Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Trustwave

Trustwave Data Reveals HTML Attachments, QR Codes, and BEC as Top Email Attack Vectors

Aug 26, 2024 By Trustwave In Trustwave
The Trustwave SpiderLabs team regularly collects a trove of data while protecting clients from email-based attacks. HTML attachments, malicious QR codes, and business email compromise (BEC) are the favored attack methods. A recent snapshot of data from June 2024 from Trustwave MailMarshal shows that email-based threat actors still favor HTML attachments to deliver a variety of malware types.
Read Post
knowbe4

The Number of Email-Based Cyber Attacks Detected Surge 239% in 1H 2024

Aug 23, 2024 By Stu Sjouwerman In KnowBe4
New data shows the most prevalent and obvious path into an organization – email – continues to be exploited by a growing number of cybercriminals. Email is one of those technologies that doesn’t seem willing to be replaced by collaborative tools that connect individuals and organizations – in many cases – in far more productive ways. And because of this, cybercriminals continue to leverage email to gain access to users.
Read Post

Friday Flows Episode 33: From Traditional SOAR to Tines Automation: An engineers perspective

Aug 23, 2024 By Tines In Tines
FRIDAY FLOWS #33 Pt.1 - From Traditional SOAR to Tines Automation: An Engineers Perspective A longer form episode with Tino Sif Baksh. An experienced SOAR engineer who has been blown away by Tines' capability since joining. This is part 1 of our chat. Three really simple unique things covered here: How SOAR has changed as a technology and automation going from ‘nice to have’ to ‘need to have’. Building rules into the Tines’ Webhook action to reduce noisy alerts. The power using Tines’ email mode within the receive email action to simplify the Phishing Response workflows.
View Video
teramind

How To Improve Email Security with Data Loss Prevention (DLP)

Aug 22, 2024 By Teramind In Teramind
Email remains a critical communication channel for businesses of all sizes, but it also presents significant data security risks. Data loss prevention (DLP) for email is an essential component of any robust cybersecurity strategy that can help your organization safeguard sensitive information from accidental leaks, malicious insiders, and external threats.
Read Post
knowbe4

Threat Actors Abuse URL Rewriting to Mask Phishing Links

Aug 21, 2024 By Stu Sjouwerman In KnowBe4
Threat actors are abusing a technique called “URL rewriting” to hide their phishing links from security filters, according to researchers at Perception Point. Security tools from major vendors use URL rewriting to prevent phishing attacks, but the same technique can be abused to trick these tools into thinking a malicious link is legitimate.
Read Post
levelblue

How to Use Mailvelope for Encrypted Email on Gmail

Aug 19, 2024 By Kushalveer Singh Bachchas In LevelBlue
In the previous blog we covered how to use PGP keys for encrypting and decrypting emails on desktop clients like Thunderbird and Outlook. Now, let's take a look on securing your emails without too much hassle using OpenPGP on webmail services like Gmail using the Mailvelope extension for Google Chrome.
Read Post
cloudflare

A wild week in phishing, and what it means for you

Aug 16, 2024 By Pete Pang In Cloudflare
Being a bad guy on the Internet is a really good business. In more than 90% of cybersecurity incidents, phishing is the root cause of the attack, and during this third week of August phishing attacks were reported against the U.S. elections, in the geopolitical conflict between the U.S., Israel, and Iran, and to cause $60M in corporate losses.
Read Post
knowbe4

Latest Phishing Scam Uses Cross-Site Scripting Attack to Harvest Personal Details

Aug 15, 2024 By Stu Sjouwerman In KnowBe4
Cross-Site Scripting (XSS) is alive and well, and used in attacks to obfuscate malicious links in phishing emails to redirect users to threat-actor controlled websites. We saw earlier this year that phishing attacks leveraging XSS were on the rise. Now, new scams are using XSS to hide their malicious intent within emails, according to new analysis from cybersecurity vendor INKY. These attacks usually begin with an email stating the victim has won something, as shown below: Source: INKY.
Read Post
knowbe4

Attackers Abuse Google Drawings to Host Phishing Pages

Aug 13, 2024 By Stu Sjouwerman In KnowBe4
Researchers at Menlo Security warn that a phishing campaign is exploiting Google Drawings to evade security filters. The phishing emails inform the user that their Amazon account has been suspended, instructing them to click on a link in order to update their information and reactivate their account. The phishing page is crafted with Google Drawings, which makes it more likely to fool humans while evading detection by security technologies.
Read Post
levelblue

The State of Phishing-Resistant MFA

Aug 13, 2024 By Sarah Lefavrais In LevelBlue
In our increasingly interconnected world, the specter of cybercrime looms larger than ever, casting a shadow over people, businesses, and governments alike. Among the slew of cyber threats bombarding entities daily, phishing attacks are a particularly pernicious menace. With each day, bad actors hone their techniques, leveraging the latest tools and psychological tactics to craft sophisticated phishing campaigns that are clever enough to defy all but the closest scrutiny.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.