A new phishing campaign impersonating Capital One attempts to steal personal identities rather than account credentials. First detected by Vade in early July, the ongoing phishing campaign exploits Capital One’s recent partnership with Authentify, an online verification service .

Trellix, the cybersecurity company delivering the future of extended detection and response (XDR), today announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence. Comprised of hundreds of the world’s most elite security analysts and researchers, the Advanced Research Center produces actionable real-time intelligence and threat indicators to help customers detect, respond and remediate the latest cybersecurity threats.

According to Proofpoint’s 2021 State of the Phish Report, more than 80% of organizations fell victim to a phishing attack last year.  Another report from PhishMe  found that 91% of cyberattacks start with a phish, and the top reasons people are duped by phishing emails are curiosity (13.7%), fear (13.4%), and urgency (13.2%), followed by reward/recognition, social, entertainment, and opportunity.

Across all industries, digital transformation created new challenges for cybersecurity teams – starting more than a decade ago. Digital transformation isn’t new, but it remains a common topic because today, transformation is perpetual. Because of this perpetual change, Zero Trust has, in large part, become a necessity. 

A credible dark web actor is advertising an updated NFT drainer aimed at the latest version of MetaMask, indicating a burgeoning market for more sophisticated attack vectors aimed at the NFT user base. In early September 2022, well-regarded threat actor “jezabeth” announced a new NFT drainer capable of draining ERC-20, ERC-1155, ERC-721, and Ethereum (ETH) tokens.

Als Teil der Google-Familie ist Mandiant nun in einer noch stärkeren Position, die durch eine sich wandelnde Bedrohungslandschaft und immer raffiniertere Hackermethoden entstandenen Sicherheitslücken zu schließen. 

Threat actors are running a series of campaigns spoofing several departments of the United States government. The emails claim to request bids for government projects but lead victims to credential phishing pages instead. These campaigns have been ongoing since at least mid-2019 and were first covered in our Flash Alert in July 2019. 

In this article, we explore an attack scenario. We also show how you can minimize your risks. Read further to learn best practices to safely validate user input. Developers who write secure code use Input Validation. Black hat hackers frequently attack websites with questionable input.

A noteworthy phishing campaign that abuses LinkedIn smart links redirects was recently observed by the Cofense Phishing Defense Center. This new, targeted campaign illustrates that while exploiting a well-known postal brand is nothing out if the ordinary, such phishing emails continue to go undetected by popular email gateways designed to protect end users.

According to the State of Pentesting Report 2022, many companies struggle to completely fill their development and security job openings. Yet, the demands of a constantly evolving threat landscape require companies to constantly adjust their security posture and respond to emerging threats.