26 Jun 2019

Malicious URL attacks using HTTPS surge across the enterprise

The latest Email Threat report by FireEye shows that threat actors are increasingly using HTTPS in order to make malicious URLs to seem legitimate. Between Q4 of 2018 and Q1 of this year, the number of malicious HTTPS links increased by 26%. Malicious email attachments are becoming less common. Phishing

Read More
20 Jun 2019

Mozilla Patches Firefox Critical Flaw Under Active Attack

Mozilla has issued a patch for a critical security flaw affecting Windows, macOS and Linux versions of the popular Firefox browser. Threat actors have already begun exploiting the vulnerability, tracked as CVE-2019-11707, in targeted campaigns in order to take over machines running the vulnerable browser. The flaw was found on

Read More
20 Jun 2019

Phishing Attack Exposes Data of 645,000 Oregon DHS Clients

The Department of Human Services (DHS) in Oregon suffered a data breach earlier this year in which a threat actor obtained unauthorized access to the personal data of around 645,000 of the agency’s clients. The agency is notifying those impacted by the breach. On January 8, a cybercriminal was able

Read More
18 Jun 2019

How Fraudulent Domains ‘Hide in Plain Sight’

New research by Proofpoint shows that over 3 in 4 firms have found fraudulent domains impersonating their company and a whopping 96% have discovered domains using their exact brand name, but a different top-level domain (TLD), i.e. examplebusiness.net instead of examplebusiness.com. According to Kevin Epstein of Proofpoint, fraudulent domains represent

Read More
17 Jun 2019

Three US Universities Disclose Data Breaches Over Two-Day Span

A recent string of data breaches impacting three US universities serves as a reminder that universities are major targets for cybercrime. Graceland University discovered that an “unauthorized user gained access to the email accounts of current employees,” and was thereby able to obtain the personal information of anyone who had

Read More
12 Jun 2019

More than 3B fake emails sent daily as phishing attacks persist

A new Valimail report shows that threat actors are distributing a staggering 3.4 billion inauthentic emails every single day, representing 1.2% of all email. This is happening even though 80% of all inboxes across the globe use the Domain-based Message Authentication, Reporting and Conformance (DMARC) open standard in order to

Read More
11 Jun 2019

FBI Issues Warning on ‘Secure’ Websites Used For Phishing

The FBI has issued a warning about the use of TLS-secured websites in phishing campaigns. In the context of phishing awareness training, users are usually told to avoid websites that do not use HTTPS and/or lack a valid TLS certificate, which means that there is no “padlock” next to the

Read More
10 Jun 2019

The Minefield of Corporate Email

Even though the concept of spam is about 40 years old and phishing campaigns have been around for over 30 years, email-based attacks remain a massive problem for corporations and individual users alike, a new Cisco report shows. One of the reasons that email attacks are still so common and

Read More
30 May 2019

Impersonation Attacks Up 67% for Corporate Inboxes

More than six out of ten (61%) IT decision makers are anticipating impactful email-based cyberattacks on their organization in the coming year, a new Mimecast report shows. Looking at the threat landscape, their worries are completely justified, since a whopping 94% of companies suffered a phishing attack in 2018. According

Read More
24 May 2019

Mobile Chrome, Safari, and Firefox failed to show phishing warnings for more than a year

A team of researchers from Arizona State University and PayPal staff discovered that mobile browsers including Chrome, Firefox, and Safari put users at risk between mid-2017 and late 2018 by not showing any phishing warnings to users connecting to blacklisted websites. This issue had to do with the mobile version

Read More