Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

How New College Graduates Can Avoid Increasingly Personalized Job Scams

For many fresh out of college, the drive to land that first professional role is a top priority. Yet, new graduates can be exposed to sophisticated scams that can jeopardize not just their finances but also their identities. Imagine receiving an email that mentions your former school dean or a professor, claiming they've personally recommended you for a fantastic job opportunity.

Phishing Failures: How Not to Phish Your Users

This blog was co-written by Javvad Malik and Erich Kron. Let’s dive into the cautionary world of phishing simulations gone wrong. You know, those attempts to train users not to fall for phishing that somehow end up setting off more alarms than a Hawaiian missile alert system. Let's explore why we need to phish our users, but more importantly, how not to phish them. We turn to two of our trusted security awareness advocates Javvad Malik (JM) and Erich Kron (EK) to shed some light on the matter.

Targeted Smishing Attacks by Threat Group "The Com" On The Rise

Cyber activity by the group "The Com," which leverages (SIM) swapping, cryptocurrency theft, swatting, and corporate intrusions, is increasing. Security researchers at Intel471 have published an analysis of the threat group, “The Com” (short for “The Community”), providing details about their targets and tactics. Operating mostly from Canada, the U.S.

The Art of Huh?

One of the best things you can teach yourself, your family, and your organization is how to recognize the common signs of phishing and how to mitigate and appropriately report it. Phishing messages can have many different looks, traits and narratives. What worked yesterday for the attackers eventually becomes blocked, recognized, and less profitable, and they move on to different tactics.

US Justice Department Accuses Iranian Nationals of Launching Spear Phishing Attacks

The US Department of Justice has indicted four Iranian nationals for allegedly launching spear phishing attacks against the US government and defense contractors. In one instance, the hackers compromised over 200,000 employee accounts at a victim organization. “In conducting their hacking campaigns, the group used spearphishing — tricking an email recipient into clicking on a malicious link — to infect victim computers with malware,” the Justice Department said.

AI-Assisted Phishing Attacks Are on the Rise

Threat actors are increasingly using generative AI tools to improve their phishing campaigns, according to a new report from Zscaler. “AI represents a paradigm shift in the realm of cybercrime, particularly for phishing scams,” the researchers write. “With the aid of generative AI, cybercriminals can rapidly construct highly convincing phishing campaigns that surpass previous benchmarks of complexity and effectiveness.

USPS Surges to Take Top Spot as Most Impersonated Brand in Phishing Attacks

New data shows phishing attacks are deviating from the traditional focus on technology and retail sectors and are opting for alternate brands with widespread appeal. I’ve covered plenty of reports about brand impersonation and it’s almost always Microsoft on top of the list. And with good reason: access to a Microsoft 365 account can give attackers a foothold and potential access to data, applications and more.

4 out of 5 of Physicians Were Impacted by February's Cyber Attack on Change Healthcare

A new survey of physicians details the devastating impact of the Change Healthcare cyber attack on the healthcare sector. In February, a cyber attack on Change Healthcare brought much of the U.S. healthcare system to a halt. The revenue and payment cycle management provider is central to connecting payers, providers and patients within the U.S. healthcare system to ensure payments are made.