Cloud Security April 4, 2023

New Generation of Phishing Hides Behind Trusted Services

4 min read - The days when email was the main vector for phishing attacks are long gone. Now, phishing attacks occur on SMS, voice, social media and messaging apps. They also hide behind trusted services like Azure and AWS. And with the expansion…

Risk Management March 31, 2023

Is It Time to Start Hiding Your Work Emails?

3 min read - In this digital age, it is increasingly important for businesses to be aware of their online presence and data security. Many companies have already implemented measures such as two-factor authentication and strong password policies – but there is still a…

Risk Management February 13, 2023

Avoid Being a Downstream Victim of Service Provider Attacks

4 min read - Attacks on service providers are mounting — and so are downstream victims. Earlier this year, some customers of the cloud service provider DigitalOcean received emails instructing them to reset their passwords. These users hadn’t actually forgotten their passwords — their…

News January 23, 2023

Alleged FBI Database Breach Exposes Agents and InfraGard

4 min read - Recently the feds suffered a big hack, not once, but twice. First, the FBI-run InfraGard program suffered a breach. InfraGard aims to strengthen partnerships with the private sector to share information about cyber and physical threats. That organization experienced a…

News November 2, 2022

UK Health System Email Accounts Hijacked to Steal Microsoft Logins

2 min read - Last summer, I noticed password reset notices in my email account that I didn’t send. I quickly realized that I was the victim of an account takeover. This happens when someone illegally gains access to your account, typically through compromised…

News November 10, 2021

Phishing-as-a-Service: Research Exposes BulletProofLink Gang

2 min read - It’s a growing trend among attackers to offer their products as a service, just as regular companies do. In September, Microsoft researchers found that the BulletProofLink phishing-as-a-service (PhaaS) enterprise was taking this to the next level. It comes with over…

Incident Response October 22, 2021

How the 2011 DigiNotar Attacks Changed Cybersecurity for the Next Decade

4 min read - The DigiNotar attack in 2011 set itself apart because it was an attack on the cybersecurity industry itself. Most attacks are on a single company. But this one shook trust in cybersecurity tools and how users decide whom to trust…

News June 21, 2021

New Buer Malware Loader Spread Through DHL Scam Email

2 min read - Digital attackers are using fake DHL shipping emails to trick recipients into opening a malicious Microsoft Office document. According to Proofpoint, the DHL scam email leads to an infection of ‘RustyBuer,’ a new variant of the Buer Loader malware family…

Data Protection May 21, 2021

Taking Time Off? What Your Out of Office Message Tells Attackers

3 min read - As more people are vaccinated and free to live a more normal life again, vacation plans, trip pictures and conference hashtags will flood social media sites. Phone calls and emails to colleagues will be met with out of office (OOO)…

Intelligence & Analytics April 20, 2021

‘Inbox Zero’ Your Threat Reports: How to Combat Security Alert Fatigue

3 min read - At best, a new cybersecurity alert should trigger immediate action. But we all know in practice that work is not always clear cut. A new alert can find itself as just the latest un-addressed number in the inbox. In an…