In cybersecurity, email has always been a critical concern. However, we feel the new 2024 Gartner Magic Quadrant for Email Security Platforms has signaled a shift in how we approach email protection. We believe this new Magic Quadrant encompasses a broader spectrum of email security providers to reflect the evolving threat landscape and the need for more integrated products.

Japan’s National Police Agency (NPA) has attributed more than 200 cyber incidents over the past five years to the China-aligned threat actor “MirrorFace,” Infosecurity Magazine reports.

The UK government decided to wage war on explicit deepfakes. About time, right? But before we start celebrating, let's take a closer look. The fact is that this isn’t about technology, it’s about human behaviour. The government is not trying to outright ban deepfakes, which would be impossible, to be honest. They're targeting the misuse of this tech for nefarious purposes.

Researchers at SlashNext warn that cybercriminals are using a WordPress plugin called “PhishWP” to spoof payment pages and steal financial information. The spoofed pages are designed to steal payment card numbers, expiration dates, CVVs, and billing addresses. The plugin can also intercept one-time passwords generated to secure the transactions. The stolen data is immediately sent to the crooks via Telegram as soon as the victim hits “enter” on the phishing page.

A phishing campaign is abusing Microsoft 365 test domains to send legitimate payment requests from PayPal, according to Fortinet’s CISO Dr. Carl Windsor. Windsor found that the threat actor registered a free MS365 test domain and used it to create a distribution list containing targets’ email addresses. The scammer then used this distribution list to send payment requests via PayPal’s web portal.

A phishing campaign is targeting users with phony offers to beta test new video games, according to researchers at Malwarebytes. The phishing messages are sent via Discord, email, or text message. The messages purport to come from a game developer, and include a link to download an archive supposedly containing the game’s installer.

Credential phishing attacks surged by 703% in the second half of 2024, according to a report by SlashNext. Phishing attacks overall saw a 202% increase during the same period. “Since June, the number of attacks per 1,000 mailboxes each week has increased linearly,” the researchers write. “Currently, we are capturing close to one advanced attack per mailbox each week. As we reach the 1,000 threshold, this translates to nearly one advanced attack for every single mailbox each month.

Securonix warns that tax-themed phishing emails are attempting to deliver malware via Microsoft Management Console (MSC) files. “The attack likely starts with either a phishing email link or attachment,” the researchers explain.

The Federal Trade Commission (FTC) has issued an urgent warning about a surge in immigration scams targeting immigrants and their families on social media platforms like Facebook. Scammers are impersonating attorneys and law firms, promising immigration services such as work permits, green cards, or even citizenship.

KnowBe4 is a big believer in focusing on decreasing human risk as the best way to decrease cybersecurity risk in most environments. A big part of decreasing human risk is using effective security awareness training (SAT). You do not want to just focus on SAT, but SAT is a big part of decreasing human risk. To be sure, your human risk management projects need to be broadly focused on more than SAT. We agree.