This is a pretty amazing stat – nearly one-fourth of a security operation center’s (SOC’s) time is spent preventing, detecting, responding to, and researching potentially malicious ...
Social engineering and phishing happen when a con artist communicates a fraudulent message pretending to be a person or organization which a potential victim might trust in order to get ...
Phishers, people who are phishing other people (i.e., victims), have reasons for doing so. They are all criminals…cons…each pretending to be something they are not in order to trick ...
Social engineering and deception are as old as humanity itself. Phishing is social engineering and deception via digital means and has been with us since the beginning of computers. After ...
It’s an extra challenging year, harder than most, to choose the most impactful cybersecurity events. The year ended with a bang – the Solarwinds supply chain attack – which possibly ...
In my recent comment on the Solarwinds’ cyber attack, I made the claim that using multifactor authentication (MFA) can sometimes make you more at risk than using a simple login name and ...
Excellent, long-time, tech reporter Dan Goodin reported in Ars Technica that the recent Solarwinds’ supply chain attack involved hackers bypassing a popular multi-factor authentication ...
I can’t be phished. At least that’s what I used to believe.
People often wonder, why are they being phished? Why are they being phished by a hacker in the first place? What does their organization have that some hacker decided they were noteworthy ...
We all know the well-worn adage to make our passwords long and complex. Sometimes trying to do so can be completely frustrating.
I was fortunate enough to write Wiley’s Hacking Multifactor Authentication. It’s nearly 600-pages dedicated to showing attacks against various multi-factor authentication (MFA) solutions ...
I’m excited to announce the release of my 12th book, Hacking Multifactor Authentication.
There are many specific, heightened challenges of spear phishing emails coming from compromised, trusted third parties. Trusted third-party phishing emails usually come from the ...
Email rules have been used maliciously for decades. Learn about email rules and what you need to do to defend your organization against their malicious misuse.
One of the most frequent concerns I hear from IT security practitioners and CISOs is the rise of phishing attacks coming from compromised trusted partners and contractors. The attackers ...
A steadily growing phishing trend involves phishing emails which attempt to modify your OAuth permissions. Simply clicking on one Allow button or hitting ENTER by mistake can ...
In emergency healthcare settings, the “golden hour” is the time between when a patient suffering a life threatening event (e.g., heart attack, stroke, aneurysm, etc.) is most likely to ...
I’m sure we are all interested in the latest Twitter hack. As the author of the soon to be released Wiley book called Hacking Multifactor Authentication, I have to laugh at the “experts” ...
One of the most common questions I get asked working for a security awareness training company is, how do I make employees more engaged with and care about the training? I get it. Who ...
It’s nearly impossible to find an Internet scam or phishing email that doesn’t involve a malicious Uniform Resource Locator (URL) link of some type. The link either directs the user to a ...
