Security News

Half of US organizations are not effective at countering phishing and ransomware threats, Osterman Research research reveals. The study asked respondents to rate their effectiveness in 17 key best practice areas related to ransomware and phishing, ranging from protecting endpoints from malware infection to ensuring prompt patching of all systems.

Coinbase is the largest exchange in the U.S., and researchers have detected numerous phishing campaigns against Coinbase users. Researchers at anti-phishing firm INKY have discovered dozens of current phishing campaigns targeting Coinbase users.

Mimecast announced the Mimecast CyberGraph solution, a new add-on for Mimecast Secure Email Gateway that is engineered to use Artificial Intelligence to help detect sophisticated phishing and impersonation attacks. "Phishing and impersonation attacks are getting more sophisticated, personalized and harder to stop. If not prevented, these attacks can have devastating results for an enterprise organization," said Josh Douglas, VP, Product Management for Threat Intelligence at Mimecast.

Proofpoint security analysis details the latest attack that uses the lure of speaking at a conference to steal credentials. SpoofedScholars is a new credential phishing attack that uses a University of London website to steal information from researchers who specialize in the Middle East, according to new analysis from Proofpoint.

Cybersecurity training company KnowBe4 reports that the number of employees likely to fall for phishing emails drops dramatically with proper instruction on how to recognize an attack. A new study from cybersecurity training and phishing simulation company KnowBe4 found that one in three untrained users were likely to fall for phishing or social engineering scams.

Kaseya has warned customers that an ongoing phishing campaign attempts to breach their networks by spamming emails bundling malicious attachments and embedded links posing as legitimate VSA security updates. "Spammers are using the news about the Kaseya Incident to send out fake email notifications that appear to be Kaseya updates. These are phishing emails that may contain malicious links and/or attachments," the company said in an alert issued on Thursday evening.

A Moroccan man suspected of being "Dr HeX" - the prolific threat actor behind a nine-year cyber-blitz on thousands of victims through phishing, website defacing, malware development, fraud and carding - has been arrested. Interpol announced the bust - which took place in Morocco in May - on Tuesday, describing it as the result of a joint two-year probe dubbed Operation Lyrebird that saw Interpol working closely with the Moroccan police and security firm Group-IB. The unnamed suspect allegedly helped to develop carding and phishing kits to sell on criminal online forums.

Palo Alto Networks' global threat intelligence team, Unit 42, has detailed the tactics ransomware group REvil has employed to great impact so far this year - along with an estimation of the multimillion-dollar payouts it's receiving. REvil threat actors often encrypted the environment within seven days of the initial compromise.

DeltaNet International announced the availability of its Phishing Simulator, to help organizations strengthen their cybersecurity awareness training against phishing attacks. The phishing simulation tool can be used simply to test the susceptibility of an organization from falling victim to a phishing attack, but when combined with follow-up training to close knowledge and risk gaps, users can experience true added value.

US securities industry regulator FINRA is warning brokerage firms of an ongoing phishing attack pretending to be from 'FINRA Support. FINRA is a government-authorized non-profit organization that regulates all exchange markets and securities firms publicly active in the United States.