What is SPF? Sender Policy Framework (SPF) is an email authentication protocol designed to combat email spoofing, spam, and phishing attacks. It verifies the legitimacy of incoming emails by allowing domain owners to authorize specific mail servers. How does SPF work? SPF works through DNS records. When an email is received, the recipient’s server checks… Read more »
Blog
Thread Hijacking Attacks Targeting Email Users
Thread hijacking attacks, a sophisticated form of social engineering, occur when an individual’s email account is compromised, and the attacker sends malicious emails from that account within an ongoing email thread. This method leverages the recipient’s trust in the sender and curiosity to trick them into clicking on malicious links or attachments. In a recent… Read more »
AI Scams on the Rise: LastPass’s Close Call
Details of the Attack In a recent blog post, LastPass revealed the details of an attempted AI driven scam. An employee received multiple WhatsApp communications, including calls, texts, and a voice message, purportedly from the company’s CEO, Karim Toubba. Recognizing the communication as unusual and potentially fraudulent, they promptly reported it to the internal security… Read more »
New Malware Infiltrating Inboxes
Latrodectus, a recently discovered malware, may be sitting in your inbox. First appearing in phishing campaigns in late November 2023, the malware has raised major concerns in the cybersecurity community because it can bypass protections to execute malicious code to the user. Its infiltration tactics involve deceiving victims with fake legal threats, leading them to… Read more »
Microsoft Teams Unbundling: Navigating Change in Global Business
Microsoft has decided to separate its popular video meeting application, Teams, from its commercial Microsoft 365 and Office 365 suites. The unbundling is a result of European antitrust regulations and global changes in business practices. Initially implemented in the European Economic Area and Switzerland in October 2023, this move is now going global as of… Read more »
Beware of Elaborate Phishing Attacks Targeting Apple Users
Reports have surfaced detailing a sinister phishing campaign that leverages what appears to be a flaw in Apple’s password reset mechanism. Victims find themselves bombarded with a barrage of system-level prompts, rendering their devices virtually unusable until they respond to each prompt with either an “Allow” or “Don’t Allow.” This inundation tactic, dubbed “push bombing”… Read more »
Hackers Exploit Tax Season to Scam Small Businesses
For many small business owners, tax season is a time of crunching numbers, gathering documents, and ensuring regulation compliance. Unfortunately, hackers take advantage of this busy period to take advantage of unsuspecting businesses. The Phishing Net: With tax-related phishing scams, hackers may impersonate the IRS or tax preparation services, luring businesses into providing confidential information…. Read more »
Refresh Your Digital Space: 4 Essential IT Spring Cleaning Tips
Since many of us spend as much time online as we do offline, it’s just as important to fresh your digital space as it is your physical space. Just like decluttering your home, organizing your digital space can boost efficiency, productivity, and even cybersecurity. Below are four tips to help you jump into your virtual… Read more »
Critical Vulnerabilities Found in WordPress Plugins Put Thousands of Websites at Risk
Is your organization’s website hosted on WordPress? According to a recent discovery by the Wordfence team, your site may be at risk. The Wordfence team at WordPress security company Defiant have unveiled critical vulnerabilities in two discontinued MiniOrange plugins, as well as another concerning flaw in the widely-used RegistrationMagic plugin. These vulnerabilities pose significant risks… Read more »
Crypto Imposters are Using Calendly to Spread Mac Malware
Do you use Calendly to organize your calendar and book meetings? You may be vulnerable to a new scheme targeting Mac users. Recently reported by Krebs On Security, this scheme targets people in the cryptocurrency space through platforms like Calendly via malicious links and calendar add-ons. One victim’s experience illustrates the danger: approached via Telegram… Read more »