Why Users Should Never Auto-fill Forms: Browser Exploit Overview

Why Users Should Never Auto-fill Forms: Browser Exploit Overview

Life is hectic. As a result, we all look for ways to eliminate inconvenience, ease our stress levels, and save precious time. However, some comforts might come at too high of a price. Unfortunately, the auto-fill function on your browser might be a more of a risky convenience than most people realize. For years, security insiders have argued the dangers of the auto-fill function: the handy tool that automatically provides your name, address, phone number, and such for web page forms. It turns out, they are right.

Read More

The Newest Type of Phishing Attack: Cloud-Based Documents

The Newest Type of Phishing Attack: Cloud-Based Documents

Phishing has become a well-known term, even showing up in prime-time commercials and rolling off the tongue of tech-savvy, scam-weary seniors. Despite the widespread awareness of phone, email, and even in-person phishing scams, new and creative attacks remain the bane of security staff. The latest phishing threat gaining traction? Cloud-based documents.

Read More

5 Online Business Banking Best Practices

5 Online Business Banking Best Practices

Online banking has been ubiquitous for some time—and cybersecurity attacks that target business’ banking information are just as common. Stories of companies large and small that have had their banking data and accounts compromised date back to the beginning of online banking. Are you taking all the necessary steps to protect your company’s banking assets?

Read More

How to Identify and Defend Against a Cryptocurrency Heist

How to Identify and Defend Against a Cryptocurrency Heist

Misinformation relating to cryptocurrency, such as Bitcoin, continues to increase public exposure and vulnerability to cyber crime. Some people have developed an overconfidence in the technology behind cryptocurrency (blockchain), while others have a misunderstanding of how it works entirely. However, the majority of those who trade digital currency have one common characteristic: They don’t fully recognize or mitigate against the risks and threats associated with cryptocurrency holdings.

Read More

What Exactly is a Bitcoin Heist? Real Life Examples

What Exactly is a Bitcoin Heist? Real Life Examples

With the growth of bitcoin popularity comes the danger of hacker attention. Industry insiders estimate that cryptocurrency attacks have cost governments and businesses nearly $11.3 billion in the past decade. As more people invest in bitcoins—some less savvy about security than others—there are new avenues for bitcoin attacks.

Read More

Selling a Social Engineering Attack

Selling a Social Engineering Attack

Social engineering techniques are not only becoming more common but also more sophisticated. Attackers seem to be taking notes from Marketing 101, ensuring that their lures strike a chord with their victims with emails that include customized messages with very official looking logos and layouts, fraudulent phone calls that cite actual employee names and titles, and even well-rehearsed seemingly innocuous facility access attempts.

Read More

Safe Browsing 101: What Is a Cross-Site Scripting Attack?

Safe Browsing 101: What Is a Cross-Site Scripting Attack?

Many users naively believe they can browse the Internet, and as long as they don’t click on anything, they are safe. Unfortunately, that is not the case. Cross-site scripting (XSS) attacks are one of many malicious threats looming in the web world—in fact, XSS vulnerabilities are rampant out there. Read and learn how to browse as safely as possible.

Read More

Components of Cyber Resilience Part 3: Thinking Beyond Risk Management

Components of Cyber Resilience Part 3: Thinking Beyond Risk Management

In our two previous posts on cyber resilience (CR)—how you manage operational risk and protect your assets—we explored how a holistic approach is best practice for a security-minded organization. Continuing to build on that knowledge foundation, this third part in the series explores risk management, external dependencies management, training and situational awareness.

Read More

Components of Cyber Resilience Part 2: Thinking Beyond Vulnerability Management

Components of Cyber Resilience Part 2: Thinking Beyond Vulnerability Management

Cyber resilience (CR)—how you manage operational risk and protect your assets—is, or should be, the goal of every security-minded organization. Building on our previous CR post, let’s explore additional tenets of CR, including vulnerability, incident, and service continuity management.

Read More

Business Email Compromise Attacks Explained

Business Email Compromise Attacks Explained

Business email compromise (BEC) attacks are increasing at a staggering rate. These social engineering attacks are cleverly disguised and can fool even the best of them. So, what exactly is a BEC attack and how can you protect your company from falling victim?

Read More

4 Best Practices to Prevent Social Media Phishing Attacks

4 Best Practices to Prevent Social Media Phishing Attacks

Social media phishing attempts continue to increase at an alarming rate, putting your staff and your organization at risk. To protect your business, educate yourself and your employees about what to look for to avoid social media phishing attacks. Through education and diligence, you can prevent costly outcomes to avoidable attacks.

Read More

Components of Cyber Resilience: Thinking Beyond Situational Awareness Part 1

Components of Cyber Resilience: Thinking Beyond Situational Awareness Part 1

According to the Cyber Resilience Review (CRR) guide, cyber resilience (CR) is an organization’s ability to “manage operational risk to critical services and their associated assets,” and situational awareness is just one of many tenets of CR that contributes to a holistic cyber security posture. In part one of this series ...

Read More

Phishing Scam Subject Line Red Flags

Phishing Scam Subject Line Red Flags

Phishing scams are on the rise—and even more prevalent through the holiday season. One way to effectively combat these attacks is to recognize that suspicious emails start with suspicious subject lines. However, whether subject lines look suspicious depends on the awareness of the user ...

Read More

Bah Humbug! Holiday Phishing Attacks on the Rise

Bah Humbug! Holiday Phishing Attacks on the Rise

Phishing is not only widespread—it’s on the rise, and the holidays are traditionally a very lucrative time for phishers. In the recent Anti-Phishing Working Group (APWG) Phishing Activity Trends Report, the statistics are enough to scare Ebeneezer Scrooge ...

Read More

4 Golden Ransomware Prevention Rules for Employees

4 Golden Ransomware Prevention Rules for Employees

Ransomware is a type of malware that prevents or limits users from accessing their system—either by locking the system's screen or by locking the user’s files—unless a ransom is paid. Suppose, for example, that Michael in Finance receives an email that looks like it’s from Human Resources (HR) with a subject line that reads “2016 Health Insurance Options.” How do you train Michael and the rest of your staff not to open the attached document? 

Read More

How to Prevent Wire Transfer Phishing Threats

How to Prevent Wire Transfer Phishing Threats

Social engineering attacks such as phishing email schemes continue to be a serious threat to companies of all sizes. According to a recently released study from Duo Security, 31 percent of employees who received a simulated phishing attack clicked the link, thereby endangering the financial security of their company. One popular phishing attack requests wire transfers from ...

Read More