Acquiring Area 1 Security has allowed Cloudflare to extend its network protection capabilities from DDoS attacks to phishing emails, says co-founder and CEO Matthew Prince. Area 1's technology means customers will enjoy a better rate of detection with fewer false positives than legacy offerings.
Permira's $5.8 billion acquisition of Mimecast has allowed the email security vendor to make product and technology investments that don't provide an immediate financial return. Several buyers expressed interest in taking Mimecast private, and CEO Peter Bauer is glad the firm ended up with Permira.
Successful account takeovers are one of the most common ways that organizations end up with attackers in their systems. But strong authentication can thwart even the most clever phishing campaigns, says Brett Winterford, regional chief security officer for APJ at Okta.
Emails encrypted through Microsoft Office are vulnerable to attacks that can reveal the original content of messages due to shortcomings in the protocol, says WithSecure security researcher Harry Sintonen. Microsoft says it may finally abandon its use of the Electronic Code Book algorithm.
A phishing and fraud prevention vendor has bought a startup founded by Qualys' longtime engineering leader to help organizations more effectively discover and monitor assets. Red Sift says its purchase of Hardenize will help customers assess the security of their digital asset inventory.
Hackers, possibly Chinese, are exploiting Microsoft Exchange zero-day vulnerabilities to apparently implant backdoors and steal credentials. The computing giant says it doesn't yet have a patch, telling systems administrators to instead implement workarounds.
Why is business identity theft increasing, and what are the latest tactics fraudsters are using to scam businesses and gig workers? Eva Velasquez, CEO at the Identity Theft Resource Center, shares her views on how business identity theft has evolved over the years and how to prevent it.
Insurance market giant Lloyd's of London says that starting next year, its cyber insurance policies will no longer cover state-sponsored cyberattacks. But with attribution being inherently tricky, expect this move to be tested in court, says Jonathan Armstrong, a partner at Cordery law firm.
Four ISMG editors discuss how security leaders determine the right level of security for the business, the growing risk of business ID theft to enterprises, and the arrest of a developer suspected of working for cryptocurrency mixing service Tornado Cash, for "facilitating money laundering."
Attackers are attempting to reset the passwords of some DigitalOcean customers, the cloud infrastructure provider says. The email addresses of these customers were likely exposed in a data breach involving Mailchimp, which provided transactional email services for DigitalOcean.
Two recent data breach lawsuit settlements by healthcare organizations underscore mounting liability risk stemming from a growing number of lawsuits. Missouri-based BJC Healthcare has agreed to pay up to $2.7 million to settle while Indiana-based Methodist Hospitals is on the hook for $425,000.
The "deliberate actions" of a now-fired senior engineer at Customer.io put at risk email addresses of six client companies, including NFT marketplace OpenSea. The email delivery vendor did not specify how many individuals are now at elevated risk of phishing attacks.
Emails shared with NFT marketplace OpenSea were disclosed to an unauthorized external party, the company is warning patrons. Anyone who shared an email address should be on guard for phishing attacks. The cause was a rogue employee at a third-party email delivery vendor.
For the seventh year in a row, business email compromise produced the largest losses of any type of cybercrime, according to Steve Dougherty of the U.S. Secret Service. He says organizations need to build and maintain relationships with law enforcement agencies before an attack happens.
Material Security has closed a $100 million funding round on a $1.1 billion valuation to extend its protection of sensitive content at rest beyond email. The startup will take patents for defending content in old emails and apply them to SaaS applications such as Dropbox, Google Drive and Slack.