Phishing

Slowly but surely, phishing-resistant forms of multi-factor authentication are catching on. Here's how to join the movement, and how it can lead to a fully passwordless environment.

Research underscores that many systems remain unpatched and are vulnerable to bugs that were patched several years ago.

Four ways security teams can mitigate open redirect attacks.

Malicious emails purporting to be invoices that contain ZIP attachments have been delivered to facilitate the execution of a WebDAV-retrieved DLL that loads the updated Strela Stealer variant.

The U.S. Department of Justice announced that Nigerian hacker Kolade Akinwale Ojelade has been sentenced to more than 26 years imprisonment for his involvement in a massive phishing scam against real estate businesses that resulted in the theft of $12 million.

Most recent evidence of ramping EDR exploitation was a posting of "high-quality" .gov emails, including U.S. credentials, on a hacking forum in August, with the known threat actor offering guidance on EDRs and the sale of legitimate subpoena documents to impersonate law enforcement.

Researchers say they’ve seen continued reports of these automated email campaigns on the DocuSign community forums for the past five months.