Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The most often recommended piece of anti-phishing advice is for all users to “hover” over a URL link before clicking on it. It is great advice. It does assume that the involved users know how to tell the difference between rogue and legitimate URL links. If you or someone you know does not know how to tell the difference between malicious and legitimate URL links, tell them to watch my one-hour webinar on the subject. We are going to recommend a slight update on the rule.

The Importance of Email Continuity Email is the lifeblood of many organizations. It serves as a primary channel for communication, document sharing, scheduling, and collaboration. When email services experience downtime due to various reasons such as server issues, maintenance, or cyberattacks, businesses can face significant challenges: Microsoft 365: A Powerful Email Solution Microsoft 365 offers a robust and feature-rich email service through Exchange Online.

Understanding Social Engineering Social engineering is a psychological manipulation technique used by cybercriminals to deceive individuals into divulging confidential information, performing specific actions, or making financial transactions. These attacks prey on human psychology rather than exploiting technical vulnerabilities. Social engineering attacks can take various forms, and email is a common vector for such schemes.

One of the primary reasons for email archiving is legal compliance. Many industries and organizations are subject to various regulations and laws that require them to retain certain types of electronic communication, including emails. Failing to comply with these regulations can result in severe penalties, fines, and legal consequences. By implementing email archiving, you ensure that your organization is well-prepared to meet these requirements. Litigation Support.

DomainTools is tracking an increase in SMS phishing (or “smishing”) campaigns impersonating the US Postal Service (USPS). The text messages inform recipients that there’s a problem with their delivery address and they need to click on a link to resolve the issue.

A recent attack on an undisclosed Spanish aerospace company all started with messages to the company's employees that appeared to be coming from Meta recruiters, via LinkedIn Messaging. ESET researchers uncovered the attack and attributed it to the Lazarus group, particularly a campaign dubbed Operation DreamJob. This campaign by the Lazarus group was aimed at defense and aerospace companies with the goal of carrying out cyberespionage.

We are now announcing the ability for Cloudflare customers to scan old messages within their Office 365 Inboxes for threats. This Retro Scan will let you look back seven days and see what threats your current email security tool has missed.

It's nothing new for cybercriminals to use sneaky HTML tricks in their attempt to infect computers or dupe unsuspecting recipients into clicking on phishing links. Spammers have been using a wide variety of tricks for years in an attempt to get their marketing messages past anti-spam filters and in front of human eyeballs. It's enough to make you wish that email clients didn't support HTML at all, and that every message had to be in plaintext email.

Cybercriminals are not holding back on LastPass users as a new phishing campaign has recently launched with the intent to steal your data. The first portion of the campaign is a phishing email that asks you to verify your personal information by clicking on a link. The messages launch in waves with several attempts to impersonate LastPass.