InfoSec Institute Launches Security Awareness Training Program for Healthcare
Mar06

InfoSec Institute Launches Security Awareness Training Program for Healthcare

The cybersecurity awareness training solution provider the InfoSec Institute has announced it has launched a new security awareness training program for healthcare teams – the first such program to be developed specifically for the healthcare industry in the United States. The training material is available through the company’s SecurityIQ AwareEd training platform, which now contains the largest interactive security awareness...

Read More
Cofense Wins Multiple 2018 Info Security PG Global Excellence Awards
Mar05

Cofense Wins Multiple 2018 Info Security PG Global Excellence Awards

Cofense (formerly PhishMe) has been recognized once again for its anti-phishing solutions and will collect multiple Info Security PG Global Excellence Awards next month. Info Security PG is the leading information security research and advisory guide for the IT industry. The Info Security PG Global Excellence Awards recognize the best products and services in the field of IT security. Now in their 14th year, the awards not only...

Read More
HHS’ Office for Civil Rights Offers Anti-Phishing Advice for Healthcare Organizations
Mar04

HHS’ Office for Civil Rights Offers Anti-Phishing Advice for Healthcare Organizations

The Department of Health and Human Services’ Office for Civil Rights has issued anti-phishing advice for healthcare organizations. The warning and advice comes after several major phishing attacks in healthcare. The risk from phishing is greater than ever before and healthcare organizations are being extensively targeted. If technical controls are not implemented and the workforce is not trained to recognize phishing attacks, data...

Read More
Proofpoint’s Acquisition of Wombat Security Technologies has now been Completed
Mar01

Proofpoint’s Acquisition of Wombat Security Technologies has now been Completed

In early February, Proofpoint announced it was to acquire the security awareness and phishing simulation platform provider Wombat Security Technologies for $225 million in cash. Today, Proofpoint has confirmed that the acquisition has now been completed. The acquisition will see Wombat Security’s phishing simulation platform, its security awareness computer-based training content, and its phishing reporting tool incorporated into the...

Read More
PhishMe Rebranding as Cofense Reflects Company’s Extensive Range of Products and Services
Feb26

PhishMe Rebranding as Cofense Reflects Company’s Extensive Range of Products and Services

PhishMe has long been a strong brand name associated with phishing defense technology and training. Over the years the company has expanded its products and services, and now the time has come for a change to the brand name to better reflect the company’s position, products, and services. PhishMe started life on February 27, 2007 when Co-Founders Aaron Higbee (CTO) and Royht Belani (CEO) were searching for a company name and...

Read More
Phishing Attack on Sutter Health Business Associate Impacts Patients
Feb26

Phishing Attack on Sutter Health Business Associate Impacts Patients

Sutter Health is contacting certain patients to advise them that their protected health information may have been exposed in a phishing attack on the legal firm Salem and Green, one of its business associates. It is thought that the attack took place on or around October 11, 2017, a phishing email was received by a worker at Salem and Green. The worker responded and, in doing so, allowed the attackers access to their email account....

Read More
PhishLabs Research Reveals Extent of Cybercriminals’ Abuse of HTTPS
Feb23

PhishLabs Research Reveals Extent of Cybercriminals’ Abuse of HTTPS

The Q3 2017 phishing Activity Trends Report from the Anti Phishing Working Group has revealed the extent to which cybercriminals are abusing the Hypertext Transfer Protocol Secure (HTTPS) protocol in phishing campaigns. Websites using HTTPS encrypt the connection between the website and browser to prevent man-in-the-middle attacks. There has been a major transition from HTTP to HTTPS by online retailers and other businesses to provide...

Read More
Sophos Launches Phish Threat 2.0
Feb22

Sophos Launches Phish Threat 2.0

Sophos has launched a new version of its Phish Threat simulator. Phish Threat 2.0 is an enterprise-class phishing simulation platform that allows businesses to run their own internal phishing campaigns to test the effectiveness of their security awareness programs and discover how susceptible their employees are to phishing threats. Training employees to be more security aware is now an essential element of any cybersecurity strategy....

Read More
Ironscales Phishing Threat Technology Recognized for Spear Phishing Protection Capabilities
Feb22

Ironscales Phishing Threat Technology Recognized for Spear Phishing Protection Capabilities

Ironscales, a provider of an automated phishing protection, detection and response platform has had its advanced spear phishing threat technology recognized as a key innovation in the spear phishing market by the global market research and consulting firm Markets&Market in its recent spear phishing market report. The company’s technology was developed specifically to identify and block advanced spear phishing threats that often...

Read More
Ron’s Pharmacy Services Patients Receive Email Account Breach Alerts
Feb13

Ron’s Pharmacy Services Patients Receive Email Account Breach Alerts

San Diego, CA-based Ron’s Pharmacy Services has found that an employee’s email account containing limited protected health information has been logged onto by an unknown individual. Unusual activity was noticed on the employee’s email account during October 3, 2017 resulting in an investigation; however, it was not until December 21, 2017 that it was revealed that an unauthorized individual had obtained messages in the email...

Read More
Agari Reveals 90% of Brands Extremely Vulnerable to Phishing and Fraud
Feb12

Agari Reveals 90% of Brands Extremely Vulnerable to Phishing and Fraud

A joint research study conducted by Agari and Farsight Security has been published this month that shows almost every domain is vulnerable to phishing and domain name spoofing due to the failure to adopt the Domain Message Authentication Reporting & Conformance (DMARC) email authentication standard. Globally, fewer than 1% of domains are protected by DMARC, which helps domain owners prevent abuse of their brands. An analysis of...

Read More
PhishMe (now Cofense) Named Winner in Five Categories at the 2018 Cybersecurity Excellence Awards
Feb09

PhishMe (now Cofense) Named Winner in Five Categories at the 2018 Cybersecurity Excellence Awards

It has been an impressive start to the year for PhishMe (now Cofense). The company has already picked up a 2018 Stevie Award for customer service and now the Leesburg, VA-based provider of human phishing defense solutions has been named a winner in five categories at the 2018 Cybersecurity Excellence Awards. The Cybersecurity Excellence Awards program honors companies and individuals in the field of cybersecurity that have...

Read More
Proofpoint Acquires Wombat Security Technologies for $225 Million
Feb07

Proofpoint Acquires Wombat Security Technologies for $225 Million

Sunnyvale, CA-based cybersecurity firm Proofpoint has announced it has acquired the phishing simulation and security awareness company Wombat Security Technologies. The deal is for $225 million in cash and is expected to close in Q1, 2018. Proofpoint is already a major player in the cybersecurity market providing advanced threat protection, encryption, data loss prevention, email security and many other digital security services to...

Read More
FBI Issues Warning About Internet Crime Complaint Center Phishing Scams
Feb06

FBI Issues Warning About Internet Crime Complaint Center Phishing Scams

The FBI has spent the past few months investigating reports of Internet Crime Complaint Center phishing scams. IC3 has been impersonated in several campaigns that attempt to convince people to reveal sensitive information that can be used to drain bank accounts and steal identities. The FBI has identified three email templates that are being used by scammers to obtain sensitive information from victims. In some cases, victims have...

Read More
Poor DMARC Adoption in Retail Industry Placing Customers at Risk
Feb01

Poor DMARC Adoption in Retail Industry Placing Customers at Risk

A recent study conducted by the email analytics firm 250ok has revealed DMARC adoption in retail is particularly poor and the lack of email validation is placing consumers at risk. SPF – or Sender Policy Framework to give it its full name – is an email validation system that helps businesses to detect attempts to spoof their domains. Domain spoofing is a common tactic used by cybercriminals to fool email recipients into thinking an...

Read More
Google Security Checkup Emails Raise Concern Due to Similarity to Phishing Emails
Jan30

Google Security Checkup Emails Raise Concern Due to Similarity to Phishing Emails

Google security checkup emails have been hitting inboxes over the past few days. The purpose of the emails is to get Google email account holders to check their security settings as potential vulnerabilities have been discovered – Vulnerabilities that could potentially be exploited by malicious actors to take control of users’ email accounts and view potentially sensitive information contained therein. The Google security emails may...

Read More
PhishMe (now Cofense) Report Shows How Phishing Susceptibility Rates Can be Deceiving
Jan26

PhishMe (now Cofense) Report Shows How Phishing Susceptibility Rates Can be Deceiving

A new enterprise phishing resiliency and defense report from PhishMe confirms phishing campaigns increased by 65% in 2017. As PhishMe  (now Cofense) explains in the report, the rise in phishing attacks is easy to explain. Phishing attacks are an easy and low-cost way for hackers to make money. For businesses, the danger of phishing is clear. A typical phishing attack on a mid-sized company costs $1.6 million to resolve, according to...

Read More
Knowbe4 Identifies Industry Most Susceptible to Phishing Attacks
Jan25

Knowbe4 Identifies Industry Most Susceptible to Phishing Attacks

Security awareness and phishing training firm Knowbe4 has published a new report that identifies the industry most susceptible to phishing attacks. For the report, Knowbe4 analyzed data from more than 6 million users and 11,000 organizations using its phishing email simulation service. Figures include a baseline taken prior to the provision of security awareness training, 90 days following training and phishing email simulations, and...

Read More
New Necurs Botnet Phishing Campaign Spreads Dridex Banking Trojan
Jan24

New Necurs Botnet Phishing Campaign Spreads Dridex Banking Trojan

The operators of the Necurs botnet have launched several phishing campaigns in the past few days that are being used to spread the Dridex banking Trojan. Malware and cryptocurrency miners are also being sent in large scale campaigns. New tactics are being used to ensure infection and avoid detection. The latest Dridex malware campaign was launched in the past few days and targets customers of major US and European banks. When users...

Read More
Beware of W2 Phishing Scams This Tax Season
Jan23

Beware of W2 Phishing Scams This Tax Season

Employers are being warned to be wary of W2 phishing scams this tax season. The past two years have seen hundreds of employers scammed into disclosing the W2 forms of their employees. The credentials on the forms were subsequently used to file false tax returns. This year is likely to be no different. Last year, accounts department and payroll staff were targeted with W2 phishing scams, using an attack method termed business email...

Read More
Threat from Phishing at an All Time HIgh
Jan22

Threat from Phishing at an All Time HIgh

The 2018 State of the Phish Report from Wombat Security Technologies confirms the threat from phishing is at an all-time high. Fortunately, employees do appear to be getting better at recognizing phishing emails. The data for the latest State of the Phish Report comes from an analysis of millions of phishing email simulations using the Wombat platform, along with quarterly surveys on more than 10,000 information security professionals...

Read More
Phishing Attack Sees School District Network Crippled by Emotet Malware
Jan21

Phishing Attack Sees School District Network Crippled by Emotet Malware

Employees of the Rockingham County Schools District in North Carolina have inadvertently disabled their entire network after falling for phishing emails. Several employees opened malicious Microsoft Word documents that resulted in multiple copies of Emotet malware being installed. Emotet malware is a computer Trojan that steals financial information first by injecting code into the networking stack, then installing itself in software...

Read More
Sophos Warns Users About Fake Antivirus Apps
Jan20

Sophos Warns Users About Fake Antivirus Apps

Sophos has alerted users to the risk of downloading fake antivirus apps. The firm has also released a new white paper on a specific antivirus app called Super Antivirus 2018. According to the report, the app has been downloaded 50,000 times, presumably by users who are concerned about security. While the app does appear to be scanning the mobile device on which it is installed, all the app really offers is the illusion of security....

Read More
Cofense PhishMe Simulator Named 2018 SC Media Award Finalist for Third Consecutive Year
Jan19

Cofense PhishMe Simulator Named 2018 SC Media Award Finalist for Third Consecutive Year

The finalists for the 2018 SC Media Awards have been announced, and for the third successive year, PhishMe has been recognized. Cofense PhishMe Simulator, a phishing email simulation platform that can be used to test resilience to phishing attacks, has been named a finalist in the Best IT Security-Related Training Program category. SC Media one of the most well-respected cybersecurity news outlets in the world. For the past 25 years,...

Read More
Phishing Emails Pushing Fake Meltdown and Spectre Patches
Jan18

Phishing Emails Pushing Fake Meltdown and Spectre Patches

The recently disclosed microprocessor vulnerabilities – Meltdown and Spectre – have had software and hardware firms working hard to develop patches. Cybercriminals have also been busy developing phishing campaigns that push fake Meltdown and Spectre patches. It should not come as a surprise that cybercriminals are capitalizing on the rush to secure computers and patch the vulnerabilities. The vulnerabilities can potentially be...

Read More
PhishLabs Poll Shows Many Employers Do Not Ask Staff to Report Suspicious Emails
Jan17

PhishLabs Poll Shows Many Employers Do Not Ask Staff to Report Suspicious Emails

A recent online poll conducted by the anti-phishing solution provider PhishLabs has revealed a considerable cybersecurity gap exists at many organizations. While most companies now have solutions in place to block spam and malicious emails, those solutions rarely block every unwanted email. Many spam emails are still delivered. Some of those emails will contain malware and links to phishing websites. It is for this reason that it is...

Read More
DMARC Adoption by Federal Agencies Increases 38% in 30 Days
Jan16

DMARC Adoption by Federal Agencies Increases 38% in 30 Days

A new report from Agari suggests the decision made by the Department of Homeland Security (DHS) to make DHS adoption by federal agencies mandatory is having a positive impact. However, the deadline for compliance is fast approaching and the majority of federal agencies have still not implemented DMARC. Prior to the DHS directive (BOD 18-01), relatively few government agencies were using DMARC to secure their domains. The DHS directive...

Read More
PhishMe Publishes South Africa Phishing Response Trends Report
Jan15

PhishMe Publishes South Africa Phishing Response Trends Report

A new South Africa phishing response trends report from PhishMe includes worrying statistics for CISOs and CIOs in South Africa. The threat from phishing is greater in South Africa than many other countries, but companies are struggling to deal with the threat. For the report, PhishMe looked at the technologies and strategies used by IT security decision makers in South Africa to deal with phishing attacks. The report reveals 90% of...

Read More
Florida Agency for Health Care Administration Hit by Phishing Attack
Jan11

Florida Agency for Health Care Administration Hit by Phishing Attack

An unauthorized individual has gained access to a single email account of a staff member at the Agency for Health Care Administration in Florida using a phishing scam. The staff member was sent, and responded to, a malicious phishing email on November 15, 2017 and shared login details that permitted the attacker to remotely access his/her email account and, potentially, the protected health information of up to 30,000 Medicaid...

Read More
Half of Users Click Links Sent by Unknown Senders
Jan08

Half of Users Click Links Sent by Unknown Senders

A new report from Komodo security suggests that until at least 2020, phishing will remain the most commonly used tactic of conducting advanced attacks on businesses, for a very good reason. 50% of the time those attacks are successful. The worrying statistic comes from research conducted at Friedrich Alexander University in Germany in 2016, which suggests one in two computer users routinely click hyperlinks in emails from unknown...

Read More
Bronson Healthcare Group Phishing Attack Impacts 8,256 Patients
Jan06

Bronson Healthcare Group Phishing Attack Impacts 8,256 Patients

A recent Bronson Healthcare Group phishing attack has resulted in a hacker gaining access to the protected health information (PHI) of 8,256 patients. The attack allowed the hacker to gain access to the health system’s email system, which contained the names, medications, and treatment information of patients. No Social Security numbers or patients’ financial information was compromised, and its electronic medical record system was...

Read More
PhishLine Bought by Barracuda Networks
Jan03

PhishLine Bought by Barracuda Networks

The phishing simulation and security awareness training company PhishLine has been bought by Barracuda Networks. Barracuda Networks is expanding its phishing defense solutions and is planning on creating a comprehensive anti-phishing platform that includes data protection, gateway security, AI-based threat intelligence, security awareness training and phishing simulation exercises. Barracuda already offers its customers a broad range...

Read More
Cyberattacks on Hospitals on the Rise: 78% of Providers Attacked in 2017
Dec20

Cyberattacks on Hospitals on the Rise: 78% of Providers Attacked in 2017

There has been an increase in cyberattacks on hospitals in 2017, according to a recent Mimecast survey. The survey was conducted on 76 healthcare IT professionals in the United States. 78% said they had experienced a cyberattack in the past 12 months. Cyberattacks on hospitals take many forms. Hackers often take advantage of poor patching policies and misconfigured servers and databases, although email is the primary attack vector....

Read More
PhishMe Reaches 10 Million User Milestone
Dec17

PhishMe Reaches 10 Million User Milestone

Anti-phishing solution provider PhishMe has announced it has reached another impressive milestone. Its PhishMe Reporter solution has now been installed on more than 10 million workstations. Organizations can deploy a host of phishing defenses to prevent malicious emails from reaching inboxes; however, even advanced spam filters will not block 100% of phishing emails. There will always be some malicious emails that slip through the...

Read More
IRS Phishing Scam Targets Hotmail Users
Dec16

IRS Phishing Scam Targets Hotmail Users

A new IRS phishing scam has been detected that targets tax professionals and taxpayers who hold Hotmail email accounts. The scam has prompted the Internal Revenue Service to issue a warning to Hotmail users to be wary of emails that request personal and financial information. Each year, cybercriminals target tax payers and attempt to get them to reveal their personal information and Social Security numbers, which are used to file...

Read More
Soaring Value of Bitcoin Triggers Rise in Phishing Attacks on Bitcoin Wallets
Dec12

Soaring Value of Bitcoin Triggers Rise in Phishing Attacks on Bitcoin Wallets

Over the past few days, the value of Bitcoin has soared from $11,000 to more than $17,500, prompting hackers to increase the number of phishing attacks on Bitcoin wallets. While investors are cashing in on the surge in value, so too are attempts to steal Bitcoin. The purpose of the phishing attacks on Bitcoin wallets is simple. Get investors to reveal their account credentials and Bitcoin wallets can be plundered. There is also no...

Read More
Rise in HTTPS Phishing Websites Detected
Dec07

Rise in HTTPS Phishing Websites Detected

The past few years have seen many businesses transition from HTTP to HTTPS websites, but HTTPS phishing websites have similarly increased. A green padlock next to the URL indicates the website is secure and traffic between the browser and website is encrypted, but it does not mean the website is legitimate. All HTTPS means is the connection between the user and the website is secure and any data transferred between the two cannot be...

Read More
IronScales Raises $6.5 Million in Series A Funding
Dec06

IronScales Raises $6.5 Million in Series A Funding

Tel Aviv-based anti-phishing company IronScales has raised $6.5 million in Series A funding, bringing total equity funding to more than $8 million. IronScales has enjoyed continued double-digit growth over the past three years and has invested heavily in its threat detection, incident response, and threat intelligence sharing technologies. The company has recently been rated as one of the top ten companies to watch by Momentum...

Read More
Cybercriminals Increasingly Targeting Employees by Impersonating Businesses
Dec06

Cybercriminals Increasingly Targeting Employees by Impersonating Businesses

At the Black Hat Europe Conference in London, Mimecast announced the findings of its latest study of its Email Security Risk Assessment (ESRA) test results. The ESRA tests are conducted on thousands of businesses to assess their current security solutions and how effective they are at blocking email-based threats such as phishing attacks and malware and ransomware-laced emails. While businesses have email gateway security solutions in...

Read More
DMARC Adoption Study Reveals Healthcare Industry Lags Behind Other Industry Sectors
Dec03

DMARC Adoption Study Reveals Healthcare Industry Lags Behind Other Industry Sectors

A recent DMARC adoption study by Agari has revealed the healthcare industry lags behind most other industry sectors on email authentication. Most of the top healthcare firms in the United States are failing to protect their customers and partners from phishing threats. Domain-based message authentication, reporting and conformance (DMARC) protects domains and stops domain abuse by phishers. While DMARC is highly effective at...

Read More
Most Successful Phishing Scams Revealed by PhishMe
Dec02

Most Successful Phishing Scams Revealed by PhishMe

What are the most successful phishing scams? Warnings about undelivered parcels? Security alerts that require users’ immediate attention? Documents that has been shared by contacts? According to a recent analysis by anti-phishing solution provider PhishMe, the most successful phishing scams, which have almost a 20% success rate, involve the use of entertainment-based triggers to get users to take the desired action. For its analysis,...

Read More
Medical College of Wisconsin Phishing Attack Affects 9,500 Patients
Nov29

Medical College of Wisconsin Phishing Attack Affects 9,500 Patients

The exposure of approximately 9,500 patients’ protected health information at the Medical College of Wisconsin has been caused by a phishing attack. The attackers were able to gain access to several staff members’ email accounts, which included a variety of sensitive information of patients and some faculty employees. The types of data in the accessed email accounts included names, addresses, medical record numbers, dates of birth,...

Read More
MediaPro Launches New Travel Security Awareness Training Course
Nov28

MediaPro Launches New Travel Security Awareness Training Course

Organizations can train their employees to be more security aware in the office, but when it comes to business trips, employees face additional security risks. Training employees to be more security aware when travelling can help them to avoid risky behaviors that could potentially lead to malware infections or the accidental disclosure of sensitive information. To help businesses deal with the added risks that come from business...

Read More
Warning Issued by IRS About Christmas Phishing Scams
Nov28

Warning Issued by IRS About Christmas Phishing Scams

Each year there is a wave of Christmas phishing scams during the holiday season, as cybercriminals attempt to steal sensitive information to enable them to file fraudulent tax returns. This year is likely to be no different. Last year saw a major increase in Christmas phishing scams, and the prospect of another barrage of phishing emails has prompted the IRS to issue a warning to consumers to be alert to new, sophisticated email scams...

Read More

Sophos Helps Consumers Avoid Phishing Scams When Shopping Online

Holiday season is a busy time for cybercriminals just as it is for online shoppers, so how can you avoid phishing scams when shopping online this festive season? Sophos has recently offers tips for consumers to help them avoid phishing scams when shopping online, highlighting some of the common tactics used by scammers, and how to recognize phishing websites and scam emails. One of the most common ways that scammers fool victims is...

Read More
Suspected UPMC Susquehanna Phishing Attack Exposes 1,200 Patients’ PHI
Nov23

Suspected UPMC Susquehanna Phishing Attack Exposes 1,200 Patients’ PHI

A network of hospitals and medical centers in Williamsport, Wellsboro and Muncy in Pennsylvania, called UPMC Susquehannam has revealed that the protected health information of 1,200 patients has possibly been accessed by unauthorized people. Access to patient information is thought to have been obtained after an worker replied to a phishing email. While information regarding the breach date have not been published, UPMC Susquehanna...

Read More
Phishing is the Biggest Security Threat in Australia
Nov22

Phishing is the Biggest Security Threat in Australia

The biggest security threat in Australia for businesses is phishing, according to a recent survey of IT professionals by anti-phishing solution provider PhishMe. The survey was conducted on IT professionals from a wide range of industry sectors including healthcare, finance, retail, manufacturing, high-tech, services, transportation, telecoms, and consumer services. The survey revealed that 89% of IT professionals that took part in...

Read More
KnowBe4 Highlights Six Cybersecurity Trends for 2018 to be Aware Of
Nov17

KnowBe4 Highlights Six Cybersecurity Trends for 2018 to be Aware Of

Security awareness training and anti-phishing vendor KnowBe4 has identified six cybersecurity trends for 2018 that all organizations need to be aware of. The cybersecurity predictions have been made by security experts who have been monitoring the rise in cyberattacks and phishing incidents over the past 12 months. There have been several growing threats throughout 2017 which are likely to continue to cause problems for unprepared...

Read More
Contacts Stolen and Spear Phishing Emails Sent by Ursnif Trojan
Nov17

Contacts Stolen and Spear Phishing Emails Sent by Ursnif Trojan

The financial sector banking Trojan Ursnif, one of the most commonly experienced banking Trojans, has before been used to attack banking institutions. However, it seems the individuals behind the malware have expanded their horizons, with cyberattacks now being carried out on a wide variety of groups across many different sectors, including healthcare. The new strain of the Ursnif Trojan was found by researchers at security firm...

Read More
Wombat Security Technologies Ranks #135 on Deloitte Technology Fast 500 List
Nov16

Wombat Security Technologies Ranks #135 on Deloitte Technology Fast 500 List

Deloitte has released its latest Technology Fast 500 List – A list of the fastest growing companies in the technology, life sciences, and telecommunications sectors in North America. For the third straight year, the anti-phishing vendor Wombat Security Technologies has been included in the list and has ranked in the top 150 companies in the United States. This year, the impressive 840% growth has seen Wombat Security Technologies rank...

Read More
PhishMe Included in 2017 Deloitte Technology Fast 500 List
Nov12

PhishMe Included in 2017 Deloitte Technology Fast 500 List

The 2017 Deloitte’s Technology Fast 500 has been published – a list of the top 500 fastest growing companies in the United States in the media, tech, telecoms, energy tech, and life sciences industries. For the third consecutive year, anti-phishing solution provider PhishMe has been included in the Deloitte Technology Fast 500 list. This year, in the overall rankings, PhishMe was ranked 200, and achieved position 114 in the software...

Read More
PhishLabs Launches New Phishing Threat Monitoring and Forensics Service
Nov10

PhishLabs Launches New Phishing Threat Monitoring and Forensics Service

The Charleston, South Carolina-based anti-phishing solution provider PhishLabs has launched a new Phishing Threat Monitoring & Forensics Service, which helps to identify phishing emails that have evaded spam filtering technologies. Even with a wide range of technologies in place to catch and quarantine phishing emails, some messages evade detection and are delivered to inboxes. This is why security awareness training for...

Read More
InfoSec Institute Launches New Phishing Defense Tool
Nov10

InfoSec Institute Launches New Phishing Defense Tool

The security awareness training company, the InfoSec Institute, has launched a new phishing defense tool called PhishDefender, which the firm claims can reduce phishing susceptibility to 0%. PhishDefender allows administrators to automatically set security controls based on real-time learner data, adjusting controls automatically based on the level of risk. PhishDefenser has been added to the firms SecurityIQ security awareness...

Read More
MediaPro Included in 2017 Gartner Magic Quadrant for Security Awareness
Nov09

MediaPro Included in 2017 Gartner Magic Quadrant for Security Awareness

Bothell, WA-based learning services company MediaPro has been named one of the leaders in the 2017 Gartner Magic Quadrant for Security Awareness Computer-Based Training. The company has been recognized for completeness of vision and ability to execute. This is the fourth consecutive year that the firm has earned the accolade and has made the Leaders Quadrant. Gartner explained that the company offers “one of the most flexible...

Read More
PhishLine Partners with Pipeline Security and Moves into the Japanese Market
Nov06

PhishLine Partners with Pipeline Security and Moves into the Japanese Market

Milwaukee-based security awareness training and anti-phishing vendor PhishLine has announced a new partnership with the Tokyo-based firm Pipeline Security. It is hoped that this new partnership will help PhishLine improve its footprint in east Asia and fortify its presence in the Japanese security market. Pipeline Security is a well-respected security firm that serves many top-tier businesses in Japan, offering a range of security...

Read More
Study Reveals Extent to Which Combosquatting is Used by Hackers
Nov02

Study Reveals Extent to Which Combosquatting is Used by Hackers

The use of combosquatting is on the rise, although until recently, the extent to which combosquatting was being used by cybercriminals was not known. However, a new study that examined more than 468 billion DNS records has revealed the practice is far more common than typosquatting. More than 100 times as common in fact. What is Combosquatting? Combosquatting is the use of a trademark in combination with another word in a domain. For...

Read More
Inky Awarded Cyber Start-Up Company of the Year Award
Nov01

Inky Awarded Cyber Start-Up Company of the Year Award

A new player in the anti-phishing arena, Inky, has received a Cyber Start-up Company of the Year Award at the inaugural Infosecurity North America conference in Boston. Inky was one of four start-ups pitching a panel of four venture capitalist judges for the award. The company and its innovative anti-phishing solution won over the judges. Inky has developed a new phishing defense solution called Phish Fence. Phish Fence is a platform...

Read More
PhishMe Recognized as Leader by Gartner: Added to Magic Quadrant for Security Awareness CBT
Oct31

PhishMe Recognized as Leader by Gartner: Added to Magic Quadrant for Security Awareness CBT

For the second consecutive year, PhishMe has been included in the Leader’s Magic Quadrant for Security Awareness CBT by Gartner, recognizing the commitment and capabilities of the company and the excellence of its anti-phishing solution and security awareness training program. 12 vendors were assessed for the 2017 Magic Quadrant for Security Awareness CBT for the ability to execute and for completeness of vision. PhishMe was ranked...

Read More
KnowBe4 Secures $30 Million Investment in Series B Funding Round
Oct31

KnowBe4 Secures $30 Million Investment in Series B Funding Round

Anti-phishing solution provider KnowBe4 has secured $30 million of growth capital in its latest series B funding round, bringing its total financing up to $44 million. The latest round of funding was led by a new investor – Goldman Sachs Growth Equity. The additional capital will primarily be used to fuel growth in international markets, with some funds used for product development. The new investment comes after impressive third...

Read More
New Matrix Ransomware Malvertising Campaign Detected
Oct30

New Matrix Ransomware Malvertising Campaign Detected

A new Matrix ransomware malvertising campaign has been detected. The campaign uses malicious adverts to direct users to a site hosting the Rig exploit kit. Flash and IE vulnerabilities are exploited to download the malicious file-encrypting payload. The new Matrix ransomware malvertising campaign was detected by security researcher Jérôme Segura. Matrix ransomware is not a new threat, having first been detected in late 2016. The...

Read More
New MyEtherWallet Phishing Campaign Detected
Oct29

New MyEtherWallet Phishing Campaign Detected

A new MyEtherWallet phishing campaign has been detected that uses a convincing domain and MyEtherWallet branding to fool MyEtherWallet users into revealing their credentials and providing criminals with access to their MyEtherWallet accounts. In the first few hours of the campaign, the criminals behind the scam had obtained more than $15,000 of MyEtherWallet funds, including $13,000 from one MyEtherWallet user. The individuals behind...

Read More
Data Breaches Drop For Second Consecutive Month
Oct26

Data Breaches Drop For Second Consecutive Month

The latest report of the Breach Barometer from Protenus/Databreaches.net Healthcare shows that data violations have dropped for the second consecutive month, according to . In August, there were 33 reported healthcare data violations, down from 36 incidents in July and 56 in June. While the drop int he number of data breaches is encouraging, that is still more than one healthcare data breach per day. While it was the second best month...

Read More
51,000 Plan Subscribers Hit by Network Health Phishing Attack
Oct16

51,000 Plan Subscribers Hit by Network Health Phishing Attack

Network Health has advised 51,232 of its plan subscribers that some of their protected health information (PHI) has possibly been accessed by unauthorized people. In August 2017, some Network Health Wisconsin-based employees received sophisticated phishing emails. Two of those staff members responded to the scam email and divulged their login credentials to the attackers, who used the details to gain access to their private email...

Read More
Department of Education Issues Advisory to Hacking and Extortion Threats
Oct15

Department of Education Issues Advisory to Hacking and Extortion Threats

Recently, the hacking group TheDarkOverlord has been targeting K12 schools; gaining access to networks, stealing data and attempting to extort money. In response to the hacking and extortion threats, the U.S. Department of Education has issued an advisory to K12 schools and has provided advice to help educational institutions mitigate risk and protect their networks from attack. The attacks on schools by TheDarkOverlord in recent...

Read More
Most Effective Phishing Emails Revealed
Oct13

Most Effective Phishing Emails Revealed

Phishing is an effective method of obtaining login credentials and installing malware and ransomware, and email is the most common vector used for these scams, but what are the most effective phishing emails? What types of emails are most likely to fool your employees into installing malware or disclosing their login credentials? This week, security awareness training company KnowBe4 has released its Q3 phishing report, detailing the...

Read More
Phishing Has Been the Leading Vector for Cyberattacks in 2017
Oct08

Phishing Has Been the Leading Vector for Cyberattacks in 2017

A recent email security report from anti-phishing vendor IronScales shows that throughout 2017, the leading cyberattack vector is phishing emails, which account for almost 95% of successful cyberattacks. For the report, IronScales surveyed 500 cybersecurity professionals and asked questions about recent cyberattacks, their causes, mitigating those attacks, and cybersecurity defenses deployed to block attacks. Even though many of the...

Read More
MediaPro Report Reveals 7 Out of 10 Employees Lack Appropriate Level of Security Awareness
Oct04

MediaPro Report Reveals 7 Out of 10 Employees Lack Appropriate Level of Security Awareness

The phishing simulation and security awareness training firm MediaPro has released its second annual State of Privacy and Security Awareness Report, which reveals 7 out of 10 employees do not have sufficient security awareness to prevent cyberattacks on their organization. Even though the risk of phishing attacks has been widely publicized in the media over the past few years, and data breaches and cyberattacks have increased...

Read More
Ransomware and Phishing Rated Top Threats by IT Professionals
Oct03

Ransomware and Phishing Rated Top Threats by IT Professionals

A recent survey by Cyren, conducted by Osterman Research, has revealed the biggest concerns of IT professionals are ransomware and phishing. When asked about their biggest security concerns, 62% said ransomware, 61% said phishing, and 54% said data breaches. The survey also showed that investment in cyber defenses has increased, yet for many firms, even further investment in security solutions has failed to prevent data breaches. It...

Read More
More than 1 Million New Phishing Websites are Created Each Month
Sep27

More than 1 Million New Phishing Websites are Created Each Month

The Quarterly Threat Trends Report published by WebRoot this month shows there has been a significant increase in the number of new phishing websites being launched each month. May 2017 saw a record number of new phishing websites created, with more than 2.3 million new websites detected in the month of May alone. Figures for the quarter show there are now well over 1 million new phishing websites created each month, which equates to...

Read More
2017 Has Seen Major Improvements in Phishing Awareness
Sep22

2017 Has Seen Major Improvements in Phishing Awareness

The latest Beyond the Phish Report from Wombat Security Technologies has shown employees are getting better at identifying phishing emails, and investment in security awareness training is paying off. Last year’s report included an analysis of responses to a Q&A conducted on employees which assessed security awareness and susceptibility to phishing attacks. In 2016, more than 20 million answers were analyzed, with this year’s...

Read More
Three Quarters of UK Businesses Have Experienced Email Security Incidents
Sep15

Three Quarters of UK Businesses Have Experienced Email Security Incidents

Phishing is the number one cybersecurity threat in the UK, and UK businesses are increasingly coming under attack. A new report from the leading provider of security awareness computer-based training, PhishMe, shows just how serious the threat from phishing has become. 75% of UK businesses have had to deal with an email-based security incident, while almost a quarter are having to deal with more than 500 phishing emails a week. Even...

Read More
Beware of Equifax Data Breach Phishing Scams
Sep14

Beware of Equifax Data Breach Phishing Scams

Consumers are being warned to be on high alert for Equifax data breach phishing scams, telephone and text message scams, and fraudulent use of their sensitive information. Almost Half of All Americans Impacted by Equifax Data Breach The massive Equifax data breach has resulted in the personal information of almost half of the population of the United States being stolen. More than 143 million Americans have been impacted by the...

Read More
LinkedIn Phishing Scam Uses InMail and Personal Messages to Obtain Sensitive Information
Sep12

LinkedIn Phishing Scam Uses InMail and Personal Messages to Obtain Sensitive Information

A new LinkedIn Phishing scam has been detected that uses compromised LinkedIn Premium accounts to send InMail messages and private messages to other LinkedIn users. The messages appear genuine as first glance, but are being used to obtain email login credentials. Those email accounts will undoubtedly be used in more extensive phishing scams. Phishers have been gaining access to genuine LinkedIn accounts and using them to send InMail...

Read More
90% of IT Professionals Most Concerned About Phishing, Spear Phishing and Whaling
Sep07

90% of IT Professionals Most Concerned About Phishing, Spear Phishing and Whaling

Phishing, spear phishing, and whaling attacks are the leading cause of concern for IT professionals in the United States, according to the latest Phishing Response Trends Survey from the leading provider of human phishing defense solutions, PhishMe. The survey was conducted on two hundred IT executives in the United States, and came from a wide range of industry sectors, including business, healthcare, the financial services, retail,...

Read More
Kaleida Health Suffers Second Phishing Attack in Space of 2 Months
Sep01

Kaleida Health Suffers Second Phishing Attack in Space of 2 Months

Kaleida Health has announced an employee has fallen for a phishing scam that resulted in the protected health information of 744 patients being exposed, and potentially obtained by an unauthorized individual. The phishing attack occurred on June 26, 2017 and resulted in access being gained to the employee’s email account. The email account contained a range of protected health information including names, medical record numbers,...

Read More
Webroot Acquires Securecast and Starts Offering Anti-Phishing Training
Aug21

Webroot Acquires Securecast and Starts Offering Anti-Phishing Training

Webroot, a leading provider of endpoint security systems, has announced it has acquired Securecast – A provider of a fully automated security awareness training platform. The Securecast security-awareness-as-a-service platform has been renamed Webroot Security Awareness Training, and a beta version of the platform has now been made available. Webroot will be offering the new platform to its customers to help them train their...

Read More
City of Hope Phishing Attack Impacts 3,400 Patients
Aug14

City of Hope Phishing Attack Impacts 3,400 Patients

A recent City of Hope phishing attack has potentially resulted in the PHI of 3,400 patients being accessed by cybercriminals. City of Hope employees were sent phishing emails on May 31 and June 2, 2017. Four employees responded to the emails and disclosed their email credentials to the attackers. Four email accounts were accessed by the attackers. While the email accounts contained sensitive information, City of Hope officials do not...

Read More
Free Phishing Simulator for Small Businesses Launched by PhishMe
Aug12

Free Phishing Simulator for Small Businesses Launched by PhishMe

A free phishing simulator for small businesses has been developed and released by the leading provider of human phishing defense solutions, PhishMe. The phishing simulator allows small businesses – companies with under 500 employees – to develop and run dummy phishing email campaigns to test the effectiveness of their security awareness training programs. Research by PhishMe shows that phishing email simulations are invaluable for...

Read More
2,789 Patients’ PHI Compromised in Phishing Attack
Aug02

2,789 Patients’ PHI Compromised in Phishing Attack

Kaleida Health has announced that a phishing attack has resulted in an email account being compromised, and along with it, the protected health information of 2,789 of its patients. Kaleida Health became aware of the incident on May 24, 2017, and called on a computer forensics firm to assess which patients have been affected and the extent to which its systems had been compromised. The firm determined the attack was limited to one...

Read More
Call Issued for Federal Agencies to Adopt DMARC to Prevent Phishing
Jul20

Call Issued for Federal Agencies to Adopt DMARC to Prevent Phishing

Over the past few months there have been several cases of criminals impersonating government departments in phishing campaigns, prompting Sen. Ron Wyden (D-OR) to write to the Department of Homeland Security calling for the use of DMARC to prevent phishing attacks using federal email domains. Phishers are gaining access to real domains used by federal agencies and are sending out phishing emails. The official domains add authenticity...

Read More
Google Makes It Harder to Install Malicious Apps
Jul18

Google Makes It Harder to Install Malicious Apps

In May, a phishing campaign took advantage of users of Google Docs. Emails were sent containing a link to Google Docs that appeared to be an invitation to collaborate on a document. The emails contained all the typical branding one would expect from a legitimate request. However, the request was not sent via Google Docs. It was sent via a third-party app that had been named Google Docs. Clicking the link to accept the request to...

Read More
PhishMe CEO Royht Belani Receives EY Entrepreneur of the Year Award
Jun20

PhishMe CEO Royht Belani Receives EY Entrepreneur of the Year Award

The winners of the 2017 EY Entrepreneur of the Year Awards for the Mid-Atlantic region have been announced, with PhishMe CEO and co-founder Royht Belani named as 2017 CEO of the Year for the Mid-Atlantic region in the security category. Each year, EY recognizes entrepreneurs that have gone the extra mile and have shown exceptional personal commitment to their business and communities and been inspirational leaders. EY first started...

Read More
Southern Oregon University Phishing Attack Results in Theft of $1.9 Million
Jun15

Southern Oregon University Phishing Attack Results in Theft of $1.9 Million

A Southern Oregon University phishing attack has resulted in the theft of $1.9 million from the university’s accounts – Arguably the worst phishing attack of the year to date. While the Southern Oregon University phishing attack stands out due to the amount of money obtained by the attackers, it is sadly just one of a large number of attacks that have affected U.S organizations this year. The scam is known as Business Email Compromise...

Read More
PhishMe Lands Prestigious 2017 SC Europe Award for its Anti-Phishing Solutions
Jun14

PhishMe Lands Prestigious 2017 SC Europe Award for its Anti-Phishing Solutions

Each year, SC Media hosts a prestigious awards ceremony where the best companies and information security products are recognized and celebrated. The SC Awards are widely regarded as some of the most prestigious awards for companies in the field of information security. Each company and product is scrutinized by two panels of judges which score the companies and products on a wide range of criteria. To be selected as a finalist in one...

Read More
Q2 Saw a 400% Increase in Phishing Attacks on Businesses
Jun13

Q2 Saw a 400% Increase in Phishing Attacks on Businesses

The threat from phishing has been growing steadily over the past few years, but a new report from Mimecast shows the threat is greater than ever before with more phishing attacks on businesses than any other time in history. The report shows there has been a 400% increase in phishing attacks on businesses in Q2, 2017. For the study, Mimecast analyzed the inbound emails of 44,000 business users. That analysis showed cybercriminals are...

Read More
Phishing Trends and Intelligence Report Published by PhishLabs
Jun12

Phishing Trends and Intelligence Report Published by PhishLabs

PhishLabs, a leading provider of phishing defense solutions, has published its Phishing Trends and Intelligence Report for Q1, 2017. The report shows that cybercriminals have changing tactics and targets in the first quarter of 2017, attacking different industries with different methods compared to the previous quarter. PhishLabs CEO Tony Price said, “The first quarter of 2017 shows just how quickly the phishing threat landscape...

Read More
PhishMe Offers Assistance with GDPR Compliance
Jun10

PhishMe Offers Assistance with GDPR Compliance

The General Data Protection Regulation (GDPR) will be written into EU law next year, although companies need to start their GDPR compliance programs now if they are to ensure they are fully compliant before the May 25, 2018 deadline. Any company that is discovered not to be in compliance with the new regulation after that date faces a stiff financial penalty. The maximum fine for non-compliance with GDPR is $20 million Euros or 4% of...

Read More
Farm Bureau Bank Chooses Agari to Protect Against Phishing Attacks
Jun08

Farm Bureau Bank Chooses Agari to Protect Against Phishing Attacks

San Antonio, TX-based Farm Bureau Bank has signed up with Agari and is now using the company’s Email Trust Platform™ to protect its customers and employees from phishing attacks. The Agari Customer Protect™ solution has been adopted to protect customers from phishing attacks that abuse its brand, while employees are protected from business email compromise and spear phishing attacks by the Agari Enterprise Protect™ solution. In...

Read More
New Ironscales Report Delves into Current Phishing Trends
May30

New Ironscales Report Delves into Current Phishing Trends

Ironscales, a leading vendor of anti-phishing solutions, has published a new report on the latest phishing trends. The report shows how phishing tactics have changed, the effectiveness of phishing campaigns and how traditional anti-spam technologies are failing to block spear phishing attacks. The report – titled ‘How Modern Email Phishing Attacks Have Organizations on the Hook’ – was the result of a study of 8,500 verified...

Read More
Purple Increases Security Following Recent Ransomware Attacks
May25

Purple Increases Security Following Recent Ransomware Attacks

The global WiFi analytics and WiFi marketing service provider Purple has taken the decision to improve security for its customers with a new WiFi content filtering service. The decision to improve security was taken at an appropriate time. The recent WannaCry attacks, which affected more than 300,000 computers around the world, shows just how important it is for WiFi companies to take steps to improve security to protect their...

Read More
Healthcare Data Breach Reporting Improves; IT Security Incidents Rise
May23

Healthcare Data Breach Reporting Improves; IT Security Incidents Rise

The monthly Breach Barometer Report from Protenus shows healthcare data breach reporting is improving, data breaches are down, and there was a significant reduction in healthcare data breach victims in April, 2017. The Health Insurance Portability and Accountability Act (HIPAA) places a time limit on reporting healthcare data breaches to the HHS’ Office for Civil Rights (OCR) and sending breach notifications to patients. That time...

Read More
KnowBe4 CEO Stu Sjouwerman Finalist in 2017 EY Entrepreneur of the Year Awards
May04

KnowBe4 CEO Stu Sjouwerman Finalist in 2017 EY Entrepreneur of the Year Awards

KnowBe4 CEO Stu Sjouwerman has been selected as a finalist for the 2017 EY Entrepreneur of the Year Awards. KnowBe4 is a leading provider of anti-phishing solutions that concentrate on the human element of security. KnowBe4’s products help to train end users about the threat from phishing, social engineering, CEO fraud and malware and ransomware attacks. The 2017 EY Entrepreneur of the Year Awards are now in their 31st year. The...

Read More
Weak Password Test Tool Released by KnowBe4
May03

Weak Password Test Tool Released by KnowBe4

Anti-phishing solution provider KnowBe4 has released a weak password test tool that can be used by organizations to assess threats related to the use of weak passwords. Weak passwords are often cited as one of the main ways cybercriminals gain access to business networks. Weak passwords can be easily guessed and provide little resistance to brute force attacks. A recent study conducted by Verizon showed that 81% of hacking related...

Read More
PhishMe CEO Rohyt Belani Announced as Finalist in EY Entrepreneur of the Year Awards
Apr26

PhishMe CEO Rohyt Belani Announced as Finalist in EY Entrepreneur of the Year Awards

Rohyt Belani, CEO and co-founder of PhishMe, the leading provider of anti-phishing solutions for enterprises, has been named as a finalist for Entrepreneur of the Year (mid-Atlantic) at the annual EY awards. This is the second year in a row that Belani has been recognized at the annual award ceremony. This is the 31st year of the EY Awards program, which recognize the excellence of entrepreneurs for innovation, commitment to the...

Read More
Webroot Antivirus Update Problems Mount: Servers, PCs and Apps Crippled
Apr25

Webroot Antivirus Update Problems Mount: Servers, PCs and Apps Crippled

Webroot antivirus update problems are mounting with many thousands of the company’s customers experiencing severe issues after installing an April 24 update. Customers who had their computers running between 7PM and 9PM UTC on April 24 and had their AV set to update automatically had the update applied. While the update should have simply loaded the latest malware signatures, hundreds of critical files were accidentally marked as...

Read More
Security Management Process HIPAA Violations Resolved with $400,000 OCR Settlement
Apr13

Security Management Process HIPAA Violations Resolved with $400,000 OCR Settlement

Yesterday, the Department of Health and Human Services’ Office for Civil Rights (OCR) announced that a $400,000 settlement had been agreed with Metro Community Provider Network (MCPN) to resolve potential security management process HIPAA violations. The Denver, CO-based federally-qualified health center (FQHC) experienced a phishing attack in December 2011 that resulted in unauthorized access to the email accounts of employees. The...

Read More
Philadelphia Ransomware Used in Targeted Attacks on US Hospitals
Apr11

Philadelphia Ransomware Used in Targeted Attacks on US Hospitals

Cybercriminals are conducting targeted attacks on U.S. healthcare organizations using Philadelphia ransomware; a relatively new ransomware variant developed from Stampedo ransomware. Philadelphia ransomware was first seen in September 2016, although recently, a new campaign has been detected that has already seen two U.S hospitals have sensitive files encrypted. The actors behind the latest attacks are targeting physicians using spear...

Read More
Forrester Research Study Shows PhishMe Phishing Solution Gives 336% ROI
Apr06

Forrester Research Study Shows PhishMe Phishing Solution Gives 336% ROI

Many businesses have had no alternative but to improve cybersecurity defenses to deal with the increased threat of cyberattacks. With attacks coming from all angles and a large attack surface to defend, organizations need to purchase multiple products to keep their networks and data well defended. It is therefore important to ensure money diverted to cybersecurity is well spent. Organizations need to ensure they get the best possible...

Read More
Ironscales Announces New Partnership with Check Point to Improve Detection and Remediation of Email Security Threats
Mar28

Ironscales Announces New Partnership with Check Point to Improve Detection and Remediation of Email Security Threats

Ironscales has announced it has partnered with Check Point Software Technologies Ltd and will be integrating its innovative IronTraps™ anti-phishing solution with Check Points’ Sand Blast Zero-Day Protection – a threat emulation solution that tests suspicious email attachments in a safe and secure sandbox. At present, Ironscales is the only company to offer an anti-phishing solution that combines human intelligence with machine...

Read More
Cybersecurity Tips for Healthcare Providers Offered by WEDI
Mar24

Cybersecurity Tips for Healthcare Providers Offered by WEDI

The Workgroup for Electronic Data Interchange (WEDI) has published a white paper offering cybersecurity tips for healthcare providers to help them ensure the sensitive protected health information of patients remains confidential and resilience against healthcare cyberattacks is improved. The white paper – The Rampant Growth of Cybercrime – explains the scale of the current problem. The healthcare industry has been extensively...

Read More