Security News

Nearly three-quarters of respondents said their organizations have fallen victim to a phishing attack in the last year, with 40% confirming they have experienced one in the last month. The annualized risk of a data breach resulting from mobile phishing attacks has a median value of about $1.7M, and a long tail of value of about $90M. Hackers are exploiting enterprise security gaps in the Everywhere Workplace, in which remote workers are using mobile devices more than ever before to access corporate data.

Vade released its Phishers' Favorites report for H1 2021, which revealed that there has been a major jump in phishing attacks since the start of the year with a 281 percent spike in May and another 284 percent increase in June, for a total of 4.2 billion phishing emails detected by Vade for June alone. In Q2 2021, Crédit Agricole phishing URLs increased 296 percent, while La Banque Postale URLs increased 831 percent, pushing them up 18 spots to #5 on the list.

Google Chrome now comes with up to 50 times faster phishing detection starting with the latest released version 92, promoted to the stable channel on Tuesday. The phishing site detection speed-up stems from improvements to the Chrome image processing tech used to compare the color profiles of visited websites with collections of signals associated with phishing landing pages.

Automation company Ivanti has surveyed more than 1,000 IT professionals on the effects of phishing at their organizations, and what it has found is grim security news: 74% of companies have fallen prey to phishing in the past year, and 40% became victims in the last month alone. In particular, Ivanti cites the COVID-19 induced shift to remote work as a major reason for increased "Onslaught, sophistication and impact of phishing attacks."

Cofense launched Cofense Protect MSP, a phishing protection solution that's designed for managed services providers tasked with protecting small and medium businesses against phishing attacks. With 96% of all cyberattacks starting with phishing, and 1.5 million phishing websites created every month, MSPs need a solution that is easy to deploy, requires no ongoing maintenance, offers monthly billing, offers a single interface for training and protection technology, and is designed with multi-tenancy functionality - that's Cofense Protect MSP. Cofense Protect MSP pairs Computer Vision that simulates how humans see, with Cofense PhishMe's real-world simulation training.

Half of US organizations are not effective at countering phishing and ransomware threats, Osterman Research research reveals. The study asked respondents to rate their effectiveness in 17 key best practice areas related to ransomware and phishing, ranging from protecting endpoints from malware infection to ensuring prompt patching of all systems.

Coinbase is the largest exchange in the U.S., and researchers have detected numerous phishing campaigns against Coinbase users. Researchers at anti-phishing firm INKY have discovered dozens of current phishing campaigns targeting Coinbase users.

Mimecast announced the Mimecast CyberGraph solution, a new add-on for Mimecast Secure Email Gateway that is engineered to use Artificial Intelligence to help detect sophisticated phishing and impersonation attacks. "Phishing and impersonation attacks are getting more sophisticated, personalized and harder to stop. If not prevented, these attacks can have devastating results for an enterprise organization," said Josh Douglas, VP, Product Management for Threat Intelligence at Mimecast.

Proofpoint security analysis details the latest attack that uses the lure of speaking at a conference to steal credentials. SpoofedScholars is a new credential phishing attack that uses a University of London website to steal information from researchers who specialize in the Middle East, according to new analysis from Proofpoint.

Cybersecurity training company KnowBe4 reports that the number of employees likely to fall for phishing emails drops dramatically with proper instruction on how to recognize an attack. A new study from cybersecurity training and phishing simulation company KnowBe4 found that one in three untrained users were likely to fall for phishing or social engineering scams.