Penetration testers and attackers have a new tool in their arsenal that can be used to automate phishing attacks in a way that defeats two-factor authentication (2FA) and is not easy to detect and block. The tool makes such attacks much easier to deploy, so organizations should adapt their anti-phishing training accordingly. (By Lucian Constantin, CSO)
A survey by cybersecurity company Palo Alto Networks and British pollster YouGov found that 68 percent of people believe they're doing all they can to protect themselves against cyberattacks. The Trust in a Digital Replace report set out to examine the attitudes of the general public when it came to cybersecurity, privacy and technology in the modern world. (By Danny Palmer, ZDNet)
A report published today by cyber-security firm Bitdefender gives one of the best views we ever got into the inner-workings of a modern bank heist, and more particularly, a bank heist carried out by Carbanak, a group of hackers responsible for stealing more than one billion euros from banks all over the world. (By Catalin Cimpanu, ZDNet)
Shade, a ransomware known to target Russian victims, has been spotted in several recent campaigns scoping out new locations – including in the U.S. and Japan. (By Lindsey O'Donnell, Threatpost)
Non-malicious insiders are among the top three threat actors, according to an ISACA report. (By Alison DeNisco Rayome, TechRepublic)
An insider threat can encompass anything from a gullible employee falling for a spearphishing email, to unaware new hires sharing data inappropriately – all the way to a rogue employee stealing company data. (By Lindsey O'Donnell, Threatpost)