Microsoft 365 is a powerful business productivity and collaboration suite used by over 258 million users worldwide.
Download this eBook which discusses the security implications to be aware of when using Microsoft 365 and key strategies to prevent unauthorized access, protect sensitive data and files, stop malicious...
Sophisticated phishing attacks are bypassing the technologies designed to stop them. This white paper outlines the latest phishing techniques that trick users and email filters alike. Plus, see the solution for blocking the most advanced attacks, at the time of delivery and time of click.
The latest edition of the ISMG Security Report features cybercrime deterrence lessons learned from the disruption of the Emotet botnet operation. Also featured: An update on attacks tied to Microsoft Exchange flaw exploits; a discussion of the need to update business continuity plans.
Microsoft issued emergency software patches on Tuesday for four zero-day vulnerabilities in its Exchange email server. The alarming vulnerabilities could allow a remote attacker into Exchange and possibly enable further lateral movement.
Threat actors are masquerading as business tools and communication platforms to slip past perimeter controls that are programmed to block known threats. Once they make it through, human detection and threat analysis become an integral part of the process to thwart an attack.
When technologies aren’t programmed to...
French authorities are warning the country's healthcare sector of the discovery of a glut of stolen credentials, apparently belonging to hospital workers, that were found for sale on the dark web. The alert comes amid a recent rise in ransomware attacks on hospitals and other healthcare entities.
Since SEGs are missing so many phish, there’s a good chance other technologies - firewalls, anti-virus, and EDR - also aren’t spotting these threats. Such gaps can leave you vulnerable for hours or even days.
Bottom line: you can’t rely on SEGs alone. They’re the first line of defense, not the last...
Why are polymorphic attacks more successful? A campaign that lacks uniformity doesn’t look like a campaign and makes it difficult for security operators to keep rules up to date at the gateway. For many cybersecurity teams who lack bandwidth, finding the full scope of a polymorphic attack to quarantine is...
Phishing is one of the most costly, invasive, and sinister forms of cyberattack, costing victims over $26B over the last 3 years. And, these attacks continue to become more sophisticated, impersonating your colleagues, trusted clients, business partners and online collaboration tools.
In order to protect...
Fraudsters are using Google forms to target retail, telecom, healthcare, energy and manufacturing companies in an apparent reconnaissance campaign to identify targets for a possible follow-up business email compromise attack.
Researchers at the security firm Proofpoint are tracking several fraud schemes leveraging COVID-19 vaccine-themed emails. The schemes include business email compromise scams, messages with malicious attachments and phishing emails designed to harvest credentials.
Ransomware gangs entered 2020 with a full and dangerous set of weapons at their disposal and then rolled out additional tools such as extortion and new distribution methods, a trend that is expected to continue into 2021.
The only way to combat against phishing, SMiShing, and vishing respectively is to shore up our frontline defense: the end users.
Download this report and learn how to:
Test users with PhishProof at least once a month to drive lower click-rates whether through popcorn or standard campaigns styles;
Interpol, Nigerian law enforcement agencies and security firm Group-IB have collectively uncovered a massive Nigerian business email compromise gang that was active across more than 150 countries. Three suspected members have been arrested in Nigeria.
COVID-19 accelerated everything else digital; why not fraud, too? In this latest CEO/CISO panel, cybersecurity leaders talk frankly about the pace and scale of new fraud schemes from business email compromise to card not present to insider risk.