February 9, 2021
Every time a driver buckles up or an airbag is deployed we see the powerful influence of the insurance companies who insisted those measures become mandatory. Now, those insurers are poised to drive cybersecurity investment by insisting that organizations meet certain criteria to qualify for coverage. Still unclear is whether this will serve the cybersecurity community well, or distort strategies to protect data and networks. Read more >>>
February 8, 2021
Microsoft has warned of an increasing number of consent phishing (aka OAuth phishing) attacks targeting remote workers during recent months, BleepingComputer has learned. These attacks were part of two campaigns that ran between September and December 2020, targeting victims in multiple recurring waves. Read more >>>
February 8, 2021
A new targeted phishing campaign includes the novel obfuscation technique of using Morse code to hide malicious URLs in an email attachment. Read more >>>
The concept of TMI – too much information – doesn’t just apply to socially awkward dinner conversations with your surprisingly loose-lipped blind date. Employees and executives are often oversharing personal details on social media and even in automated out-of-office (OOO) email messages. And under the wrong circumstances, an attacker could use some of these shared details to gain access to company networks. Read more >>>
February 3, 2021
The threat of scam text messages may now seem distant, even quaint. With the new, exotic and sophisticated attacks that have arisen in the past decade, surely text message attacks are low on the list. But they can still be a big problem. Short message service (SMS) scams are social engineering attacks that work like email phishing attacks. Called ‘smishing’ (a mashup of SMS and phishing), the attacks aim to trick the victim into providing info or access that benefits the attacker. Read more >>>
The Office of the Washington State Auditor is investigating a security incident which has compromised the personal information of more than 1.6 million people who filed for unemployment claims in the state in 2020. State Auditor Pat McCarthy’s office blamed the breach on a third party software provider named Accellion, whose services are used to transmit computer files. Read more >>>