Proofpoint Launches Closed-Loop Email Analysis and Response (CLEAR) Solution
Sep12

Proofpoint Launches Closed-Loop Email Analysis and Response (CLEAR) Solution

The Sunnyvale, CA-based cybersecurity firm Proofpoint has announced it has launched a new Closed-Loop Email Analysis and Response (CLEAR) solution that can significantly reduce the time it takes to triage email-based threats. The solution uses a complete closed-loop approach to automatically analyze suspicious emails reported by end users to security teams, identify real threats from false positives, and help security teams remediate...

Read More
New Brazilian Banking Trojan Hides in Plain Sight
Sep10

New Brazilian Banking Trojan Hides in Plain Sight

An innovative new Brazilian banking Trojan has been detected by security researchers at IBM X-Force. The Trojan has been named CamuBot due to its use of camouflage to fool employees into running the installer for the malware. As with other banking Trojans, its purpose is to obtain bank account credentials, although its method of doing so is different from most of the banking Trojans currently used by threat actors in Brazil. Most...

Read More
Respiratory Care Provider Victim of Phishing Attack
Sep05

Respiratory Care Provider Victim of Phishing Attack

Norwood, MA-based Reliable Respiratory has discovered a hacker has gained access to the email account of one of its employees, and through that account, potentially accessed the protected health information of some of its patients. The respiratory care provider was alerted to a possible email account breach on July 3 when suspicious activity was detected in the email account. An investigation was immediately launched which confirmed...

Read More
Massive URL Spoofing Campaign Discovered Targeting 76 Universities
Sep04

Massive URL Spoofing Campaign Discovered Targeting 76 Universities

A massive URL spoofing campaign targeting 76 universities in 14 countries has been detected by security researchers at SecureWorks. The threat group known as Cobalt Dickens is believed to be behind the attack. The group is believed to operate out of Iran and is well known for conducting these types of attacks. The latest campaign has seen the hacking group create more than 300 spoofed websites on sixteen domains. Hosted on those...

Read More
Wombat Security Technologies Releases 2018 State of the Phish Report
Aug31

Wombat Security Technologies Releases 2018 State of the Phish Report

Wombat Security Technologies has released its 2018 State of the Phish Report – an analysis of data from tens of millions of simulated phishing attacks conducted through its Security Education Platform over the past 12 months. The report also provides insights on the current state of phishing from quarterly surveys sent to its customers, highlighting the frequency of phishing attacks on organizations, the impact those attacks are...

Read More
KnowBe4 Boosts Security Awareness Training Library with Twist & Shout Partnership
Aug26

KnowBe4 Boosts Security Awareness Training Library with Twist & Shout Partnership

The Tampa Bay, FL-based security awareness training and anti-phishing solution provider KnowBe4 has announced that it has formed a new strategic partnership with the content provider Twist & Shout. Twist & Shout Media has created security awareness campaigns for a wide range of companies, including Estee Lauder, Warner Bros, Barclays, Symantec and Verizon, as well as developing training content on covering business ethics...

Read More
Cofense PhishMe Update Adds Further Opportunities for Automation of Phishing Simulation Campaigns
Aug24

Cofense PhishMe Update Adds Further Opportunities for Automation of Phishing Simulation Campaigns

Cofense has released another update to its product line, providing even more opportunities for automation of phishing simulation exercises. The benefits to be gained from conducting phishing simulation exercises are clear – They allow organizations assess the effectiveness of their security awareness and anti-phishing training programs and condition employees to report phishing threats in a safe environment. They also help security...

Read More
U.S. Companies Not Doing Enough to Prevent Phishing and Email Impersonation Attacks
Aug21

U.S. Companies Not Doing Enough to Prevent Phishing and Email Impersonation Attacks

IT professionals are well aware of the threat from phishing and email impersonation attacks, yet even though the risk of an attack is high, U.S. companies are not doing enough to prevent phishing and email impersonation attacks according to a recent survey of U.S. IT professionals. The survey was conducted by the Ponemon Institute on behalf of Valimail on 650 IT and IT security practitioners in the United States who play a role in...

Read More
38,000 Patient Health Records Exposed in Legacy Health Phishing Attack
Aug20

38,000 Patient Health Records Exposed in Legacy Health Phishing Attack

A phishing attack on the Portland, Oregon-based healthcare provider, Legacy Health, has resulted in the exposure and possible theft of 38,000 patients’ protected health information. The phishing attack was detected on June 21, although an investigation into the security breach revealed that access had first been gained to some employees’ email accounts several weeks earlier in May. An analysis of the compromised email accounts...

Read More
SharePoint Files Used to Harvest Office 365 Credentials
Aug19

SharePoint Files Used to Harvest Office 365 Credentials

A phishing campaign termed PhishPoint uses SharePoint files to steal users’ Office 365 credentials. Huge numbers of phishing emails are being sent to businesses that appear to be invitations to collaborate. Users are required to click the URL embedded in the email, which ultimately directs them to a malicious site where they are required to enter their Office 365 credentials. Those credentials are then captured by the attackers. The...

Read More
Major Phishing Attack Reported by Augusta University Health
Aug17

Major Phishing Attack Reported by Augusta University Health

Augusta University Health has experienced a phishing attack that has resulted in the unauthorized accessing of several employees’ email accounts. The substitute breach notice uploaded to the University of Augusta website indicates investigators determined on July 31, 2018 that email accounts containing the protected health information (PHI) of patients and personally identifiable information (PII) of employees had been compromised....

Read More
Industry First Security Awareness Practitioner Certification Offered by InfoSec Institute
Aug12

Industry First Security Awareness Practitioner Certification Offered by InfoSec Institute

Security awareness training for employees is now a vital part of any cybersecurity strategy, yet until recently there was no certification program available to confirmed proficiency in the creation and management of these vital training programs. The InfoSec Institute has addressed this problem with the launch of a boot camp. The boot camp provides essential training in this area and certifies that IT professionals have the necessary...

Read More
Scammers Claim to Have Webcam Footage of Users Watching Pornography
Aug09

Scammers Claim to Have Webcam Footage of Users Watching Pornography

A new variant of an old scam is currently gaining traction and is fooling many people into paying scammers money to avoid having sensitive information exposed. The scammers claim to have added malware to adult sites which has been downloaded onto a user’s computer. The malware is allegedly capable of taking full control of the webcam, which has been used to record a video of the user while they were visiting pornographic websites. The...

Read More
Cofense Named Finalist in Best SaaS Product for SMBs Category of SaaS Awards
Aug04

Cofense Named Finalist in Best SaaS Product for SMBs Category of SaaS Awards

The Software-as-a-Service Awards Program was launched in 2016 and is now in its third year. The SaaS Awards program is part of the Cloud Awards program which has been running since 2011. The purpose of the SaaS awards is to recognize innovative software solutions providers that have developed important products and services that help companies across a broad range of disciplines including accounting and finance, e-commerce, web...

Read More
Businesses Turn Employee Safety Solution into Phishing Alert System
Aug03

Businesses Turn Employee Safety Solution into Phishing Alert System

Fast action is required when cybersecurity threats are detected to limit the harm caused. When phishing emails are received, or ransomware or malware threats are detected in the email system, fast action can prevent a costly data breach. Many businesses are now turning to their employee safety solutions as an additional protection against phishing and to instantly notify staff of a cyberattack in progress. Mass Notification Systems...

Read More
AI-Assisted Virtual Security Analyst Added to Ironscales’ Advanced Threat Protection Platform
Aug02

AI-Assisted Virtual Security Analyst Added to Ironscales’ Advanced Threat Protection Platform

Ironscales, the Tel Aviv-based anti-phishing solution provider, has announced it has incorporated a new module into its advanced threat protection platform that helps security teams assess suspicious incoming emails more quickly to determine whether they are benign or malicious. When email threats are reported to security teams they must manually analyze the emails to find the real threats hidden among the false positives. That...

Read More
Spam Email Remains the Primary Attack Vector and Click Rates are Increasing
Aug01

Spam Email Remains the Primary Attack Vector and Click Rates are Increasing

Spam email is still the leading method of malware delivery according to a new report by cybersecurity company F-Secure. The reason is simple. It is relatively easy to bypass security defenses and deliver malicious messages to inboxes and end users are not particularly good at identifying malicious emails. Finding exploitable vulnerabilities is much harder by comparison. According to F-Secure’s figures, in the second half of 2017,...

Read More
Cofense Develops New SOAR Platform That Allows IRs to Block Phishing Attacks Even Faster
Jul31

Cofense Develops New SOAR Platform That Allows IRs to Block Phishing Attacks Even Faster

The leading anti-phishing solution provider Cofense has developed a new platform that detects and stops phishing attacks in progress even faster. The Cofense Phishing-Specific Security Orchestration, Automation and Response (SOAR) platform is the first such platform to come to market that has been specifically developed to identify and disrupt phishing attacks in progress. Cofense had already developed its innovative, multi-award...

Read More
UnityPoint Health Phishing Attack Exposed PHI of 1.4 Million Patients
Jul31

UnityPoint Health Phishing Attack Exposed PHI of 1.4 Million Patients

Another UnityPoint Health phishing attack has been discovered, and this time it is huge. Hackers have gained access to multiple email accounts which contained the protected health information of approximately 1.4 million patients. This incident is the largest healthcare data breach to be reported since August 2016 and the largest healthcare phishing incident reported since the HHS’ Office for Civil Rights started publishing summaries...

Read More
Convincing Phishing Campaign Targets Australian Businesses and Spreads DanaBot Trojan
Jul17

Convincing Phishing Campaign Targets Australian Businesses and Spreads DanaBot Trojan

A new phishing campaign has been detected that is spreading the DanaBot Trojan. The campaign involves phishing emails which appear to contain invoices from the Australian multinational corporation MYOB – a provider of tax and accounting services for small and medium sized businesses. The phishing campaign was detected by Trustwave researchers. The phishing emails are succinct and well written and advise the recipient of the invoice...

Read More
New AZORult Phishing Campaign Detected by Cofense
Jul09

New AZORult Phishing Campaign Detected by Cofense

Leading anti-phishing solution provider Cofense has detected a new AZORult phishing campaign. AZORult is an information stealer capable of stealing cookies, stored passwords, payment card information, autocomplete data stored in web browsers, Bitcoin wallet information, and email, FTP, and XMPP client credentials. The latest campaign uses malicious email attachments to spread a new variant of the malware. Version 3 of AZORult...

Read More
Cryptocurrency Investors Targeted with MacOs Malware on Slack and Discord
Jul03

Cryptocurrency Investors Targeted with MacOs Malware on Slack and Discord

Several MacOs malware attacks have been identified in the past few days with victims targeted via the Slack and Discord chat platforms. The attackers are targeting cryptocurrency investors and are posting messages on Slack and Discord groups linked to cryptocurrencies. This is an impersonation attack in which admins and key personnel are being impersonated, with users advised to run a script that downloads a malware variant named...

Read More
Phishing Incident Reported by Trezor Wallet
Jul03

Phishing Incident Reported by Trezor Wallet

Trezor, the multi-cryptocurrency wallet service, has announced it has been targeted in a phishing campaign that has seen some users of its service redirected to a malicious website in an attempt to obtain their credentials. Trezor became aware of the phishing campaign when the company started to receive complaints from its users about an invalid Secure Sockets Layer (SSL) certificate on the site. Users who were directed to the fake...

Read More
ZeroFont Phishing Attack Bypasses Microsoft Office Security Feature
Jun21

ZeroFont Phishing Attack Bypasses Microsoft Office Security Feature

The ZeroFont phishing attack allows phishers to bypass anti-spam controls and ensure their emails are delivered to end users inboxes. ZeroFont Phishing Cybercriminals are constantly developing new ways to bypass anti-spam technologies, one of which has been uncovered by security researchers at the cloud security company Avanan. The technique, termed ZeroFont phishing, allows phishers to get their messages past Microsoft Office 365...

Read More
World Cup Wallchart Phishing Scam Detected
Jun19

World Cup Wallchart Phishing Scam Detected

Security researchers at Check Point have uncovered a World Cup wallchart phishing scam that is being used to deliver malware to soccer fans’ devices. The campaign involves specially crafted email messages with the subject line: World_Cup_2018_Schedule_and_Scoresheet_V1.86_CB-DL-Manager. Email recipients are encouraged to open and install a malicious FIFA World Cup schedule and results checker that is attached to the email. The email...

Read More
RansomCloud Attack Encrypts Cloud-Based Emails
Jun14

RansomCloud Attack Encrypts Cloud-Based Emails

Ransomware may be more commonly used to encrypt files on business networks, although that does not mean consumers are in the clear. Cybercriminals may target businesses due to the higher potential rewards for a successful attack, although a new ransomware strain has been developed that highlights how vulnerable consumers are to ransomware attacks. In this case, the ransomware strain was developed by a white hat hacker as a proof of...

Read More
Department of Justice Announces Arrest of 74 Business Email Compromise Scammers
Jun12

Department of Justice Announces Arrest of 74 Business Email Compromise Scammers

A coordinated law enforcement effort involving the FBI, U.S Departments of Justice, Homeland Security, Treasury, the US Postal Inspection Service, and law enforcement agencies in Canada, Mauritius, Poland, Indonesia, Malaysia, and Nigeria has resulted in 74 business email compromise (BEC) scammers and associated criminals being arrested. The joint law enforcement effort – called Operation Wire Wire – was conducted over a period of 6...

Read More
Spammers Use iqy Files to Deliver Remote Access Trojan
Jun11

Spammers Use iqy Files to Deliver Remote Access Trojan

Macros have long been favored by cybercriminals as a method of installing malware. The macros launch VB, JavaScript and PowerShell scripts that download malware. Due to potential threat, security teams often disable macros or at least configure end points to require macros to be manually enabled by end users. The risk of running macros is also usually covered in security awareness programs. It is now harder for cybercriminals to...

Read More
InfoSec Institute Now Has Largest Library of Security Awareness Training Content
Jun06

InfoSec Institute Now Has Largest Library of Security Awareness Training Content

At the recent Gartner Security & Risk Management Summit 2018, the InfoSec Institute announced that its library of security awareness training content is now the largest collection of content provided by any security awareness training company. The SecurityIQ AwareEd library consists of standard CBT training modules covering the full range of email-based and web-based threats. CBT training is accompanies by video training content,...

Read More
May Saw Massive Increase in TSB Phishing Scams
Jun05

May Saw Massive Increase in TSB Phishing Scams

There has been a massive increase in TSB phishing scams over the past month. In April, TSB bank transitioned to a new core banking system. Previously, TSB data had been on a system provided by Lloyds, although following the takeover by Spanish bank Banco Sabadell, data needed to be moved to its banking system. When customer accounts were transferred to the new system, many customers were locked out of their accounts. The outage lasted...

Read More
Hackers Potentially Had Access to 42,000 Patients Health Data for a Month After Phishing Attack
May28

Hackers Potentially Had Access to 42,000 Patients Health Data for a Month After Phishing Attack

The Ohio Healthcare Provider Aultman Health Foundation has discovered some of its employees have been duped by a phishing attack that resulted in the threat actors behind the campaign gaining access to several email accounts. A phishing attack was detected on March 28, prompting a full investigation of the breach. The investigation revealed some employees had fallen for the phishing scam in mid-February. Further accounts were then...

Read More
Agari: Business Email Compromise the Most Lucrative Form of Email Attack
May23

Agari: Business Email Compromise the Most Lucrative Form of Email Attack

A report from the email security vendor Agari provides new insights into the tactics used by cybercriminal groups to conduct email attacks and the extent of global email fraud. While many email-based attack methods are used, business email compromise (BEC) is the most lucrative for criminals and BEC attacks are the costliest for companies. The Agari report was released days after the FBI published figures on the cost of Internet crime...

Read More
$875,000 Settlement Agreed in W-2 Phishing Scam Lawsuit
May18

$875,000 Settlement Agreed in W-2 Phishing Scam Lawsuit

A class-action lawsuit stemming from a W-2 phishing scam that saw an employee of the respiratory therapy supplier Lincare Inc., send the W-2 Forms of employees to a scammer has been settled for $875,000. As is typical with these types of Business Email Compromise (BEC) attacks, the scammer pretended to be a senior executive and sent an email to an employee of the HR department requesting W-2 information for the company’s employees....

Read More
InfoSec Institute Named in 2018 Gartner Peer Insights Customers’ Choice for Security Awareness CBT
May17

InfoSec Institute Named in 2018 Gartner Peer Insights Customers’ Choice for Security Awareness CBT

The InfoSec Institute has developed an extensive library of training material on cybersecurity and helps security professionals attain qualifications to improve their career prospects. The company has also developed a platform for businesses to use to improve their defenses against phishing attacks and other threats that target employees. The firm’s SecurityIQ training platform combines an extensive library of training material and a...

Read More
ADT Now Offering Cofense Phishing Detection and Response Capabilities to Customers
May17

ADT Now Offering Cofense Phishing Detection and Response Capabilities to Customers

Cofense has announced a new partnership with the security monitoring and interactive home and business automation solution provider ADT. Boca Raton, FL-based ADT is a leading provider of automation and security solutions to enterprises and medium-sized businesses throughout the United States and Canada. The firm helps businesses to detect and respond to cyberthreats in real-time, speeding up the mitigation of attacks to minimize...

Read More
GDPR Phishing Scam Targets Airbnb Customers
May16

GDPR Phishing Scam Targets Airbnb Customers

A GDPR phishing scam has been detected targeting Airbnb customers. The GDPR-themed scam requests customers of the home-sharing website must re-enter their contact information and credit card details in order to comply with the EU’s General Data Protection Regulation that comes into force on May 25, 2018. The scammers are taking advantage of the high volume of emails currently being sent by companies as part of their GDPR compliance...

Read More
Vega Stealer Malware Harvesting Credentials from Web Browsers
May14

Vega Stealer Malware Harvesting Credentials from Web Browsers

A new variant of August Stealer – named Vega Stealer – is being distributed in small phishing campaigns targeting marketing, advertising, and PR firms and the retail and manufacturing industries. While the campaigns are highly targeted, the malware could potentially be used in much more widespread campaigns and become a major threat. Vega Stealer does not have the same range of capabilities as its predecessor, although it does include...

Read More
Cofense Announces Major Expansion of its Technology Alliance Program
May10

Cofense Announces Major Expansion of its Technology Alliance Program

Cofense (Formerly PhishMe) has announced it has made major enhancements to its phishing incident response platform – Cofense Triage – to help its customers reduce dwell time and respond more quickly to phishing attacks. The updates are in addition to more than 10 new technical integrations into its phishing defense platform, which have helped cement its position as the leading provider of human-driven phishing defense solutions. The...

Read More
Does Two-Factor Authentication Protect Businesses from Phishing Attacks?
May08

Does Two-Factor Authentication Protect Businesses from Phishing Attacks?

Two-factor – or multi-factor – authentication is a simple control that makes it harder for unauthorized individuals to gain access to accounts and sensitive data. Rather than just use a single factor for authentication such as a password, an additional factor is required, usually something an individual has. This could be a card reader, which is often used by banks for verifying the identify of an individual who wants to make a...

Read More
2018 Phishing Trends & Intelligence Report
May06

2018 Phishing Trends & Intelligence Report

Security awareness and anti-phishing vendor PhishLabs has released its 2018 Phishing Trends & Intelligence Report. The report shows there has been a marked change in attacks, with enterprises now being targeted rather than individuals. This comes as no surprise as the potential rewards for a successful attack on an enterprise are considerably higher than attacks on individuals. Enterprises are more likely to pay ransom demands...

Read More
Ironscales Announces Introduction of Non-Blocking Cloud-Native API Deployment
May05

Ironscales Announces Introduction of Non-Blocking Cloud-Native API Deployment

Ironscales has announced its automated phishing defense platform can now be used to protect organizations without the need for any physical plugins, thanks to its new non-blocking cloud-native API deployment, which has been made available for all of its anti-phishing modules. The new option is ideally suited to businesses that have moved their email services to the cloud and are looking for an easy-to-implement solution that offers...

Read More
TitanHQ Integrates WebTitan Web Filter into Kaseya IT Complete Suite
May04

TitanHQ Integrates WebTitan Web Filter into Kaseya IT Complete Suite

TitanHQ has announced its powerful web filtering solution – WebTitan – is now fully integrated into the Kaseya IT Complete Suite, making it easier for MSPs to start offering content filtering to their clients. WebTitan is a 100% cloud-based web filtering solution that allows businesses to carefully control the web content their employees can access. In addition to restricting access to productivity-draining and NSFW...

Read More
Wombat Security Releases 2018 Beyond the Phish Report
May03

Wombat Security Releases 2018 Beyond the Phish Report

The Beyond the Phish Report from Wombat Security provides valuable insights into the state of security awareness across different industry sectors. For the report, Wombat Security analyzed the responses to almost 85 million questions and answers collected from employees of its customers across 16 industry sectors. The questions covered 12 different categories including protecting confidential information, safe use of passwords,...

Read More
What are the Most Clicked Phishing Emails?
May02

What are the Most Clicked Phishing Emails?

KnowBe4 has released a quarterly report that reveals the most clicked phishing emails in Q1, 2018 – The emails that are proving to be the most effective at fooling employees into clicking hyperlinks and opening potentially malicious email attachments. The data from the report came from responses to phishing simulation emails delivered through its training platform. The simulated phishing emails mirror messages observed in real world...

Read More
Microsoft Launches Free Windows Defender Chrome Plugin
Apr25

Microsoft Launches Free Windows Defender Chrome Plugin

One of the key selling points of the Microsoft Edge browser its protection against phishing attacks. Microsoft Edge is already the best browser to use to block phishing attacks, with tests conducted by NSS Labs showing Edge to be capable of blocking 99% of phishing and social engineering-based malware attacks. Its closest competitor, Google Chrome, only blocked 87% of attacks, while Firefox blocked just 70%. Both of those browsers...

Read More
Cofense Re-Launches Reseller Channel Program as it Adopts a 100% Indirect Sales Model
Apr25

Cofense Re-Launches Reseller Channel Program as it Adopts a 100% Indirect Sales Model

Cofense, formerly PhishMe, is moving away from direct sales and plans to become a 100% channel focused company. The Leesburg, VA based firm has now taken a step closer to that goal with the relaunch of its its reseller channel program, as the firm aims to expand its 300+ network of global sales partners. The Cofense partner program has proven extremely popular with managed service providers (MSPs) whose clients are realizing the...

Read More
Wombat Security Honored at SC Media Awards
Apr24

Wombat Security Honored at SC Media Awards

Wombat Security, now a division of Proofpoint, helps businesses train employees to become more security aware and recognize potential phishing emails and other email-based cyber threats. The company has developed an extensive training library and CBT platform that businesses can use as the basis of their security awareness programs, along with a phishing simulation program to put the training to the test. The firm was recently honored...

Read More
Agari Named Best Email Security Solution at 2018 SC Media Awards
Apr23

Agari Named Best Email Security Solution at 2018 SC Media Awards

Agari has been honored at this year’s SC Media Awards and has collected a prestigious Professional Award for its email security solution – the Agari Email Trust Platform. The SC Media Awards are the premier cybersecurity awards for the cybersecurity industry. Each year, hundreds of products are assessed by a panel of independent judges drawn from the cybersecurity industry. The nominated solutions are whittled down to five...

Read More
KnowBe4 Issues Alert About Fake Active Shooter Phishing Emails
Apr20

KnowBe4 Issues Alert About Fake Active Shooter Phishing Emails

The recent shootings at schools in the United States have shocked the nation, with educational institutions now on high alert for any recurrences. The news of an active shooter on campus requires an immediate response and is likely to result in panic. It is therefore no surprise that scammers have taken advantage and have been sending fake active shooter alerts via email to schools and colleges. KnowBe4 has recently identified one...

Read More
Security IQ BEC Defense Suite Prepares Businesses for Email Account Compromise Attacks
Apr19

Security IQ BEC Defense Suite Prepares Businesses for Email Account Compromise Attacks

Business email compromise attacks are on the rise, with one recent report suggesting 44% of businesses have suffered an attack. Business Email Compromise (BEC) attacks are now commonplace. Email accounts are compromised, and threat actors use the accounts to send targeted messages to individuals in an organization. Requests are made to have sensitive data sent by email or for wire transfers to be made. Sophisticated social engineering...

Read More
Cofense Triage Update Improves Visibility into Phishing Threats to Improve Response Times
Apr19

Cofense Triage Update Improves Visibility into Phishing Threats to Improve Response Times

The human-driven phishing defense solution provider Cofense has announced its incident response platform – Cofense Triage – has been updated. There have been several major enhancements to the platform that reduce noise and improve visibility into real-time threats, allowing IR teams to accelerate their response to current phishing threats that have made it past the perimeter. The update makes it easier for security teams to respond to...

Read More
Human Factor Cybersecurity Report Released by Proofpoint
Apr18

Human Factor Cybersecurity Report Released by Proofpoint

The human factor continues to be extensively exploited by cybercriminals according to the annual human factor cybersecurity report from Proofpoint. While hacks are still commonplace, cybercriminals are mostly relying on some interaction from employees to steal funds from bank accounts, obtain login credentials and sensitive data, and infect end points and networks with malware and ransomware. The data for the latest report come from...

Read More
Cofense Collects Three Cyber Defense Magazine 2018 InfoSec Awards
Apr18

Cofense Collects Three Cyber Defense Magazine 2018 InfoSec Awards

Cyber Defense Magazine, the leading electronic information security magazine and premier source of IT security news, runs an annual InfoSec award program that honors the leading companies in the field of information security and recognizes the best cybersecurity products on the market. This year, more than 3,000 companies were considered for the awards. Each company was assessed across a wide range of criteria and the field was...

Read More
Barracuda PhishLine Levelized Programs Offers New Method of Measuring Susceptibility to Phishing Attacks
Apr18

Barracuda PhishLine Levelized Programs Offers New Method of Measuring Susceptibility to Phishing Attacks

Yesterday saw the launch of Barracuda PhishLine Levelized Programs – A new approach developed by Barracuda and PhishLine to determine and improve user resistance to phishing attacks. Most anti-phishing training solutions use click rate metrics to determine resistance and susceptibility to phishing attacks. While this method of testing employees has proven effective, Barracuda Networks points out that there are limits to this approach....

Read More
Multiple Staff Email Accounts Accessed in UnityPoint Health Phishing Attack
Apr17

Multiple Staff Email Accounts Accessed in UnityPoint Health Phishing Attack

It has been discovered that the email accounts of several employees of UnityPoint Health hhave been compromised and accessed by unauthorized people. Access to the staff email accounts was first obtained on November 1, 2017 and went on for a period of three months until February 7, 2018, when the phishing attack was noticed and access to the compromised email accounts was turned off. When the phishing attack was first noticed,...

Read More
44% of Businesses Victims of Account Takeover Attacks
Apr17

44% of Businesses Victims of Account Takeover Attacks

Agari has released figures from recent research that show account takeover attacks are soaring. These phishing attacks involve the use of a compromised email account to fool employees into revealing sensitive information or installing malware. Agari says account takeover attacks have doubled in 2018. Since messages are believed to have been sent from a known individual, many email recipients let their guard down. The effectiveness of...

Read More
Email Account Breach Impacts 4,000 Patients of Texas Health Resources
Apr16

Email Account Breach Impacts 4,000 Patients of Texas Health Resources

Texas Health Resources is sending notifications to ‘fewer than 4,000 patients’ that some of their Private Health Information may have been seen by an unauthorized persons. The Arlington-based health care provider, a supplier to over 1.7 million patients in North Texas, says that the data breach may have happened as early as October 2017, although they did not identify it until January 17, 2018, when law enforcement alerted the the...

Read More
Proofpoint Study Shows Impact of Email Fraud on Businesses
Apr10

Proofpoint Study Shows Impact of Email Fraud on Businesses

Proofpoint has published the findings of a recent study investigating the impact of email fraud on businesses. The study reveals the extent to which businesses are affected by email fraud, the typical impact of email fraud on businesses, which individuals are targeted, and the steps that are being taken to reduce risk. There has been an increase in email fraud in recent years, with last year seeing a further surge in attacks. The...

Read More
Cofense Enhances its Industry Leading Security Awareness and Employee Conditioning Solutions
Apr09

Cofense Enhances its Industry Leading Security Awareness and Employee Conditioning Solutions

Cofense, the leading provider of security awareness and employee conditioning solutions for businesses to help them manage phishing risk, has announced it has made several key enhancements to its human phishing defense program including the introduction of more industry firsts. The updates include enhanced analytics and reporting functions that allow administrators to generate boardroom-level quality reports demonstrating the results...

Read More
Warning Over Possible MyFitnessPal Phishing Attacks
Apr09

Warning Over Possible MyFitnessPal Phishing Attacks

A recently discovered cyberattack on Under Armour has raised fears about a wave of MyFitnessPal phishing attacks. On March 25, 2018, Under Armour discovered an unauthorized individual had gained access to the data of 150 million users of MyFitnessPal – including users with website accounts and those who use the MyFitnessPal app. The Under Armour data breach is the largest to be discovered this year in terms of the number of...

Read More
Lazio Football Club Phishing Scam Sees €2 Million Sent to Attackers
Apr06

Lazio Football Club Phishing Scam Sees €2 Million Sent to Attackers

Phishing scams can prove expensive for businesses, as the Italian Serie A football team Lazio is now knows all too well. A recent phishing scam could have cost the club €2 million Euros ($2,461,990). Lazio Football Club transferred in defender Stefan de Vrij from the Dutch club Feyenoord in the summer of 2014 for around €8 million Euros. Not all of that transfer fee was paid in one lump sum. There was one outstanding payment left of...

Read More
Phishing Attack on CareFirst BCBS Impacts 6,800 Plan Members
Apr03

Phishing Attack on CareFirst BCBS Impacts 6,800 Plan Members

CareFirst Blue Cross Blue Shield is alerting 6,800 of its plan members that some of their protected health information has potentially been accessed by unauthorized individuals as a result of a successful phishing attack on one of its employees. Phishing attacks are conducted to gain access to sensitive information such as email credentials. Those credentials are then used to access to sensitive data or conduct further attacks on an...

Read More
Phishing Simulation Certification Program Offered by Cofense
Mar31

Phishing Simulation Certification Program Offered by Cofense

Cofense, the company formerly known as PhishMe, has launched the industry’s first ever phishing simulation certification program. The course covers all of the skills necessary to construct, execute, and sustain phishing simulation and employee security awareness programs. After completing the training, security experts will be awarded with Cofense PhishMe certification which demonstrates their ability to run phishing simulation...

Read More
New Insider Threat Training Modules Released by Wombat Security
Mar28

New Insider Threat Training Modules Released by Wombat Security

Anti-phishing solution provider Wombat Security – now a division of Proofpoint – has released new insider threat training modules to help businesses deal with the threat from within. Insider breaches are a leading cause of data breaches, especially in the US healthcare industry where they share top spot with hacks. Insider threats include simple mistakes made by employees, negligence, and malicious actions taken to cause harm to...

Read More
European Phishing Response Trends Report Shows EU Firms Unprepared for Phishing Attacks
Mar27

European Phishing Response Trends Report Shows EU Firms Unprepared for Phishing Attacks

A new report from Cofense (formerly PhishMe) has revealed the majority of EU firms do not feel they are well prepared to deal with phishing attacks. Phishing is a major threat to businesses of all sizes. Enterprises and SMBs must deal with spray and pray campaigns as well as targeted phishing attacks on their organization and highly targeted spear phishing attacks on specific groups of employees. The data for the European Phishing...

Read More
Cofense Report Reveals Latest Malware Delivery and Attack Trends
Mar23

Cofense Report Reveals Latest Malware Delivery and Attack Trends

The 2018 Malware Review from security awareness and anti-phishing solution provider Cofense (Formerly PhishMe) looks at malware trends over the past 12 months and makes predictions about malware delivery and attack trends in 2018. The 2018 Cofense Malware Review, titled A Look Back and a Look Forward, was compiled after analyzing millions of phishing and spam emails gathered from multiple sources over the past year. The report has a...

Read More
1,049 Patients of RoxSan Pharmacy Notified of 2015 Email Breach
Mar20

1,049 Patients of RoxSan Pharmacy Notified of 2015 Email Breach

1,049 patients of Beverly Hills, CA-based RoxSan Pharmacy have been warned that some of their protected health information has been shared with a business associate through an unencrypted email. The notification letters were sent to affected people during February, although the incident happened on January 20, 2015. Commenting in a recent press release, RoxSan stated that affected individuals are being contatced in “as timely a manner...

Read More
Primary Health Care Experiences Multiple Email Hacks
Mar20

Primary Health Care Experiences Multiple Email Hacks

A non-profit network of community health centers in Des Moines, Marshalltown and Ames, IA, Primary Health Care Inc. has reported that hackers gained access to the email accounts of four workers and may have viewed or downloaded patients’ PHI. A press release issued by Primary Health Care and published a substitute breach notice to its website on March 16, 2018 outlining that the breach occurred on February 28, 2017. The breach was...

Read More
Infosec Institute Training Library Now Includes More Than 1,200 Training Resources
Mar16

Infosec Institute Training Library Now Includes More Than 1,200 Training Resources

The Infosec Institute, developer of the SecurityIQ phishing awareness training platform, has been steadily increasing its training modules to help businesses, non-profits, and educational institutions improve the security awareness of employees and train staff on cybersecurity and compliance. The latest update to the training library sees five new modules added covering the Criminal Justice Information System (CJIS). The five new...

Read More
Two Thirds of Indian Companies Have been Targeted with Ransomware
Mar15

Two Thirds of Indian Companies Have been Targeted with Ransomware

Sophos has published a new State of Enterprise Security Report that provides insight into the main threats faced by organizations around the world. The report was based on a survey conducted on 2,700 IT managers based in 10 countries (USA, UK, Canada, France, Germany, India, South Africa, Japan, Mexico, and Australia). One of the key points from the report is the extent to which Indian businesses are being attacked and just how...

Read More
Top Healthcare Security Threats Revealed in HIMSS Survey Results
Mar12

Top Healthcare Security Threats Revealed in HIMSS Survey Results

HIMSS has released the findings of its 2017 healthcare cybersecurity survey, which gives us valuable insights into the state of cybersecurity in the healthcare sector and names the top healthcare security threats. The HIMSS 2018 cybersecurity survey was carried out on 239 respondents from the healthcare sector between December 2017 and January 2018. The findings of the survey were revealed at the HIMSS 2018 Conference &...

Read More
Popcorn Training Acquired by KnowBe4
Mar09

Popcorn Training Acquired by KnowBe4

Security awareness training and phishing simulation platform provider KnowBe4 has announced it has acquired the South African training company Popcorn Training. The acquisition will see the South African company’s 52 training modules incorporated into the KnowBe4 training library. Popcorn Training is an award-winning training firm with a global customer base. The firm is known for developing engaging training content and has developed...

Read More
Future of Cybersecurity Scholarship Program Launched by PhishLabs
Mar07

Future of Cybersecurity Scholarship Program Launched by PhishLabs

PhishLabs, a leading provider of security awareness training and anti-phishing solutions for enterprises, has announced the launch of a new ‘Future of Cybersecurity’ Scholarship Program. The aim of the scholarship program is to help talented individuals further their studies in the field of cybersecurity, one of the most in demand areas of the IT industry. There is currently a major shortage of skilled cybersecurity professionals and...

Read More
InfoSec Institute Launches Security Awareness Training Program for Healthcare
Mar06

InfoSec Institute Launches Security Awareness Training Program for Healthcare

The cybersecurity awareness training solution provider the InfoSec Institute has announced it has launched a new security awareness training program for healthcare teams – the first such program to be developed specifically for the healthcare industry in the United States. The training material is available through the company’s SecurityIQ AwareEd training platform, which now contains the largest interactive security awareness...

Read More
Cofense Wins Multiple 2018 Info Security PG Global Excellence Awards
Mar05

Cofense Wins Multiple 2018 Info Security PG Global Excellence Awards

Cofense (formerly PhishMe) has been recognized once again for its anti-phishing solutions and will collect multiple Info Security PG Global Excellence Awards next month. Info Security PG is the leading information security research and advisory guide for the IT industry. The Info Security PG Global Excellence Awards recognize the best products and services in the field of IT security. Now in their 14th year, the awards not only...

Read More
HHS’ Office for Civil Rights Offers Anti-Phishing Advice for Healthcare Organizations
Mar04

HHS’ Office for Civil Rights Offers Anti-Phishing Advice for Healthcare Organizations

The Department of Health and Human Services’ Office for Civil Rights has issued anti-phishing advice for healthcare organizations. The warning and advice comes after several major phishing attacks in healthcare. The risk from phishing is greater than ever before and healthcare organizations are being extensively targeted. If technical controls are not implemented and the workforce is not trained to recognize phishing attacks, data...

Read More
Proofpoint’s Acquisition of Wombat Security Technologies has now been Completed
Mar01

Proofpoint’s Acquisition of Wombat Security Technologies has now been Completed

In early February, Proofpoint announced it was to acquire the security awareness and phishing simulation platform provider Wombat Security Technologies for $225 million in cash. Today, Proofpoint has confirmed that the acquisition has now been completed. The acquisition will see Wombat Security’s phishing simulation platform, its security awareness computer-based training content, and its phishing reporting tool incorporated into the...

Read More
PhishMe Rebranding as Cofense Reflects Company’s Extensive Range of Products and Services
Feb26

PhishMe Rebranding as Cofense Reflects Company’s Extensive Range of Products and Services

PhishMe has long been a strong brand name associated with phishing defense technology and training. Over the years the company has expanded its products and services, and now the time has come for a change to the brand name to better reflect the company’s position, products, and services. PhishMe started life on February 27, 2007 when Co-Founders Aaron Higbee (CTO) and Royht Belani (CEO) were searching for a company name and...

Read More
Phishing Attack on Sutter Health Business Associate Impacts Patients
Feb26

Phishing Attack on Sutter Health Business Associate Impacts Patients

Sutter Health is contacting certain patients to advise them that their protected health information may have been exposed in a phishing attack on the legal firm Salem and Green, one of its business associates. It is thought that the attack took place on or around October 11, 2017, a phishing email was received by a worker at Salem and Green. The worker responded and, in doing so, allowed the attackers access to their email account....

Read More
PhishLabs Research Reveals Extent of Cybercriminals’ Abuse of HTTPS
Feb23

PhishLabs Research Reveals Extent of Cybercriminals’ Abuse of HTTPS

The Q3 2017 phishing Activity Trends Report from the Anti Phishing Working Group has revealed the extent to which cybercriminals are abusing the Hypertext Transfer Protocol Secure (HTTPS) protocol in phishing campaigns. Websites using HTTPS encrypt the connection between the website and browser to prevent man-in-the-middle attacks. There has been a major transition from HTTP to HTTPS by online retailers and other businesses to provide...

Read More
Sophos Launches Phish Threat 2.0
Feb22

Sophos Launches Phish Threat 2.0

Sophos has launched a new version of its Phish Threat simulator. Phish Threat 2.0 is an enterprise-class phishing simulation platform that allows businesses to run their own internal phishing campaigns to test the effectiveness of their security awareness programs and discover how susceptible their employees are to phishing threats. Training employees to be more security aware is now an essential element of any cybersecurity strategy....

Read More
Ironscales Phishing Threat Technology Recognized for Spear Phishing Protection Capabilities
Feb22

Ironscales Phishing Threat Technology Recognized for Spear Phishing Protection Capabilities

Ironscales, a provider of an automated phishing protection, detection and response platform has had its advanced spear phishing threat technology recognized as a key innovation in the spear phishing market by the global market research and consulting firm Markets&Market in its recent spear phishing market report. The company’s technology was developed specifically to identify and block advanced spear phishing threats that often...

Read More
Ron’s Pharmacy Services Patients Receive Email Account Breach Alerts
Feb13

Ron’s Pharmacy Services Patients Receive Email Account Breach Alerts

San Diego, CA-based Ron’s Pharmacy Services has found that an employee’s email account containing limited protected health information has been logged onto by an unknown individual. Unusual activity was noticed on the employee’s email account during October 3, 2017 resulting in an investigation; however, it was not until December 21, 2017 that it was revealed that an unauthorized individual had obtained messages in the email...

Read More
Agari Reveals 90% of Brands Extremely Vulnerable to Phishing and Fraud
Feb12

Agari Reveals 90% of Brands Extremely Vulnerable to Phishing and Fraud

A joint research study conducted by Agari and Farsight Security has been published this month that shows almost every domain is vulnerable to phishing and domain name spoofing due to the failure to adopt the Domain Message Authentication Reporting & Conformance (DMARC) email authentication standard. Globally, fewer than 1% of domains are protected by DMARC, which helps domain owners prevent abuse of their brands. An analysis of...

Read More
PhishMe (now Cofense) Named Winner in Five Categories at the 2018 Cybersecurity Excellence Awards
Feb09

PhishMe (now Cofense) Named Winner in Five Categories at the 2018 Cybersecurity Excellence Awards

It has been an impressive start to the year for PhishMe (now Cofense). The company has already picked up a 2018 Stevie Award for customer service and now the Leesburg, VA-based provider of human phishing defense solutions has been named a winner in five categories at the 2018 Cybersecurity Excellence Awards. The Cybersecurity Excellence Awards program honors companies and individuals in the field of cybersecurity that have...

Read More
Proofpoint Acquires Wombat Security Technologies for $225 Million
Feb07

Proofpoint Acquires Wombat Security Technologies for $225 Million

Sunnyvale, CA-based cybersecurity firm Proofpoint has announced it has acquired the phishing simulation and security awareness company Wombat Security Technologies. The deal is for $225 million in cash and is expected to close in Q1, 2018. Proofpoint is already a major player in the cybersecurity market providing advanced threat protection, encryption, data loss prevention, email security and many other digital security services to...

Read More
FBI Issues Warning About Internet Crime Complaint Center Phishing Scams
Feb06

FBI Issues Warning About Internet Crime Complaint Center Phishing Scams

The FBI has spent the past few months investigating reports of Internet Crime Complaint Center phishing scams. IC3 has been impersonated in several campaigns that attempt to convince people to reveal sensitive information that can be used to drain bank accounts and steal identities. The FBI has identified three email templates that are being used by scammers to obtain sensitive information from victims. In some cases, victims have...

Read More
Poor DMARC Adoption in Retail Industry Placing Customers at Risk
Feb01

Poor DMARC Adoption in Retail Industry Placing Customers at Risk

A recent study conducted by the email analytics firm 250ok has revealed DMARC adoption in retail is particularly poor and the lack of email validation is placing consumers at risk. SPF – or Sender Policy Framework to give it its full name – is an email validation system that helps businesses to detect attempts to spoof their domains. Domain spoofing is a common tactic used by cybercriminals to fool email recipients into thinking an...

Read More
Google Security Checkup Emails Raise Concern Due to Similarity to Phishing Emails
Jan30

Google Security Checkup Emails Raise Concern Due to Similarity to Phishing Emails

Google security checkup emails have been hitting inboxes over the past few days. The purpose of the emails is to get Google email account holders to check their security settings as potential vulnerabilities have been discovered – Vulnerabilities that could potentially be exploited by malicious actors to take control of users’ email accounts and view potentially sensitive information contained therein. The Google security emails may...

Read More
PhishMe (now Cofense) Report Shows How Phishing Susceptibility Rates Can be Deceiving
Jan26

PhishMe (now Cofense) Report Shows How Phishing Susceptibility Rates Can be Deceiving

A new enterprise phishing resiliency and defense report from PhishMe confirms phishing campaigns increased by 65% in 2017. As PhishMe  (now Cofense) explains in the report, the rise in phishing attacks is easy to explain. Phishing attacks are an easy and low-cost way for hackers to make money. For businesses, the danger of phishing is clear. A typical phishing attack on a mid-sized company costs $1.6 million to resolve, according to...

Read More
Knowbe4 Identifies Industry Most Susceptible to Phishing Attacks
Jan25

Knowbe4 Identifies Industry Most Susceptible to Phishing Attacks

Security awareness and phishing training firm Knowbe4 has published a new report that identifies the industry most susceptible to phishing attacks. For the report, Knowbe4 analyzed data from more than 6 million users and 11,000 organizations using its phishing email simulation service. Figures include a baseline taken prior to the provision of security awareness training, 90 days following training and phishing email simulations, and...

Read More
New Necurs Botnet Phishing Campaign Spreads Dridex Banking Trojan
Jan24

New Necurs Botnet Phishing Campaign Spreads Dridex Banking Trojan

The operators of the Necurs botnet have launched several phishing campaigns in the past few days that are being used to spread the Dridex banking Trojan. Malware and cryptocurrency miners are also being sent in large scale campaigns. New tactics are being used to ensure infection and avoid detection. The latest Dridex malware campaign was launched in the past few days and targets customers of major US and European banks. When users...

Read More
Beware of W2 Phishing Scams This Tax Season
Jan23

Beware of W2 Phishing Scams This Tax Season

Employers are being warned to be wary of W2 phishing scams this tax season. The past two years have seen hundreds of employers scammed into disclosing the W2 forms of their employees. The credentials on the forms were subsequently used to file false tax returns. This year is likely to be no different. Last year, accounts department and payroll staff were targeted with W2 phishing scams, using an attack method termed business email...

Read More
Threat from Phishing at an All Time HIgh
Jan22

Threat from Phishing at an All Time HIgh

The 2018 State of the Phish Report from Wombat Security Technologies confirms the threat from phishing is at an all-time high. Fortunately, employees do appear to be getting better at recognizing phishing emails. The data for the latest State of the Phish Report comes from an analysis of millions of phishing email simulations using the Wombat platform, along with quarterly surveys on more than 10,000 information security professionals...

Read More
Phishing Attack Sees School District Network Crippled by Emotet Malware
Jan21

Phishing Attack Sees School District Network Crippled by Emotet Malware

Employees of the Rockingham County Schools District in North Carolina have inadvertently disabled their entire network after falling for phishing emails. Several employees opened malicious Microsoft Word documents that resulted in multiple copies of Emotet malware being installed. Emotet malware is a computer Trojan that steals financial information first by injecting code into the networking stack, then installing itself in software...

Read More
Sophos Warns Users About Fake Antivirus Apps
Jan20

Sophos Warns Users About Fake Antivirus Apps

Sophos has alerted users to the risk of downloading fake antivirus apps. The firm has also released a new white paper on a specific antivirus app called Super Antivirus 2018. According to the report, the app has been downloaded 50,000 times, presumably by users who are concerned about security. While the app does appear to be scanning the mobile device on which it is installed, all the app really offers is the illusion of security....

Read More
Cofense PhishMe Simulator Named 2018 SC Media Award Finalist for Third Consecutive Year
Jan19

Cofense PhishMe Simulator Named 2018 SC Media Award Finalist for Third Consecutive Year

The finalists for the 2018 SC Media Awards have been announced, and for the third successive year, PhishMe has been recognized. Cofense PhishMe Simulator, a phishing email simulation platform that can be used to test resilience to phishing attacks, has been named a finalist in the Best IT Security-Related Training Program category. SC Media one of the most well-respected cybersecurity news outlets in the world. For the past 25 years,...

Read More
Phishing Emails Pushing Fake Meltdown and Spectre Patches
Jan18

Phishing Emails Pushing Fake Meltdown and Spectre Patches

The recently disclosed microprocessor vulnerabilities – Meltdown and Spectre – have had software and hardware firms working hard to develop patches. Cybercriminals have also been busy developing phishing campaigns that push fake Meltdown and Spectre patches. It should not come as a surprise that cybercriminals are capitalizing on the rush to secure computers and patch the vulnerabilities. The vulnerabilities can potentially be...

Read More
PhishLabs Poll Shows Many Employers Do Not Ask Staff to Report Suspicious Emails
Jan17

PhishLabs Poll Shows Many Employers Do Not Ask Staff to Report Suspicious Emails

A recent online poll conducted by the anti-phishing solution provider PhishLabs has revealed a considerable cybersecurity gap exists at many organizations. While most companies now have solutions in place to block spam and malicious emails, those solutions rarely block every unwanted email. Many spam emails are still delivered. Some of those emails will contain malware and links to phishing websites. It is for this reason that it is...

Read More
DMARC Adoption by Federal Agencies Increases 38% in 30 Days
Jan16

DMARC Adoption by Federal Agencies Increases 38% in 30 Days

A new report from Agari suggests the decision made by the Department of Homeland Security (DHS) to make DHS adoption by federal agencies mandatory is having a positive impact. However, the deadline for compliance is fast approaching and the majority of federal agencies have still not implemented DMARC. Prior to the DHS directive (BOD 18-01), relatively few government agencies were using DMARC to secure their domains. The DHS directive...

Read More