Microsoft has announced the takedown of 17 domains that an unnamed threat group operating out of West Africa used to host fake Microsoft websites when conducting business email compromise attacks.
As today’s cyberthreats become increasingly sophisticated, it’s critical your organization has the security it needs to outpace new, advanced threats.To help prepare you for the evolving threat landscape, Unit 42 (formerly Crypsis) published the Incident Response and Data Breach Report. Derived from more than...
A campaign that uses remote access Trojans and malware-as-a-service infrastructure for cyberespionage purposes has been targeting large international energy companies for at least a year, according to cybersecurity company Intezer.
Cybercriminals have added a devious weapon to their attack arsenals - malicious browser notifications. And the worst part is they’re not blocked by any current cyber defense. These innocuous looking pop ups can wreak havoc on your network while remaining completely undetected. They look more realistic than...
The Microsoft 365 Defender research team says it has “disrupted a large-scale business email compromise infrastructure hosted in multiple web services.” It describes in a blog post how the BEC fraud scheme worked.
The move to the cloud with O365 has allowed companies to streamline email security investments and leverage the included email security provided by Exchange Online Protection (EOP) and Advanced Threat Protection (ATP). But this approach isn't perfect, and many companies have realized they need a solution to address...
Interpol says Dutch and Nigerian suspects created a cloned version of a legitimate personal protective equipment provider's website to trick a German health authority seeking face masks. The case is a reminder that a "sophisticated" scheme need not require extreme technical sophistication to succeed.
As more organizations adopt Microsoft 365 Exchange for email services in the cloud, it’s important to consider whether available native tools are sufficient to protect your organization against the full range of email-based threats.
Find the answers in this infographic which highlights how Microsoft 365 Exchange...
A recent phishing scheme used fake Microsoft Office 365 update messages to target financial executives and others in an effort to harvest their credentials, according to the security firm Area 1.
This edition of the ISMG Security Report features an analysis of the Microsoft Exchange on-premises server hacks – from who might have leaked the vulnerability exploits to how ransomware gangs are taking advantage of the flaws. Also featured: Tackling the cybercrime business model; assessing "zero trust."
Internet-enabled crime has surged during the pandemic, with more than $4.2 billion in losses reported by victims to U.S. authorities in 2020. The most lucrative type of crime continues to be business email compromise scams, which last year accounted for at least $1.8 billion in losses, the FBI reports.
Love it or hate it, email remains an essential business and productivity tool. Many organizations have now migrated to cloud-based Office 365 email for their employees. But while cloud-based approaches offer easier procurement, manageability and better cost savings, certain email facts of life won't change.
Moving...
There is a reason more than half of today’s ransomware victims end up paying the ransom. Cyber-criminals have become thoughtful; taking time to maximize your organisation’s potential damage and their payoff. After achieving root access, the bad guys explore your network reading email, finding data troves and once...
A Nigerian national has been sentenced to 10 years in prison after pleading guilty to taking part in a business email compromise operation that extorted $11 million from its victims, according to the U.S. Department of Justice.
The decline in the total number of U.S. data breaches in 2020 isn't all good news; it reflects that hackers are changing their tactics, says James Lee of the Identity Theft Resource Center, who offers an analysis of the center's new data breach report.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.
