An assessment on whether North Korea is behind the WannaCry ransomware attacks leads the latest edition of the ISMG Security Report. Also, the co-author of NIST's revised Trustworthy Email special publication discusses changes in the guidance.
Email, which is too easily spoofed, phished or taken over, remains a leading cybersecurity risk. But finally, after years of pushing, the Domain-based Message Authentication, Reporting and Conformance standard, or DMARC is helping to bolster email security, says Phil Reitinger, CEO of the Global Cyber Alliance.
Adoption of the Domain-based Message Authentication, Reporting & Conformance - or DMARC - standard is very low in the healthcare sector, and broader use could greatly reduce phishing risks, according to a new study.
Former Trump campaign aide George Papadopoulos learned that Russia had thousands of pilfered emails containing "dirt" on Hillary Clinton three months before they appeared online, according to court documents.
An in-depth look at the DMARC anti-spoofing system - which the U.S. Department of Homeland Security this past week said it will require federal agencies to adopt - leads the latest edition of the ISMG Security Report. Also, continuous monitoring of the insider threat.
A new directive from the U.S. Department of Homeland Security elevates federal agencies' email security to the DMARC standard that's widely adopted by commercial email providers, including Google, Yahoo and Microsoft.
Two Russian hackers, members of a group called "Shaltay-Boltai" - Humpty Dumpty in Russian - that stole and sold high-level Russian officials' emails, have been sentenced to serve three years in prison. The case against them may tie to a high-profile Russian treason investigation.
In the wake of the surge in business email compromise incidents, many organizations have implemented new anti-phishing controls. But the attackers are countering the counter-measures, says Agari's Wes Dobry. What is the best response?
Opportunistic attackers may have breached some Parliament email accounts by brute-force guessing their way into accounts with weak passwords. But such a breach is hardly the "cyberattack" some are making it out to be.
Score another one for social engineering: A phishing campaign used a bogus "Google Docs" app to trick people into surrendering full access to their Google accounts and contacts. Before Google squashed the campaign, up to 1 million of its users may have fallen victim.
Phishing and ransomware are increasing at the rate of several hundred percent per quarter, a trend that Osterman Research believes will continue for at least the next 18 to 24 months. However, organizations can address the threat through a variety of means: user education, security solutions, vulnerability analysis,...
The best approach to building a security policy is by using a comprehensive, layered approach that covers all threats (both new and known). This policy needs to leverage real-time threat intelligence by addressing all threat vectors and all platform types as workloads migrate from physical to virtual to...
The drop in value of stolen payment cards caused cyber criminals to adopt new tools, foremost among them ransomware. Having already caused a financial drain of $209,000,000 in just one quarter, organizations of all sizes are at risk.
Download this infographic to see:
Why ransomware-as-a-service is a new risk;
"No More Ransom," a coalition made up of the Dutch High Tech Crime police, Europol's Cybercrime Centre, and a growing number of cyber security companies, was formed to address the rapid growth of cybercrime conducted through ransomware.
The coalition knew their website would be an irresistible target for cyber...