FISA

A highly advanced phishing campaign has emerged, targeting Gmail’s massive user base of over 3 billion by leveraging legitimate Google services to evade standard email defenses. The attackers are using OAuth-based applications and exploiting DomainKeys Identified Mail (DKIM) validation techniques to craft messages that mimic genuine Google security alerts—effectively slipping past traditional security filters and even multi-factor authentication (MFA). These phishing messages are cleverly disguised as critical security warnings, such as notices about legal subpoenas or urgent account issues. Because the emails are cryptographically signed and technically legitimate, they land directly in users’ inboxes with no spam or phishing warnings, often appearing in the same conversation thread as real messages from Google. The phishing mechanism directs recipients to fake Google Support pages hosted on sites.google.com —a trusted domain—rather than the legitimate accounts.google.com authentic...

In our digital age, data is king. It drives businesses, informs decision-making, and plays an essential role in our everyday lives. However, with the convenience of technology comes the risk of data breaches and leaks. One often overlooked aspect of this risk is the role that lost and stolen computers play in compromising sensitive information. According to  Forrester Research’s 2023 State of Data Security  report, only 7% of security decision makers are concerned about a lost or stolen asset causing a breach, even though such incidents account for 17% of breaches. Such assets can include smartphones, tablets, laptops, external hard drives, and USB flash drives. While these types of breaches may not command the same attention-grabbing headlines as major cyberattacks, the theft or loss of laptops, desktops, and flash drives poses a very real problem. It underscores the pressing need for endpoint resilience and recovery. The Rising Threat Lost and stolen computers are a growing ...