Grow Your Career at Rapid7: North America Sales

As any sales professional knows, working for an organization where your growth and development are supported is key — not to mention selling a product you believe in and a company mission you can get behind. At Rapid7, you can check both of those boxes. With a stellar Business Development program...

French Spyware Executives Are Indicted for Aiding Torture

The managers are accused of selling tech to Libya and Egypt that was used to identify activists, read private messages, and kidnap, torture, or kill them...

Apple Execs Chose to Keep a Hack of 128 Million iPhones Quiet

Emails from the Epic Games lawsuit show Apple brass discussing how to handle a 2015 iOS hack. The company never directly notified affected users...

Office 365 Phishing Attack Targets Financial Execs

A new phishing scam is on the rise, targeting executives in the insurance and financial services industries to harvest their Microsoft 365 credentials and launch business email compromise BEC attacks, according to a new report from Area 1 Security. These new, sophisticated attacks are aimed at...

Clop targets execs, ransomware tactics get another new twist

Ransomware peddlers have come up with yet another devious twist on the recent trend for data exfiltration. After interviewing several victims of the Clop ransomware, ZDNet discovered that its operators appear to be systematically targeting the workstations of executives. After all, the top manage...

Targeted Phishing Attacks Strike High-Ranking Company Executives

An evolving phishing campaign observed at least since May 2020 has been found to target high-ranking company executives across manufacturing, real estate, finance, government, and technological sectors with the goal of obtaining sensitive information. The campaign hinges on a social engineering...

Google Forms Set Baseline For Widespread BEC Attacks

A threat actor has been sending thousands of emails to organizations, in what researchers warn is a reconnaissance campaign to identify targets for a possible follow-up business-email-compromise BEC attack. So far, researchers have observed thousands of messages being sent to companies since...

IBM Releases Report on Cyber Actors Targeting the COVID-19 Vaccine Supply Chain

IBM X-Force has released a report on malicious cyber actors targeting the COVID-19 cold chain—an integral part of delivering and storing a vaccine at safe temperatures. Impersonating a biomedical company, cyber actors are sending phishing and spearphishing emails to executives and global...

Business Email Compromise (BEC) Criminal Ring

A criminal group called Cosmic Lynx seems to be based in Russia: Dubbed Cosmic Lynx, the group has carried out more than 200 BEC campaigns since July 2019, according to researchers from the email security firm Agari, particularly targeting senior executives at large organizations and corporations...

First-Ever Russian BEC Gang, Cosmic Lynx, Uncovered

Researchers say they have discovered the first-ever reported Russian business email compromise BEC cybercriminal ring, showing that sophisticated attackers beyond the usual Nigerian scammers are setting their sights on the email-based attack vector. The BEC gang is called Cosmic Lynx, and has bee...

Former eBay Execs Allegedly Made Life Hell for Critics

Surveillance. Harassment. A live cockroach delivery. US attorneys have charged six former eBay workers in association with an outrageous cyberstalking campaign...

Phishing Attack Hits German Coronavirus Task Force

Researchers are warning of an ongoing phishing attack that’s targeting the credentials of more than 100 high-profile executives at a German multinational corporation that’s tasked with procuring coronavirus medical gear for Germany. The company, left unnamed by researchers, is part of a task forc...

Principles of a Cloud Migration – Security W5H – The HOW

“How about… ya!” Security needs to be treated much like DevOps in evolving organizations; everyone in the company has a responsibility to make sure it is implemented. It is not just a part of operations, but a cultural shift in doing things right the first time – Security by default. Here are a f...

CISO stress-busters: post #1 overcoming obstacles

As part of the launch of the U.S. space program’s moon shot, President Kennedy famously said we do these things “not because they are easy, but because they are hard.” The same can be said for the people responsible for security at their organizations; it is not a job one takes because it is easy...

Spear-Phishing Attack Spoofs EE To Target Executives

Researchers warn of an ongoing spear-phishing attack mimicking a well-known telecommunications company, EE, to snatch up corporate executives’ credentials and payment details. Highly targeted emails have been sent to a few executives – including one at a leading financial firm – purporting to be...

Targeted Phishing Attacks Successfully Hacked Top Executives At 150+ Companies

In the last few months, multiple groups of attackers successfully compromised corporate email accounts of at least 156 high-ranking officers at various firms based in Germany, the UK, Netherlands, Hong Kong, and Singapore. Dubbed 'PerSwaysion ,' the newly spotted cyberattack campaign leveraged...

Third Party Risk Management and the Cloud

Security awareness and preparation are getting more widespread. Corporate boards and C-suite executives are taking Third-Party Risk Management TPRM more seriously as they see what has happened to other enterprises in the not-so-distant past. I am speaking primarily of the top-level enterprises, b...

IT executives prioritize Multi-Factor Authentication in 2020

In 2020, many IT executives will roll out or expand their implementation of Multi-Factor Authentication MFA to better safeguard identities. This is one of the key findings of a survey conducted by Pulse Q&A for Microsoft in October 2019.1 Specifically, 59 percent of executives will implement or...

Two Arrested for Stealing $550,000 in Cryptocurrency Using Sim Swapping

It appears that at least the United States has started taking the threat of Sim Swapping attacks very seriously. Starting with the country's first-ever conviction for 'SIM Swapping' this February, U.S. Department of Justice has since then announced charges against several individuals for involvin...

Fake Voicemail/Office 365 Attack Targets Enterprise Execs

A phishing campaign is making the rounds that uses fake voicemail messages to lure victims into revealing their Office 365 email credentials. The targets are “high-profile companies,” according to researchers, mainly in the tourism, entertainment and real-estate industries. A wide range of...