Stegomalware is still a relatively unknown term but is becoming more widely leveraged in malware. So you need to know about this semi-low-tech, yet innovative tactic that is imperceptible to the human eye.

It all sounds like the stuff of Sherlock Holmes or “Mission Impossible”, but steganographic malware, or stegomalware for short, is a real thing that broadly describes a host of tactics used to hide data in plain sight.

Working in cybersecurity is one of the most challenging roles in the organisation. Not only are you tasked with keeping the business and its data safe and secure, but you must do so in the face of ever-increasing professionalism and sophistication on the part of cybercriminals.There are more threats than ever before, and the consequences of a data breach are more significant too. In recent Fortra...

Let the "madness" begin! The NCAA Basketball tournament is different for everyone. Some experience madness after a gut-wrenching triple overtime victory by their alma mater, while others after a buzzer-beater shot from half-court by a 16th-ranked Cinderella underdog that instantly knocks out one of your final four selections. However, to me there is nothing more maddening, in the delightful sense...

In early 2023, Microsoft launched Defender for Identity which aims to offer visibility by helping to identify threats and provide actionable reports on attacks. But M365 security is not completely adequate for the modern enterprise and must be augmented by other data security solutions.

You might remember as a child, there was a revelation…invisible ink. Stepping forward to today, there is now a new type of phishing which uses invisible ink, or as it’s also called, ‘zero font’, as a means to beat the spam and phishing filters. Anti-spam / phishing filters work in several different ways; they look for specific words or phrases and there is then a statistical element. If there are 100,000 instances of the same message, it’s probably spam.

In 2021, Gartner includes DMARC, or known by its full name as Domain-based Message Authentication, Reporting & Conformance, in its list of top 10 security projects. With very few exceptions, the best way for organizations to prevent getting impersonated in email attacks is to integrate DMARC into their Office 365-based email ecosystems.To understand why, let’s consider the benefits of deploying...

How can organizations keep their employees safe from social engineering lures during this summer of sport? We look the tactics to watch out for and ways to minimize risk.

On Wednesday May 12, the Biden administration took a critical step towards addressing security issues that have come to light after several recent, high profile cyberattacks.

CISOs and their teams are about to get some serious performance enhancers in their high-stakes race against email security threats. According to the FBI, phishing campaigns, business email compromise (BEC) scams, and other advanced email attacks have resulted in $26 billion in business losses over the course of three years. Then 2020 happened. With 75 million corporate employees even now still...

What is email spoofing, how does it work, and why is it so dangerous to your company? We’ll explain everything you need to proactively stop attackers from spoofing your email address.Email Spoofing: What Is It?Email spoofing is when a fraudster forges an email header’s ‘From’ address to make it appear as if it was sent by someone else, usually a known contact like a high-level executive or trusted...

Office 365 phishing emails come in common patterns. I'll list them here and also cover Office 365 anti-phishing features for prevention, detection, and response.Today, the typical Office 365 phishing emails direct users to fake Office 365 Sign-in pages. The victim submits their credentials, effectively handing over their password. Fraudsters use that login to access the victim’s address book, then...

Amid a troubling rise in zero-day phishing attacks, recent research suggests that some companies may be making an ill-advised shift away from blocking advanced email threats to responding to them post-delivery. If true, the capitulation couldn't come at a worse time. Since January, cybercriminals taking advantage of the COVID-19 outbreak have been targeting businesses and individuals with an...

Since the beginning of February, we have seen more than a 3,000% increase in Coronavirus-themed phishing attacks targeting our customers. The spike in attacks is as logical as it is repugnant. With an estimated 75 million employees more reliant than ever on email during the largest "work-from-home experiment" in history, phishing scammers and other threat actors seem hellbent on exploiting...

We hear a lot about encryption in this day in age, particularly around it being the panacea for compliance with data protection regulations. It’s true it can be a component of an information security and compliance strategy, but there are a variety of different encryption options available on the market today, so care needs to be taken with selecting the right solution to ensure it doesn’t turn into a nightmare resulting in non-compliance.

Optical Character Recognition (OCR) as a technology has been around for a long time. It inspects images for text and then decodes them. While the human eye is fantastic at recognizing text, be it upside down or at an angle, it is computationally intensive to do this by machine on a regular basis. However, new algorithms now exist to deal with skew (angled text) as well as being able to handle multiple languages. The latest versions of Clearswift’s email product portfolio – the SECURE Email Gateway (SEG), SECURE Exchange Gateway (SXG) and ARgon – have a new cost option for OCR to mitigate this risk.