Security professionals and managers are increasingly concerned that the leading information security risk to organizations comes from within. But despite the sinister overtones of this problem, insider threats are associated more with accidents and oversights than malicious actors. The danger is amplified by shortfalls in training and expertise, and the ch

Ransomware has hit the news again in the UK today only a few short weeks since the WannaCry outbreak crippled the National Health Service. This time University College London (UCL) was hit by a ransomware strain which has resulted in them having to take down parts of their network to stop infected machines harming key university data. Credit to UCL for what

In late 2016, the Kaspersky Lab Industrial Control Systems Cyber Emergency Response Team (Kaspersky Lab ICS CERT) reported on phishing attacks that were primarily targeting industrial companies from the metallurgy, electric power, construction, engineering and other sectors. As further research demonstrated, this was just part of a bigger story that began mu

Cyber-attacks cost companies millions of euros each year. A high price to pay which, according to a study conducted by Google’s Research Team, is not only due to the growing sophistication of the strategies and tools used by cyber-crooks, but also to the huge number of threats in circulation. Researchers examined over 1 billion email exchanges via Gmai

Over the previous weekend, social networks were hit with a wave of posts that falsely claimed that major airlines were giving away tickets for free. Users from all over the world became involved in this: they published posts that mentioned Emirates, Air France, Aeroflot, S7 Airline, Eva Air, Turkish Airlines, Air Asia, Air India, and other companies. We cann

Oversharing your travel plans can put you, your colleagues, your corporate data systems, your property and even your loved ones at risk. Similarly, announcing to the world that your home is vacant obviously increases the odds of a break-in, so what happens to your corporate laptop or personal devices containing corporate data that you leave at home? Furthe

All Hands to the Pump (and Dump) Posted by David Harley on April 19, 2017.A few years ago, even before I started working directly with vendors in the security industry, ‘Pump and Dump’ scams were a major nuisance. Here’s a description from a paper Andrew Lee and I wro

Is the Media Able to See the Difference Between Fake, Real and Tampered Leaks? Since President Donald Trump became POTUS, he has been accusing reputable sources of information such as BBC, NY Times, NBC News and CNN for being ‘fake news’. However, every single person, who has ever had to deal with these outlets, especially with publications such as BBC

One of the most common methods cybercriminals use to deliver phishing and malware to unsuspecting users is compromising legitimate websites, such as those hosted on WordPress, to house their own malicious content for free. The URLs of compromised sites used for phishing attacks reach users through spam emails, allowing security professionals to keep track of

Many years ago, one of the world’s most popular hacker Kevin Mitnick explained in his book “The Art of Deception” the power of social engineering techniques, today we are aware that social engineering can be combined with hacking to power insidious attacks.Let’s consider for example social media and mobile platforms; they are co

Section 1. About phishingPeople all over the world get phishing emails on a daily basis. Email inboxes are full of suspicious requests to confirm bank transactions, respond to social media messages, reply to soldiers serving in war zones, and receive inheritances from unknown relatives residing overseas.Phishing is an illegitimate fraudulent practice c

Today’s phish blog breaks our format a bit so we can bring you lots of examples. Enjoy. And then get protected! Phishing is prevalent because it works. Even savvy users can be tricked into opening the wrong emails. I’ve seen a couple of clear examples of this recently. The first is one that quite convincingly mimics the invoice emails from a fairly sig

Hackers broke into the system of the technology provider DocuSign and accessed customers email addresses. The experts warn of possible spear phishing attacks. The Electronic signature technology provider DocuSign suffered a data breach, hackers have stolen email addresses from one of its servers. On Monday the company informed its customers of the data breac

If you’re a member of my generation living in the U.S., you may remember the Bubble Boy. His story grabbed the national consciousness and was made into a TV movie featuring John Travolta. It was a sad tale of how a boy with a severe immune deficiency was forced to live his life inside a plastic bubble to protect him from pathogens. A single breach of t

On Wednesday afternoon, social media flooded with news of a new Phishing attack targeting users of Google Docs. The attack was quick, smart on getting the victim to grant permissions Google Docs by scattering to the victim’s contacts.Fortunately, the attack did not last long, thanks to the efforts of thoughtful users, Google, and Cloudflare.Offic