"Credential phishing is off the charts," says Tonia Dudley of Cofense. She discusses the challenge for organizations to strike a balance between having the right controls in place to block malicious emails and stopping the business from receiving legitimate emails.
Material Security has closed a $100 million funding round on a $1.1 billion valuation to extend its protection of sensitive content at rest beyond email. The startup will take patents for defending content in old emails and apply them to SaaS applications such as Dropbox, Google Drive and Slack.
Abnormal Security has closed a $210 million funding round on a $4 billion valuation to apply its account takeover prevention technology to areas other than email. The company wants to use its AI to protect accounts across systems and SaaS platforms and in environments such as Workday and Salesforce.
A data breach involving email marketing firm Mailchimp has affected customers of cryptocurrency hardware wallet provider Trezor, which launched an investigation after its customers received phishing emails containing their Trezor email addresses. Mailchimp says it learned of the breach on March 26.
As ransomware attacks continue to pose a significant threat to enterprises and individuals, "We will keep banging the message that basic cyber hygiene makes a big difference to lots of people," says Andy Bates of the Global Cyber Alliance. He also discusses the alliance's top priorities for 2022.
Some 14,000 Google users were warned of being suspected targets of Russian government-backed threat actors on Thursday. The next day, the tech giant announced cybersecurity updates - particularly for email accounts of high-profile users, including politicians and journalists.
In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including why enterprises need a multilayered approach to securing identity, how fraud will evolve in 2022 and the need to secure backdoors to prevent ransomware attacks.
The Biden administration may soon unveil plans to curtail the ransomware attacks that have crippled corporate networks this year. According to a report from The Wall Street Journal, the Treasury Department will announce sanctions and similar guidance designed to disrupt the ransomware model.
The latest edition of the ISMG Security Report features an analysis of the most sought-after type of victim for ransomware-wielding attackers. Also featured: fighting extortion schemes and stress management tips.
Business email compromise attacks, which balance low-tech tactics with the potential for big profits, remain popular. Attackers continue to refine their tactics, including subverting legitimate redirect services as well as recruiting English-speaking business partners and cryptocurrency tumbler operators.
Microsoft is warning of a "widespread" phishing campaign in which fraudsters use open redirect links to lure users to malicious websites to harvest Office 365 and other credentials, according to a recent report. In some cases, the attackers deploy a malicious CAPTCHA verification page.
A recently uncovered phishing campaign used fake COVID-19 vaccination forms - and took advantage of confusion over whether employees will return to their offices this fall - to harvest workers' email credentials, according to analysts with security firm INKY. The malicious messages appear to come from victims' HR...
The FBI has issued a warning about Hive ransomware after the group took down Memorial Health System last week. The alert details indicators of compromise, tactics, techniques and procedures associated with these ransomware attacks to help organizations better defend themselves.
As ransomware continues to pummel organizations, if they do get hit, then from an incident response standpoint, what are the essential steps they should take to smooth their recovery? Veteran ransomware-battler Fabian Wosar, CTO of Emsisoft, shares essential steps and guidance for recovery.