Over half of organizations say they’ve experienced a cybersecurity breach caused by phishing in the last 12 months, dwarfing the second-place breach cause (malware) by almost 30%. The latest data from Dark Reading’s annual Strategic Security Survey shows phishing continues…
A phishing campaign is impersonating Pfizer with phony request-for-quotation (RFQ) emails, according to Roger Kay at INKY. The email lures had fairly convincing PDF attachments that didn’t contain any malicious links or malware, and instead prompted the user to reach…
According to new data, the number of victim companies impacted by double extortion has jumped from 229 by the first half of 2020 to nearly 2400 by the first half of 2021. Something big is going on in the world…
This classic tactic is making a comeback and is elegantly simple to execute, yet sufficiently complex enough to keep email scanning solutions from seeing it as malicious. Malicious attachments are nothing new; there are countless examples of how threat actors…
We found a discussion on Twitter about this topic and we thought it would be useful to provide to provide the correct technical background related to whitelisting. Whitelisting purely on known headers certainly would be a non-optimum action, which is…
Yesterday, BleepingComputer summed up all the log4j and logback CVEs known thus far. Ever since the critical log4j zero-day saga started last week, security experts have time and time again recommended Apache version 2.16 as the safest release to be on. That…
