Researchers with Zscaler warn that threat actors are increasingly trying to take advantage of flaws in the immensely popular content management systems (CMSs) WordPress and Joomla in order to get legitimate websites to target users with malicious payloads. In the past month, the researchers detected thousands of attacks, hundreds of

Microsoft has confiscated 99 web domains that were used by Iran-linked hackers to launch global spear-phishing campaigns. The domain names resembled those of popular services offered by Microsoft, Yahoo and other companies and could therefore easily be mistaken for legitimate websites by victims of the campaign. The threat actor behind

New research by Barracuda sheds light on the evolving strategies used by cybercriminals in email-based spear-phishing attacks. The report distinguishes between three types of spear phishing: brand impersonation attacks, business email compromise (BEC) and extortion. Brand impersonation is the most popular strategy by far, accounting for 83% of attacks. Extortion

Recorded Future has released the 2018 version of it’s annual top 10 list of most exploited vulnerabilities. The list contains 8 Microsoft Office vulnerabilities that are being exploited as part of phishing campaigns involving malicious Word and Excel documents. The other two flaws in the list are an Adobe Flash

Are silly email mistakes putting your sensitive data and customer PII at risk or in violation of GDPR. Matt Devost breaks down four real life examples that highlight inadvertent email risks.

Figures released by Google last week highlight how widespread cybercrime has become. Last year, the company took down 2.3 billion bad ads, 58.8 million of which were phishing ads. 207,000 of the adds were for ticket resellers and over 531,000 for bail bonds. Google stepped up its efforts to fight

New research by ISACA and Terranova Security shows that only about 63% of organizations are properly keeping track of the effectiveness of their strategies for informing employees about phishing and preventing them from falling for this type of attack. The study also found that only a small majority of companies

Over the past few years, a series of privacy scandals including the Facebook/Cambridge Analytica scandal have spurred an international push for better privacy laws. In some parts of the world, policymakers have responded to this movement by introducing new data protection bills, such as the EU General Data Protection Regulation

The 24th volume of Microsoft’s Security Intelligence Report shows that phishing surged in 2018. The detected 250% increase in phishing attacks last year confirms similar findings of other recent studies. The research also confirmed that threat actors are moving away from ransomware and malicious software (malware) in general, as malware

Cyberattacks involving the psychological manipulation of targeted users, which is known as social engineering, have surged in 2018, a new Trend Micro report has found. According to the report, the number of detected phishing URLs increased by 269% compared to the year before. The finding is in line with a