The biggest hurdle for implementing DANE lies with DNSSEC. Granted, setting up DNSSEC can be daunting, but the reward of a much higher level of DNS security can make it worth the effort.
Researchers spotted the operators of the Aggah campaign exploiting Bit.ly, BlogSpot and Pastebin to spread variants of the RevengeRAT malware in the Middle East, Asia, Europe and the U.S.
Researchers observed variants of the Emotet Trojan injecting themselves into existing email conversations as a means of distributing malicious links.
Researchers have discovered evidence of a threat group named London Blue, a U.K.-based collective that focuses on CFOs at mortgage companies, accounting firms and some of the world's largest banks.
Researchers identified a new email scam using seemingly legitimate BBC News webpages to reroute user clicks and generate bitcoin.
Trickbot has formed a partnership with another banking Trojan, IcedID, to help distribute each other's malware more widely — and possibly co-develop new capabilities.
New Incident Response Study Reveals More Than Half of Attackers Use Social Engineering to Target Organizations
A new study on incident response revealed that more than half of external attackers use social engineering in targeted campaigns against organizations in various sectors.
In recent months, security researchers have identified Punycode attacks as part of malvertising and phishing campaigns targeting both individual users and major email providers.
Security vulnerabilities stemming from improper handling of non-ASCII characters in email headers could enable fraudsters to launch spoofing attacks.
A new spear phishing campaign leverages a series of malicious emails to target and compromise Russian-speaking enterprises via hidden backdoors.