Attackers are leveraging legitimate file sharing sites to increase phishing effectiveness

We are seeing a new variation of phishing attack that’s leveraging a users trust of legitimate file sharing services (Dropbox and Egnyte specifically) to increase the effectiveness of their phishing campaigns.  We have included similar techniques in a number of recent phishing engagements for clients and have seen a significant increase in the number of […]

Neither snow nor rain nor gloom of night can stop this attack

These days, it’s not hard to find news stories about personal, private and / or sensitive data being leaked or exposed in massive data breaches. An attacker found a way to get from an untrusted network into the POS system (Target, Home Depot). An attacker found a vulnerability in a website and downloaded a treasure […]

Let’s De-Mystify PCI Compliance

If your business accepts credit cards, you’ve probably heard the term PCI or PCI DSS and whoever does the credit card processing for you (your merchant provider) probably has you fill out a form regularly to verify your compliance with PCI DSS. So, what is PCI DSS Compliance?  What is the SAQ (Self Assessment Questionnaire) […]

Almost 20 million records exposed in breach affecting Quest and LabCorp

Executive Summary Financial, healthcare and other personal / private information is a treasure trove for criminals and the proliferation of online records (payment, healthcare, etc.) and data sharing between entities (e.g., web portals for accessing healthcare records, payment portals for both B2B and B2C payment processing, etc.) gives these criminals countless opportunities to find data […]