Five Tips to Stay Safe on Social Media While Traveling
Oversharing your travel plans can put you, your colleagues, your corporate data systems, your property and even your loved ones at risk. Similarly, announcing to the world that your home is vacant obviously increases the odds of a break-in, so what happens to your corporate laptop or personal devices containing corporate data that you leave…
Breaking TLS: Good or bad for security?
As the use of TLS by malware and phishing increases, some security practitioners are seeking solutions to break TLS so they can monitor all traffic in and out of their network. Breaking TLS is typically accomplished by loading an inspection CA certificate that dynamically generates certificates by your TLS inspection device. The public key from…
Health Care and Ransomware: A Marriage Made in Hades
The WannaCry ransomware attack that struck on May 12 and quickly spread around the world was anything but routine. Heretofore, most ransomware attacks were initiated after a successful phishing effort; that wasn’t the case with WannaCry. Ransomware attacks are generally confined and targeted; this one, to date, has hit more than 100,000 organizations in over…
Number of HTTPS phishing sites triples
When, in January 2017, Mozilla and Google made Firefox and Chrome flag HTTP login pages as insecure, the intent was to make phishing pages easier to recognize, as well as push more website owners towards deploying HTTPS. But while the latter aim was achieved, and the number of phishing sites making use of HTTPS has…
Ransomworm: The birth of a monster
The last few weeks have seen two substantial attacks: one massive phishing attack that leveraged Google Apps and which tricked recipients to give OAuth access to their email accounts, and a large-scale ransomware attack that blanketed almost 100 countries a week later. Now, consider the likely marriage of these two attacks, and the monster that…
Viral phishing scams and vulnerabilities: What to watch out for this Patch Tuesday
I am about to head to Las Vegas for Ivanti’s Interchange 2017 at The Mirage hotel and feeling a bit in a gambling mood, so I am going to take a shot at this month’s forecast and see if luck is on my side. This month we will also explore the dangers of phishing scams…
Majority of workers blindly open email attachments
The vast majority (82 percent) of users open email attachments if they appear to be from a known contact, despite the prevalence of well-known sophisticated social engineering attacks, according to Glasswall. Of these respondents, 44 percent open these email attachments consistently every time they receive one, leaving organizations vulnerable to data breaches sourced to malicious…
Sneaky Gmail phishing attack fools with fake Google Docs app
Google Docs was pulled into a sneaky email phishing attack on Tuesday that was designed to trick users into giving up access to their Gmail accounts. The phishing emails, which circulated for about three hours before Google stopped them, invited the recipient to open what appeared to be a Google Doc. The teaser was a…
Brands increasingly targeted by false websites and phishing
DomainTools released the names of the top U.S.-based retail companies whose brands are frequently abused by criminals creating look-alike domains for phishing. The research surfaced multiple malicious domains each day spoofing Amazon, Apple, Gap, Nike, and Walmart. Cybercriminals have become adept at creating websites and emails that closely resemble the actual brand, tricking consumers into…
Cybercrime can come in any shape or size, and not always the form you’d expect
Cyberespionage is now the most common type of attack seen in manufacturing, the public sector and now education, warns the Verizon 2017 Data Breach Investigations Report. Much of this is due to the high proliferation of propriety research, prototypes and confidential personal data, which are hot-ticket items for cybercriminals. Nearly 2,000 breaches were analyzed in…