Phake phishing: Phundamental or pholly?
Debates over the effectiveness of phishing simulations are widespread. Sophos X-Ops looks at the arguments for and against – and our own phishing philosophy
Similar Posts
EU Parliament committee votes to advance controversial Europol data sharing proposal
Bys sSuzanne Smalley reports: Lawmakers in the European Union’s Parliament on Tuesday voted to greenlight a proposal which would allow Europol to expand data sharing and biometric data collection as part of its effort to fight human trafficking and migrant smuggling. Parliament’s Civil Liberties Committee (LIBE), which approved the package, will now send the proposal to a full……
Web Server Exploits and Mimikatz Used in Attacks Targeting Asian Critical Infrastructure
Bys sHigh-value organizations located in South, Southeast, and East Asia have been targeted by a Chinese threat actor as part of a years-long campaign. The activity, which has targeted aviation, energy, government, law enforcement, pharmaceutical, technology, and telecommunications sectors, has been attributed by Palo Alto Networks Unit 42 to a previously undocumented threat activity group dubbed
Humboldt Independent Practice Association’s breach notification leaves questions unanswered
Bys sOn November 11, 2024, Humboldt Independent Practice Association (Humboldt IPA) submitted a breach report to HHS that used a placeholder of 500 for the number of patients affected. All we knew from HHS’s entry was that it was some kind of hacking or IT incident involving protected health information located in email. The California entity’s…
Hackers Leverage Microsoft Teams to Spread Matanbuchus 3.0 Malware to Targeted Firms
Bys sCybersecurity researchers have flagged a new variant of a known malware loader called Matanbuchus that packs in significant features to enhance its stealth and evade detection. Matanbuchus is the name given to a malware-as-a-service (MaaS) offering that can act as a conduit for next-stage payloads, including Cobalt Strike beacons and ransomware. First advertised in February…
WinRAR Zero-Day Under Active Exploitation – Update to Latest Version Immediately
Bys sThe maintainers of the WinRAR file archiving utility have released an update to address an actively exploited zero-day vulnerability. Tracked as CVE-2025-8088 (CVSS score: 8.8), the issue has been described as a case of path traversal affecting the Windows version of the tool that could be exploited to obtain arbitrary code execution by crafting malicious…
SEC and SolarWinds Seek Settlement in Securities Fraud Case
Bys sHunton Andrews Kurth writes: In a surprising development in the US Securities and Exchange Commission’s (“SEC’s”) ongoing securities fraud case against SolarWinds Corp. (“SolarWinds”) and its former chief information security officer (“CISO”), Timothy Brown, all three parties have petitioned the judge for a stay pending final settlement. Until the SEC’s four commissioners can vote to…