Most Successful Phishing Scams Revealed by PhishMe
Dec02

Most Successful Phishing Scams Revealed by PhishMe

What are the most successful phishing scams? Warnings about undelivered parcels? Security alerts that require users’ immediate attention? Documents that has been shared by contacts? According to a recent analysis by anti-phishing solution provider PhishMe, the most successful phishing scams, which have almost a 20% success rate, involve the use of entertainment-based triggers to get users to take the desired action. For its analysis,...

Read More
Medical College of Wisconsin Phishing Attack Affects 9,500 Patients
Nov29

Medical College of Wisconsin Phishing Attack Affects 9,500 Patients

The exposure of approximately 9,500 patients’ protected health information at the Medical College of Wisconsin has been caused by a phishing attack. The attackers were able to gain access to several staff members’ email accounts, which included a variety of sensitive information of patients and some faculty employees. The types of data in the accessed email accounts included names, addresses, medical record numbers, dates of birth,...

Read More
Warning Issued by IRS About Christmas Phishing Scams
Nov28

Warning Issued by IRS About Christmas Phishing Scams

Each year there is a wave of Christmas phishing scams during the holiday season, as cybercriminals attempt to steal sensitive information to enable them to file fraudulent tax returns. This year is likely to be no different. Last year saw a major increase in Christmas phishing scams, and the prospect of another barrage of phishing emails has prompted the IRS to issue a warning to consumers to be alert to new, sophisticated email scams...

Read More
Suspected UPMC Susquehanna Phishing Attack Exposes 1,200 Patients’ PHI
Nov23

Suspected UPMC Susquehanna Phishing Attack Exposes 1,200 Patients’ PHI

A network of hospitals and medical centers in Williamsport, Wellsboro and Muncy in Pennsylvania, called UPMC Susquehannam has revealed that the protected health information of 1,200 patients has possibly been accessed by unauthorized people. Access to patient information is thought to have been obtained after an worker replied to a phishing email. While information regarding the breach date have not been published, UPMC Susquehanna...

Read More
Phishing is the Biggest Security Threat in Australia
Nov22

Phishing is the Biggest Security Threat in Australia

The biggest security threat in Australia for businesses is phishing, according to a recent survey of IT professionals by anti-phishing solution provider PhishMe. The survey was conducted on IT professionals from a wide range of industry sectors including healthcare, finance, retail, manufacturing, high-tech, services, transportation, telecoms, and consumer services. The survey revealed that 89% of IT professionals that took part in...

Read More
Contacts Stolen and Spear Phishing Emails Sent by Ursnif Trojan
Nov17

Contacts Stolen and Spear Phishing Emails Sent by Ursnif Trojan

The financial sector banking Trojan Ursnif, one of the most commonly experienced banking Trojans, has before been used to attack banking institutions. However, it seems the individuals behind the malware have expanded their horizons, with cyberattacks now being carried out on a wide variety of groups across many different sectors, including healthcare. The new strain of the Ursnif Trojan was found by researchers at security firm...

Read More
PhishLabs Launches New Phishing Threat Monitoring and Forensics Service
Nov10

PhishLabs Launches New Phishing Threat Monitoring and Forensics Service

The Charleston, South Carolina-based anti-phishing solution provider PhishLabs has launched a new Phishing Threat Monitoring & Forensics Service, which helps to identify phishing emails that have evaded spam filtering technologies. Even with a wide range of technologies in place to catch and quarantine phishing emails, some messages evade detection and are delivered to inboxes. This is why security awareness training for...

Read More
InfoSec Institute Launches New Phishing Defense Tool
Nov10

InfoSec Institute Launches New Phishing Defense Tool

The security awareness training company, the InfoSec Institute, has launched a new phishing defense tool called PhishDefender, which the firm claims can reduce phishing susceptibility to 0%. PhishDefender allows administrators to automatically set security controls based on real-time learner data, adjusting controls automatically based on the level of risk. PhishDefenser has been added to the firms SecurityIQ security awareness...

Read More
New Gibon Ransomware Campaign Detected
Nov09

New Gibon Ransomware Campaign Detected

A new ransomware campaign has been detected that is using spam email to deliver Gibon ransomware. The malware has been named Gibon due to the inclusion of the word in the user-agent string of its code. The ransomware variant was detected by Proofpoint security researcher Matthew Mesa, who notes that as with many other ransomware variants, it is being sold on darknet marketplaces for cybercriminals to use in their own ransom campaigns....

Read More
Breach of PHI at Texas Children’s Health Plan After Staff Member Sent Emails to Personal Account
Nov07

Breach of PHI at Texas Children’s Health Plan After Staff Member Sent Emails to Personal Account

A breach of HIPPA has occurred at the Texas Children’s Health Plan after it has been found that the protected health information (PHI) of 932 clients has been emailed to the personal private email account of a former member of staff. The violation of privacy was incident was first seen on September 21, 2017, although it was discovered that the former member of staff emailed the private data in November and December 2016. The emails...

Read More
New MyEtherWallet Phishing Campaign Detected
Oct29

New MyEtherWallet Phishing Campaign Detected

A new MyEtherWallet phishing campaign has been detected that uses a convincing domain and MyEtherWallet branding to fool MyEtherWallet users into revealing their credentials and providing criminals with access to their MyEtherWallet accounts. In the first few hours of the campaign, the criminals behind the scam had obtained more than $15,000 of MyEtherWallet funds, including $13,000 from one MyEtherWallet user. The individuals behind...

Read More
51,000 Plan Subscribers Hit by Network Health Phishing Attack
Oct16

51,000 Plan Subscribers Hit by Network Health Phishing Attack

Network Health has advised 51,232 of its plan subscribers that some of their protected health information (PHI) has possibly been accessed by unauthorized people. In August 2017, some Network Health Wisconsin-based employees received sophisticated phishing emails. Two of those staff members responded to the scam email and divulged their login credentials to the attackers, who used the details to gain access to their private email...

Read More
Most Effective Phishing Emails Revealed
Oct13

Most Effective Phishing Emails Revealed

Phishing is an effective method of obtaining login credentials and installing malware and ransomware, and email is the most common vector used for these scams, but what are the most effective phishing emails? What types of emails are most likely to fool your employees into installing malware or disclosing their login credentials? This week, security awareness training company KnowBe4 has released its Q3 phishing report, detailing the...

Read More
GFI Software Improves Email Security with GFI MailEssentials v.21
Oct06

GFI Software Improves Email Security with GFI MailEssentials v.21

GFI Software has released a new version of GFI MailEssentials – Its award-winning spam filtering solution for small and medium sized businesses. Version 21 of the email security gateway includes several updates that GFI Software claim will improve protection for SMBs, helping to keep their inboxes free from spam and malicious emails. The main update in the latest version of the email security gateway is the inclusion of two new...

Read More
3 Billion Accounts Compromised in 2013 Yahoo Data Breach
Oct05

3 Billion Accounts Compromised in 2013 Yahoo Data Breach

While the 2013 Yahoo data breach was soon known to involve many of the company’s customers, it became apparent in December 2016 that 1 billion accounts had been compromised. Before that in September 2016, a separate breach was discovered that involved around half a billion email accounts. Now Verizon, which finalized the purchase of Yahoo this summer, has discovered the 2013 Yahoo date breach was far worse than initially thought....

Read More
Ransomware and Phishing Rated Top Threats by IT Professionals
Oct03

Ransomware and Phishing Rated Top Threats by IT Professionals

A recent survey by Cyren, conducted by Osterman Research, has revealed the biggest concerns of IT professionals are ransomware and phishing. When asked about their biggest security concerns, 62% said ransomware, 61% said phishing, and 54% said data breaches. The survey also showed that investment in cyber defenses has increased, yet for many firms, even further investment in security solutions has failed to prevent data breaches. It...

Read More
More than 1 Million New Phishing Websites are Created Each Month
Sep27

More than 1 Million New Phishing Websites are Created Each Month

The Quarterly Threat Trends Report published by WebRoot this month shows there has been a significant increase in the number of new phishing websites being launched each month. May 2017 saw a record number of new phishing websites created, with more than 2.3 million new websites detected in the month of May alone. Figures for the quarter show there are now well over 1 million new phishing websites created each month, which equates to...

Read More
Three Quarters of UK Businesses Have Experienced Email Security Incidents
Sep15

Three Quarters of UK Businesses Have Experienced Email Security Incidents

Phishing is the number one cybersecurity threat in the UK, and UK businesses are increasingly coming under attack. A new report from the leading provider of security awareness computer-based training, PhishMe, shows just how serious the threat from phishing has become. 75% of UK businesses have had to deal with an email-based security incident, while almost a quarter are having to deal with more than 500 phishing emails a week. Even...

Read More
Beware of Equifax Data Breach Phishing Scams
Sep14

Beware of Equifax Data Breach Phishing Scams

Consumers are being warned to be on high alert for Equifax data breach phishing scams, telephone and text message scams, and fraudulent use of their sensitive information. Almost Half of All Americans Impacted by Equifax Data Breach The massive Equifax data breach has resulted in the personal information of almost half of the population of the United States being stolen. More than 143 million Americans have been impacted by the...

Read More
LinkedIn Phishing Scam Uses InMail and Personal Messages to Obtain Sensitive Information
Sep12

LinkedIn Phishing Scam Uses InMail and Personal Messages to Obtain Sensitive Information

A new LinkedIn Phishing scam has been detected that uses compromised LinkedIn Premium accounts to send InMail messages and private messages to other LinkedIn users. The messages appear genuine as first glance, but are being used to obtain email login credentials. Those email accounts will undoubtedly be used in more extensive phishing scams. Phishers have been gaining access to genuine LinkedIn accounts and using them to send InMail...

Read More
90% of IT Professionals Most Concerned About Phishing, Spear Phishing and Whaling
Sep07

90% of IT Professionals Most Concerned About Phishing, Spear Phishing and Whaling

Phishing, spear phishing, and whaling attacks are the leading cause of concern for IT professionals in the United States, according to the latest Phishing Response Trends Survey from the leading provider of human phishing defense solutions, PhishMe. The survey was conducted on two hundred IT executives in the United States, and came from a wide range of industry sectors, including business, healthcare, the financial services, retail,...

Read More
Kaleida Health Suffers Second Phishing Attack in Space of 2 Months
Sep01

Kaleida Health Suffers Second Phishing Attack in Space of 2 Months

Kaleida Health has announced an employee has fallen for a phishing scam that resulted in the protected health information of 744 patients being exposed, and potentially obtained by an unauthorized individual. The phishing attack occurred on June 26, 2017 and resulted in access being gained to the employee’s email account. The email account contained a range of protected health information including names, medical record numbers,...

Read More
City of Hope Phishing Attack Impacts 3,400 Patients
Aug14

City of Hope Phishing Attack Impacts 3,400 Patients

A recent City of Hope phishing attack has potentially resulted in the PHI of 3,400 patients being accessed by cybercriminals. City of Hope employees were sent phishing emails on May 31 and June 2, 2017. Four employees responded to the emails and disclosed their email credentials to the attackers. Four email accounts were accessed by the attackers. While the email accounts contained sensitive information, City of Hope officials do not...

Read More
Free Phishing Simulator for Small Businesses Launched by PhishMe
Aug12

Free Phishing Simulator for Small Businesses Launched by PhishMe

A free phishing simulator for small businesses has been developed and released by the leading provider of human phishing defense solutions, PhishMe. The phishing simulator allows small businesses – companies with under 500 employees – to develop and run dummy phishing email campaigns to test the effectiveness of their security awareness training programs. Research by PhishMe shows that phishing email simulations are invaluable for...

Read More
2,789 Patients’ PHI Compromised in Phishing Attack
Aug02

2,789 Patients’ PHI Compromised in Phishing Attack

Kaleida Health has announced that a phishing attack has resulted in an email account being compromised, and along with it, the protected health information of 2,789 of its patients. Kaleida Health became aware of the incident on May 24, 2017, and called on a computer forensics firm to assess which patients have been affected and the extent to which its systems had been compromised. The firm determined the attack was limited to one...

Read More
Cisco Reports Fall in Exploit Kit Activity but Increase in Malware Delivery Via Email
Jul21

Cisco Reports Fall in Exploit Kit Activity but Increase in Malware Delivery Via Email

Exploit kit activity has fallen, but there has been a notable rise in the use of email as a vector for delivering malware, according to Cisco’s mid-year cybersecurity report.  The report also notes that IoT botnet activity has risen, as have Destruction of Services (DeoS) and Ransom Denial of Service (RDoS) attacks. Exploit kits were a major attack vector are have been extensively used to deliver malware. Exploit kits are installed on...

Read More
Call Issued for Federal Agencies to Adopt DMARC to Prevent Phishing
Jul20

Call Issued for Federal Agencies to Adopt DMARC to Prevent Phishing

Over the past few months there have been several cases of criminals impersonating government departments in phishing campaigns, prompting Sen. Ron Wyden (D-OR) to write to the Department of Homeland Security calling for the use of DMARC to prevent phishing attacks using federal email domains. Phishers are gaining access to real domains used by federal agencies and are sending out phishing emails. The official domains add authenticity...

Read More
Securing Your Email Training Module Released by Wombat Security
Jul19

Securing Your Email Training Module Released by Wombat Security

The security awareness training company Wombat Security Technologies has announced the release of a new series of training modules that can be used by businesses to teach their employees about the threat from phishing. The Securing Your Email – Fundamental training series has now been added to the company’s anti-phishing training library and is available to customers who have signed up to ThreatSim® – The firm’s phishing simulation...

Read More
KnowBe4 Phishing Report Shows Most Clicked Phishing Links
Jul13

KnowBe4 Phishing Report Shows Most Clicked Phishing Links

A good place to start with phishing awareness training is the phishing emails most likely to fool employees, but what are the most clicked phishing links? What are the types of emails that are resulting in ransomware and malware infections and compromised email accounts? The Q2 2017 phishing report from KnowBe4 reveals all. Most Clicked Phishing Links Q2, 2017 KnowBe4 is a leading anti-phishing solution provide that offers a platform...

Read More
Healthcare Data Breach Report Shows Breaches Are Taking Years to Detect
Jun24

Healthcare Data Breach Report Shows Breaches Are Taking Years to Detect

The latest healthcare data breach report issued by Protenus, in conjunction with databreaches.net, shows healthcare data breaches increased in May, with 37 breaches reported compared to 34 the previous month.  The numbers of records exposed in those breaches was 255,108, although not all breach figures are known. That still represents a jump from last month when 232,060 healthcare records were known to have been exposed or stolen. One...

Read More
PhishLine Releases Updated Security Awareness Guidebook
Jun24

PhishLine Releases Updated Security Awareness Guidebook

PhishLine, a leading anti-phishing and security awareness training provider, has released a new and improved version of its popular security awareness guidebook – Advanced Persistent Training. The purpose of the guidebook is to help security professionals to take their training programs to the next level and develop a security culture throughout their organizations. Cyberattacks are growing in frequency and severity, with the recent...

Read More
Southern Oregon University Phishing Attack Results in Theft of $1.9 Million
Jun15

Southern Oregon University Phishing Attack Results in Theft of $1.9 Million

A Southern Oregon University phishing attack has resulted in the theft of $1.9 million from the university’s accounts – Arguably the worst phishing attack of the year to date. While the Southern Oregon University phishing attack stands out due to the amount of money obtained by the attackers, it is sadly just one of a large number of attacks that have affected U.S organizations this year. The scam is known as Business Email Compromise...

Read More
Q2 Saw a 400% Increase in Phishing Attacks on Businesses
Jun13

Q2 Saw a 400% Increase in Phishing Attacks on Businesses

The threat from phishing has been growing steadily over the past few years, but a new report from Mimecast shows the threat is greater than ever before with more phishing attacks on businesses than any other time in history. The report shows there has been a 400% increase in phishing attacks on businesses in Q2, 2017. For the study, Mimecast analyzed the inbound emails of 44,000 business users. That analysis showed cybercriminals are...

Read More
Phishing Trends and Intelligence Report Published by PhishLabs
Jun12

Phishing Trends and Intelligence Report Published by PhishLabs

PhishLabs, a leading provider of phishing defense solutions, has published its Phishing Trends and Intelligence Report for Q1, 2017. The report shows that cybercriminals have changing tactics and targets in the first quarter of 2017, attacking different industries with different methods compared to the previous quarter. PhishLabs CEO Tony Price said, “The first quarter of 2017 shows just how quickly the phishing threat landscape...

Read More
OCR Issues Guidance on the Correct Response After a Cyberattack
Jun09

OCR Issues Guidance on the Correct Response After a Cyberattack

The increase in hacking incidents in 2017 and major worldwide cyber incidents such has Wannacry ransomware attacks have prompted the Department of Health and Human Services’ Office for Civil Rights (OCR) to issue new guidance on the correct response after a cyberattack. Yesterday, OCR sent a Quick Response Cyber Attack Checklist to its security and privacy list subscribers explaining the correct procedures to follow after a...

Read More
PhishMe Releases Q1 2017 Malware Trends Analysis Report
Jun07

PhishMe Releases Q1 2017 Malware Trends Analysis Report

PhishMe has released its Malware Trends Analysis Report for Q1 2017. The Malware Trends Analysis Report shows there has been a reduction in ransomware activity in the first three months of 2017. While this is certainly good news, PhishMe believes it is just the quiet before the storm. PhishMe suspects threat actors are planning further WannaCry-style attacks, which the firm refers to as ‘the atom bomb of ransomware’. Ransomware...

Read More
New Ironscales Report Delves into Current Phishing Trends
May30

New Ironscales Report Delves into Current Phishing Trends

Ironscales, a leading vendor of anti-phishing solutions, has published a new report on the latest phishing trends. The report shows how phishing tactics have changed, the effectiveness of phishing campaigns and how traditional anti-spam technologies are failing to block spear phishing attacks. The report – titled ‘How Modern Email Phishing Attacks Have Organizations on the Hook’ – was the result of a study of 8,500 verified...

Read More
Purple Increases Security Following Recent Ransomware Attacks
May25

Purple Increases Security Following Recent Ransomware Attacks

The global WiFi analytics and WiFi marketing service provider Purple has taken the decision to improve security for its customers with a new WiFi content filtering service. The decision to improve security was taken at an appropriate time. The recent WannaCry attacks, which affected more than 300,000 computers around the world, shows just how important it is for WiFi companies to take steps to improve security to protect their...

Read More
Dept. of Health Sends Out Waring Regarding Ransomware
May21

Dept. of Health Sends Out Waring Regarding Ransomware

Following the recent WannaCry ransomware attacks, the Department of Health and Human Services has been issuing cybersecurity alerts and warnings to healthcare organizations on the threat of attack and steps that can be taken to reduce risk. The email alerts were sent soon after the news of the attacks on the UK’s NHS first started to emerge on Friday May 12, and continued over the course of the week. The alerts provided timely and...

Read More
Employee Security Awareness is the Biggest Healthcare Data Security Threat
Apr20

Employee Security Awareness is the Biggest Healthcare Data Security Threat

Hackers continue to target healthcare organizations, malware is a constant threat, and ransomware continues to pose many problems, but when it comes to the biggest healthcare data security threats, employee security awareness has topped the table. HIMSS Analytics recently asked 125 healthcare IT leaders and IT professionals about their biggest concerns, and top spot when it came to data security threats was a lack of employee security...

Read More
Suspected Ransomware Attack Impacts Erie County Medical Center Patients
Apr12

Suspected Ransomware Attack Impacts Erie County Medical Center Patients

It has been a bad month for healthcare industry ransomware attacks and malware infections. A ransomware attack on Ashland Women’s Health was confirmed this week which impacted 19,272 patients and last week an ABCD pediatrics ransomware attack impacted 55,447 patients. On Sunday, another healthcare organization discovered a ‘virus’ had arrived via email and made its way onto the network. Erie County Medical Center in Buffalo, New York...

Read More
Philadelphia Ransomware Used in Targeted Attacks on US Hospitals
Apr11

Philadelphia Ransomware Used in Targeted Attacks on US Hospitals

Cybercriminals are conducting targeted attacks on U.S. healthcare organizations using Philadelphia ransomware; a relatively new ransomware variant developed from Stampedo ransomware. Philadelphia ransomware was first seen in September 2016, although recently, a new campaign has been detected that has already seen two U.S hospitals have sensitive files encrypted. The actors behind the latest attacks are targeting physicians using spear...

Read More
Forrester Research Study Shows PhishMe Phishing Solution Gives 336% ROI
Apr06

Forrester Research Study Shows PhishMe Phishing Solution Gives 336% ROI

Many businesses have had no alternative but to improve cybersecurity defenses to deal with the increased threat of cyberattacks. With attacks coming from all angles and a large attack surface to defend, organizations need to purchase multiple products to keep their networks and data well defended. It is therefore important to ensure money diverted to cybersecurity is well spent. Organizations need to ensure they get the best possible...

Read More
Ironscales Announces New Partnership with Check Point to Improve Detection and Remediation of Email Security Threats
Mar28

Ironscales Announces New Partnership with Check Point to Improve Detection and Remediation of Email Security Threats

Ironscales has announced it has partnered with Check Point Software Technologies Ltd and will be integrating its innovative IronTraps™ anti-phishing solution with Check Points’ Sand Blast Zero-Day Protection – a threat emulation solution that tests suspicious email attachments in a safe and secure sandbox. At present, Ironscales is the only company to offer an anti-phishing solution that combines human intelligence with machine...

Read More
GFI Software Launches OneConnect Advanced Email Protection, Continuity, and Archiving Solution
Mar22

GFI Software Launches OneConnect Advanced Email Protection, Continuity, and Archiving Solution

GFI Software has launched two new software systems to give sysadmins much better protection from sophisticated cyberattacks. The past 12 months has seen an increase in both the number of cyberattacks on businesses and their sophistication. Figures from Kaspersky Lab suggest there has been a 300% increase in ransomware attacks on businesses in the first 10 months of 2016 alone, with some companies reporting being attacked every 40...

Read More
PetrWrap Used for Targeted Ransomware Attacks on Businesses
Mar16

PetrWrap Used for Targeted Ransomware Attacks on Businesses

Petya ransomware has been hijacked and is being used in ransomware attacks on businesses without the ransomware authors’ knowledge. The criminals behind the new PetrWrap campaign have added a new module to Petya ransomware that modifies the ransomware ‘on the fly’, controlling the encryption process so that even the ransomware authors would not be able to unlock the encryption. Petya ransomware first appeared in May last year. The...

Read More
Agari Wins Security PG 2017 Global Excellence Award for Best Security Software
Mar03

Agari Wins Security PG 2017 Global Excellence Award for Best Security Software

The cybersecurity firm Agari has been crowed winner of the Best Security Software category at this year’s Security Product Guide 2017 Global Excellence Awards. The Security Products Guide is used by decision makers to determine the best IT security products to deploy to protect digital assets. The reviews in the guide are invaluable for helping narrow down products to those that are best suited for each individual organization. The...

Read More
Largest Healthcare W-2 Phishing Scam of 2017: 17,000 Employees Impacted
Feb23

Largest Healthcare W-2 Phishing Scam of 2017: 17,000 Employees Impacted

The largest healthcare W-2 phishing scam of the year to date has recently been reported by American Senior Communities of Indiana. While many organizations have already reported being fooled by phishing emails this tax season, this was the largest healthcare W-2 phishing scam by some distance, impacting more than 17,000 of the organization’s employees. This year has already seen 74 organizations scammed, and that number is certain to...

Read More
Windows Devices Used to Increase Size of Mirai Botnet
Feb14

Windows Devices Used to Increase Size of Mirai Botnet

The Mirai Botnet was used to launch devastating distributed denial of service (DDoS) attacks late last year, some of which took down large sections of the Internet including some of the most popular websites  – Twitter and Netflix for example. One Mirai attack on the hosting company OVH registered 1.1 Tbps. It has been predicted that attacks on that scale are likely to become much more common in 2017. The Botnet is comprised of...

Read More
MacOS Malware Spread by Malicious Word Macros
Feb13

MacOS Malware Spread by Malicious Word Macros

Security researchers have discovered that MacOS malware is being spread by malicious Word macros. This is the first time that MacOS malware has been discovered to be spread using this attack vector. Windows users can expect to be attacked with malware, but Mac users have remained relatively safe. The vast majority of malware targets Windows users, with malware attacks on Mac users still relatively rare. However, MacOS malware does...

Read More
Phishing Attacks on Cloud Storage Providers Causing Concern
Feb09

Phishing Attacks on Cloud Storage Providers Causing Concern

Phishing is one of the most common ways that cybercriminals gain access to sensitive data. While logins for online banking services are still a major prize, cybercriminals are now increasingly conducting phishing attacks on cloud storage providers. Software-as-a-service (SaaS) attacks have also soared. A recent report from PhishLabs shows the extent to which cloud storage providers are being targeted. In 2013, cloud storage and...

Read More
Beware of LNK Attachments and Malicious SVG Files
Feb08

Beware of LNK Attachments and Malicious SVG Files

JavaScript attachments are still used to infect computers with malware and ransomware, but a new trend has emerged that is seeing cybercriminals switch to malicious SVG files. Malicious LNK files are also growing in popularity. The reasoning behind the switch in file types is clear. They are much less likely to arouse suspicion; therefore, they are more likely to be opened. JavaScript has been extensively used over the past 12 months...

Read More
IRS Issues W2 Phishing Scam Warning
Feb07

IRS Issues W2 Phishing Scam Warning

Cybercriminals have been sending huge numbers of W2 phishing scam emails over the past few weeks. Tax season usually sees an increase in scam emails being sent, although this year cybercriminals have started their scamming campaigns even earlier. The victim count is also growing rapidly. The W2 phishing scam in question is an email request for copies of employees’ W-2 forms. The scammers impersonate the CEO, CFO or another executive...

Read More
Spam Email Volume has Increased: 65% of Emails are Spam
Feb02

Spam Email Volume has Increased: 65% of Emails are Spam

Cisco Systems has released its annual Cybersecurity Report which shows that spam email volume has increased once again. 65% of all emails sent are now spam, and Cisco reports that one fifth of those emails are malicious and contain malware-infected attachments or links to websites containing exploit kits and adware. The report shows there was a massive spike in spam email volume in 2016, with many of those emails sent using the Necurs...

Read More
Cisco 2017 Cybersecurity Report Highlights Major Attack Trends
Feb01

Cisco 2017 Cybersecurity Report Highlights Major Attack Trends

Cisco has published its 2017 cybersecurity report which provides insights into the major cyberattack trends and the main threats now facing companies. This is the tenth consecutive year that Cisco has produced the report, which this year was based on a survey of 3,000 CSOs and information security professionals from 13 countries, along with threat data gathered by Cisco Systems. The 110-page report goes into great detail about the...

Read More
Beazley Report Details Biggest Security Threats in 2016
Jan31

Beazley Report Details Biggest Security Threats in 2016

Beazley, a provider of cybersecurity insurance for businesses, has released a new report detailing the biggest security threats in 2016. For the report, Beazley analyzed almost 2,000 data breaches experienced by its clients in 2016. The report shows the extent to which ransomware was used to attack U.S. businesses last year. Ransomware attacks on businesses in the United States increased fourfold in 2016. In 2016, Beazley’s clients...

Read More
Increased Security Spending Does Not Equate to Better Cybersecurity Defenses
Jan30

Increased Security Spending Does Not Equate to Better Cybersecurity Defenses

Increasing spending on cybersecurity solutions will not necessarily mean organizations are better equipped to deal with cyber threats. While many organizations choose to increase spending on defenses to counter the increased threat, it is essential that the money is spent on solutions that are able to keep sensitive data secured. There is a tendency to keep on investing in similar technologies, even though they have been shown to be...

Read More
Kroll Publishes Global Fraud and Risk Report for 2016/2017
Jan27

Kroll Publishes Global Fraud and Risk Report for 2016/2017

The 2016/2017 Kroll Annual Global Fraud and Risk Report has just been released, highlighting just how frequently cybersecurity incidents are experienced by businesses. According to Kroll’s Global Fraud and Risk Report, 85% of surveyed company executives have experienced a cybersecurity incident in the past 12 months. 68% reported at least one security incident, while 82% of executives said their company had experienced at least one...

Read More
Wombat Releases Annual State of the Phish Report
Jan20

Wombat Releases Annual State of the Phish Report

Wombat Security Technologies has released its third annual State of the Phish Report. The report details the phishing trends from the past 12 months. To produce the report, Wombat surveyed more than 500 information security professionals, obtained more than 2,000 answers from employed computer users and analysed the results from millions of phishing simulations sent using the firm’s ThreatSim® service. The report shows the threat from...

Read More
Los Angeles Valley College Ransomware Attack: 28K Paid for Key
Jan09

Los Angeles Valley College Ransomware Attack: 28K Paid for Key

A Los Angeles Valley College ransomware attack on January 6, 2017 resulted in student data being locked and 1,800 college administrators and teachers being prevented from gaining access to their computer system and essential files. Ransomware is malicious software that encrypts a wide range of file types, including databases. The data is not moved or copied, just renamed and encrypted. In order to unlock the encryption, a unique key...

Read More
Twitter Credit Card Phishing Scam Offers Quick Account Verification
Jan04

Twitter Credit Card Phishing Scam Offers Quick Account Verification

A new Twitter credit card phishing scam has been detected by cybersecurity firm Proofpoint. Twitter users are offered verified account status via native Twitter ads; however, signing up involves providing credit card details, which will be handed directly to the attackers. Achieving verified account status can be a long-winded process. Users of public interest accounts are required to complete multiple steps to verify the identity of...

Read More
70% of Businesses Infected With Ransomware Pay Up
Dec16

70% of Businesses Infected With Ransomware Pay Up

A recent study conducted on behalf of IBM Security has clearly demonstrated why ransomware has proved so popular with cybercriminals. Out of 600 businesses that were surveyed, almost half reported having experienced a ransomware attack. Out of those that had, 70% paid the attackers to supply keys to unlock the encryption. Ransom demands are typically around $700 per infected device, although the amounts charged can vary considerably....

Read More
New Business Email Compromise Scam Tactics Uncovered
Nov11

New Business Email Compromise Scam Tactics Uncovered

There are a variety of business email compromise tactics that are used by scammers to convince executives to make fraudulent wire transfers. However, a security researcher from Symantec has noticed some scammers have started taking a different approach to increase the success rate of BEC scams. The problem for the scammers is trust. While busy executives may be careless and fail to adequately check the legitimacy of bank transfer...

Read More
Cisco Email Security Appliance Flaws Patched
Oct26

Cisco Email Security Appliance Flaws Patched

On Wednesday this week, updated software was released to address nine Cisco email security appliance flaws. Cisco has not uncovered any evidence to suggest that any of the recently addressed flaws have actually been exploited in the wild, although users of its email security appliances have been advised to update to the latest version of its software at the earliest opportunity. The latest update resolves three Denial-of-Service flaws...

Read More
Cisco Patches Critical Email Security Appliance Vulnerability
Sep28

Cisco Patches Critical Email Security Appliance Vulnerability

A critical flaw that could be exploited to gain full control of a Cisco Email Security appliance has been patched. The flaw – CVE-2016-6406 – affects Cisco’s testing and debugging interface on the IronPort AsyncOS operating system. The testing and debugging system is used by Cisco during the manufacturing process and should have been disabled on customer-available software releases. If an attacker connects to the debugging system, the...

Read More
Sophos Email Security Now Incorporated into Cloud Management Platform
Aug24

Sophos Email Security Now Incorporated into Cloud Management Platform

The Sophos Central cloud-based management platform can be used to manage Sophos endpoint, mobile and wireless security products. Now Sophos has added its email security offering – Sophos Email – to the cloud management platform, allowing its customers manage all solutions through a single-pane-of-glass. The addition of Sophos Email to the platform makes the management of the solution much more straightforward for customers who have...

Read More
Ransomware Gang Starts Sending CryptXXX Spam Emails
Jul19

Ransomware Gang Starts Sending CryptXXX Spam Emails

CryptXXX is now one of the most prevalent variants of ransomware. While the ransomware variant has previously been delivered using exploit kits such as Neutrino and Angler, Proofpoint has discovered thousands of CryptXXX spam emails in the past few days. The ransomware gang behind CryptXXX is diversifying and using different delivery mechanisms to install the malicious software on victims’ computers. Proofpoint reports a 96% decline...

Read More
Sophos Adds Next Gen Sandboxing to Email Security Appliance
Mar10

Sophos Adds Next Gen Sandboxing to Email Security Appliance

Sophos has announced a further update to its email security appliance to provide even greater protection against malware threats. The Sophos Email Appliance now includes the firm’s next generation sandboxing technology – Sophos Sandstorm. The sandboxing technology speeds up the detection of sophisticated cyber threats, improving detection rates and ensuring these threats are blocked and prevented from reaching end users’ inboxes....

Read More
GFI Software Launches GFI MailEssentials 2015
Jan15

GFI Software Launches GFI MailEssentials 2015

GFI Software has announced its MailEssentials email security platform has been updated. MailEssentials 2015 includes several performance-enhancing updates that improve scalability and incorporate load balancing capabilities to help users manage multiple mail servers. As employee numbers increase and the volume of emails being sent and received skyrockets, companies can struggle to cope. The solution many have opted for is to use...

Read More