A new report from risk rating organization SecurityScorecard finds that the retail industry is the second lowest performer in terms of application security.

SecurityScorecard continually monitors more than 200,000 businesses across the world and the report compares the average grade of the retail industry to other vertical markets.

Continue reading →

A survey of more than 400 full-time employees in the US shows that, despite having a general understanding of security risks, people still tend towards unsafe behavior.

The study by Spanning Cloud Apps finds many are under-prepared for the increasing sophistication and instance of ransomware and phishing attacks. More than half (55 percent) admit to clicking links they don't recognize, 59 percent say they would allow a colleague to use their work computer and 34 percent are unable to identify an insecure eCommerce site.

Continue reading →

According to a new FBI report, businesses lost more than $676 million as a result of email fraud in 2017 -- up 88 percent from the year before. Clearly, businesses are losing the war against email scammers, as phishing attacks have become increasingly sophisticated and widespread.

Phishing is a method of social engineering (i.e. deception) used to gain access to a social media account, bank account or another protected resource. Hackers typically use an email or text message to trick the user into providing login information. Once the user reveals a username and password, the attacker will hijack the account. The outcome can be as devastating as a fully drained bank account. Frankly, all individuals and businesses should take phishing seriously.

Continue reading →

New figures from Kaspersky Lab show that more than a third (35.7 percent) of phishing attempts in the second quarter of 2018 attempts were related to financial services via fraudulent banking or payment pages.

The IT sector was second hardest hit, with 13.83 percent of attacks targeting technology companies, a 12.28 percent increase compared to Q1.

Continue reading →

Using fake social media profiles is a common technique among hackers in order to gain the confidence of targets and direct them to credential stealing sites.

For security and penetration testing teams to replicate this is time consuming as often people have profiles across multiple sites. Ethical hacking specialist Trustwave is using a new tool called Social Mapper that can correlate profiles across multiple sites and make analyzing a person's online presence easier.

Continue reading →

Researchers at Kaspersky Lab have detected a new wave of spear phishing attacks disguised as legitimate procurement and accounting letters, that have hit more than 400 industrial organizations.

The emails have targeted approximately 800 employee PCs, mostly in Russian companies, with the goal of stealing money and confidential data from the organizations, which could then be used in new attacks.

Continue reading →

We all like to think that we're smart enough not to fall for phishing emails, yet a surprising number of people do get caught out by them.

A new report from security awareness training company KnowBe4 looks at the most successful phishing emails in the second quarter of 2018. The results show that hackers are playing into users' commitment to security, by using clever subject lines that deal with passwords or security alerts.

Continue reading →

Phisherfolk love to try to trick people into thinking they are a major brand in order to get them to reveal passwords or personal data.

New research from Vade Secure reveals that in the second quarter of this year Microsoft has supplanted Facebook as the most spoofed brand. The social network drops two places to third, behind perennial phishing favorite PayPal.

Continue reading →

As the FIFA World Cup tournament enters its second week, cybercriminals are using a phishing campaign to trick fans into opening an infected attachment.

Emails identified by Check Point attempt to lure would-be victims into downloading a schedule of fixtures and a result tracker, but doing so will prove to be an own goal.

Continue reading →

In 2016, American businesses suffered half a billion dollars a year in losses from phishing attacks with the average cost at $1.6 million each. These numbers are alarming evidence that just one click can cause significant financial and reputational damage to your brand. And since studies show that a staggering 30 percent of phishing emails get opened, it’s no wonder that they consistently rank as the top cyberattack vector.

Despite being one of the oldest cyberattacks in the book, phishing remains so popular because it’s a highly effective means of exploiting the weakest link in the cybersecurity chain: humans. To make matters worse, hackers have become much more sophisticated in their techniques: no more poorly written, typo-ridden Viagra spam emails and unclaimed heritage scams. Phishing attacks are now highly targeted, dynamic and "hypermorphic," making them increasingly difficult for both humans and machines to detect.

Continue reading →

The number of data breaches disclosed in the first three months of this year fell to 686 compared to 1,444 breaches reported in the same period of 2017, according to a new report.

This still represents the exposure of some 1.4 billion records, although this figure too is down from 3.4 billion in the same quarter last year.

Continue reading →

The most common infection vectors are still email phishing and drive-by downloads according to the latest threat report from AI security specialist Cylance.

The report provides a real-world glimpse into major cyber threats that affected Cylance’s customer base in 2017. Along with industry trends and analysis, and data from thousands of government entities and organizations of all sizes across 160 countries that have adopted a prevention-first approach to security.

Continue reading →

A new report from mobile security specialist Lookout exposes the growing risk from phishing attacks on mobile devices, with an increase in the number of users clicking on URLs that bypass security controls.

The mobile phishing URL click rate has increased 85 percent year-on-year. 56 percent of Lookout users received and clicked on their mobile device a phishing URL that bypassed existing layers of phishing defense.

Continue reading →

Employees are still falling for social engineering techniques leading them to download malicious files, click phishing links, correspond with hackers, and even share contact information for their colleagues.

Enterprise security specialist Positive Technologies imitated the actions of hackers by sending emails to employees with links to websites, password entry forms, and attachments.

Continue reading →

Attacks such as ransomware are able to bypass legacy security solutions because organizations are neglecting to patch, update, or replace their current products according to a new report.

The study from cyber security company Webroot also shows cryptojacking gaining ground, with over 5,000 websites being compromised with JavaScript cryptocurrency miner CoinHive to mine Monero since September 2017.

Continue reading →