes for malware to be installed on a network or for account credentials and sensitive...

Read More
Proofpoint Partners with CrowdStrike to Better Protect Endpoints and Email Systems from Cyberattacks
Sep05

Proofpoint Partners with CrowdStrike to Better Protect Endpoints and Email Systems from Cyberattacks

Proofpoint has announced it has formed a strategic partnership with CrowdStrike to help joint customers improve endpoint security and defend against email -based cyberattacks. CrowdStrike is a leading provider of cloud-delivered endpoint security and Proofpoint has developed a suite of solutions that provide protection from advanced threats and helps identify and address compliance risks. The partnership will initially see...

Read More
43% of UK SMEs Have Experienced an Email Impersonation Attack in the Past 12 Months
Sep04

43% of UK SMEs Have Experienced an Email Impersonation Attack in the Past 12 Months

43% of UK small and medium-sized enterprises (SMEs) in the United Kingdom have experienced a business email compromise (BEC) or email impersonation attack in the past 12 months, according to a new study by data analytics firm, CybSafe. For the study, CybSafe surveyed 250 IT decision makers from SMEs in the United Kingdom and asked about the cybersecurity incidents they had experienced and the measures they have put in place to thwart...

Read More
Multi-Factor Authentication Stops 99.9% of Automated Cyberattacks
Aug28

Multi-Factor Authentication Stops 99.9% of Automated Cyberattacks

A new report from Microsoft suggests 99.9% of all automated cyberattacks on Microsoft platforms and other online services are blocked by multi-factor authentication, highlighting the importance of this security measure for stopping data breaches. Microsoft says that there are more than 300 million fraudulent sign-in attempts to Microsoft cloud services every day and that figure is steadily growing. There are also around 167 million...

Read More
IRS Warns of Phishing Scam Targeting Taxpayers and Tax Professionals
Aug27

IRS Warns of Phishing Scam Targeting Taxpayers and Tax Professionals

The Internal Revenue Service (IRS) has issued a warning to U.S. taxpayers and tax professionals about a new nationwide phishing campaign that is spreading keylogging malware. The emails appear to have been sent by the IRS and alerts taxpayers and tax professionals to an issue with their electronic tax returns. Users are required to click the link in the email to access information about their tax refund. The emails include a hyperlink...

Read More
Study Highlights Risk of Lateral Phishing Attacks
Aug21

Study Highlights Risk of Lateral Phishing Attacks

Phishing is the use of impersonation to trick another person into disclosing sensitive information. Phishing can take place over the Internet, telephone, or via text message, but email is the most common attack vector. There are many reasons for compromising email accounts and a variety of tactics are used depending on the end goal. With Business Email Compromise (BEC) the aim is to gain access to the CEO’s email account and use it to...

Read More
New Threat Intelligence Report Provides Insights into Email-Based Malware Attacks
Aug08

New Threat Intelligence Report Provides Insights into Email-Based Malware Attacks

A new report has been released that contains an analysis of the most common malware threats that are delivered via email, the most targeted industry sectors, and some of the tactics and techniques cybercriminals are using to infiltrate business networks. For its Threat Intelligence Report: Black Hat Edition 2019, Mimecast analyzed more than 67 billion emails that its email security solution rejected from more than 160 billion messages...

Read More
TitanHQ Partners with Leading UK MSP, OneStopIT
Aug05

TitanHQ Partners with Leading UK MSP, OneStopIT

TitanHQ has announced it has partnered with one of the leading managed service providers in the UK, OneStopIT. Edinburgh-based OneStopIT was formed in 2003 to help small- and medium-sized businesses implement enterprise-grade IT solutions and best practices at an affordable price. Under the new partnership, OneStopIT will be offering its customers protection from email threats with SpamTitan Email Security, web-based threat protection...

Read More
U.S. Utilities Targeted in Phishing Campaign Spreading New RAT
Aug05

U.S. Utilities Targeted in Phishing Campaign Spreading New RAT

U.S. utilities are being targeted in a phishing campaign distributing a new malware variant called LookBack. The spear phishing campaign impersonates a U.S. engineering licensing board and lures recipients into opening an attached Word document. The emails impersonate the U.S. National Council of Examiners for Engineering and Surveying (NCEES) and claim that the recipient has failed an NCEES examination. Further information about the...

Read More
Phishing Campaign Targets Administrator Credentials with Office Alerts
Jul22

Phishing Campaign Targets Administrator Credentials with Office Alerts

A new phishing campaign has been identified which uses Office 365 admin alerts as a lure to get administrators to click and disclose their login credentials. A hacker can use phishing emails to obtain Office 365 credentials and gain access to an employee’s email account. That account can be used to send further phishing emails to contacts and colleagues. The hacker also has access to sensitive data in emails and email attachments. If...

Read More
Phishing Campaign Uses Fake Office 365 Site to Download Trickbot Trojan
Jul19

Phishing Campaign Uses Fake Office 365 Site to Download Trickbot Trojan

The Trickbot Trojan is being distributed via a new fake Office 365 phishing website. The website is virtually identical to official Microsoft Office 365 site, complete with a realistic looking URL – get-office365[.]live. Nothing appears untoward on the site. Even all the URLs point to webpages on Microsoft domains. However, a few seconds after landing on the site a popup warning will appear from either the Chrome Update Center...

Read More
Phishing Campaign Uses SHTML Files to Redirect Users to Malicious Websites
Jul19

Phishing Campaign Uses SHTML Files to Redirect Users to Malicious Websites

A novel new phishing campaign has been detected that uses an unusual method of directing users to malicious websites that harvest credentials. Phishing campaigns typically use embedded hyperlinks in the message body. Advanced email security solutions can detect and assess the URLs to determine whether they are malicious. To get around this, hyperlinks are often hidden in documents or macros or scripts are hidden in other types of...

Read More
$301 Million Lost to BEC Scams Every Month
Jul18

$301 Million Lost to BEC Scams Every Month

The number of successful Business Email Compromise (BEC) scams has increased significantly over the past two years, according to a new financial trend analysis report from FinCEN. BEC scams involve gaining access to a business email account and using that account to send a request to the payroll or accounts department requesting a wire transfer be made. In order for the scam to work, the compromised account must belong to someone who...

Read More
2019 Beyond the Phish Report Reveals Employees Have Significant Cybersecurity Knowledge Gaps
Jul12

2019 Beyond the Phish Report Reveals Employees Have Significant Cybersecurity Knowledge Gaps

A survey conducted by the Sunnyvale, CA-based cybersecurity company Proofpoint has revealed end users are unsure how to protect sensitive data and lack the skills to identify phishing threats. For the latest Beyond the Phish report, Proofpoint analyzed the responses to almost 130 million cybersecurity questions in 14 categories. The survey was conducted on employees in 16 industries across 20 different department classifications. The...

Read More
City of Griffin Wires $800,000 to BEC Scammers
Jul10

City of Griffin Wires $800,000 to BEC Scammers

A business email compromise attack on the city of Griffin, GA, has resulted in two payments totaling $800,000 being made to accounts controlled by the scammers. Business email compromise (BEC) attacks are scams in which the email account of a company is compromised and used to send a request to the finance department or a third party to make a fraudulent wire transfer payment. Access to the email is usually gained with a spear...

Read More
TA505 Hacking Group Spam Campaigns Distributing Gelup Downloader and FlowerPippi Backdoor
Jul05

TA505 Hacking Group Spam Campaigns Distributing Gelup Downloader and FlowerPippi Backdoor

Several recent spam campaigns have been linked to the hacking group TA505. The campaigns distribute a malware downloader – AndroMut or Gelup – and the FlowerPippi backdoor. Security researchers at Trend Micro and Proofpoint have detected campaigns attacking targets in Argentina, Japan, India, the Philippines, and the Middle East. The malware downloader is installed via a malicious attachment sent in spam emails. TA505 attaches a...

Read More
Phishing-as-a-Service Helping to Fuel Increase in Phishing Attacks
Jul02

Phishing-as-a-Service Helping to Fuel Increase in Phishing Attacks

If a task is time consuming or difficult, there is usually someone willing to offer it as a service. That can now be said of phishing. There are a growing number of criminals offering phishing-as-a-service to help wanna-be criminals conduct phishing campaigns. At the basic level, phishing is a relatively straightforward way of attacking an organization. It is also low cost and requires little in the way of hacking skill. That said,...

Read More
Agari Announces Summer 2019 Release of its Secure Email Cloud Email Security Solution
Jun27

Agari Announces Summer 2019 Release of its Secure Email Cloud Email Security Solution

Agari has announced the Summer 2019 release of its email security solution, Secure Email Cloud. The Summer release includes major code upgrades and new features to enhance protection against email security threats such as phishing, spear phishing, business email compromise, and zero-day threats. The latest release also provides improved insights into email-based threats targeting companies in the APAC region. One of the main upgrades...

Read More
Malspam Campaign Delivers Nanocore and Loki Bot Malware in ISO Files
Jun25

Malspam Campaign Delivers Nanocore and Loki Bot Malware in ISO Files

In April, several different malspam campaigns were intercepted which attempted to deliver Nanocore and Loki Bot malware concealed inside small ISO image files of between 1MB and 2MB. Prior to executing ISO files, it used to be necessary to use a program to mount them. However, most modern computers can execute the files on request and will automatically mount the images and display the contents. Security awareness training will no...

Read More
Free GandCrab Ransomware Decryptor Released for Versions 5.0 and 5.2
Jun18

Free GandCrab Ransomware Decryptor Released for Versions 5.0 and 5.2

Bitdefender has released a decryption tool that can be used to recover files encrypted by all GandCrab ransomware variants, including 5.0 and 5.2. Three decryptors have previously been developed for specific GandCrab ransomware versions. However, as soon as a decryptor was developed, a new version of the ransomware was released. GandCrab ransomware was one of the most widely used ransomware variants in 2018. Since it was first...

Read More
Netflix Phishing Scam Targets Users in Ireland
Jun16

Netflix Phishing Scam Targets Users in Ireland

Netflix users in Ireland are being warned to be wary of a new Netflix-themed phishing scam that attempts to get users to reveal sensitive information under the ruse of correcting an error in their account. The emails include Netflix branding and at first glance appear to be a genuine communication from the online streaming service. The emails start with “Dear customer” and explain that an error has been detected in the user’s Netflix...

Read More
GandCrab Ransomware Gang to Retire Within a Month
Jun03

GandCrab Ransomware Gang to Retire Within a Month

The cybercriminal gang behind GandCrab ransomware will be retiring in a month and their operation will be shut down. The gang announced on a popular hacking forum where the ransomware has previously been advertised that the ransomware-as-a-service operation will soon be no more and that ‘all the good come to an end.’ According to the post, the ransomware has been earing around $2.5 million a week and the gang claims around $2 billion...

Read More
Emotet was the Biggest Email Threat in Q1
May31

Emotet was the Biggest Email Threat in Q1

A new report from Proofpoint has confirmed Emotet was the biggest email-based threat in the first quarter of 2019. The popularity of the malware is not surprising. While Emotet was once just a banking Trojan, it can now be used to deliver other malware variants and can even distribute itself automatically by sending copies of itself via spam email on a compromised device. Emotet is now classed as a botnet, as it is being used to...

Read More
TrickBot Trojan Now Using URL Redirects to Fool End Users and Cybersecurity Solutions
May21

TrickBot Trojan Now Using URL Redirects to Fool End Users and Cybersecurity Solutions

The Trickbot banking Trojan is one of the biggest cyber threats faced by businesses. Trickbot is primarily a banking Trojan that is used to obtain login credentials to online bank accounts. The malware can also steal from Bitcoin wallets and harvest email credentials and steal other sensitive data. The malware is one of the most active banking Trojans in use, second only to Emotet. The malware is primarily distributed via spam and...

Read More
International Law Enforcement Operation Shuts Down Goznym Malware Gang
May17

International Law Enforcement Operation Shuts Down Goznym Malware Gang

The international criminal gang behind the infamous Goznym malware has been disbanded following a complex law enforcement investigation in Bulgaria, Germany, Georgia, Moldova, Ukraine, and the United States. The investigation has resulted in indictments for ten defendants, five of whom have been apprehended: Two in Germany, one in Bulgaria, one in Moldova, and the alleged leader of the gang in Georgia. Five Russian nationals involved...

Read More
DHS Cybersecurity and Infrastructure Security Agency Issues Guidelines for O365 Migrations
May14

DHS Cybersecurity and Infrastructure Security Agency Issues Guidelines for O365 Migrations

The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has issued a set of guidelines and best practices to help organizations migrate to Microsoft Office 365 and avoid introducing vulnerabilities that could make it easier for cybercriminals to conduct attacks and gain access to Office 365 accounts. There has been a major increase in the number of organizations that have transitioned to...

Read More
Antivirus Tool Used by Dharma Ransomware to Hide Malicious Activity
May10

Antivirus Tool Used by Dharma Ransomware to Hide Malicious Activity

Security researchers at Trend Micro have discovered the threat actors behind Dharma ransomware are using a legitimate AV tool to hide the malicious activities of their ransomware. Dharma ransomware first surfaced in 2016 and has since been used in many attacks on businesses, in particular attacks on healthcare organizations in the United States. The ransomware variant is distributed via spam email which contains a link to a web page...

Read More
Verizon 2019 Data Breach Investigations Report Reveals Latest Cyberattack Trends
May08

Verizon 2019 Data Breach Investigations Report Reveals Latest Cyberattack Trends

Verizon has released its 2019 Data Breach Investigations Report. The annual report provides an in-depth analysis of global data breaches, new cyberattack trends, and an overview of the current threat landscape. This is the 12th consecutive year that Verizon has produced the report and this year’s instalment is most extensive DBIR report released to date.  Verizon now collects data from 73 sources and included 41,686 reported security...

Read More