Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Email Security

memcyco

Phishing Awareness Training: 10 Reasons Why Yours Isn't Working

Jul 26, 2024 By Ido Mazin In Memcyco
Phishers are in the business of deception. They trick unsuspecting individuals into compromising sensitive data, potentially bringing an entire organization to its knees. Awareness training for employees is one of the most important tools a company can use in its anti-phishing strategy. However, it also has its downsides. Some of these flaws can, and should be fixed. Others leave no choice but to complement training with additional anti-phishing tools.
Read Post
centripetal

Enhanced CleanINTERNET Protections to Combat Subsequent Threats from the CrowdStrike Outage

Jul 23, 2024 By Sean Moore In Centripetal
Last week (19-July-2024), a significant IT outage occurred because CrowdStrike distributed a faulty update to its Falcon security software running on millions of computers using the Microsoft Windows operating system. This faulty update caused many of these computers to crash, which interrupted the operations of businesses across the globe.
Read Post
knowbe4

Phishing Campaigns Abuse Cloud Platforms to Target Latin America

Jul 23, 2024 By Stu Sjouwerman In KnowBe4
Several threat actors are abusing legitimate cloud services to launch phishing attacks against users in Latin America, according to Google’s latest Threat Horizons Report. One threat actor, tracked as “PINEAPPLE,” impersonated Brazil’s revenue service, Receita Federal do Brasil, to deliver the Astaroth infostealer.
Read Post
securitysenses

Cyber Threats in TON: How to Identify and Mitigate Risks

Jul 23, 2024 By SecuritySenses In SecuritySenses
The Open Network (TON) is an innovative blockchain platform designed to enable a new era of decentralized applications and services. With its growing popularity, TON has attracted not only developers and users but also cybercriminals seeking to exploit its vulnerabilities. Understanding the potential cyber threats within the TON ecosystem is crucial for users and developers alike to safeguard their assets and data. In this blog post, we will delve into the various cyber threats facing TON, explore how to identify these risks, and provide strategies to mitigate them effectively.
Read Post
knowbe4

Phishing Attacks Will Likely Follow Last Week's Global IT Outage

Jul 22, 2024 By Stu Sjouwerman In KnowBe4
Organizations should expect to see phishing attacks exploiting the global IT outage that occurred last Friday, the Business Post reports. I recently wrote my thoughts about the outage that was caused by a faulty CrowdStrike update that was extremely disruptive globally. The outage was caused by a faulty CrowdStrike update that crashed Windows systems, disrupting airlines, banks, hospitals, governments, and businesses around the world.
Read Post
knowbe4

CrowdStrike Phishing Attacks Appear in Record Time

Jul 19, 2024 By Stu Sjouwerman In KnowBe4
I have been the CEO of an anti-virus software developer. We had a special acronym for catastrophic events like this, a so-called "CEE". As in Company Extinction Event. Within hours of mass IT outages on Friday, a surge of new domains began appearing online, all sharing one common factor: the name CrowdStrike. As the company grapples with a global tech outage that has delayed flights and disrupted emergency services, opportunistic cybercriminals are quick to exploit the chaos.
Read Post
Trustwave

How Cybercriminals Use Breaking News for Phishing Attacks

Jul 19, 2024 By Trustwave In Trustwave
Trustwave SpiderLabs issued a warning that threat actors may attempt to take advantage of CrowdStrike’s software update that caused widespread outages by using the news as the center of a social engineering scheme to convince people to open malicious phishing emails or fall for other types of attacks. Using this news cycle is nothing new.
Read Post
foresiet

Rising Threat: How Encoded URLs are Evading Secure Email Gateways

Jul 18, 2024 By Foresiet In Foresiet
In a concerning trend observed recently, threat actors are increasingly leveraging encoded URLs to bypass secure email gateways (SEGs), posing a significant challenge to email security defenses. According to recent findings by Cofense, there has been a notable uptick in attacks where threat actors manipulate SEGs to encode or rewrite malicious URLs embedded in emails. This tactic exploits vulnerabilities in SEG technologies, allowing malicious links to slip through undetected to unsuspecting recipients.
Read Post
knowbe4

7 in 10 Organizations Experienced a Business Email Compromise Attack in the Last 12 Months

Jul 18, 2024 By Stu Sjouwerman In KnowBe4
Despite ransomware getting the lion’s share of the tech pub headlines, business email compromise (BEC) attacks are alive and well… and having a material impact. New data from Arctic Wolf’s 2024 State of Cybersecurity report shows that BEC attacks – whether attempted or successful – are far more widely felt than previously thought.
Read Post
Subscribe to Email Security

Copyright © 2024 OpsMatters™. All rights reserved.