Digital Shadows

AUGUST 17, 2021

We’re talking about the email attack variety. It’s still showing up to drop ransomware and Trojans, harvest credentials, and spy on organizations like yours. Going back a bit, it was also the top attack vector in 2020, 2019, 2018, 2017, 2016, and well, hopefully, you get the picture.

Phishing 52

Phishing Accountability Social Engineering Mobile 52

Thales Cloud Protection & Licensing

OCTOBER 31, 2018

The unexplained and seemingly paranormal are actually a year-round phenomenon in IT Security. Not every ransomware potion is alike and the recovery from the electronic equivalent of a slash-and-gash malware attack can vary, depending on exactly how an attack decomposes. This year has been no exception. Ransomware. data redaction).

Ransomware 91

Ransomware Encryption Malware CISO 91

Security Affairs

MARCH 2, 2019

SI-LAB has observed that Threat Actor (TA) 505 is now spreading the infamous FlawedAmmyy remote control backdoor using an old technique that is evading AV detection. The threat is only detected later when an MSI file (Windows installer) drops and execute the first infection stage of the malware. 1 — Macro 1, in English.

Malware 85

Malware Antivirus Technology Phishing 85

Security Boulevard

OCTOBER 2, 2023

Phishing Threats Are Increasing in Scale and Sophistication Phishing remains one of the most dangerous and widespread cybersecurity threats. Phishing is now the most common initial attack vector, overtaking stolen or compromised credentials. Phishing attacks are becoming more difficult to detect.

DNS 62

DNS Phishing Social Engineering Engineering 62

Security Affairs

OCTOBER 21, 2021

Threat actors are continually looking for better ways to target organizations, here are the top five attack vectors to look out for in 2022. This article focuses on the top five attack vectors organizations should look out for and defend against in 2022. Stolen Credentials.

IoT 120

IoT Phishing Passwords Scams 120

Anton on Security

OCTOBER 18, 2023

This blog series was written jointly with Amine Besson, Principal Cyber Engineer, Behemoth CyberDefence and one more anonymous collaborator. This is our topic in this part of the blog series. So, in many cases there is an “intelligence — detection gap”, of sorts. Today, let’s explore what’s wrong (for detection, specifically!)

Engineering 130

Engineering Threat Detection Threat Reports Passwords 130

NetSpi Executives

DECEMBER 19, 2023

The debate is as fresh today as ever, especially with the saturation of solutions promising to simplify security stacks. Partners include: Kris Kocinski, Principal, Cloud Engineering at Enduir Jeff Music, CISO at ReliaQuest Harsh Thanki, Security Consultant at SecureLink Middle East 1.

CISO 105

CISO Technology Engineering Artificial Intelligence 105

Duo's Security Blog

MAY 20, 2024

In that blog, we also discussed the many ways Duo protects John, from strong authentication methods to pairing authentication with device trust policies. But what if the email never reached John, or the phishing link was blocked? We’ve now seen John’s credentials protected by Duo and his access protected by Secure Access.

Social Engineering 65

Social Engineering Engineering Authentication Phishing 65

Google Security

MAY 22, 2024

In this blog, we will analyze the modern practice of Phishing “Tests” as a cybersecurity control as it relates to industry-standard fire protection practices. These exercises typically collect reporting metrics on sent emails and how many employees “failed” by clicking the decoy link.

Phishing 40

Phishing Social Engineering Education Engineering 40

Duo's Security Blog

MARCH 28, 2023

Our documentary, “ The Life and Death of Passwords ,” explores with industry experts the history of passwords, why passwords have become less effective over time, and how trust is established in a passwordless future. Can you elaborate on how people are seen, how users are seen as the problem, and your perspective or how you feel about that?

Passwords 67

Passwords Social Engineering Phishing Technology 67

Troy Hunt

JUNE 25, 2018

Pretty much every day, I get a reminder from someone about how little people know about their exposure in data breaches. unique email addresses. You can read Mozilla's announcement of the new feature and how they plan to conduct the testing and rollout. ticketfly a heads up would have been nice.

Passwords 273

Passwords Data breaches Password Management Accountability 273

SecureList

MAY 12, 2021

As the world marks the second Anti-Ransomware Day, there’s no way to deny it: ransomware has become the buzzword in the security community. The threat may have been around a long time, but it’s changed. First, we will debunk three preconceived ideas that obstruct proper thinking on the ransomware threat.

Ransomware 129

Ransomware Encryption Malware Cybercrime 129

Duo's Security Blog

JULY 29, 2021

Part of our Administrator's Guide to Passwordless blog series See the video at the blog post. If you’re considering passwordless authentication for your organization today, you’ve probably been thinking for a while about a holistic authentication strategy. Detect anomalous user behavior and flag it for remediation.

Authentication 54

Authentication Passwords Accountability Manufacturing 54

McAfee

DECEMBER 21, 2020

Security teams, scrambling to keep pace with the work from home changes, are grappling with multiple challenges, a key one being how to protect corporate data from exfiltration and maintain compliance in this new work from home paradigm. What if they upload sensitive corporate data to a less than secure cloud service?

Accountability 92

Accountability Digital transformation Risk Encryption 92

Thales Cloud Protection & Licensing

APRIL 9, 2020

billion, are due to BEC (Business Email Compromise) frauds, also known as EAC (Email Account Compromise) crimes. The email will request a payment, wire transfer, or gift card purchase that seems legitimate but funnels money directly to a criminal. Figure 1: BEC vs Phishing Crimes. Source: FBI 2019 Internet Crime Report.

Internet 86

Internet Internet Scams Authentication 86

Security Boulevard

MAY 3, 2022

The threat group exfiltrates data prior to deploying ransomware and leaks the stolen information if a ransom is not paid. In this blog, for brevity, the Go-based BlackByte variant 1 will be referred to as BlackByte v1 and the second variant will be referred to as BlackByte v2. Initialization. Mutex Creation. Language ID.

Encryption 73

Encryption Ransomware Antivirus Backups 73

Cisco Security

AUGUST 29, 2022

In part one of this issue of our Black Hat USA NOC (Network Operations Center) blog, you will find: Adapt and Overcome. Port Security, by Ryan MacLennan, Ian Redden and Paul Fiddler. I am proud of the Cisco Meraki and Secure team members and our NOC partners. Building the Hacker Summer Camp network, by Evan Basta. Full stop.

Engineering 72

Engineering Wireless Malware DNS 72

Security Boulevard

JANUARY 2, 2024

Amidst the ever-evolving realm of enterprise security, a new year unfolds, introducing a dynamic array of emerging threats. Let's delve into the rewind of 2023, exploring five influential trends and threats that molded the cyberthreat landscape and are poised to resonate throughout enterprises in 2024.

CISO 103

CISO Social Engineering Architecture Ransomware 103