<p>This week, APWG released its <u>findings from Q3</u> that compiles insights from their member companies and provides an analysis of how phishing is changing. The key findings from the latest report show that phishing attacks continued to rise throughout the year, 40% of BEC attacks involve domains registered by the threat actor, and now

In April 2019, we discovered new malware that compromises encrypted web communications in an impressive way. Analysis of the malware allowed us to confirm that the operators have some control over the target’s network channel and could replace legitimate installers with infected ones on the fly. That places the actor in a very exclusive club, with capa

<p><img src="https://info.phishlabs.com/hs-fs/hubfs/Green%20Pad%20Lock%20HTTPS.png?width=195&amp;name=Green%20Pad%20Lock%20HTTPS.png" alt="Green Pad Lock HTTPS" width="195" style="width: 195px; float: right; margin: 0px 10px 10px 0px;">Since 2015 there has been a steady increase in threat actors’ use of SSL certificates to add an air of legit

<p>As more of the web further embrace HTTPS and SSL certs, it’s becoming a requirement that threat actors use it, too. By the end of Q1 2019, more than half of all phishing sites have employed the use of HTTPS, <a href="http://docs.apwg.org/reports/apwg_trends_report_q1_2019.pdf">now up to 58%</a>. This is a major milestone and shows that t

<p>This week APWG released its <u>findings from Q2</u> of this year that compiles insights from their member companies and provides an analysis of how phishing is changing. This quarter's report shows that phishing attacks continue to increase, both SaaS and email service providers are prime targets, BEC attacks are focused on getting gift

It seems just about everyone has written about the dangers of online dating, from psychology magazines to crime chronicles. But there is one less obvious threat not related to hooking up with strangers – and that is the mobile apps used to facilitate the process. We’re talking here about intercepting and stealing personal information and the de-anonymi

A key theme of the recent Cybersecurity Nexus event in Washington, D.C. was the growing need for small and medium-sized businesses (SMBs) to adopt enterprise-like IT security best practices. In fact, SMBs might actually have an edge over the unrelenting competition they endure from larger enterprises because they are more proactive and nimbler in mitigating

Google continues the ongoing effort to communicate the transport security status of a given page labeling resources delivered via FTP as “Not secure” in Chrome, Last week, Google announced that future versions of Chrome will label resources delivered via the File Transfer Protocol (FTP) as “Not secure.” The security improvement will be implement

UPDATE 2/24/17, 4:30 PM PST: Researcher Hanno Böck (@hanno) has confirmed that leaked CloudFlare data was not entirely purged from multiple search engine caches ahead of the public disclosure.In April 2014, the security community was shocked with the revelation that a poorly implemented TLS extension in OpenSSL could allow attackers to easily disclose privat

Many website operators have wrestled with the decision to move all their web infrastructure to support HTTPS protocols. The upside is obvious: better protection and a more secure pathway between browser and server. Having a secure connection also makes it harder for cybercriminals to insert man-in-the-middle (MitM) or man-in-the-browser (MitB) attacks, and i

From January 2017, Chrome will indicate connection security with an icon in the address bar labelling HTTP connections to sites as non-secure. Google continues its effort to make the web a better place by pushing the adoption of encryption, we left the IT giant in May when it announced the decision to switch on default HTTPS for its free domain service prov

We're in the midst of a major change sweeping the Web: the familiar HTTP prefix is rapidly being replaced by HTTPS. That extra "S" in an HTTPS URL means your connection is secure and that it's much harder for anyone else to see what you're doing. And on today's Web, everyone wants to see what you're doing.HTTPS has been around nearly as long as the Web, but

Like many forms of encryption in use today, HTTPS protections are on the brink of a collapse that could bring down the world as we know it. Hanging in the balance are most encrypted communications sent over the last several decades. On Thursday, Google unveiled an experiment designed to head off, or at least lessen, the catastrophe.In the coming months, Goog

It’s hard to keep up with the hundreds of security-specific headlines published every week. So, we’re rounding up the top news that affect you, your business, and the security and technology industry overall. This week we explore Android vulnerabilities, stolen DNC data, and a serious scam against enterprises. Check back every Friday to learn about the lat

Google decided to switch on default HTTPS for its free domain service provider Blogspot, the migration will be easy and transparent for the users. After WordPress also Google decided to switch on default HTTPS for its free domain service provider Blogspot. The measure will impact millions of users of the popular platform. Since September 2015 Google had intr