When a company plans to make an acquisition, it should conduct a "compromise assessment" to assess whether the organization being purchased has had an undiscovered breach, says Steve Ledzian, CTO for Asia Pacific at FireEye.
Microsoft is using its legal muscle to push back against an advanced persistent threat group that is says is "widely associated with Iranian hackers." Following court approval, it is taking control of 99 website domains allegedly used by the attackers as part of an ongoing spear-phishing campaign.
A new generation of cybercriminal organizations that pair identity deception techniques with personalized, socially-engineered emails are the driving force behind rapidly-evolving, socially-engineered email threats that grow more dangerous by the day.
Businesses aren't alone in the crosshairs. Every minute of the...
Office 365 provides a solid foundation to which many organizations should add third-party solutions in order to provide higher levels of security, content management, encryption and other capabilities.
Download this Osterman Research report and learn about Office 365's:
Limitations in data loss prevention...
This Valentine's Day, authorities are once again warning individuals to watch out for anyone perpetrating romance scams. The FTC says Americans lost $143 million to romance scams in 2017, while in the U.K., Action Fraud says reported romance scam losses in 2018 topped $64 million.
Remote browser isolation eliminates both web-based threats such as drive-by-downloads and email-based attacks like phishing and ransomware. The technology removes the browsing process from the desktop and moves it to the cloud, effectively creating an "air gap" between the Internet and enterprise networks. Gartner...
Email is still the #1 attack vector the bad guys use. A whopping 91% of cyberattacks start with a phishing email, but email hacking is much more than phishing and launching malware!
Join Roger A. Grimes, KnowBe4's Data-Driven Defense Evangelist and security expert with over 30-years of experience, for this webinar...
In 2018, the Identity Theft Resource Center counted 1,244 U.S. data breaches - involving the likes of Facebook, Marriott and Exactis - that exposed 447 million sensitive records, such as Social Security numbers, medical diagnoses and payment card data.
The latest edition of the ISMG Security Report features an update on what U.S. intelligence chiefs told Congress this week about persistent nation-state cyberthreats, plus reports on evasion tactics used by cryptocurrency money launderers and what government CIOs have to say about security funding.
Airbus says it suffered a hack attack, leading to a breach of "contact and IT identification details" for at least some of its EU employees. The aerospace giant says its investigation continues and that it has notified European privacy authorities, per GDPR requirements.
The U.S. Department of Homeland Security says executive branch agencies are being targeted by attacks aimed at modifying Domain Name System records, which are critical for locating websites and services. The warning comes as security companies have noticed a rise in DNS attacks.
Cybercrime outfits appeared to take a vacation around the December holidays. But attacks involving Emotet, Hancitor and Trickbot have resurged following their December slowdown, as has the Fallout exploit kit, lately serving GandCrab ransomware.
Most companies have huge gaps in their cyber defenses, and can be compromised at will by a determined hacker. The industry even has a term for it: Assume Breach.
Join Roger A. Grimes, a 30-year computer consultant, for this webinar where he explores the latest research on what's wrong with current defenses and how...
In a case of business email compromise, Chinese hackers stole $18.6 million from the Indian arm of Tecnimont SpA, an Italian engineering company, through an elaborate cyber fraud scheme that included impersonating the firm's chief executive.