Posts tagged Phishing

1 min Lost Bots

[The Lost Bots] S02E03: Browser-in-Browser Attacks — Don't Get (Cat)-Phished

In this Lost Bots episode, our hosts talk phishing — not the everyday kind, but a new technique known as browser-in-browser attacks.

3 min Threat Intel

Network Access for Sale: Protect Your Organization Against This Growing Threat

Vulnerable network access points are a potential gold mine for threat actors. We look at the techniques they use and best practices for prevention.

4 min ICER Reports

Rapid7's 2021 ICER Takeaways: Email Security Among the Fortune 500

We all know and love—or at least begrudgingly rely upon—email. It is a pillar of modern communications, but is unfortunately also highly susceptible to being leveraged as a mechanism for malicious actions, such as spoofing or phishing.

4 min Phishing

How to Turbocharge Your Phishing Response Plan

A quick reaction to a phishing threat can mean the difference between a massive breach or a fast fix.

7 min Microsoft

Phishing for SYSTEM on Microsoft Exchange (CVE-2020-0688)

As of March 24, there were over 350,000 Microsoft Exchange servers exposing a version of the software with a vulnerability.

4 min Phishing

Tips for a Successful Phishing Engagement

Many factors can go into making a phishing engagement a success, so in this blog, we will share some tips for making sure your organization gets the most out of its upcoming engagement.

4 min Phishing

What You Can Learn from Our Successful Simulated Phishing Attack of 45 CEOs

I was recently invited to a cybersecurity event to raise awareness on phishing by simulating targeted campaigns against the CEO attendees. Here's how they fared.

4 min Threat Intel

How Cybercriminals Use Pinterest to Run Fraud Scams

There are a variety of scams hackers can run on Pinterest, but for this post, we’ll focus on fraud and financial scams.

5 min Phishing

Phishing Attacks Duping Your Users? Here’s a Better Anti-Phishing Strategy.

You’ve hired the best of the best and put up the right defenses, but one thing keeps slipping in the door: phishing emails. Part of doing business today, unfortunately, is dealing with phishing attacks [https://www.rapid7.com/fundamentals/phishing-attacks/]. Few organizations are immune to phishing anymore; it’s on every security team’s mind and has become the number one threat to organizations [https://www.sans.org/reading-room/whitepapers/analyst/2017-threat-landscape-survey-users-front-line-3

1 min Phishing

Whiteboard Wednesday: The Two Components of Phishing Protection Your Security Strategy Needs

You’re no stranger to the threat of phishing. It’s everywhere, and plays a role in 92% of breaches, according to the Verizon Data Breach Digest [https://www.rsaconference.com/writable/presentations/file_upload/lab4-r12_data-breach-digest-perspectives-on-the-human-element_copy1.pdf] . Last month, during the first installment of our phishing Whiteboard Wednesday series, we talked about the key components of an anti-phishing program, and this month we’re continuing the series by diving even deeper

6 min Phishing

NCSAM Security Crash Diet, Week 3: Privacy and Backups

In week three of Rapid7's NCSAM 'Security Crash Diet' series, our cybersleuth 'Olivia' tests practical advice on privacy (think location-sharing) and has a few scary moments with backups.

7 min Haxmas

The Twelve Pains of Infosec

One of my favorite Christmas carols is the 12 Days of Christmas [https://www.youtube.com/watch?v=oyEyMjdD2uk]. Back in the 90's, a satire of the song came out in the form of the 12 Pains of Christmas [https://www.youtube.com/watch?v=h4NlR5KQLQ8], which had me rolling on the floor in laughter, and still does. Now that I am in information security, I decided it is time for a new satire, maybe this will start a new tradition, and so I am presenting, the 12 Pains of Infosec. ----------------------

2 min Phishing

Detect Unknown Spear Phishing Attacks

Phishing [https://www.rapid7.com/fundamentals/phishing-attacks/] continues to be one of the top attack vectors behind breaches, according to the latest Verizon Data Breach Investigations Report. Sending ten phishing emails to an organization yields a 90% chance that company credentials are compromised. Phishing is often the first step in the attack chain, opening an organization to stealthy credential-based attacks that allow intruders to exfiltrate confidential data. InsightIDR now detects targ

5 min Phishing

10 Phishing Countermeasures to Protect Your Organization

The Internet is full of articles for how to tell if an email is phishing but there seems to be a lack of concise checklists how to prepare an organization against phishing attacks [https://www.rapid7.com/fundamentals/phishing-attacks/] , so here you go. Because phishing attacks humans and systems alike, the defense should also cover both aspects. None of the following steps is bullet proof, so layering your defenses is important – and having an incident response plan in case someone does get th

15 min Metasploit

Don't Get Blindsided: Better Visibility Into User and Asset Risks with Metasploit 4.8

Not having visibility can be dangerous in many situations. The new Metasploit 4.8 [https://www.rapid7.com/products/metasploit/download/] gives you better visibility in four key areas: * View phishing exposure in the context of the overall user risk * See which vulnerabilities pose the biggest risk to your organization * Have all host information at your fingertips when doing a pentest * Discover the latest risks on your network with new exploits and other modules See Phishing Exposure as O