In this Lost Bots episode, our hosts talk phishing — not the everyday kind, but a new technique known as browser-in-browser attacks.
Vulnerable network access points are a potential gold mine for threat actors. We look at the techniques they use and best practices for prevention.
We all know and love—or at least begrudgingly rely upon—email. It is a pillar of modern communications, but is unfortunately also highly susceptible to being leveraged as a mechanism for malicious actions, such as spoofing or phishing.
A quick reaction to a phishing threat can mean the difference between a massive breach or a fast fix.
As of March 24, there were over 350,000 Microsoft Exchange servers exposing a version of the software with a vulnerability.
Many factors can go into making a phishing engagement a success, so in this blog, we will share some tips for making sure your organization gets the most out of its upcoming engagement.
I was recently invited to a cybersecurity event to raise awareness on phishing by simulating targeted campaigns against the CEO attendees. Here's how they fared.
There are a variety of scams hackers can run on Pinterest, but for this post, we’ll focus on fraud and financial scams.
You’ve hired the best of the best and put up the right defenses, but one thing keeps slipping in the door: phishing emails. Part of doing business today, unfortunately, is dealing with phishing attacks [https://www.rapid7.com/fundamentals/phishing-attacks/]. Few organizations are immune to phishing anymore; it’s on every security team’s mind and has become the number one threat to organizations [https://www.sans.org/reading-room/whitepapers/analyst/2017-threat-landscape-survey-users-front-line-3
You’re no stranger to the threat of phishing. It’s everywhere, and plays a role in 92% of breaches, according to the Verizon Data Breach Digest [https://www.rsaconference.com/writable/presentations/file_upload/lab4-r12_data-breach-digest-perspectives-on-the-human-element_copy1.pdf] . Last month, during the first installment of our phishing Whiteboard Wednesday series, we talked about the key components of an anti-phishing program, and this month we’re continuing the series by diving even deeper
In week three of Rapid7's NCSAM 'Security Crash Diet' series, our cybersleuth 'Olivia' tests practical advice on privacy (think location-sharing) and has a few scary moments with backups.
One of my favorite Christmas carols is the 12 Days of Christmas [https://www.youtube.com/watch?v=oyEyMjdD2uk]. Back in the 90's, a satire of the song came out in the form of the 12 Pains of Christmas [https://www.youtube.com/watch?v=h4NlR5KQLQ8], which had me rolling on the floor in laughter, and still does. Now that I am in information security, I decided it is time for a new satire, maybe this will start a new tradition, and so I am presenting, the 12 Pains of Infosec. ----------------------
Phishing [https://www.rapid7.com/fundamentals/phishing-attacks/] continues to be one of the top attack vectors behind breaches, according to the latest Verizon Data Breach Investigations Report. Sending ten phishing emails to an organization yields a 90% chance that company credentials are compromised. Phishing is often the first step in the attack chain, opening an organization to stealthy credential-based attacks that allow intruders to exfiltrate confidential data. InsightIDR now detects targ
The Internet is full of articles for how to tell if an email is phishing but there seems to be a lack of concise checklists how to prepare an organization against phishing attacks [https://www.rapid7.com/fundamentals/phishing-attacks/] , so here you go. Because phishing attacks humans and systems alike, the defense should also cover both aspects. None of the following steps is bullet proof, so layering your defenses is important – and having an incident response plan in case someone does get th
Not having visibility can be dangerous in many situations. The new Metasploit 4.8 [https://www.rapid7.com/products/metasploit/download/] gives you better visibility in four key areas: * View phishing exposure in the context of the overall user risk * See which vulnerabilities pose the biggest risk to your organization * Have all host information at your fingertips when doing a pentest * Discover the latest risks on your network with new exploits and other modules See Phishing Exposure as O