New Phishing Scams Look So Real

There has been a stream of email alerts arriving at my inbox lately that warned of a variety of new phishing approaches that are using well-known brands (OneDrive and Office 365, FedEx and UPS), trusted sources (Department of Homeland Security, Gmail, Yahoo Mail), secure services (TLS certificates and HTTPS web sites) and curiosity (you received an encrypted message) to trick recipients into clicking a link that leads to a fake replica ...

Continue Reading →
0

Guest Post – Mobile App Security Threats and Secure Best Practices Part 2

A guest post by KC Karnes

Mobile App Security Exploit Examples: Painful Real-life Lessons

The climate around mobile app security is heating up.

Mobile app vulnerabilities are exploited every day, resulting in expensive data breaches and loss of public trust.

In this section, we will try to learn from the failures of other companies and highlight how real the threats outlined above can be.

Timehop Fails To Trust Two-Factor Authentication

Starting in December of 2017, TimeHop was ...

Continue Reading →
0

Guest Post – Mobile App Security Threats and Secure Best Practices Part 1

A guest post by KC Karnes

Is your mobile app secure?

It shouldn’t come as a surprise that mobile apps are targeted by hackers, given the rapid adoption and increased usage globally. By some estimates, one out of every 36 mobile devices has high-risk apps installed.1

An even more sobering mobile app security statistic for businesses to hear: 71% of fraud transactions came from mobile apps and mobile browsers in the ...

Continue Reading →
0

Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


Social Warfare WordPress Plugin Zero-Day: Details and Attack Data

In our earlier post, we issued a warning to users of the Social Warfare plugin regarding a zero-day vulnerability affecting their sites. At this time, the plugin’s developers have issued a patch for the flaw. All users are urged to update to version 3.5.3 immediately.


Continue Reading →
0

Unhappy Valentines Day – Romance Fraud

This Valentine’s Day, be careful of who you let into your heart.  Unfortunately for every love-lorn single there is a fake Romeo or dating site scammer waiting to separate them from their money.  According to the FBI, the amount of money losses to victims of romance fraud makes it the second most lucrative cyber crime, generating $211 million for the perpetrators. Only business email ...

Continue Reading →
0

Too Legit – The DocuSign No Malware Phishing Exploit

You or your CFO receive an email offering business capital at attractive interest rates.  The company that sent you the offer has provided an application for the loan using the legitimate document presentation platform, DocuSign.  Everything looks legit, and it is.  No fake web pages or near-miss web addresses.  But this is the latest in “no malware” phishing scams.

Filling out the form will give ...

Continue Reading →
0

It’s Income Tax Fraud Season Again

Every year about this time, cyber-criminal groups start to ramp up for the annual income tax fraud season.  If you would prefer to receive your own tax refund, as opposed to letting some scam artist get it instead, the basic solution is to file your returns as early as possible.  Here are some things to be watching for.

  • W-2 reports phishing scam – This phishing scan usually targets company HR department personnel, ...
Continue Reading →
0
Page 1 of 8 12345...»