November 02, 2015
A new report analyzed Cryptowall 3.0 ransomware attacks and found that it may have cost victims $325 million and that money may be going to a single source.
October 23, 2015
News roundup: Google to implement strictest DMARC policy in anti-phishing campaign. Plus: CISA is coming, the health care industry is lagging and SHA-1 is failing.
October 16, 2015
News roundup: FBI issues a public service announcement about EMV chip-and-signature cards. Plus: bumper crop of OS X malware in 2015; phishing sites with authenticated certificates and more.
September 25, 2015
News roundup: More fingerprint records were stolen during the OPM breach than originally reported. Plus: the $1 million iOS bounty; DHS CISO calls for harsher phishing policies; Safe Harbor in hot water.
Phishing Get Started
Bring yourself up to speed with our introductory content
Using passwords to authenticate users has a long and troubled past. Expert Rob Shapland explains how open standards such as FIDO, SAML and OpenID can help solve the woes surrounding user authentication in the cloud. Continue Reading
Complying with PCI penetration testing mandates has always been a challenge for enterprises. Expert Kevin Beaver discusses the recently released PCI SSC pen testing guidance and how it can help enterprises overcome their PCI woes. Continue Reading
Expert Ed Tittel offers an overview of Symantec DeepSight Security Intelligence service, which provides organizations with information and alerts on today's IT threats. Continue Reading
Evaluate Phishing Vendors & Products
Weigh the pros and cons of technologies, products and projects you are considering.
Lethal threats to enterprise information security are emerging from every which way. This ISM Insider Edition looks at what security professionals are up against: state-sponsored attacks, the rise of hacking via social media, and the spread of small, relatively autonomous devices with sensors and networking chips.
Besides the need to watch out for attacks from China, North Korea and other nations, today’s security pros must beware of the individual hacker, who has become more potent. Blended threats and improvements to man-in-the-middle exploit kits have made malware more available to less-skilled cybercriminals who can now launch drive-by attacks with just a few mouse clicks. Continue Reading
Global threat intelligence services can be part of your security arsenal, but to prevent phishing and other threats basic defenses like strong passwords are vital too. Continue Reading
The cyberthreat landscape grows more dangerous by the day. Harvey Koeppel offers a 12-point cybersecurity checklist for CIOs. Continue Reading
Learn to apply best practices and optimize your operations.
Data breaches continue to threaten businesses, but companies are turning to data analytics to help identify vulnerabilities and make cybersecurity risk management more efficient. Continue Reading
In this Q&A, a network engineer at the Rochester Institute of Technology explains his favorite weapons against network threats: user education and vulnerability scanning. Continue Reading
Attackers have found a loophole in SPF verification and are using the .gov top-level domain to trick users with phishing emails. Expert Nick Lewis explains how to defend against the threat. Continue Reading
Problem Solve Phishing Issues
We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.
A new global email scam has cost enterprises millions. Expert Nick Lewis explains how to defend against man-in-the-email attacks with proper training and little technology. Continue Reading
Researchers estimate that 70% of organizations will have implemented virtual servers by the end of 2015, representing a tipping point in enterprises’ adoption of virtualization. Virtual machines (VMs) must be protected from malware like other systems but attackers are coming up with new ways to avoid detection and analysis. Security researchers have long used VMs to isolate and analyze malware, which has led to the misconception that malware disappears once it detects a VM. We look at how malware is adapting to virtual networks, and at the tools and processes that can help organizations secure these environments.
Meanwhile, rogue activity of insiders continues to surprise Fortune 1000 companies. According to some studies, 80% of cybersecurity breaches are aided and abetted by insiders. Yet many CIOs continue to remain skeptical about investments in employee cybersecurity awareness training. New technologies now focus on user credentials, employee actions and behavior analytics. We look at the security culture in today's organizations and effective strategies to improve visibility, policy and prevention of insider threats.
A new class of endpoint threat detection products is designed to improve visibility across endpoints, hunt for threats, automate incident response and cut down on false alerts overwhelming security teams. How do they work? We interview CSOs who have invested in endpoint defense and remediation tools and share their views on the pros, cons and common deployment scenarios. Continue Reading
Phishing attacks are adopting new functionality to avoid detection, including the use of proxy programs to simplify the attack process. Learn how to defend against this type of risk. Continue Reading