The Risk of Redirector Domains in Phishing Attacks
Researchers at GreatHorn warn that a large-scale phishing campaign is using open redirects to evade email security filters. Open redirects allow attackers to take a URL from a non-malicious website and tack on a redirect, so that when the link is clicked it will take the user to a phishing page. This results in a […]
Threat Actors Take Advantage of Exchange Online and Outlook on the Web with New Levels of Sophistication
New insight from Accenture Security highlights specific ways attackers are changing their tactics to make Microsoft’s email platform a tool rather than an obstacle for phishing attacks. We all tend to think of our email platform as something that helps create a more secure environment four our networks. But new disturbing information found in Accenture’s […]
The Geography of Business Email Compromise
Researchers at Agari have released a report on the global distribution of business email compromise (BEC) actors, and determined that 25% of these criminals are operating from within the United States. This makes the US the second-largest hub for BEC actors in the world. Criminals in Nigeria still account for the vast majority of BEC […]
Domain controller patch alert! Vulnerability grants domain admin access in 10 seconds
A critical Active Directory vulnerability (CVE-2020-1472) has been making headlines for being the most notorious elevation of privilege bug because it can affect all computers and domain controllers in an organization. This high-risk vulnerability, dubbed Zerologon, gives threat actors easy, instant access to domain controllers without requiring any additional privileges. This attack does not even […]
Dealing with data glut: Why ROT data is an issue, and how to manage it
“Unstructured data accounts for as much as 80 percent of an organization’s data footprint.” – Gartner As file storage grows rapidly year after year, new challenges arise around keeping data safe and maintaining control over data storage systems. Who owns which files? Whose files take up what volume of enterprise storage? Which files have become […]
6 top risk factors to triage vulnerabilities effectively
Common Vulnerability Scoring System (CVSS) scores have been viewed as the de facto measure to prioritize vulnerabilities. Vulnerabilities are assigned CVSS scores ranging from one to 10, with 10 being the most severe. However, they were never intended as a means of risk prioritization. If you’ve relied on CVSS scores alone to safeguard your organization, […]
Optrics Insider – Thin Client Backdoor, Get Fined for Paying Ransom & UEFI Malware
Join Scott Young and Shaun Sturby from Optrics Engineering as they discuss a new thin client backdoor for devices managed by HP Device Manager, how the US Treasury Department might fine you for paying the ransom if you’re attacked by ransomware and a new UEFI (Unified Extensible Firmware Interface) malware. Timecodes: 0:00 – Intro […]
New design, layout, and features—the all-new UI of ServiceDesk Plus Cloud is here
We are excited to launch the all new user interface for ServiceDesk Plus Cloud, the flagship ITSM software from ManageEngine. This latest UI update takes cues from the minimal design language and features restructured layouts that puts the user at the center of every module interaction. The new user experience is based on four dimensions: […]
October Patch Tuesday fixes 87 vulnerabilities, 6 of them publicly disclosed
October Patch Tuesday is here. While the next two weeks are going to be busy for system administrators as they hustle to test and deploy updates, once the cyberthreats are handled, we can all enjoy the fall festivities in peace. This Patch Tuesday has Microsoft releasing security fixes to address 87 vulnerabilities, out of which 12 […]
Five worthy reads: Every month should be Cybersecurity Awareness Month!
Five worthy reads is a regular column on five noteworthy items we’ve discovered while researching trending and timeless topics. Organizations on a global scale observe Cybersecurity Awareness Month to educate and instruct their employees on cybersecurity best practices. This week we highlight some cybersecurity trends that are shaping the industry today. Now in its 17th […]