Problem solve

Email and Messaging Threats spam phishing instant messaging

• How were attackers able to bypass 2FA in a Reddit breach?

  Reddit announced a breach after users were socially engineered and attackers bypassed 2FA protocols. Discover how this attack was possible and how sites can avoid falling victim. Continue Reading

• How can U2F authentication end phishing attacks?

  By requiring employees to use U2F authentication and physical security keys, Google eliminated phishing attacks. Learn how the combination works from expert Michael Cobb. Continue Reading

• How are tech support scams using phishing emails?

  Threat actors are using phishing email campaigns to fool users with tech support scams and fake Blue Screens of Death. Learn how these campaigns work with expert Nick Lewis. Continue Reading

• Botnet attacks are evolving; your defenses must too

  Botnets are evolving and will continue to plague organizations. There is no one tool that will be sufficient, so it’s time to layer your anti-botnet defenses. Continue Reading

• Get the best botnet protection with the right array of tools

  Enterprise anti-botnet defenses, to be effective, must be added in multiple layers. No single security product will do the trick, but the right combo of tools can. Continue Reading

• PGP keys: Can accidental exposures be mitigated?

  The accidental publication of an Adobe private key could have put the company in jeopardy. Matt Pascucci explains how it happened and how to better protect PGP keys.Continue Reading

• Libpurple flaw: How does it affect connected IM clients?

  The libpurple library contains a code execution vulnerability that affects the IM clients that were developed using it. Expert Michael Cobb explains how the flaw works.Continue Reading

• How did flaws in WhatsApp and Telegram enable account takeovers?

  Flaws in WhatsApp and Telegram, popular messaging services, enable attackers to break encryption and take over accounts. Expert Michael Cobb explains how the attacks work.Continue Reading

• How can users protect themselves from the DocuSign phishing email?

  A DocuSign phishing email with a link to a malicious Word document recently targeted the company's users. Expert Judith Myerson outlines six ways to avoid this type of attack.Continue Reading

• How can users identify phishing techniques and fraudulent websites?

  A Gmail phishing attack brought users to fake login pages designed to look like Google's. Expert Nick Lewis explains how users can prevent similar phishing attacks.Continue Reading

• Embedded malware: How OLE objects can harbor threats

  Nation-states have been carrying out attacks using RTF files with embedded malware. Expert Nick Lewis explains how OLE technology is used and how to protect your enterprise.Continue Reading

• The Apple Notify flaw: How does it allow malicious script injection?

  Flaws in the Apple Notify function and iTunes can enable attackers to inject malicious script into the application side. Expert Michael Cobb explains how these vulnerabilities work.Continue Reading

• How can customer service staff spot social engineering email attacks?

  Social engineering emails targeted at customer service staff have led to the spread of the August malware. Expert Nick Lewis explains how to identify and mitigate these attacks.Continue Reading

• Why did the PHPMailer library vulnerability have to be patched twice?

  After a remote code execution flaw in PHPMailer was patched, the problem persisted, and had to be repatched. Expert Michael Cobb explains how the critical vulnerability works.Continue Reading

• How does Nemucod malware get spread through Facebook Messenger?

  The Nemucod downloader malware is being spread through Facebook Messenger disguised as an image file. Expert Nick Lewis explains the available protections against this attack.Continue Reading