Your new post is loading...
|
Scooped by
Farid Mheir
|
Protecting People cybersecurity threat report explores who’s being targeted, how they’re being attacked, and what you can do about it.
|
Scooped by
Farid Mheir
|
Every year, millions of fraudulent web domains are registered by threat actors looking to impersonate trusted brands. Using these domains, they launch phishing attacks or other scams. What are the latest trends around fraudulent domains, and how can you protect your organization? Download the report now to learn: - How threat actors create fraudulent domains
- What characterizes fraudulent and legitimate domains
- Which keywords and top-level domains (TLD) are trending
- How fraudulent domains use email to launch attacks
|
Scooped by
Farid Mheir
|
In 2019, we saw phishing attacks reach new levels of creativity and sophistication.
|
Scooped by
Farid Mheir
|
Based on an analysis of more than 5 billion daily emails, 200 million social media accounts, and 250,000 daily malware samples, we found that a small subset of individuals with high levels of access or privilege continue to receive the majority of targeted attacks. Highlights include: - Among the most targeted malware and credential phishing attacks, nearly 30% targeted generic email aliases
- Individual contributors and lower level management accounted for 72% of highly targeted malware and phishing attacks
- Web-based attacks that use social engineering grew 150% vs. the previous quarter
|
Scooped by
Farid Mheir
|
Ensuring that your website or open web application is secure is critical. Even simple bugs in your code can result in private information being leaked, and bad people are out there trying to find ways to steal data. The web security oriented articles listed here provide information that may help you secure your site and its code from attacks and data theft.
|
Scooped by
Farid Mheir
|
A video explainer on the technology that’s changing the meaning of the human face.
|
Scooped by
Farid Mheir
|
you’ll learn about some of the expert roles that are often the hardest to find or are only required in specific situations. This paper details these roles, their responsibilities and the cross-functional processes that are required to successfully hunt for, respond to and prevent threats as part of a world-class security organization.
|
Scooped by
Farid Mheir
|
Institutions are crossing functional boundaries to enable collaborative resistance against financial cybercrime and fraud.
|
Scooped by
Farid Mheir
|
Credential abuse and botnets abusing retailer inventories is a rising problem that needs attention. On average, organizations report experiencing 12.7 credential stuffing attempts each month, with each attempt targeting 1,252 accounts. We detected nearly 28 billion credential stuffing attempts between May and December 2018. Within the retail industry, the apparel vertical, experienced 3.7 billion attempts on its own, making it the largest targeted industry during the same timeframe. So why is retail, as well as apparel, such at hot target? Short answer? Money.
|
Scooped by
Farid Mheir
|
We teamed up with researchers from New York University and the University of California, San Diego to find out just how effective basic account hygiene is at preventing hijacking. The year-long study, on wide-scale attacks and targeted attacks, was presented on Wednesday at a gathering of experts, policy makers, and users called The Web Conference. Our research shows that simply adding a recovery phone number to your Google Account can block up to 100% of automated bots, 99% of bulk phishing attacks, and 66% of targeted attacks that occurred during our investigation.
|
Scooped by
Farid Mheir
|
Our tech columnist listened to four years of his Alexa archive, and discovered Amazon tracks us in more ways than we might want.
|
Scooped by
Farid Mheir
|
Our tech columnist offers some practical advice for fighting back against iOS apps hungry for your personal data.
|
Scooped by
Farid Mheir
|
The open source list of trackers that powers our browser extensions, Firefox’s private browsing mode, and other popular privacy tools can be found here along with a change log and notes.
|
Scooped by
Farid Mheir
|
We ran a privacy experiment to see how many hidden trackers are running from the apps on our iPhone. The tally is astounding. Apple says, “What happens on your iPhone stays on your iPhone.” Our privacy experiment showed 5,400 hidden app trackers guzzled our data — in a single week.
|
Scooped by
Farid Mheir
|
Market Guide for Security Threat Intelligence Products and Services. Key Findings: - The term “threat intelligence” covers a diverse set of capabilities. Client interest in industry-led government and commercial TI has increased significantly during the past two years. There are still large numbers of providers in this market, with startups also entering. - The number and diversity of TI services, as well as expertise, have created an environment in which purchasers often struggle to compare services, and there’s still no single provider to address all of them. Many vendors can provide access to information; fewer provide truly anticipatory content or curation based on customized intelligence. - The value of these services is sometimes constrained by the customer’s ability to afford, absorb, contextualize and, especially, use the information provided by the services.
|
Scooped by
Farid Mheir
|
We’re rolling out two new features, Password Checkup and Cross Account Protection, to keep your information safe beyond Google’s sites and apps.
|
Scooped by
Farid Mheir
|
The Magicverse is an Emergent System of Systems bridging the physical with the digital, in a large scale, persistent manner within a community of people.
|
Scooped by
Farid Mheir
|
Last week brought an extraordinary demonstration of the dangers of operating a surveillance state — especially a shabby one, as China’s apparently is. An unsecured database exposed millions of records of Chinese Muslims being tracked via facial recognition — an ugly trifecta of prejudice, bureaucracy and incompetence.
|
Scooped by
Farid Mheir
|
Whether it was here on Hackaday or elsewhere on the Internet, you’ve surely heard more than a few cautionary tales about the “Internet of Things” by now. As it turns out, giving every gadget you own access to your personal information and Internet connection can lead to unintended consequences. Who knew, right? But if you need yet another example of why trusting your home appliances with your secrets is potentially a bad idea, [Limited Results] is here to make sure you spend the next few hours doubting your recent tech purchases.
|
Scooped by
Farid Mheir
|
Phishing attacks are increasingly using impersonation to bypass traditional defense mechanisms. Weak sender identification will continue to present opportunities for creative attacks. Security and risk management leaders should use this research to adjust their strategy and business processes. Key Challenges Phishing attacks are still increasing as a targeting method of attackers. Phishing attacks targeting credentials will continue to escalate as applications and data migrate to better-protected cloud providers. Email is not designed to truly authenticate sender identity. Efforts like DMARC to authenticate domains are not granular enough to authenticate users and do not address all attack types. Most implemented secure email gateways (SEGs) are not designed with post-delivery detection and remediation techniques, costing incident responder and email admin time and reducing the feedback loop from end users. User phishing education is a good start toward people-centric security, but current email security does not provide users with any indicators of the trust they can put in emails or the proper workflow for dealing with suspect emails. Recommendations Security and risk management leaders responsible for endpoint and mobile security should: Upgrade secure email gateway solutions to cloud versions that include phishing protection, particularly for impostor or business email compromise (BEC) protection. Integrate employees into the solution and build capabilities to detect and respond to suspect attacks. Work with business managers to develop standard operating procedures for handling sensitive data and financial transactions. Strategic Planning Assumptions By 2023, sender identity verification will be a common critical component on secure email gateways and other anti-phishing solutions. By 2023, anti-phishing education will be a critical part of the feedback loop between end users and email security solutions. Through 2023, business compromise attacks will be persistent and evasive, leading to large financial fraud losses for enterprises and data breaches for healthcare and government organizations.
|
Scooped by
Farid Mheir
|
This infographic breaks down the chapters of our new handbook by security roles to show how each role can identify risks faster and more accurately.
|
Scooped by
Farid Mheir
|
Passwords are awful. The software security industry expects us to remember 100+ passwords, that are complex (variations of upper & lowercase, numbers and special characters), that are supposed to be changed every 3 months, with each one being unique. Obviously this is impossible for most people, and for those whom it is possible, why would they want to waste all of that brain power on something that is, essentially, meaningless? *** This article is for beginners in security or other IT folk, not experts.
|
Scooped by
Farid Mheir
|
So why isn’t this system in widespread use? After all, much of it has been available since 2014. (Tehranipoor even described some in his 2017 article for IEEE Spectrum about the dangers of cloned chips.) “Sometimes a technology is ready, but it’s not used by companies because an attack hasn’t been seen to be real,” Tehranipoor says. This attack might be enough to change that perception, he says.
|
Scooped by
Farid Mheir
|
Have your accounts been leaked or stolen in a data breach? Find out at Firefox Monitor. Search our database and sign up for alerts.
|
Scooped by
Farid Mheir
|
As the point of entry for 91% of cyber attacks, email is every organization’s biggest vulnerability. From malware to malware-less attacks including impersonation attacks like CEO fraud, a single malicious email can cause significant brand damage and financial losses. Understanding these ever evolving attacks and identifying the tactics used, is key to staying one step ahead of cyber criminals.
|
Curated by Farid Mheir
Get every post weekly in your inbox by registering here: http://fmcs.digital/newsletter-signup/
|
WHY IT MATTERS: this report provides data on cybersecurity attacks and the resources most at risk in organizations.