1 min
Lost Bots
[The Lost Bots] S02E03: Browser-in-Browser Attacks — Don't Get (Cat)-Phished
In this Lost Bots episode, our hosts talk phishing — not the everyday kind, but a new technique known as browser-in-browser attacks.
3 min
Threat Intel
Network Access for Sale: Protect Your Organization Against This Growing Threat
Vulnerable network access points are a potential gold mine for threat actors. We look at the techniques they use and best practices for prevention.
4 min
ICER Reports
Rapid7's 2021 ICER Takeaways: Email Security Among the Fortune 500
We all know and love—or at least begrudgingly rely upon—email. It is a pillar of modern communications, but is unfortunately also highly susceptible to being leveraged as a mechanism for malicious actions, such as spoofing or phishing.
4 min
Phishing
How to Turbocharge Your Phishing Response Plan
A quick reaction to a phishing threat can mean the difference between a massive breach or a fast fix.
7 min
Microsoft
Phishing for SYSTEM on Microsoft Exchange (CVE-2020-0688)
As of March 24, there were over 350,000 Microsoft Exchange servers exposing a version of the software with a vulnerability.
4 min
Phishing
Tips for a Successful Phishing Engagement
Many factors can go into making a phishing engagement a success, so in this blog, we will share some tips for making sure your organization gets the most out of its upcoming engagement.
4 min
Phishing
What You Can Learn from Our Successful Simulated Phishing Attack of 45 CEOs
I was recently invited to a cybersecurity event to raise awareness on phishing by simulating targeted campaigns against the CEO attendees. Here's how they fared.
4 min
Threat Intel
How Cybercriminals Use Pinterest to Run Fraud Scams
There are a variety of scams hackers can run on Pinterest, but for this post, we’ll focus on fraud and financial scams.
5 min
Phishing
Phishing Attacks Duping Your Users? Here’s a Better Anti-Phishing Strategy.
You’ve hired the best of the best and put up the right defenses, but one thing
keeps slipping in the door: phishing emails. Part of doing business today,
unfortunately, is dealing with phishing attacks
[https://www.rapid7.com/fundamentals/phishing-attacks/]. Few organizations are
immune to phishing anymore; it’s on every security team’s mind and has become
the number one threat to organizations
[https://www.sans.org/reading-room/whitepapers/analyst/2017-threat-landscape-survey-users-front-line-3
1 min
Phishing
Whiteboard Wednesday: The Two Components of Phishing Protection Your Security Strategy Needs
You’re no stranger to the threat of phishing. It’s everywhere, and plays a role
in 92% of breaches, according to the Verizon Data Breach Digest
[https://www.rsaconference.com/writable/presentations/file_upload/lab4-r12_data-breach-digest-perspectives-on-the-human-element_copy1.pdf]
. Last month, during the first installment of our phishing Whiteboard Wednesday
series, we talked about the key components of an anti-phishing program, and this
month we’re continuing the series by diving even deeper
6 min
Phishing
NCSAM Security Crash Diet, Week 3: Privacy and Backups
In week three of Rapid7's NCSAM 'Security Crash Diet' series, our cybersleuth 'Olivia' tests practical advice on privacy (think location-sharing) and has a few scary moments with backups.
7 min
Haxmas
The Twelve Pains of Infosec
One of my favorite Christmas carols is the 12 Days of Christmas
[https://www.youtube.com/watch?v=oyEyMjdD2uk]. Back in the 90's, a satire of the
song came out in the form of the 12 Pains of Christmas
[https://www.youtube.com/watch?v=h4NlR5KQLQ8], which had me rolling on the floor
in laughter, and still does. Now that I am in information security, I decided it
is time for a new satire, maybe this will start a new tradition, and so I am
presenting, the 12 Pains of Infosec.
----------------------
2 min
Phishing
Detect Unknown Spear Phishing Attacks
Phishing [https://www.rapid7.com/fundamentals/phishing-attacks/] continues to be
one of the top attack vectors behind breaches, according to the latest Verizon
Data Breach Investigations Report. Sending ten phishing emails to an
organization yields a 90% chance that company credentials are compromised.
Phishing is often the first step in the attack chain, opening an organization to
stealthy credential-based attacks that allow intruders to exfiltrate
confidential data. InsightIDR now detects targ
5 min
Phishing
10 Phishing Countermeasures to Protect Your Organization
The Internet is full of articles for how to tell if an email is phishing but
there seems to be a lack of concise checklists how to prepare an organization
against phishing attacks [https://www.rapid7.com/fundamentals/phishing-attacks/]
, so here you go.
Because phishing attacks humans and systems alike, the defense should also cover
both aspects. None of the following steps is bullet proof, so layering your
defenses is important – and having an incident response plan in case someone
does get th
15 min
Metasploit
Don't Get Blindsided: Better Visibility Into User and Asset Risks with Metasploit 4.8
Not having visibility can be dangerous in many situations. The new Metasploit
4.8 [https://www.rapid7.com/products/metasploit/download/] gives you better
visibility in four key areas:
* View phishing exposure in the context of the overall user risk
* See which vulnerabilities pose the biggest risk to your organization
* Have all host information at your fingertips when doing a pentest
* Discover the latest risks on your network with new exploits and other modules
See Phishing Exposure as O