Email and Messaging Threats spam phishing instant messaging
- March 27, 2020
This episode of the Risk & Repeat podcast looks at how social engineering attacks have become more successful by taking advantage of the coronavirus pandemic.
- March 11, 2020
Microsoft, BitSight and other partners used legal and technical steps to take control of one of largest botnets in the world that infected more than 9 million systems.
- March 05, 2020
Business email compromise and email account compromise attacks are increasing and evolving. To keep up with threat actors, Proofpoint says a new approach is required.
- September 11, 2019
On the same day that 281 suspects were arrested in business email compromise stings, the FBI said worldwide losses from BEC attacks reached $26 billion over the last three years.
- July 17, 2019
Despite efforts to flag spoofed domains imitating Best Buy, the sites are still active on e-commerce platforms like Shopify and GearLaunch, which have not taken them down.
- July 02, 2019
According to new research, phishing kit providers are increasingly using popular cloud services to host their malicious links in an effort to conceal them from detection.
- May 08, 2019
The 2019 Verizon Data Breach Investigations Report showed significant increases in cyberespionage and nation-state activity. It also painted a gloomy picture for email threats.
- May 01, 2019
Why worry over Huawei? A U.S. ban of this Chinese company's products should remind CISOs that now is the time to consider security issues related to the rollout of the 5G network.
- April 26, 2019
According to the FBI's 2018 Internet Crime Report, business email compromise attacks are on the rise. Security experts highlight how BEC scams are evolving.
- December 06, 2018
A security company was brought in to investigate a National Republican Congressional Committee breach from April, but little is known about the NRCC email theft.
- December 05, 2018
Kevin Tolly of the Tolly Group offers a look at how his company set out to test several email security products and the challenges it faced to come up with sound methodologies.
- July 31, 2018
The deadline for full DMARC implementation in U.S. government-owned domains is less than three months away, and only half of the domains have the correct policy in place.
- July 27, 2018
News roundup: A LifeLock vulnerability exposed the email addresses of millions of customers. Plus, Amazon's Rekognition misidentified 28 members of Congress as criminals, and more.
- June 28, 2018
The EFF's new STARTTLS Everywhere initiative aims to secure email as it transits the internet between mail servers to prevent mass surveillance, as well as email spoofing.
- June 15, 2018
News roundup: Following a vote by the European Parliament to implement a Kaspersky ban in the EU, Kaspersky announced it would halt ties with the No More Ransom project and Europol.
- June 15, 2018
U.S. federal agencies worked with international law enforcement in Operation Wire Wire to find and prosecute alleged cybercriminals conducting business-email-compromise scams.
- May 24, 2018
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the Efail vulnerabilities in PGP and S/Mime protocols, as well as the rocky disclosure process for the flaws.
- May 18, 2018
News roundup: Telegrab malware enables hackers to grab encryption keys and browser credentials from Telegram sessions. Plus, DHS released its new cybersecurity strategy, and more.
- May 17, 2018
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the rise in business email compromise activity based on new data from the FBI's 2017 Internet Crime Report.
- May 16, 2018
The Efail disclosure process was one day away from completion, but attempts to generate hype for the vulnerabilities led to details leaking earlier than researchers intended.
- May 14, 2018
The messy disclosure of the Efail flaws raised questions about the security of email encryption, while experts said S/MIME may be more at risk than some PGP implementations.
- May 14, 2018
Verizon's Data Breach Investigations Report indicates an increase in ransomware while the FBI's Internet Crime Report shows a downward trend, with business email compromise on the rise.
- April 30, 2018
Proofpoint research shows that while phishing attacks now require victims to take more steps, the success rate for such attacks hasn't declined and enterprises are still on the defensive.
- April 26, 2018
SecureWorks researchers uncovered an extensive business email compromise campaign targeting the maritime shipping industry, which may have cost organizations millions of dollars.
- February 23, 2018
News roundup: Hackers once again used SWIFT-based attacks to steal millions from Russian and Indian banks. Plus, hackers used an L.A. Times website for cryptojacking, and more.
- February 14, 2018
Kaspersky Lab disclosed a zero-day vulnerability in Telegram that the security vendor says was abused by Russian cybercriminals in a cryptomining malware campaign.
- August 31, 2017
An email leak containing 711 million records was found in a breach of a spambot list stored in the Netherlands and included both addresses and passwords used to access email accounts.
- July 27, 2017
Karla Burnett of Stripe presented sobering results of phishing research from her company at Black Hat 2017, suggesting phishing training is ineffective against today's threats.
- May 05, 2017
News roundup: Attackers exploit SS7 vulnerability and drain bank accounts. Plus, Trump signs government IT executive order, an Intel AMT flaw threatens millions and more.
- May 04, 2017
A Google Docs phishing attack abused OAuth to give malicious actors full access to a victim's Gmail account and contacts, but Google claims to have blocked the attacks.
- March 23, 2017
Research shows DV certificates can be a prime target for phishing and malware operators, but experts are unsure how certificate authorities should deal with the issue.
- January 17, 2017
Researchers saw a Gmail phishing campaign in the wild using clever tricks to access accounts including a difficult 2FA bypass only possible in real time.
- November 11, 2016
A rash of spear-phishing attacks by Russian hacker groups were seen following the presidential election this week, but antivirus and malware detection has been failing enterprises.
- November 11, 2016
Roundup: Russia-based APT group Pawn Storm expands spear-phishing attacks after Google's disclosure of a Windows zero-day. Plus, OpenSSL updates, IoT security and more.
- October 21, 2016
Malicious links from the DNC hacker group were responsible for account takeovers and leaked emails from the Clinton campaign chairman and Colin Powell.
- August 26, 2016
Intel and Kaspersky cooperate with authorities to snuff out Wildfire with a ransomware decryption tool and end the threat from a $79,000 per month campaign with over 5,000 victims.
- June 27, 2016
Hit by a ransomware attack, a NASCAR race team paid to restore data worth millions, then called on Malwarebytes to secure their systems -- and Malwarebytes joined up as a sponsor.
- June 02, 2016
IBM reports 30 'bug poaching' cyber extortion attacks in the past year, as black hat hackers aim to "help" enterprises by exploiting SQL injection vulnerabilities.
- May 11, 2016
Representatives in Congress have received a ransomware warning following an increased number of attacks perpetrated via phishing schemes.
- March 25, 2016
A series of ransomware attacks have been reported at hospitals in the U.S. and Canada, leading to experts recommending automated backup for enterprises.
- March 02, 2016
Sophos' James Lyne warns that cybercriminals are becoming more effective, thanks to document-based malware and advanced social engineering techniques.
- October 26, 2015
The Dridex malware has made a return, and attackers are once again using botnets to send the Trojan to banks, despite the Department of Justice making high-profile arrests last month.
- October 23, 2015
News roundup: Google to implement strictest DMARC policy in anti-phishing campaign. Plus: CISA is coming, the health care industry is lagging and SHA-1 is failing.
- October 20, 2015
CIA Director John Brennan had his email hacked multiple times, and the hacker found that Brennan stored potentially sensitive information in his AOL email account.
- October 20, 2015
It's important for online users to understand social media risks and the caution they should use when sharing personal information online.
- September 25, 2015
News roundup: More fingerprint records were stolen during the OPM breach than originally reported. Plus: the $1 million iOS bounty; DHS CISO calls for harsher phishing policies; Safe Harbor in hot water.
- September 21, 2015
For the first time, a large amount of iOS malware has made it past Apple's App Store security controls, potentially affecting hundreds of millions of users.
- August 27, 2015
A new report breaks down the potential costs associated with a phishing breach and claims that phishing training could cut those costs by as much as $1.8 million.
- August 14, 2015
News roundup: Government email security got pummeled this week with news of hacks, breaches, unlabeled classified data and spying. Plus: Hacking a Corvette via text; Android sandbox bypass flaw; Oracle CSO blogs against reverse-engineering.
- March 24, 2015
Antivirus vendor F-Secure discovered BandarChor, a type of ransomware based on an existing malware family.
- March 13, 2015
News roundup: Hillary Clinton's decision to use a private email domain and server has created a firestorm over her email security mistakes. Plus: OpenSSL audit, Blue Coat acquisition, more Equation details emerge.
- March 04, 2015
Reporting by The New York Times notwithstanding, it appears to this non-lawyer that Hillary Clinton probably didn't break any laws by using a personal email account to conduct state business. But ...
- February 24, 2015
Macro viruses haven't been popular since the early 2000s, but recent malware discoveries indicate that macro-infected Word and Excel files are on the rise.
- February 23, 2015
A new study finds that enterprises, especially healthcare companies, are slow to adopt the DMARC email authentication standard, making them vulnerable to malicious emailers.
- February 13, 2015
News roundup: While data sharing can boost intelligence and improve security, recent events show the benefits don't always outweigh the pitfalls. Plus: Chip-enabled POS systems coming quickly; MongoDB databases exposed; sophisticated phishing scams.
- January 30, 2015
News roundup: YouTube announced it has stopped using Flash by default in favor of HTML5. Is this the long-awaited end for Flash? Plus: Java was the riskiest software in 2014; BEC scam cost $215 last year; NFL data interceptions.
- November 07, 2014
News roundup: Open Wi-Fi allegedly aided a fugitive in evading authorities, highlighting Wi-Fi hotspot risks as ISPs including Comcast turn residential gateways into hotspots. Plus: Google's nogotofail tool; messaging apps fail EFF security review; ...
- August 09, 2013
Lavabit and Silent Circle, both providers of secure communications for the consumer market, close under threat of U.S. government meddling.
- April 16, 2013
Emerging enterprise antiphishing tools use testing, training to help users recognize bogus messages, addressing a long-standing defensive pain point.
- November 29, 2012
Malicious file attachments are typically used as the payload, according to a report issued this week by Trend Micro.
- November 26, 2012
Mixing business and personal email accounts has serious drawbacks, as well as consequences on IT teams managing data integrity.
- October 18, 2012
Spammers have spoofed shortened URLs designed to validate redirects to several states including California, Iowa, Indiana and Vermont.
- September 04, 2012
Social engineering tactics often involve email attachments targeting various industry sectors, says the security firm.
- July 18, 2012
James Philput of Information Assurance Professionals will explain how social engineering training can instill security awareness into end users.
- June 14, 2012
A spear phishing campaign contains a message about industrial control systems security and a malicious .pdf file that downloads malware to steal data.
- January 30, 2012
DMARC creates an authentication loop that could help people determine the legitimacy of an email.
- August 30, 2011
A new survey from whitelisting vendor Bit9 found many firms are relying on the honor system to prevent unauthorized downloads.
- April 05, 2011
At least 50 banks, retailers and other firms are affected by a major email breach at a Texas-based data management firm that provided marketing email services.
- February 18, 2011
Phishing's not going away any time soon, but clear communication and cooperation between organizations sending emails to their customers and the webmail providers that filter those emails can help cut down on the number of phishing attempts that hit...
- February 16, 2011
While security pros should be concerned with the decreasing efficacy of signature-based antivirus, employee threats should warrant increasing attention.
- February 15, 2011
A prominent encryption expert at the annual cryptographer's panel at RSA Conference 2011 said poorly implemented encryption deployments are being stymied by employee errors.
- February 14, 2011
Commtouch calls its new All-In-One security client a "triple play" of messaging security, Web security and antivirus.
- December 21, 2010
Microsoft has pulled a non-security update to Outlook 2007 after customers complained of connection and performance issues when the automatic update was applied to company machines.
- September 08, 2010
Cybercriminals are dumping the traditional email phishing campaigns for social networks, where it's easier to social engineer attacks and gain trust of users.
- March 04, 2010
Health care organizations say medical identity fraud is on the rise and they're boosting their online security with anti-fraud measures used in the banking industry.
- March 02, 2010
A study of 419 advanced fee fraud messages found many of them may be coming from cybercriminals in Eastern Europe and Asia.
- March 02, 2010
At the 2010 RSA Conference, Scott Charney, Microsoft's top Trustworthy Computing executive, discussed the software giant's new approach to botnet protection, detailed its new identity management technologies and explained why cloud computing risks ...
- February 26, 2010
Federal judge grants Microsoft the ability to shut down hundreds of domain names tied to the Waledac botnet.
- January 13, 2010
Up to 33 Silicon Valley tech firms, financial companies and government contractors have been breached by a sophisticated attack believed to have originated in China.
- December 07, 2009
Cybercriminals target Yahoo and other hosting services using a new phishing campaign to hijack accounts and commit bank fraud.
- October 15, 2009
IT organizations can take a lesson from marketers by sending three phishing education emails to users before the holiday season.
- October 13, 2009
The acquisition broadens Barracuda's delivery model for URL filtering and securing Web applications through software as a service (SaaS) and hybrid approaches.
- October 07, 2009
Two American Banks were targeted in an International scheme that had U.S.-based runners funneling pilfered funds to phishers in Egypt.
- September 15, 2009
Attackers target a background Web services authentication application used by ISPs and Web applications to authenticate users.
- June 08, 2009
The shutdown of 3FN.net disrupted the Cutwail Botnet and may have reduced global spam volumes by 15%. But spam levels are expected to increase to pre-shutdown levels, experts say.
- April 30, 2009
Spammers are taking advantage of the swine flu outbreak to trick users into giving up their email address, open a malicious PDF file and even buy a cure.
- March 19, 2009
Experts praise the IE 8 security features, but say browser makers have a long way to go in preventing the browser from being a hacker's favorite mode of attack.
- March 03, 2009
New hosted and hybrid services for its IronPort appliances takes Cisco Systems one step closer to a Software-as-a-Service model for email security.
- January 08, 2009
Two security researchers say that most phishers fail to earn big money for their work.
- November 20, 2008
IBM's ISS division said consumers and businesses face increased security risk as cybercriminals take advantage of the holiday season with phishing and malware laden USB sticks.
- November 14, 2008
Increased cooperation among security researchers and ISPs are resulting in victories against spammers and botnet operators. But, cybercriminals move to new spots on the Internet.
- November 05, 2008
An expert on cybercrime and online scams, Derek Manky, is one of the members of the Fortiguard research team. In this interview, he talks about the threats from online organized crime and social networking sites and whether cooperation is improving ...
- October 17, 2008
Researchers at CA said the malicious program tries to trick users into downloading a fake spyware removal tool. Only a few differences help distinguish it from a legitimate one.
- September 22, 2008
McAfee announces its intention to acquire Web and network security company Secure Computing for $465 million.
- July 31, 2008
Two researchers call Extended Validation (EV) SSL certificates a Band-Aid approach, and share their research of the phishing underground.
- May 27, 2008
The market is hindered by multiple standards and deployment options, analyst says.
- May 20, 2008
In addition to monitoring email as a result of an investigation, companies are hiring people to audit content in outgoing messages, according to a new survey.
- April 22, 2008
Researchers are tracking new phishing methods that steal a victim's information and spread a Trojan designed to pilfer even more data.
- April 07, 2008
The Kraken botnet is twice the size of the Storm Trojan and exists to spread massive amounts of spam.
- March 11, 2008
Spammers have created large numbers of Gmail accounts by sneaking around the CAPTCHAs designed to block automated sign-up tools, according to a new report.