My TechDecisions

Search Results: phishing

Phishing, Email security

Email Attacks are Evading Security Protections. Here’s How Security Teams Should Respond.

IT, security teams and end users should take these actions to combat increasingly sophisticated email threats.

June 6, 2023 Trevor Collins Leave a Comment

Instances of business email compromise (BEC) – a targeted form of phishing in which attackers try to scam companies out of money or goods or trick employees into giving up sensitive info – have continued to increase, causing devastating impacts. Last year, the FBI’s Internet Crime Complaint Center (IC3) reported $43 billion of global exposed […]

Read More
Threat Detection Trends, 2023 Hacking Trends, Expel

New Email Rules, MFA Bypass Are Top Hacking Tactics So Far in 2023

Cybersecurity firm Expel's 2023 first quarter threat report finds that hackers are hiding their activity with email rules and bypassing MFA.

June 1, 2023 Zachary Comeau Leave a Comment

Account compromise, new inbox rules designed to hide malicious activity, and multifactor authentication bypass are the most popular hacking tactics being utilized by threat actors so far in 2023, according to a new report from cybersecurity firm Expel. According to the managed detection and response provider, identity-based attacks such as account compromise, account takeover and […]

Read More
Business email compromise

Business Email Compromise is on the Rise

Business email compromise attacks are increasing in sophistication, allowing attackers to quietly take over email accounts, Microsoft says.

May 22, 2023 Zachary Comeau Leave a Comment

Business email compromise has emerged as a critical threat as threat actors shift their tactics and increase the sophistication of attacks designed to takeover business emails, including leveraging residential IP addresses to hide the attacks, Microsoft says in a new Cyber Signals report. The report, the fourth such edition of Microsoft’s cybersecurity research report, finds […]

Read More
Bitwarden Passwordless.dev

Bitwarden Launches Passwordless.dev to Simplify Passkey Implementation

Bitwarden Passwordless.dev is a developer toolkit with an API for integrating FIDO2 WebAuthn-based passkeys into enterprise applications.

May 19, 2023 Zachary Comeau Leave a Comment

Open-source password manager Bitwarden is launching the general availability of Bitwarden Passwordless.dev, a developer toolkit with an API for integrating FIDO2 WebAuthn-based passkeys into consumer websites and enterprise applications. Bitwarden’s release comes as tech firms are investing heavily in passwordless technologies in the hopes that it will essentially eliminate a major vector of cyberattacks and […]

Read More
Passage by 1password App dashboard

Passage by 1Password Brings Passkeys to Any Website

Passage by 1Password elimates passwords, enabling businesses to implement passkeys with a few lines of code.

May 18, 2023 TD Staff Leave a Comment

1Password, the Toronto-based, provider of  human-centric security and privacy, launched Passage by 1Password, a standalone authentication solution designed to enable businesses to implement passkeys for apps and websites. According to the company, Passage by 1Password allows businesses to eliminate the hassle of passwords and reduce cart abandonment without building their own authentication infrastructure. With this […]

Read More
Microsoft Teams attack

Research: Microsoft Teams Can Be Used for Malware Delivery

Microsoft Teams is now one of the 10 most targeted sign-in applications in Microsoft 365 and can be abused by attackers, Proofpoint says.

May 18, 2023 Zachary Comeau Leave a Comment

It is common knowledge that Azure, PowerShell, Exchange and other Microsoft Tools and services are popular targets of threat actors, but Microsoft Teams is emerging as one of the most targeted Microsoft applications for attackers. According to enterprise security firm Proofpoint, Microsoft Teams is now one of the 10 most targeted sign-in applications, with nearly […]

Read More
MOVEit, ransomware, CVE-2023-34362,

BianLian Ransomware Group Skips Encryption and Goes Straight to Exfiltration

The BianLian group is a ransomware actor that is targeting organizations with a data extortion model, bypassing traditional encryption.

May 17, 2023 Zachary Comeau Leave a Comment

Cybersecurity officials the, FBI, Microsoft and Sophos are warning organizations to limit their use of some legitimate tools as they are being leveraged by the BianLian group, a ransomware group that has targeted organizations with a data extortion model, bypassing the need to encrypt victims’ data. According to a joint advisory from CISA, its Australian […]

Read More
YubiKey Microsoft Azure CBA

Azure AD CBA on Mobile With Hardware Security Keys Now Available

Microsoft and Yubico partnered to launch the general availability of Azure AD CBA on mobile devices using certificates on YubiKeys.

May 12, 2023 Zachary Comeau Leave a Comment

Microsoft is launching the general availability of Azure AD CBA on iOS and Android devices using certificates on hardware security keys via USB and NFC. According to Microsoft, this allows customers to provision certificates on a hardware security key which can be used for authentication with Azure AD on iOS and Android devices, giving organizations […]

Read More
Passwordless

Passwordless Tools Are On The Rise, But Adoption Will Take Time

While adoption is slow, passwordless technologies are on the rise and threaten to make World Password Day a thing of the past.

May 5, 2023 Zachary Comeau Leave a Comment

Passwordless technologies have been a big focus of software providers as they are designed to essentially eliminate passwords and a gigantic attack vector. By many metrics, account credentials are the most vulnerable and unsecure part of an organization’s IT infrastructure, with cyberattacks continuing to rely on phishing campaigns and brute force attacks to find their […]

Read More