Microsoft Office Features Abused to Deliver Malware

Less than a week after a Sensepost blog highlighted how to abuse Microsoft Office functionality to deliver malware to systems via phishing messages, PhishMe® observed attackers abusing this feature of Microsoft Windows. This highlights how quickly malicious actors capitalize on such revelations, outpacing many organizations’ abilities to understand and respond to emerging threats.

BadRabbit is not Petya. But…

Petya. NotPetya. Now BadRabbit. Ransomware keeps evolving and wreaking havoc worldwide.

There’s no evidence that phishing emails have delivered Bad Rabbit, the new ransomware strain which hit Russian, Eastern European and some U.S. networks this week. But nonetheless at PhishMe, BadRabbit has caught our eye.

Viewing Phish with a Payload using PhishMe Intelligence and Maltego

BY MIKE SAURBAUGH AND GEOFF SINGER

Visualize Phishing Relationships with PhishMe Intelligence™ and Maltego

Fishing (without the “P”) is not a lot of fun when you just drop a line in the water and hope for the best. When fishermen want to see where the fish are, they look to the fish finder on the bridge to “look underwater” to find schools of fish. Similarly, when an analyst is looking to “catch” a phishing campaign, correlating the attacker’s campaigns and their payloads can benefit by being able to visually graph and link phishing threats. PhishMe Intelligence combined with Maltego can deliver the “phish finder” that an analyst needs.

Don’t Go In the Attachment: 5 Security Reminders in Honor of Halloween

Do we really need another Halloween-themed security blog?

Yep. We do. Not because our edgiest holiday triggers more cyber threats. No, Halloween season is scary because it’s been absorbed by the winter holidays—the spendiest, cyber-riskiest time on the retail calendar, beginning in mid-September and lasting until…it ends, right?

PhishMe Named a Leader in the 2017 Gartner Magic Quadrant for Security Awareness Computer-Based Training

Company recognized as a Leader for second consecutive year and positioned highest in ability to execute 

LEESBURG, VA. – October 27, 2017 – Today PhishMe®, the leading provider of human phishing defense solutions, announced it was named a leader in Gartner’s October 2017 Magic Quadrant for Security Awareness Computer-Based Training. PhishMe has been recognized as a leader for two consecutive years and is positioned highest in ability to execute.