A new Microsoft Teams feature makes it possible for employees to communicate with people outside the organization and vice versa through Teams. Security researchers believe the new update potentially opens up avenues for threat actors to target organizations through phishing attacks.
Ransomware continues to dominate headlines with no sign of slowing down. What started more than 30 years ago has become one of the most prevalent and lucrative cyberattacks that does not discriminate by company size, industry or geography.
Ransomware attackers commonly bypass traditional email gateways, targeting people directly to gain access to a company's systems. The answer? Replace these porous controls with a people-centric security strategy, says Matt Cooke of Proofpoint.
The findings from a penetration test can help you identify risks and gaps in your security controls. Charles Gillman offers tips to maximize the value of your next pen test and, in the process, deliver better results.
The calculus facing cybercrime practitioners is simple: Can they stay out of jail long enough to enjoy their ill-gotten gains? A push by the U.S. government and allies aims to blunt the ongoing ransomware scourge. But will practitioners quit the cybercrime life?
As the global pandemic enters its second year, IT and infosec teams continue to face challenges on all sides. On top of “ordinary” cybersecurity issues, they’re dealing with an explosion of pandemic-themed phishing scams and a surge in ransomware attacks. How well prepared are users?
Yes, you know they are coming. And yes, the fraudsters have raised their game. But that doesn't mean you can't stop socially engineered attacks before threat actors can pull off their scams. Mike Britton of Abnormal Security tells you how.
The COVID-19 crisis has posed an unparalleled challenge for cybersecurity. Like COVID-19, cyberattacks spread fast and far - creating more and more damage. But the pandemic has also had a positive impact on the cybersecurity function, which Tarun Kumar, CISO at Nissan, describes here.
Microsoft Security on Tuesday issued a detailed report on a massive phishing-as-a-service operation named BulletProofLink that offered as a subscription all the tools needed to conduct a campaign. The gang remains operational.
A cloud access security broker, usually referred to as a CASB, offers a security gateway between your company’s IT infrastructure and that of a cloud provider. It is a critical tool organizations can use to holistically secure an organization from endpoint to cloud.
Microsoft is warning of a "widespread" phishing campaign in which fraudsters use open redirect links to lure users to malicious websites to harvest Office 365 and other credentials, according to a recent report. In some cases, the attackers deploy a malicious CAPTCHA verification page.
A recently uncovered phishing campaign used fake COVID-19 vaccination forms - and took advantage of confusion over whether employees will return to their offices this fall - to harvest workers' email credentials, according to analysts with security firm INKY. The malicious messages appear to come from victims' HR...
When is a data exposure not just a data exposure? According to a U.S. Securities and Exchange Commission order, education publishing giant Pearson misled investors when it failed to proactively inform them that attackers had stolen millions of rows of student information, including poorly hashed passwords.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing cuinfosecurity.com, you agree to our use of cookies.