Cloud Security April 4, 2023

New generation of phishing hides behind trusted services

4 min read - The days when email was the main vector for phishing attacks are long gone. Now, phishing attacks occur on SMS, voice, social media and messaging apps. They also hide behind trusted services like Azure and AWS. And with the expansion…

Risk Management March 21, 2023

OneNote, many problems? The new phishing framework

4 min read - There are plenty of phish in the digital sea, and attackers are constantly looking for new bait that helps them bypass security perimeters and land in user inboxes. Their newest hook? OneNote documents. First noticed in December 2022, this phishing…

News February 20, 2023

Ukraine cyber war drags on with stealers, trojans and more

4 min read - Technical and non-physical attacks have always been a part of modern warfare. During World War II, the Allies used advanced cryptanalysis to decrypt encoded messages sent by the Axis powers using the Enigma ciphering system. Led by Alan Turing, this…

Risk Management January 24, 2023

Too much caffeine? Phishing-as-a-Service makes us jittery

2 min read - Recently, investigators at Mandiant discovered a new software platform with an intuitive interface. The service has tools to orchestrate and automate core campaign elements. Some of the platform’s features enable self-service customization and campaign tracking. Sounds like a typical Software-as-a-Service…

Identity & Access January 24, 2023

An IBM hacker breaks down high-profile attacks

5 min read - On September 19, 2022, an 18-year-old cyberattacker known as “teapotuberhacker” (aka TeaPot) allegedly breached the Slack messages of game developer Rockstar Games. Using this access, they pilfered over 90 videos of the upcoming Grand Theft Auto VI game. They then…

News January 11, 2023

Read carefully: The dangers of Punycode and typosquatting

4 min read - Many phishing attacks pose as banks, and their efforts can be quite convincing. Everything in the email might look official, including the logo. But if you carefully examine the sender’s address, you can see it’s from an imposter. Now threat…

Intelligence & Analytics December 29, 2022

The 13 costliest cyberattacks of 2022: Looking back

5 min read - 2022 has shaped up to be a pricey year for victims of cyberattacks. Cyberattacks continue to target critical infrastructures such as health systems, small government agencies and educational institutions. Ransomware remains a popular attack method for large and small targets…

Risk Management August 25, 2022

Black hat SEO: Is someone phishing with your site domain?

5 min read - Search engine optimization (SEO) is a long game. Improving your website to rank higher on search engine results pages helps you attract more traffic. Plus, it helps build a trustworthy reputation. But, some people want to take shortcuts by using…

Risk Management August 5, 2022

Fishy Business: What Are Spear Phishing, Whaling and Barrel Phishing?

4 min read - For threat actors, phishing embodies the holy trinity of goals: easy, effective and profitable. It’s no wonder that the 2022 X-Force Threat Intelligence Index reports that phishing was the top method used by attackers to breach an organization. Of all…

News July 6, 2022

Bulk email theft may point to Russian espionage

2 min read - Cybersecurity researchers recently identified a threat group with a possible Russian connection that targets corporate email environments. At first, the researchers thought the UNC3524 gang mostly sought money, as do many ransomware attacks. A deeper look at the group’s actions,…