Researchers report that because of increased use of multifactor authentication, attackers are developing phishing kits that steal tokens and bypass this trusted layer of security, enabling them to "man in the middle" a browser session and steal credentials and session cookies in real time.
In 2021, there were 1,862 data compromises - a 68% increase over 2020, according to the Identity Theft Resource Center's Annual Data Breach Report. "In this past year, there were more cyberattack-related data breaches than there were all forms of data breaches in 2020," says ITRC COO James E. Lee.
North Korean advanced persistent threat group Lazarus - an entity sanctioned by the U.S. and the United Nations - has emerged with a fresh spear-phishing campaign that exploits Windows Updates to execute a malicious payload, using GitHub as a command-and-control server.
In the first of a planned series of articles looking at strategies that have helped her and her teams over the years to not just survive a stressful environment, but thrive in it, cybersecurity executive and CyberEdBoard executive member Kerissa Varma offers this: Be a human, not a terminator.
"Email security doesn't get the attention it deserves" because "phishing is not going away and is not getting any less," says Jess Burn, a senior analyst at Forrester. She shares best practices for phishing prevention.
As ransomware attacks continue to pose a significant threat to enterprises and individuals, "We will keep banging the message that basic cyber hygiene makes a big difference to lots of people," says Andy Bates of the Global Cyber Alliance. He also discusses the alliance's top priorities for 2022.
Threat actors have attempted to steal two-factor authentication codes from users of Australian cryptocurrency exchange CoinSpot, researchers say. The codes would help attackers perform "potentially unauthorized withdrawals from individual accounts," say analysts at Cofense Phishing Defense Center.
A new Microsoft Teams feature makes it possible for employees to communicate with people outside the organization and vice versa through Teams. Security researchers believe the new update potentially opens up avenues for threat actors to target organizations through phishing attacks.
Ransomware attackers commonly bypass traditional email gateways, targeting people directly to gain access to a company's systems. The answer? Replace these porous controls with a people-centric security strategy, says Matt Cooke of Proofpoint.
The findings from a penetration test can help you identify risks and gaps in your security controls. Charles Gillman offers tips to maximize the value of your next pen test and, in the process, deliver better results.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.co.uk, you agree to our use of cookies.