Phishing

January 27, 2021

Phishing scheme shows CEOs may be ‘most valuable asset,’ and ‘greatest vulnerability’

Cybercriminals have been using a phishing kit featuring fake Office 365 password alerts as a lure to target the credentials of chief executives, business owners and other high-level corporate leaders – often companies' biggest security liabilities.

The post Phishing scheme shows CEOs may be ‘most valuable asset,’ and ‘greatest vulnerability’ appeared first on SC Media.

January 26, 2021

Google discloses spearphishing targeting security researchers

Depending on how widespread the compromises were, it could potentially taint some research and defensive strategies that threat intelligence firms share with businesses and other organizations.

The post Google discloses spearphishing targeting security researchers appeared first on SC Media.

January 21, 2021

Thousands of BEC lures use Google Forms in recon campaign

Researchers say they have observed thousands of messages using Google Forms to target retail, telecom, healthcare, energy and manufacturing companies in an apparent reconnaissance campaign to launch future business email compromises (BECs). The attackers used Google Forms to bypass email security content filters based on keywords, according to a blog released Wednesday by Proofpoint Threat…

The post Thousands of BEC lures use Google Forms in recon campaign appeared first on SC Media.

January 15, 2021

Surge in remotely hosted phish images? Some say it’s business as usual

In Nov. 2020 alone, company blocked 262 million emails containing malicious, remotely hosted images.

The post Surge in remotely hosted phish images? Some say it’s business as usual appeared first on SC Media.

January 12, 2021

‘I’ll Teams you’: Employees assume security of links, file sharing via Microsoft comms platform

In theory they know better. But Users naïvely trust workplace communications platforms, despite phishing and impersonation threats.

The post ‘I’ll Teams you’: Employees assume security of links, file sharing via Microsoft comms platform appeared first on SC Media.

January 7, 2021

Malspam campaign spoofs email chains to install IcedID info-stealer

A phishing campaign has been disguising its spam as an email chain, using messages taken from email clients on previously compromised hosts.

The post Malspam campaign spoofs email chains to install IcedID info-stealer appeared first on SC Media.

January 5, 2021

Fourth breach at T-Mobile puts focus on security of post mergers

T-Mobile reported a breach that compromised customer data – the company’s fourth in three years – raises questions about whether the mobile carrier’s massive merger with Sprint left the combined company more vulnerable. Indeed, when companies merge, particularly sizable ones, the integration of technology systems and networks can often introduce new security considerations. “The volume…

The post Fourth breach at T-Mobile puts focus on security of post mergers appeared first on SC Media.

January 4, 2021

From diversity efforts to pandemic recovery, workforce issues will evolve in 2021

Vaccine distribution could mean a return to offices, but most experts expect a new hybrid model to emerge. Pile that on top of the already challenging situation posed by a supposed skills gap and efforts to improve diversity, and the cybersecurity community may need to redefine workforce priorities.

The post From diversity efforts to pandemic recovery, workforce issues will evolve in 2021 appeared first on SC Media.

January 4, 2021

SC Labs product reviews: Email security

Editor’s Note: This set of reviews originally appeared in February 2020. To find out more about SC Labs, contact Adrian Sanabria at [email protected] The use of collaborative tools and technologies is on the rise with email topping the list. That explains why it faces such relentless attacks. Email communications are leveraged to keep businesses running…

The post SC Labs product reviews: Email security appeared first on SC Media.