Shedding Light on Election Deepfakes 2024-09-25 at 16:01 By Pauline Bolaños Contrary to popular belief, deepfakes — AI-crafted audio files, images, or videos that depict events and statements that never occurred; a portmanteau of “deep learning” and “fake” — are not all intrinsically malicious. This article is an excerpt from SpiderLabs Blog View Original Source React to […]
React to this headline:
Shedding Light on Election Deepfakes Read More »
HTML Smuggling: How Blob URLs are Abused to Deliver Phishing Content 2024-09-24 at 16:01 By Mike Casayuran HTML smuggling techniques have been around for quite some time. A previous Trustwave SpiderLabs’ blog discussed its use in distributing malware by storing binaries in immutable blob data within JavaScript code that gets decoded on the client-side browser, eventually delivering
React to this headline:
HTML Smuggling: How Blob URLs are Abused to Deliver Phishing Content Read More »
Why Do Criminals Love Phishing-as-a-Service Platforms? 2024-09-23 at 13:01 By Rodel Mendrez Phishing-as-a-Service (PaaS) platforms have become the go-to tool for cybercriminals, to launch sophisticated phishing campaigns targeting the general public and businesses, especially in the financial services sector. This article is an excerpt from SpiderLabs Blog View Original Source React to this headline:
React to this headline:
Why Do Criminals Love Phishing-as-a-Service Platforms? Read More »
ALPHV BlackCat Ransomware: A Technical Deep Dive and Mitigation Strategies 2024-09-17 at 16:01 By ALPHV, also known as BlackCat or Noberus, is a sophisticated ransomware group targeting critical infrastructure and various organizations, including being the most active group used to attack the financial services sector. This article is an excerpt from Trustwave Blog View Original
React to this headline:
ALPHV BlackCat Ransomware: A Technical Deep Dive and Mitigation Strategies Read More »
Spam With A Political Twist: Fraudsters Are Exploiting The Election Season 2024-09-17 at 16:01 By The US election is less than 70 days away and threat actors are busy crafting malicious spam that uses candidate names and political themes as social engineering tools to convince recipients to open their emails. This article is an excerpt
React to this headline:
Spam With A Political Twist: Fraudsters Are Exploiting The Election Season Read More »
EasyDMARC Lands $20M for Email Security Authentication Tech 2024-09-16 at 18:46 By Ryan Naraine EasyDMARC lands venture capital funding after finding traction in the email security and authentication business. The post EasyDMARC Lands $20M for Email Security Authentication Tech appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source
React to this headline:
EasyDMARC Lands $20M for Email Security Authentication Tech Read More »
Transforming IT Security with Microsoft Defender Suite 2024-09-16 at 16:04 By IT teams are the unsung heroes of today’s fast-paced digital world, tirelessly toiling behind the scenes to keep data safe and systems running smoothly. One tool that’s presented a major shift for many IT departments is the Microsoft Defender Suite. Let’s explore how this powerful
React to this headline:
Transforming IT Security with Microsoft Defender Suite Read More »
How Phishing-as-a-Service Exposes Financial Services to Extensive Threats 2024-09-12 at 16:01 By Phishing remains the favored and most successful method of obtaining an initial foothold in a targeted organization. So it should come as no surprise that threat actors have developed turnkey solutions that enable even low-skilled hackers to conduct successful email attacks. This article
React to this headline:
How Phishing-as-a-Service Exposes Financial Services to Extensive Threats Read More »
Trustwave Data Reveals HTML Attachments, QR Codes, and BEC as Top Email Attack Vectors 2024-08-26 at 16:01 By The Trustwave SpiderLabs team regularly collects a trove of data while protecting clients from email-based attacks. HTML attachments, malicious QR codes, and business email compromise (BEC) are the favored attack methods. This article is an excerpt from Trustwave Blog
React to this headline:
Trustwave Data Reveals HTML Attachments, QR Codes, and BEC as Top Email Attack Vectors Read More »
The Power of Multifactor Authentication and a Strong Security Culture 2024-08-22 at 16:01 By The business mantra “employees are our number one asset” is true for many reasons. Including helping protect an organization from cyber threats. This article is an excerpt from Trustwave Blog View Original Source React to this headline:
React to this headline:
The Power of Multifactor Authentication and a Strong Security Culture Read More »
Unlocking the Front Door: Phishing Emails Remain a Top Cyber Threat Despite MFA 2024-08-14 at 18:16 By Kevin Townsend SecurityWeek spoke with Mike Britton, CISO at Abnormal Security, to understand what the company has learned about current social engineering and phishing attacks. The post Unlocking the Front Door: Phishing Emails Remain a Top Cyber Threat
React to this headline:
Unlocking the Front Door: Phishing Emails Remain a Top Cyber Threat Despite MFA Read More »
Microsoft 365 anti-phishing alert “erased” with one simple trick 2024-08-08 at 16:01 By Zeljka Zorz Attackers looking for a way into organizations using Microsoft 365 can make an alert identifying unsolicited (and thus potential phishing) emails “disappear”. “When an Outlook user receives an e-mail from an address they don’t typically communicate with, Outlook shows an
React to this headline:
Microsoft 365 anti-phishing alert “erased” with one simple trick Read More »
Roundcube flaws allow easy email account compromise (CVE-2024-42009, CVE-2024-42008) 2024-08-07 at 12:01 By Zeljka Zorz Two cross-site scripting vulnerabilities (CVE-2024-42009, CVE-2024-42008) affecting Roundcube could be exploited by attackers to steal users’ emails and contacts, email password, and send emails from their account. About the vulnerabilities Roundcube is an open-source webmail software solution popular with European
React to this headline:
Roundcube flaws allow easy email account compromise (CVE-2024-42009, CVE-2024-42008) Read More »
Abnormal Security Raises $250 Million at $5.1 Billion Valuation 2024-08-06 at 15:16 By Eduard Kovacs Email security firm Abnormal Security has raised $250 million in a Series D funding round at a $5.1 billion valuation. The post Abnormal Security Raises $250 Million at $5.1 Billion Valuation appeared first on SecurityWeek. This article is an excerpt
React to this headline:
Abnormal Security Raises $250 Million at $5.1 Billion Valuation Read More »
Email attacks skyrocket 293% 2024-08-06 at 06:31 By Help Net Security Email attacks have surged by 293% in the first half of 2024 compared to the same period in 2023, according to Acronis. The number of ransomware detections was also on the rise, increasing 32% from Q4 2023 to Q1 2024. Ransomware remains a top
React to this headline:
Email attacks skyrocket 293% Read More »
Vulnerabilities Enable Attackers to Spoof Emails From 20 Million Domains 2024-07-31 at 18:01 By Ionut Arghire Vulnerabilities in hosted email services allow attackers to spoof the identity of senders, bypassing security measures. The post Vulnerabilities Enable Attackers to Spoof Emails From 20 Million Domains appeared first on SecurityWeek. This article is an excerpt from SecurityWeek
React to this headline:
Vulnerabilities Enable Attackers to Spoof Emails From 20 Million Domains Read More »
Phishing Campaign Exploited Proofpoint Email Protections for Spoofing 2024-07-29 at 21:46 By Ionut Arghire Threat actors have exploited Proofpoint’s email protection service to deliver millions of spoofed phishing emails. The post Phishing Campaign Exploited Proofpoint Email Protections for Spoofing appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source
React to this headline:
Phishing Campaign Exploited Proofpoint Email Protections for Spoofing Read More »
Cisco fixes critical flaws in Secure Email Gateway and SSM On-Prem (CVE-2024-20401, CVE-2024-20419) 2024-07-18 at 12:16 By Zeljka Zorz Cisco has fixed two critical vulnerabilities that may allow attackers to overwrite files on its Secure Email Gateways (CVE-2024-20401) and change the password of any user on its Smart Software Manager On-Prem license servers (CVE-2024-20419). Neither
React to this headline:
Critical Exim vulnerability facilitates malware delivery (CVE-2024-39929) 2024-07-15 at 14:20 By Zeljka Zorz The maintainers of the Exim mail transfer agent (MTA) have fixed a critical vulnerability (CVE-2024-39929) that currently affects around 1.5 million public-facing servers and can help attackers deliver malware to users. About CVE-2024-39929 The vulnerability stems from a bug in RFC 2231
React to this headline:
Critical Exim vulnerability facilitates malware delivery (CVE-2024-39929) Read More »
Critical Exim Flaw Allows Attackers to Deliver Malicious Executables to Mailboxes 2024-07-12 at 18:31 By Ionut Arghire Successful exploitation could allow attackers to deliver executable attachments to inboxes. The post Critical Exim Flaw Allows Attackers to Deliver Malicious Executables to Mailboxes appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View
React to this headline:
Critical Exim Flaw Allows Attackers to Deliver Malicious Executables to Mailboxes Read More »