Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

knowbe4

New Phishing-as-a-Service (PhaaS) platform, 'Tycoon 2FA', Targets Microsoft 365 and Gmail Accounts

Apr 9, 2024 By Stu Sjouwerman In KnowBe4
A new PhaaS service brings the power of bypassing multi-factor authentication (MFA) to the world’s most-used email platforms. At its core, Tycoon 2FA isn’t doing anything new. It uses a reverse proxy server to host a phishing web page that impersonates the legitimate email platform in question. Then it intercepts the victim's input and relays them to the legitimate service. But it’s how this platform does it that is sophisticated.
Read Post
knowbe4

New Report Shows Phishing Links and Malicious Attachments Are The Top Entry Points of Cyber Attacks

Apr 3, 2024 By Stu Sjouwerman In KnowBe4
New TTP attack data covering 2023 sheds much needed light on the threat actor and user actions that are putting organizations at the most risk. In cybersecurity vendor ReliaQuest’s Annual Cyber-Threat Report: 2024, there is a ton of great detail mapped to the MITRE ATT&CK Framework outlining which threat actions are used and how organizations are most effectively fighting back and stopping attacks.
Read Post
securitysenses

Ensuring Cyber Security for Your Forex Trading

Apr 2, 2024 By SecuritySenses In SecuritySenses
The foreign exchange market is full of ups and downs, making it exciting but risky. And it's not just the market swings you need to watch out for; cyber threats are a genuine concern, too. As technology gets smarter, so do the risks, but thankfully, the ways to protect ourselves are getting better as well.
Read Post
knowbe4

Thread Hijacking Phishing Attack Targets Pennsylvania Journalist

Apr 1, 2024 By Stu Sjouwerman In KnowBe4
A journalist in Pennsylvania was targeted by phishing attacks that involved thread hijacking, according to Brian Krebs at KrebsOnSecurity. The journalist for LancasterOnline, Brett Sholtis, had written a story last year about a wealthy businessman named Adam Kidan who pleaded guilty to fraud in 2005. Several months after the story was published, Sholtis received two emails from Kidan’s email account.
Read Post
knowbe4

New Malware Loader Delivers Agent Tesla Remote Access Trojan Via Phishing

Mar 29, 2024 By Stu Sjouwerman In KnowBe4
A new malware loader is delivering the Agent Tesla remote access Trojan (RAT), according to researchers at Trustwave SpiderLabs. The malware is distributed by phishing emails with malicious attachments. “The threat begins with a fake bank payment email designed to deceive recipients,” the researchers write.
Read Post
securitysenses

Emerging Threats: What's New in the Cybersecurity Landscape?

Mar 28, 2024 By SecuritySenses In SecuritySenses
In a time where sensitive information is increasingly moving online, AI systems are developing and we are increasingly relying on the internet in our day-to-day activities, cybersecurity threats loom larger than ever. A recent study found that cyber attacks are escalating at an unprecedented rate, with a new attack now occurring every 39 seconds. While a startling statistic, this shouldn't come as a surprise, in 2024 just about everyone is inundated with hacking attempts and scams whether the attack is a phone call, text, email or malicious software.
Read Post
Trustwave

Trustwave MailMarshal Unveils Major Upgrades to Combat New Email Security Threats

Mar 28, 2024 By Trustwave In Trustwave
Trustwave MailMarshal will receive a massive upgrade on March 28 that will add four new levels of functionality, including an improved dashboard interface, the ability to detect and halt malicious QR codes, the ability to scan and divert potentially damaging images, and DNS-based Authentication of Named Entities (DANE).
Read Post
knowbe4

A Simple 'Payment is Underway' Phishing Email Downloads RATs from AWS, GitHub

Mar 27, 2024 By Stu Sjouwerman In KnowBe4
Analysis of a new initial access malware attack shows how simple these attacks can be while also proving that malware can reside on legitimate repositories. Security analysts at cybersecurity company Fortinet dissect the methods and actions taken by a new malicious Java-based downloader intent on spreading the remote access trojans (RAT) VCURMS and STRRAT.
Read Post
Egress

Unraveling the truth: Debunking three common phishing detection myths

Mar 26, 2024 By Egress In Egress
As the threat landscape continues to evolve, cybercriminals are relentlessly refining their phishing tactics. This means that many of the tips and tricks organizations have told their employees to use in the past to spot a malicious email are no longer as effective in safeguarding their digital environments. Here, we dissect three commonly cited phishing detection strategies and unveil their limitations in the face of advanced cyber threats.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.