Warning Issued After Discovery of Scores of Spoofed FBI Websites
Nov24

Warning Issued After Discovery of Scores of Spoofed FBI Websites

Scores of domains have been identified which spoof official Federal Bureau of Investigation (FBI) websites, prompting the FBI’s Internet Crime Complaint Center to issue a warning. While the intentions of the individuals who registered the domains is not known, it is strongly suspected that the domains were intended for use in future phishing or malware distribution campaigns. The domains could be used to register email accounts that...

Read More
Use of SSL Certificates in Malware and Phishing Attacks Up 260% in 2020
Nov11

Use of SSL Certificates in Malware and Phishing Attacks Up 260% in 2020

Abuse of SSL certificates in phishing and malware attacks has increased by 260% in the first 9 months of 2020, according to a new report from Zscaler. Zscaler analyzed more than 6.6 billion threats for the report and found a major rise in the use of encryption to hide attacks. Encryption was being used across the full attack cycle, according to the researchers, including the initial delivery of malware or malicious links to the...

Read More
78% of Microsoft 365 Administrators Have Not Enabled Multi-Factor Authentication
Oct28

78% of Microsoft 365 Administrators Have Not Enabled Multi-Factor Authentication

Despite the risk of phishing attacks and email account compromises, 78% of Microsoft 365 admins have not enabled multi-factor authentication and 97% of all Microsoft 365 users are not using MFA, according to a recent report published by CoreView Research. Multi-factor authentication is one of the most effective measures to prevent stolen credentials from being used to gain access to accounts. It is alarming that so few users and...

Read More
Phishing Campaign Spoofs Microsoft Teams
Oct23

Phishing Campaign Spoofs Microsoft Teams

A large-scale phishing campaign is being conducted that spoofs Microsoft Teams in an attempt to get users to part with their Microsoft Office 365 credentials. Abnormal Security reports that up to 50,000 mailboxes have been targeted in the campaign so far. The emails appear to be automatic notifications from Microsoft with “There’s new activity in Teams” as the display name. The subject line indicates messages have been sent in Teams...

Read More
Silent Librarian Threat Group Recommenced Spear Phishing Campaign on Universities
Oct16

Silent Librarian Threat Group Recommenced Spear Phishing Campaign on Universities

The Silent Librarian hacker group – aka TA407 – has recommenced a spear phishing campaign targeting universities. The hacking group is known for sending spear phishing emails to university staff and students that direct the recipients to websites spoofing university and portal apps, on domains very similar to those used by the universities. The theme for the emails varies, although commonly the group spoofs university library systems...

Read More
Coalition of Tech Firms Takedown TrickBot Botnet
Oct13

Coalition of Tech Firms Takedown TrickBot Botnet

The backend infrastructure of the TrickBot botnet has been taken down by a coalition of tech companies and government agencies, including Microsoft ESET, NTT, Black Lotus Labs, Symantec, and FS-ISAC. The takedown is the result of several months of painstaking work involving the analysis of more than 125,000 samples of the TrickBot Trojan by the coalition members, who studied the content and extracted and mapped information about how...

Read More
Phishing Campaign Offering Inside Info on President Trump’s COVID Diagnosis and Health
Oct08

Phishing Campaign Offering Inside Info on President Trump’s COVID Diagnosis and Health

Phishers commonly use lures claiming to provide further information on topics that are attracting a lot of media attention. At the start of the coronavirus pandemic, when there was little information about the virus, many phishing campaigns offered new information about the virus, updated figures on cases in the local area, information on how to protect against infection, and new cures. Now, a new coronavirus-themed phishing campaign...

Read More
Emotet Campaign Impersonates Democratic National Convention
Oct02

Emotet Campaign Impersonates Democratic National Convention

An Emotet malware campaign is underway which has already targeted hundreds of organizations in the United States. The emails spoof the Democratic National Convention with messages claiming to be a call to action to recruit DNC volunteers across the country to help elected Democrats in the upcoming presidential election, as part of the DNC Team Blue initiative. The threat group behind Emotet, TA542, usually uses lures such as shipping...

Read More
Outbound Email Volume Grows During Pandemic, Increasing the Risk of an Email Data Breach
Sep17

Outbound Email Volume Grows During Pandemic, Increasing the Risk of an Email Data Breach

A recent survey conducted on 538 IT leaders has revealed 93% have experienced a data breach as a result of an email error, with 70% believing the move to remote working has increased the risk of outbound email breaches of sensitive data. The research was conducted by email security firm Egress and highlights the risk associated with outbound email and why it is important to implement an email security solution capable of scanning...

Read More
Phishing Campaign Uses Real Time Active Directory Validation of Credentials
Sep15

Phishing Campaign Uses Real Time Active Directory Validation of Credentials

A new phishing technique has been identified where the attackers validate Office 365 credentials in real time using Active Directory. One of the problems with many phishing landing pages is they capture credentials when they are entered by the user but no checks are performed to make sure the credentials have been entered correctly. In the event of a typo, the incorrect password or username will be captured. A phishing attack detected...

Read More
Losses to BEC Attacks Increased by 48% in Q2, 2020
Sep08

Losses to BEC Attacks Increased by 48% in Q2, 2020

New data released by Agari show there has been a significant increase in losses to business email compromise attacks in Q2, 2020, increasing by 48% from the previous quarter. Business email compromise (BEC) is a form of email fraud in which an attacker compromises an email account of an organization and uses that account to commit fraud against the organization or business contacts. Typically, these attacks aim to fraudulently obtain...

Read More
CISA Issues Guidance on Malicious Network Activity Detection and Incident Response
Sep07

CISA Issues Guidance on Malicious Network Activity Detection and Incident Response

The Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has issued a joint Cybersecurity Advisory offering technical guidance on identifying malicious activity and remediating cyberattacks. The guidance is based on research conducted by cybersecurity authorities in Australia, Canada, New Zealand, the United Kingdom, and the United States. The guidance has been written to help incident response teams...

Read More
Phishing Campaign Offering PPE Delivers Agent Tesla RAT
Sep01

Phishing Campaign Offering PPE Delivers Agent Tesla RAT

Researchers at Area 1 Security have identified a phishing scam that spoofs legitimate chemical companies, exporters and importers to deliver the Agent Tesla Remote Access Trojan (RAT). The phishing emails offer the recipient personal protective equipment (PPE) such as forehead temperature thermometers, disposable face masks, and other medical supplies that have been in short supply. The emails claim that the company has started mass...

Read More
Vishing Campaign Targets Teleworkers for VPN Credentials
Aug24

Vishing Campaign Targets Teleworkers for VPN Credentials

Teleworkers are being targeted in a vishing campaign that has been active since mid-July, according to a recent joint security advisory issued by the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA). Vishing, or voice phishing as it is also known, is a form of phishing that occurs over the telephone. As with other forms of phishing, the aim is to get the victim to disclose sensitive...

Read More
Google to Add MitM Protection Mechanism to Chrome 86 Warning Users About Insecure Forms
Aug18

Google to Add MitM Protection Mechanism to Chrome 86 Warning Users About Insecure Forms

Google has announced that the Google Chrome browser will soon alert individuals about insecure forms on websites. Google is planning on rolling out the new feature in Chrome 86 to protect users from man-in-the-middle attacks. The new feature will generate an alert for mixed forms, which are forms on secure (HTTPS) websites that are delivered insecurely and pose a risk to users’ privacy and security. These insecure forms can be visible...

Read More
CISA Warns of Phishing Campaign Targeting SBA Loan Accounts
Aug17

CISA Warns of Phishing Campaign Targeting SBA Loan Accounts

The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert about an ongoing phishing campaign against government agencies that is attempting to obtain credentials for Small Business Administration COVID-19 loan relief accounts. The campaign uses a spoofed version of the SBA COVID-19 relief webpage to obtain credentials, with links to the fraudulent website distributed through...

Read More
SANS Institute Suffers Phishing Attack Involving Theft of 28,000 Individuals’ Information
Aug14

SANS Institute Suffers Phishing Attack Involving Theft of 28,000 Individuals’ Information

The SANS Institute, a leading provider of cybersecurity training and certification services, has suffered a phishing attack in which the email account of one of its employees was compromised. The phishing attack was detected on August 6, 2020 during a review of its email system configuration. The SANS Institute issued a statement confirming only a single email account was compromised, which was the result of one employee responding to...

Read More
Emotet Botnet Springs Back to Life with Massive Malspam Campaign
Jul20

Emotet Botnet Springs Back to Life with Massive Malspam Campaign

The Emotet botnet has sprung back to life after a 5-month break and is being used to send large volumes of spam emails containing malicious URLs and attachments. Emotet malware was the biggest malware threat in 2018 and 2019, but the botnet has been quiet for much of 2020. The Emotet botnet often has periods of dormancy, before springing back to life and sending huge volumes of spam email. When Emotet went quiet in early 2020, it was...

Read More
Twitter Confirms Admin Tool Hacked and Used in Massive Cryptocurrency Scam
Jul16

Twitter Confirms Admin Tool Hacked and Used in Massive Cryptocurrency Scam

Several high-profile Twitter accounts have been ‘hacked’ and used in a major cryptocurrency scam. The first Tweets were sent from the accounts around 3pm on July 15, 2020 and asked account followers to transfer Bitcoin to a specific address. In return, the account holder promised to double the amount sent. The Twitter accounts of Elon Musk, Bill Gates, Jeff Bezos, Kanye West, Kim Kardashian, Michael Bloomberg, Joe Biden, Barack Obama,...

Read More
95% of Brits Unable to Correctly Distinguish Phishing and Genuine Messages
Jul10

95% of Brits Unable to Correctly Distinguish Phishing and Genuine Messages

A recent phishing study conducted by the UK firm, Computer Disposals Limited, has revealed British workers struggle to identify phishing attacks, with only 5% of participants in the study able to identify all phishing attempts in the test. The study was conducted on 1,000 individuals who were given a quiz consisting of messages and emails from well known brands such as Amazon, Netflix, Disney Plus, emails from the UK government and...

Read More
BEC Gangs Abandon C-Suite Executives in Favor of Attacks on Finance Employees
Jun23

BEC Gangs Abandon C-Suite Executives in Favor of Attacks on Finance Employees

A recent report from Abnormal Security suggests business email compromise gangs have changed tactics and have new targets in their sights. BEC gangs have historically targeted C-Suite executives using phishing emails to obtain their credentials to access their email accounts in what is often referred to as whaling attacks. C-Suite email accounts are valuable as they can be used to target other individuals in the organization. These...

Read More
Microsoft’s COVID-19 Threat Analysis Reveals Attackers Adapt Campaigns to Local Events
Jun18

Microsoft’s COVID-19 Threat Analysis Reveals Attackers Adapt Campaigns to Local Events

Many threat actors have adopted COVID-19 themed lures in phishing campaigns and for distributing malware, but the proportion of COVID-19 related threats is much lower than the headlines suggest, according to a recent report from Microsoft. In fact, Microsoft’s figures suggest only about 2% of all threats were related to COVID-19 and coronavirus over the past 4 months. Microsoft has previously reported that while there have been many...

Read More
113 Email Accounts Compromised in NHS Phishing Attack
Jun15

113 Email Accounts Compromised in NHS Phishing Attack

The UK’s National Health Service (NHS) has suffered a phishing attack that saw 113 NHSmail email accounts compromised and used to send malicious emails to external recipients. According to NHS Digital, the breach occurred between Saturday May 30, 2020 and Monday 1, June 2020. While 113 email accounts represent a sizeable breach, NHS Digital points out only 0.008% of its email accounts were compromised. The attack appears to be part of...

Read More
Fake CVs, Medical Leave Forms, Voicemail Alerts Used as Lures in Phishing Attacks
Jun08

Fake CVs, Medical Leave Forms, Voicemail Alerts Used as Lures in Phishing Attacks

Researchers at Check Point have issued a warning that cybercriminals are using fake CVs, resumes, and medical leave forms to spread malware such as banking Trojans and information stealers. Many Americans have lost their jobs as a result of the COVID-19 pandemic. Unemployment is now at the highest level it has ever been in the United States, so a great many Americans will now be looking for work. It is therefore no surprise that...

Read More
TrickBot Trojan Operators Delivering New BazarBackdoor Malware via Phishing Campaign
Jun04

TrickBot Trojan Operators Delivering New BazarBackdoor Malware via Phishing Campaign

The TrickBot Trojan operators are distributing a new backdoor named BazarBackdoor in targeted phishing attacks on businesses. BazarBackdoor is a stealthy backdoor that gives the attackers full access to corporate networks. The malware is being distributed via spear phishing emails that are well written and convincing. Several different lures are used in the campaign including employee termination lists, customer complaints, and...

Read More
Updated Valek Malware Used in Targeted Attacks on U.S and German Enterprises
May29

Updated Valek Malware Used in Targeted Attacks on U.S and German Enterprises

Enterprises in the United States and Germany are being targeted in a phishing campaign spreading Valek malware, according to researchers at Cybereason Nocturnus. Valek is a popular malware loader that was first identified in 2019. Valek has previously been distributed in phishing campaigns to deliver banking Trojans such as Ursnif and IcedID. Valek is active development and new versions are frequently released. According to a recent...

Read More
67 Percent of Breaches Caused by Credential Theft, User Error, and Social Attacks
May22

67 Percent of Breaches Caused by Credential Theft, User Error, and Social Attacks

The Verizon 2020 Data Breach Investigations Report shows financial gain is the biggest motivator for cyberattacks, accounting for 86% of the 32,002 security incidents analyzed for this year’s report, up from 71% in 2019. 55% of the financially motivated attacks were conducted by cybercriminal organizations. The majority of data breaches involve the theft of credentials, which has meant malware is being used much less than in previous...

Read More
Nigerian BEC Gang Targeting COVID-19 Unemployment Benefits and CARES Act Payments
May21

Nigerian BEC Gang Targeting COVID-19 Unemployment Benefits and CARES Act Payments

A Nigerian cybercriminal organization known as Scattered Canary has submitted hundreds of fraudulent claims for unemployment benefits and COVID-19 relief fund payments that have been made available under the CARES Act in the United States. Scattered Canary is one of the most prolific business email compromise (BEC) gangs operating out of Nigeria and employs dozens of individuals to conduct email scams. The scammers have submitted at...

Read More
Massive Phishing Campaign Distributing Legitimate Remote Admin Tool as RAT
May21

Massive Phishing Campaign Distributing Legitimate Remote Admin Tool as RAT

A phishing campaign has been detected that exploits the COVID-19 pandemic to spread a legitimate remote administration tool which is being used as a remote access Trojan. If installed, the attacker will have full control of an infected device. The “massive campaign” was detected by the Microsoft Security Intelligence team, which intercepted emails using malicious Excel spreadsheets to install the NetSupport Manager remote...

Read More
COVID-19 Themed Cyberattacks Have Increased by 30% in the Past Two Weeks
May13

COVID-19 Themed Cyberattacks Have Increased by 30% in the Past Two Weeks

There has been a sharp increase in the number of COVID-19 themed cyberattacks in the past two weeks according to Check Point. Check Point has been tracking phishing attacks and other cybersecurity incidents and identified 192,000 COVID-19 themed attacks in the past two weeks. Most of the cyberattacks were phishing attacks where authorities on SARS-CoV-2 such as the World Health Organization (WHO) and the Centers for Disease Control...

Read More
13% of Organizations Have Experienced a Cyberattack During the COVID-19 Pandemic
May12

13% of Organizations Have Experienced a Cyberattack During the COVID-19 Pandemic

The transition from a largely office-based workforce to having most employees working from home has left many organizations exposed to cyberattacks. While having employees working from home does not necessarily mean a weakening of security defenses, the problem has been the speed at which the changes had to be made. The rapid change to an at-home workforce as a result of the Covid-19 pandemic has meant organizations have not had...

Read More
Clop Ransomware Gang Publishes ExecuPharm Data After Non-Payment of Ransom
Apr30

Clop Ransomware Gang Publishes ExecuPharm Data After Non-Payment of Ransom

The U.S. pharmaceutical company ExecuPharm recently announced it suffered a ransomware attack on March 13, in which certain corporate and employee information was compromised. The attack started with phishing emails sent to its employees, with the subsequent investigation indicating the attackers may have viewed or obtained sensitive data prior to the deployment of the ransomware. The types of data that were potentially compromised...

Read More
Phishing Campaign Claims Tens of Millions of Euros of Government COVID-19 Payouts
Apr21

Phishing Campaign Claims Tens of Millions of Euros of Government COVID-19 Payouts

A phishing campaign has resulted in losses of tens of millions of Euros for the German North-Rhine-Westphalia (NRW) government. The NRW government’s Ministry of Economic Affairs set up a website for self-employed individuals and businesses in the province to request financial relief due to the 2019 Novel Coronavirus pandemic. Requests could be submitted through the site to receive emergency aid funding. However, a copycat site was...

Read More
FTC: Coronavirus and COVID-19 Scams Result in Losses of $12.78 Million in 2020
Apr14

FTC: Coronavirus and COVID-19 Scams Result in Losses of $12.78 Million in 2020

Figures released by the U.S. Federal Trade Commission (FTC) have revealed the extent of losses to coronavirus and COVID-19 scams in 2020. The FTC received 16,778 reported complaints of consumer fraud in relation to the 2019 Novel Coronavirus between January 1, 2020 and April 12, 2020. Around 46% of those reported cases of fraud involved financial losses, which totaled $12.78 million during that period. The median loss was $570. The...

Read More
INTERPOL Issues Warning About Increase in Ransomware Attacks on Hospitals
Apr13

INTERPOL Issues Warning About Increase in Ransomware Attacks on Hospitals

Hospitals, research facilities and other healthcare organizations on the front line in the fight against the 2019 Novel Coronavirus and Covid-19 are not only facing incredible challenges treating patients, they are also having to fend off ransomware attacks. Some threat groups have publicly stated that they will not be attacking healthcare organizations during the COVID-19 public health emergency, but there are still some highly...

Read More
Phishing Campaigns Using Offer of Coronavirus Financial Relief as Lure
Apr02

Phishing Campaigns Using Offer of Coronavirus Financial Relief as Lure

Governments around the world are developing financial relief packages to help citizens that have been unable to work due to the coronavirus and are facing extreme financial difficulties, and cybercriminals are taking advantage. Campaigns have been detected that use the offer of financial relief due to the coronavirus pandemic as a lure to trick people into disclosing sensitive information or installing malware. Over the past few...

Read More
Database Containing Extensive Information of 200 Million Americans Exposed Online
Mar24

Database Containing Extensive Information of 200 Million Americans Exposed Online

A database on the Google Cloud platform containing 800 gigabytes of data and over 200 million user records has been misconfigured and was exposed online, according to researchers at CyberNews. The database contained a folder that included detailed information on around 200 million Americans, including full names, phone numbers, email addresses, dates of birth, credit ratings, home addresses, mortgaged property addresses, number of...

Read More
WHO Director-General Impersonated in Spam Campaign Delivering HawkEye Keylogger and Malware Downloader
Mar20

WHO Director-General Impersonated in Spam Campaign Delivering HawkEye Keylogger and Malware Downloader

Another coronavirus-themed phishing campaign has been detected impersonating the World Health Organization (WHO), or more specifically, the Director-General of WHO, Dr. Tedros Adhanom Ghebreyesus. The campaign was identified by security researchers at IBM X-Force Threat Intelligence who report that several waves of spam have already been delivered. The threat actors behind the campaign are using spam emails to distribute a malware...

Read More
Microsoft Announces Takedown of Necurs Botnet
Mar11

Microsoft Announces Takedown of Necurs Botnet

Microsoft has announced it has seized the U.S. command and control infrastructure of the Necurs botnet and has taken steps to prevent the infrastructure from being recreated. The Necurs botnet is one of the largest spamming and malware distribution networks ever created. The botnet consists of more than 9 million zombie devices that have been infected with Necurs malware and are under the control of the botnet operators. The botnet is...

Read More
Several New Coronavirus-Themed Phishing Scams and Malspam Campaigns Detected
Mar09

Several New Coronavirus-Themed Phishing Scams and Malspam Campaigns Detected

Further email campaigns have been detected that are using the novel coronavirus (COVID-19) outbreak as a lure to spread malware, phish for sensitive data, and fool people into making donations to fake charities. The World Health Organization has previously issued a warning that cybercriminals were using its logos in malicious email campaigns and those campaigns have continued. Campaigns have also been detected impersonating the...

Read More
What is a DNS Filter?
Feb29

What is a DNS Filter?

In this post we explain what a DNS filter is, why DNS filtering is important for cybersecurity, and other advantages of DNS filtering, but first it is useful to explain what the DNS is and why it is essential to the correct functioning of the internet. What is the Domain Name System? The Domain Name System (DNS) is the brainchild of Paul Mockapetris. In 1983, Mockapetris and his team developed the DNS to support the growth of email...

Read More
74% of Phishing Sites Now Use HTTPS
Feb27

74% of Phishing Sites Now Use HTTPS

The latest phishing activity trends report from the Anti-Phishing Working Group (APWG) shows a decline in the number of detected phishing sites after the 3-year high seen in Q3, 2019. Between October 2019 and December 2019, 162,155 phishing sites were detected, down from 266,387 in Q3. In Q4, 2019, the number of phishing site detections was closer to the mean level in 2019. An average of 333 brands were impersonated in phishing...

Read More
Phishers’ Favorite Report Reveals Massive Increase in WhatsApp Phishing URLs
Feb26

Phishers’ Favorite Report Reveals Massive Increase in WhatsApp Phishing URLs

The Q4, 2019 Phishers’ Favorite report from email security firm Vade Secure shows PayPal is the most impersonated brand in phishing attacks, making it two successive quarters at the top of the list. In Q4, 2019, Vade Secure detected 11,392 new PayPal phishing URLs at a rate of 124 new URLs a day. While the number of new PayPal URLs fell 31.2% from Q3, 2019, detections are up 23% on this time last year. Second place went to Facebook,...

Read More
Fresh Warnings Issued About Coronavirus Phishing Scams
Feb18

Fresh Warnings Issued About Coronavirus Phishing Scams

Fresh warnings have been issued about coronavirus phishing scams that are being conducted to steal sensitive data and spread malware. Multiple threat actors are taking advantage of fear about COVID-19 to conduct attacks, and as February has progressed, the number of COVID-19-themed phishing campaigns has increased dramatically. Earlier this month, the U.S. Federal Trade Commission (FTC) issued an alert warning that cybercriminals were...

Read More
Phishing Attack Results in $2.6 Million Loss for Puerto Rico Government
Feb17

Phishing Attack Results in $2.6 Million Loss for Puerto Rico Government

A Puerto Rican government employee has been duped by a phishing scam and wired more than $2.6 million to an account controlled by the scammers. The money had been allocated for remittance payments and was sent to a seemingly legitimate bank account on January 17, but it was later discovered that the transfer was fraudulent. The Puerto Rico government has managed to freeze some of the funds, and efforts are ongoing to recover the...

Read More
BEC Attacks Account for More Than Half of All Losses to Cybercrime
Feb13

BEC Attacks Account for More Than Half of All Losses to Cybercrime

Business email compromise attacks are the most financially damaging form of cybercrime, according to the 2019 Internet Crime Report from the FBI’s Internet Crime Complaint Center (IC3). In 2019, IC3 received 467,361 complaints about cybercrime and victims of those crimes reported losses of $3.5 billion. BEC attacks only accounted for 23,775 of those attacks (5.08%), yet they resulted in losses of $1.77 billion – 50.57% of all reported...

Read More
Threat from Phishing Highlighted on Safer Internet Day
Feb11

Threat from Phishing Highlighted on Safer Internet Day

Today is Safer Internet Day, a global event aimed at promoting safer use of online technology and the creation of a safe and stimulating online environment for everyone. Making the internet a safe and better place for children is a major focus of this year’s events. Initiatives have been launched to promote the benefits of the internet and draw attention to the risks of internet use. The internet can be a dangerous place and...

Read More
Ashley Madison Extortion Scams Show Repercussions from Data Breaches Can Last Forever
Feb04

Ashley Madison Extortion Scams Show Repercussions from Data Breaches Can Last Forever

Almost five years ago, Ashley Madison experienced a massive data breach. Hackers stole the information from 32 million accounts and the data was dumped online. Included in that data set were names, phone numbers, addresses, credit card details, passwords and other sensitive information. That information was used in a plethora of scams, spam campaigns, and many users suffered fraud as a result. There were even several suicides as a...

Read More
Evil Corp Resumes Operations Using New Phishing Tactic to Deliver RAT
Feb03

Evil Corp Resumes Operations Using New Phishing Tactic to Deliver RAT

A hacking group known as Evil Corp, aka TA505, has resumed its malicious activities and has adopted a new phishing tactic for delivering malware. The hacking group has been active since at least 2014 and primarily targets financial institutions and retailers. Large spam campaigns are conducted using the Necurs botnet. Evil Corp was targeted by law enforcement in the United States in late 2019 with U.S. authorities offering up to $5...

Read More
Beware of Coronavirus Themed Phishing Attacks
Jan31

Beware of Coronavirus Themed Phishing Attacks

The novel coronavirus that originated in the province of Wuhan in China has now spread to other countries, with Japan and Thailand the worst affected so far with 14 cases. People are naturally worried about infection and with good reason. More than 200 people are known to have died so far. In Japan, people have been receiving emails warning of new infections in their prefectures. The emails have file attachments that appear to be...

Read More
55% of Organizations Were Successfully Phished in 2019
Jan27

55% of Organizations Were Successfully Phished in 2019

Phishing is the most common method of attacking organizations and it continues to cause problems for IT departments and considerable losses for organizations. A new report from Proofpoint has revealed the extent of phishing and how often the attacks succeed. The data for the report came from a survey of more than 3,500 working adults and 600 cybersecurity professionals in Australia, France, Germany, Japan, Spain, the United States,...

Read More
CISA Warns of Increase in Emotet Malware Activity
Jan24

CISA Warns of Increase in Emotet Malware Activity

The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning over an increase in Emotet malware activity. The Emotet botnet sprung back to life on January 13, 2020 with largescale spamming campaigns detected spreading the Emotet Trojan. The Emotet Trojan is a modular malware that serves as a banking Trojan, information stealer, and malware downloader. The Trojan can move...

Read More
Microsoft Database of 250 Million Records Exposed Online
Jan23

Microsoft Database of 250 Million Records Exposed Online

Microsoft has announced that one of its databases has been accidentally exposed online. The database could over the internet without the need for authentication. The database was found by security researchers at Comparitech, who reported the security issue to Microsoft. Microsoft immediately secured the database and launched an investigation to determine how long the data had been exposed and whether it had been accessed by...

Read More
TitanHQ’s Web and Email Security Solutions Now Available for Pax8 Partners
Jan22

TitanHQ’s Web and Email Security Solutions Now Available for Pax8 Partners

Pax8, the multi-award-winning cloud distribution company, has formed a new strategic partnership with TitanHQ, the leading provider of cloud-based email and web security solutions for managed service providers serving the SMB market. In order to block an increasingly diverse range of cyberthreats and effectively mitigate risk, a layered approach to security is required. Cybersecurity solutions need to be used to protect mobile...

Read More
Microsoft Takes Down 50 Phishing Domains Used by North Korea-Backed Threat Group
Jan02

Microsoft Takes Down 50 Phishing Domains Used by North Korea-Backed Threat Group

Microsoft has sought help from the courts to take down domains used by the North Korea-backed hacking group, Thallium (APT37). After securing the court order from the U.S. District Court for the Eastern District of Virginia, 50 that were being used by the hacking group to attack the United States have now been seized. Microsoft’s Digital Crimes Unit (DCU) and Threat Intelligence Center (MSTIC) have been tracking the activity of the...

Read More
SpamTitan Scores Big on Business Review Websites
Dec16

SpamTitan Scores Big on Business Review Websites

TitanHQ is the leading provider of cloud-based email security to Managed Service Providers (MSPs) serving the SMB market and its email security solution, SpamTitan, is well loved by SMBs and MSPs alike. SpamTitan is consistently rated highly by end users on the leading business software review sites and is routinely awarded scores in excess of 4.5 out of 5 by end users, with a high percentage giving top marks across all rating...

Read More
Microsoft Issues Warning About Spear Phishing Attacks
Dec03

Microsoft Issues Warning About Spear Phishing Attacks

Phishing attacks have been increasing steadily throughout 2019. Most of the phishing emails being sent are part of large campaigns sent randomly using huge lists of email addresses, but not all. Some of the campaigns are far more targeted and are sent to only a handful of individuals – To individuals in a specific department in a company, for instance. Some of the attacks are even more targeted and are just sent one person. These...

Read More
Google Sent 12,000 Warnings About State-Sponsored Phishing and Hacking Campaigns in Q3, 2019
Nov29

Google Sent 12,000 Warnings About State-Sponsored Phishing and Hacking Campaigns in Q3, 2019

A recent report from Google’s Threat Analysis Group (TAG) has shed light on the extent to which government-sponsored hacking and phishing campaigns are being conducted. In Q3, 2019, Google sent more than 12,000 warnings to users about state-sponsored phishing campaigns. These hacking, phishing, and disinformation campaigns have remained steady over the past two years, with a similar number of warnings issued in the corresponding...

Read More
Phishing Attacks at Highest Level Since 2016
Nov20

Phishing Attacks at Highest Level Since 2016

A new report from the Anti-Phishing Working Group (APWG) shows phishing attacks are occurring at levels not seen since 2016. The quarterly phishing reports from APWG are compiled from data supplied by APWG members such as Agari, MarkMonitor, RIskIQ, and PhishLabs. The reports provide insights into the methods used by phishers and the extent to which businesses and consumers are being attacked. In Q3, 2019, more than 86,000 unique...

Read More
New Phishing Campaign Detected Targeting Office 365 Administrators
Nov19

New Phishing Campaign Detected Targeting Office 365 Administrators

PhishLabs has identified an ongoing phishing campaign targeting Office 365 administrators. The aim of the campaign is to obtain Office 365 admin credentials. Phishers face several challenges. Their own domains are likely to have a low trust score, which makes it easy for antispam solutions to identify their messages as malicious. To get around this issue, they need to obtain the credentials for a legitimate email account on a clean...

Read More
CISA Issues Warning About Holiday Season Scams
Nov12

CISA Issues Warning About Holiday Season Scams

‘Tis the season to be jolly, especially if you are a scammer. In the run up to holiday season, cybercriminals go into overdrive and are ready and waiting to take advantage of the millions of online shoppers looking to secure a bargain. Holiday season scams are plentiful, highly varied, convincing, and often successful. This year, the U.S. government is warning consumers to be on high alert for holiday season scams that aim to obtain...

Read More
Ministry of Justice Phishing Scam Uses Subpoena Notification as Lure
Nov07

Ministry of Justice Phishing Scam Uses Subpoena Notification as Lure

A new phishing campaign has been detected that uses subpoenas from the UK Ministry of Justice as a lure to get users to click a link that triggers the download of a malicious Word document that installs the Predator the Thief information stealer. As with countless other phishing campaigns, the emails use fear and urgency to get users to take action. The emails appear to have been sent from a Ministry of Justice email account, include...

Read More
Office 365 Phishing Scam Uses Offer of a Pay Rise as a Lure
Nov05

Office 365 Phishing Scam Uses Offer of a Pay Rise as a Lure

A new phishing scam has been detected targeting Office 365 users which attempts to convince employees to visit a website hosting a phishing form using an offer of a pay rise as a lure. According to Cofense, the emails used in the campaign spoof a company’s HR department and appear to have been sent internally. This is achieved through the manipulation of the nickname that is displayed by the mail client. The emails contain a link to a...

Read More
Proofpoint Acquires ObserveIT in $225 Million Deal
Nov05

Proofpoint Acquires ObserveIT in $225 Million Deal

The Sunnydale, CA-based cybersecurity firm Proofpoint has announced it has entered into a definitive agreement to acquire the data loss prevention (DLP) and insider threat management firm ObserveIT for $225 million. For several months there has been speculation that Proofpoint will be moving into DLP to better protect its clients from sophisticated cyberattacks and insider threats. The announcement has confirmed that that those...

Read More
Office 365 Users Targeted with Phishing Emails Containing Incomplete Voicemail Messages
Oct31

Office 365 Users Targeted with Phishing Emails Containing Incomplete Voicemail Messages

A phishing campaign has been identified targeting Office 365 users that includes an incomplete voicemail message as a lure to get them to visit a malicious website and enter their Office 365 credentials. The emails have been crafted to appear as automated messages from Microsoft that require “immediate attention.” The messages include a summary of the call and voicemail message, such as the telephone number, the date the message was...

Read More
Phishing Campaign Identified Targeting NGOs and United Nations
Oct29

Phishing Campaign Identified Targeting NGOs and United Nations

A sophisticated spear phishing campaign has been identified by security researchers at Lookout Inc. that is targeting the United Nations and nongovernment organizations (NGOs). The spear phishing campaign has targeted United Nations officials, the Red Cross, Red Crescent societies the Heritage Foundation and other NGOs. It is not known who is behind the campaign, but the malicious sites are hosted in Malaysia on IPs that have...

Read More
7.5 Million Adobe Creative Cloud Users Warned of Data Breach
Oct28

7.5 Million Adobe Creative Cloud Users Warned of Data Breach

Adobe has announced that a vulnerability has exposed the private information of approximately 7.5 million Adobe Creative Cloud users. The information was contained in an Elasticsearch database, which could be accessed by anyone via a web browser without any authentication required. Fortunately, only basic customer information was exposed. No financial information or passwords were stored in the database, only basic information about...

Read More
145 Month Jail Term for U.S. Superior Court Hacker Who Used LASC System to Send Phishing Emails
Oct24

145 Month Jail Term for U.S. Superior Court Hacker Who Used LASC System to Send Phishing Emails

In July 2017, Oriyomi Sadiq Aloba, 33, of Katy, TX, hacked into the computer system of the Los Angeles Superior Court (LASC). Aloba conducted a phishing attack and compromised the email account of a LASC worker. That individual’s email account was then used to send spear phishing emails to other Superior Court employees. The phishing emails included a link to a shared file on Dropbox. Instead, the link directed employees to a website...

Read More
Gartner Peer Insights Customers’ Choice for Email Security for 2019
Oct23

Gartner Peer Insights Customers’ Choice for Email Security for 2019

The Lexington, MA-based email security company Mimecast has been named a Gartner Peer Insights Customers’ Choice for Email Security for 2019. Gartner Peer Insights is a review platform for IT products and services where users of software and services can submit reviews of their experiences with the solutions. The platform includes more than 215,000 verified customer reviews in 340 markets. When sufficient numbers of reviews are...

Read More
Research Universities Targeted by ‘Silent Librarian’ Hacking Group
Oct16

Research Universities Targeted by ‘Silent Librarian’ Hacking Group

The start of the academic year has seen the Silent Librarian (TA407) hacking group launch new phishing campaigns targeting research universities. The hacking group is believed to be backed by the Iranian government and is highly active at the start and end of an academic year. The campaigns were detected by security researchers at Proofpoint and Secureworks, who intercepted several emails containing hyperlinks to malicious websites...

Read More
Business Email Compromise Attacks Increased by 269% in Q2, 2019
Oct09

Business Email Compromise Attacks Increased by 269% in Q2, 2019

Figures from Mimecast show there has been a sharp rise in business email compromise (BEC) attacks in Q2, 2019. Compared to Q1, 2019, BEC attacks increased by 269% in Q2. Business email compromise attacks involve the use of a compromised business email account to conduct attacks on employees within the organization or their customers. The latter are now much more common than CEO fraud attacks, which involve impersonating the CEO and...

Read More
SpamTitan Named Leader in G2 Crowd 2019 Summer Grid Report for Cloud Email Security
Sep19

SpamTitan Named Leader in G2 Crowd 2019 Summer Grid Report for Cloud Email Security

The independent business software review platform, G2 Crowd, has named SpamTitan leader in cloud email security in its Grid Summer 2019 Report. This is the third consecutive quarter where SpamTitan has been named leader in cloud-based email security, and this quarter is joined by Proofpoint Email Security Protection and Barracuda Email Security Gateway. The G2 Crowd Grid reports rate companies based on market presence and customer...

Read More
New IRS Tax Refund Phishing Campaign Distributes Amadey Botnet
Sep19

New IRS Tax Refund Phishing Campaign Distributes Amadey Botnet

A new phishing campaign has been detected targeting U.S. taxpayers offering fake tax refunds. The emails spoof the Internal Revenue Service (IRS) and claim that the recipient is entitled to claim a tax refund. The emails include a “Login Right here” button for users to click to arrange their tax refund together with a one-time password. If the button is clicked, the user will be directed to a spoofed IRS login page where the password...

Read More
Don’t Neglect the Human Factor – Employee Security Awareness Training is Essential
Sep13

Don’t Neglect the Human Factor – Employee Security Awareness Training is Essential

Cybercriminals are attacking businesses by exploiting the weakest link in the security chain – Employees. Attacks exploiting the human factor are far easier to pull off that attempting to find remote code execution vulnerabilities. They are also much quicker and less resource-heavy than brute force attacks. A single phishing email can be all it takes for malware to be installed on a network or for account credentials and sensitive...

Read More
Two Thirds of UK Employees Do Not Receive Regular Email Security Training
Sep10

Two Thirds of UK Employees Do Not Receive Regular Email Security Training

A recent study by cybersecurity firm Tessian suggests two thirds of UK employees do not receive regular email security training in the workplace. Consequently, UK firms face a high risk of experiencing a costly phishing attack or malware/ransomware infection. For the study, Tessian conducted a survey on 1,000 UK workers at firms with more than 100 employees. Only a third of respondents said their employer provided regular security...

Read More
Proofpoint Partners with CrowdStrike to Better Protect Endpoints and Email Systems from Cyberattacks
Sep05

Proofpoint Partners with CrowdStrike to Better Protect Endpoints and Email Systems from Cyberattacks

Proofpoint has announced it has formed a strategic partnership with CrowdStrike to help joint customers improve endpoint security and defend against email -based cyberattacks. CrowdStrike is a leading provider of cloud-delivered endpoint security and Proofpoint has developed a suite of solutions that provide protection from advanced threats and helps identify and address compliance risks. The partnership will initially see...

Read More
43% of UK SMEs Have Experienced an Email Impersonation Attack in the Past 12 Months
Sep04

43% of UK SMEs Have Experienced an Email Impersonation Attack in the Past 12 Months

43% of UK small and medium-sized enterprises (SMEs) in the United Kingdom have experienced a business email compromise (BEC) or email impersonation attack in the past 12 months, according to a new study by data analytics firm, CybSafe. For the study, CybSafe surveyed 250 IT decision makers from SMEs in the United Kingdom and asked about the cybersecurity incidents they had experienced and the measures they have put in place to thwart...

Read More
Google Docs Phishing Campaign Bypasses Email Security Solutions to Deliver TrickBot Trojan
Sep03

Google Docs Phishing Campaign Bypasses Email Security Solutions to Deliver TrickBot Trojan

A phishing campaign has been detected that uses Google Docs to bypass email security solutions and ensure the emails are delivered to end users’ inboxes. The campaign was detected by security researchers at Cofense, who found the emails were bypassing Proofpoint’s email security gateway solution and were not identified as malicious. The scammers use a legitimate Google account to send emails that link to a document on Google Docs. The...

Read More
Digital Extortion and Fileless Malware Attacks Have Soared in 1H, 2019
Sep02

Digital Extortion and Fileless Malware Attacks Have Soared in 1H, 2019

The first 6 months of 2019 have seen significant increases in business email compromise (BEC) attacks, ransomware attacks, and other forms of cyber extortion, according to a mid-year cybersecurity roundup from Trend Micro. The report, titled Evasive Threats, Pervasive Effects, provides insights into the current threat landscape and the main threats currently faced by businesses. Ransomware attacks have increased significantly, but the...

Read More
Phishing Campaign Uses Fake Resumes Used to Deliver Quasar RAT
Aug29

Phishing Campaign Uses Fake Resumes Used to Deliver Quasar RAT

Fake resumes are being used in a phishing campaign targeting HR departments which delivers Word documents containing a malicious macro that downloads the Quasar Remote Access Trojan (RAT), according to Cofense researchers. The Quasar RAT is an open source malware available on GitHub. The malware is used by many APT groups for espionage, network exploitation, logging keystrokes, stealing passwords, recording webcam footage, and taking...

Read More
Multi-Factor Authentication Stops 99.9% of Automated Cyberattacks
Aug28

Multi-Factor Authentication Stops 99.9% of Automated Cyberattacks

A new report from Microsoft suggests 99.9% of all automated cyberattacks on Microsoft platforms and other online services are blocked by multi-factor authentication, highlighting the importance of this security measure for stopping data breaches. Microsoft says that there are more than 300 million fraudulent sign-in attempts to Microsoft cloud services every day and that figure is steadily growing. There are also around 167 million...

Read More
IRS Warns of Phishing Scam Targeting Taxpayers and Tax Professionals
Aug27

IRS Warns of Phishing Scam Targeting Taxpayers and Tax Professionals

The Internal Revenue Service (IRS) has issued a warning to U.S. taxpayers and tax professionals about a new nationwide phishing campaign that is spreading keylogging malware. The emails appear to have been sent by the IRS and alerts taxpayers and tax professionals to an issue with their electronic tax returns. Users are required to click the link in the email to access information about their tax refund. The emails include a hyperlink...

Read More
Researchers Provide Insights into Motivations Behind Healthcare Cyberattacks
Aug22

Researchers Provide Insights into Motivations Behind Healthcare Cyberattacks

A new report from FireEye provides insights into the motivations behind cyberattacks on U.S. healthcare organizations. The report shows patient information is not the only type of sensitive data being sought. There has been a marked increase in cyberattacks on cancer research institutes and medical institutions for the research data they hold. The attacks are being conducted by Advanced Persistent Threat (APT) groups affiliated to...

Read More
Study Highlights Risk of Lateral Phishing Attacks
Aug21

Study Highlights Risk of Lateral Phishing Attacks

Phishing is the use of impersonation to trick another person into disclosing sensitive information. Phishing can take place over the Internet, telephone, or via text message, but email is the most common attack vector. There are many reasons for compromising email accounts and a variety of tactics are used depending on the end goal. With Business Email Compromise (BEC) the aim is to gain access to the CEO’s email account and use it to...

Read More
Custom 404 Pages Used to Serve Fake Microsoft Office 365 Login Forms
Aug19

Custom 404 Pages Used to Serve Fake Microsoft Office 365 Login Forms

A new phishing campaign has been detected by security researchers at Microsoft that uses custom 404 pages to display a fake Office 365 login form. A single domain is used in this campaign and a custom 404 page is created that displays the fake Office 365 login form. The custom 404 page is displayed when any visitor to the website attempts to visit a non-existent web page. Since any URL could be entered to generate the 404 page, the...

Read More
New Threat Intelligence Report Provides Insights into Email-Based Malware Attacks
Aug08

New Threat Intelligence Report Provides Insights into Email-Based Malware Attacks

A new report has been released that contains an analysis of the most common malware threats that are delivered via email, the most targeted industry sectors, and some of the tactics and techniques cybercriminals are using to infiltrate business networks. For its Threat Intelligence Report: Black Hat Edition 2019, Mimecast analyzed more than 67 billion emails that its email security solution rejected from more than 160 billion messages...

Read More
Massive 540+ Website Spoofing Campaign Identified
Aug07

Massive 540+ Website Spoofing Campaign Identified

A massive spoofing campaign has been detected targeting customers of Walmart and other well-known brand which attempts to get them to part with sensitive personal information. The campaign was detected by DomainTools, which identified more than 540 malicious domains that had been set up by the same threat actor. The websites included job sites, online dating sites, movie download sites, and numerous sites targeting fortune 500 brands...

Read More
TitanHQ Partners with Leading UK MSP, OneStopIT
Aug05

TitanHQ Partners with Leading UK MSP, OneStopIT

TitanHQ has announced it has partnered with one of the leading managed service providers in the UK, OneStopIT. Edinburgh-based OneStopIT was formed in 2003 to help small- and medium-sized businesses implement enterprise-grade IT solutions and best practices at an affordable price. Under the new partnership, OneStopIT will be offering its customers protection from email threats with SpamTitan Email Security, web-based threat protection...

Read More
U.S. Utilities Targeted in Phishing Campaign Spreading New RAT
Aug05

U.S. Utilities Targeted in Phishing Campaign Spreading New RAT

U.S. utilities are being targeted in a phishing campaign distributing a new malware variant called LookBack. The spear phishing campaign impersonates a U.S. engineering licensing board and lures recipients into opening an attached Word document. The emails impersonate the U.S. National Council of Examiners for Engineering and Surveying (NCEES) and claim that the recipient has failed an NCEES examination. Further information about the...

Read More
Mid-Year Threat Report Shows Rise in Ransomware-as-a-Service and IoT Malware Threats
Jul28

Mid-Year Threat Report Shows Rise in Ransomware-as-a-Service and IoT Malware Threats

SonicWall’s 2019 Cyber Threat Report shows a there has been a 20% fall in malware attacks in the first half of 2019, but there have been increases in IoT malware, ransomware, cryptojacking, and encrypted threats. Globally, ransomware attacks have increased by 15% in the first 6 months of 2019, with the United Kingdom being increasingly targeted. Ransomware attacks in the UK are up 195% in 2019. The rise in attacks is largely due to...

Read More
Vade Secure Adds Auto-Remediate Feature to its Office 365 Email Security Solution
Jul26

Vade Secure Adds Auto-Remediate Feature to its Office 365 Email Security Solution

Vade Secure has announced it has launched a new email security feature for Managed Service providers (MSPs) to allow them to better protect their clients’ Office 365 environments with minimal management overhead. The new feature – Auto-Remediate for Vade Secure for Office 365 – provides a layer of continuous, automated protection for Office 365 through the use of artificial intelligence and machine learning. Vade Secure uses...

Read More
Phishing Campaign Targets Administrator Credentials with Office Alerts
Jul22

Phishing Campaign Targets Administrator Credentials with Office Alerts

A new phishing campaign has been identified which uses Office 365 admin alerts as a lure to get administrators to click and disclose their login credentials. A hacker can use phishing emails to obtain Office 365 credentials and gain access to an employee’s email account. That account can be used to send further phishing emails to contacts and colleagues. The hacker also has access to sensitive data in emails and email attachments. If...

Read More
Phishing Campaign Uses Fake Office 365 Site to Download Trickbot Trojan
Jul19

Phishing Campaign Uses Fake Office 365 Site to Download Trickbot Trojan

The Trickbot Trojan is being distributed via a new fake Office 365 phishing website. The website is virtually identical to official Microsoft Office 365 site, complete with a realistic looking URL – get-office365[.]live. Nothing appears untoward on the site. Even all the URLs point to webpages on Microsoft domains. However, a few seconds after landing on the site a popup warning will appear from either the Chrome Update Center...

Read More
Phishing Campaign Uses SHTML Files to Redirect Users to Malicious Websites
Jul19

Phishing Campaign Uses SHTML Files to Redirect Users to Malicious Websites

A novel new phishing campaign has been detected that uses an unusual method of directing users to malicious websites that harvest credentials. Phishing campaigns typically use embedded hyperlinks in the message body. Advanced email security solutions can detect and assess the URLs to determine whether they are malicious. To get around this, hyperlinks are often hidden in documents or macros or scripts are hidden in other types of...

Read More
$301 Million Lost to BEC Scams Every Month
Jul18

$301 Million Lost to BEC Scams Every Month

The number of successful Business Email Compromise (BEC) scams has increased significantly over the past two years, according to a new financial trend analysis report from FinCEN. BEC scams involve gaining access to a business email account and using that account to send a request to the payroll or accounts department requesting a wire transfer be made. In order for the scam to work, the compromised account must belong to someone who...

Read More
2019 Beyond the Phish Report Reveals Employees Have Significant Cybersecurity Knowledge Gaps
Jul12

2019 Beyond the Phish Report Reveals Employees Have Significant Cybersecurity Knowledge Gaps

A survey conducted by the Sunnyvale, CA-based cybersecurity company Proofpoint has revealed end users are unsure how to protect sensitive data and lack the skills to identify phishing threats. For the latest Beyond the Phish report, Proofpoint analyzed the responses to almost 130 million cybersecurity questions in 14 categories. The survey was conducted on employees in 16 industries across 20 different department classifications. The...

Read More
City of Griffin Wires $800,000 to BEC Scammers
Jul10

City of Griffin Wires $800,000 to BEC Scammers

A business email compromise attack on the city of Griffin, GA, has resulted in two payments totaling $800,000 being made to accounts controlled by the scammers. Business email compromise (BEC) attacks are scams in which the email account of a company is compromised and used to send a request to the finance department or a third party to make a fraudulent wire transfer payment. Access to the email is usually gained with a spear...

Read More
Phishing-as-a-Service Helping to Fuel Increase in Phishing Attacks
Jul02

Phishing-as-a-Service Helping to Fuel Increase in Phishing Attacks

If a task is time consuming or difficult, there is usually someone willing to offer it as a service. That can now be said of phishing. There are a growing number of criminals offering phishing-as-a-service to help wanna-be criminals conduct phishing campaigns. At the basic level, phishing is a relatively straightforward way of attacking an organization. It is also low cost and requires little in the way of hacking skill. That said,...

Read More
QR Code Phishing Scam Targets Cofense Customers
Jun28

QR Code Phishing Scam Targets Cofense Customers

A new phishing campaign has been detected that uses QR codes to hide the hyperlink to a phishing webpage. Not only does this tactic bypass security solutions that search for potentially malicious URLs, by using a QR code the recipient must switch from the business network to their mobile phone to view the document. The corporate network may have a web filter, sandboxes, and other cybersecurity protections to prevent users from...

Read More
General Catalyst Enters into €70 Million Finance Agreement with Vade Secure
Jun16

General Catalyst Enters into €70 Million Finance Agreement with Vade Secure

Vade Secure has announced it has secured €70 million in funding from General Catalyst. The money will be invested in machine learning technology for its predictive email security solution to improve its threat detection capabilities and for improvements to its email security solution for Office 365. Vade Secure is also planning a major global expansion and part of the finance will be used to expand its global footprint and accelerate...

Read More