1 min
Lost Bots
[The Lost Bots] S02E03: Browser-in-Browser Attacks — Don't Get (Cat)-Phished
In this Lost Bots episode, our hosts talk phishing — not the everyday kind, but a new technique known as browser-in-browser attacks.
3 min
Threat Intel
Network Access for Sale: Protect Your Organization Against This Growing Threat
Vulnerable network access points are a potential gold mine for threat actors. We look at the techniques they use and best practices for prevention.
4 min
ICER Reports
Rapid7's 2021 ICER Takeaways: Email Security Among the Fortune 500
We all know and love—or at least begrudgingly rely upon—email. It is a pillar of modern communications, but is unfortunately also highly susceptible to being leveraged as a mechanism for malicious actions, such as spoofing or phishing.
4 min
Phishing
How to Turbocharge Your Phishing Response Plan
A quick reaction to a phishing threat can mean the difference between a massive breach or a fast fix.
7 min
Microsoft
Phishing for SYSTEM on Microsoft Exchange (CVE-2020-0688)
As of March 24, there were over 350,000 Microsoft Exchange servers exposing a version of the software with a vulnerability.
3 min
Automation and Orchestration
How to Automate Phishing Investigations and Remediation
Here are four ways security orchestration and automation (SOAR) tools can streamline the phishing investigation process.
4 min
Phishing
Tips for a Successful Phishing Engagement
Many factors can go into making a phishing engagement a success, so in this blog, we will share some tips for making sure your organization gets the most out of its upcoming engagement.
3 min
Phishing
Lessons from a Pen Test: The Power of a Well-Researched and Well-Timed Phishing Email
On a recent pen test, Steve Laura saw just how effective phishing emails can be with the right research and timing.
4 min
Phishing
What You Can Learn from Our Successful Simulated Phishing Attack of 45 CEOs
I was recently invited to a cybersecurity event to raise awareness on phishing by simulating targeted campaigns against the CEO attendees. Here's how they fared.
5 min
Haxmas
The Nightmare After Christmas
With all the incidents that occurred in 2018, you may feel a bit like a CISO Scrooge. Here's how you can prepare for next year (in poem form!)
3 min
Penetration Testing
7 Funny and Punny Halloween Costume Ideas for Tech and Cybersecurity Pros
Stuck on what to be this year? Here are some of our favorite Halloween costume ideas for tech and cybersecurity professionals.
4 min
Threat Intel
How Cybercriminals Use Pinterest to Run Fraud Scams
There are a variety of scams hackers can run on Pinterest, but for this post, we’ll focus on fraud and financial scams.
5 min
Phishing
Phishing Attacks Duping Your Users? Here’s a Better Anti-Phishing Strategy.
You’ve hired the best of the best and put up the right defenses, but one thing
keeps slipping in the door: phishing emails. Part of doing business today,
unfortunately, is dealing with phishing attacks
[https://www.rapid7.com/fundamentals/phishing-attacks/]. Few organizations are
immune to phishing anymore; it’s on every security team’s mind and has become
the number one threat to organizations
[https://www.sans.org/reading-room/whitepapers/analyst/2017-threat-landscape-survey-users-front-line-3
1 min
Whiteboard Wednesday
Whiteboard Wednesday: How to Implement A Phishing Awareness Training Plan in 5 Steps
There’s no silver bullet to combating protecting your organization from
phishing
attacks [https://www.rapid7.com/solutions/phishing-protection/] today. The only
comprehensive approach leverages a combination of methods, many of which we’ve
covered in parts 1 [https://www.rapid7.com/resources/wbw-anti-phishing/] and 2
[https://www.rapid7.com/resources/wbw-phishing-protection/] of our three-part
phishing Whiteboard Wednesday series.
Phishing is a human problem, and part of the solution is to prop
3 min
Phishing
Identify, Analyze, and Report Phishing Emails With InsightPhishing: Getting Started
Starting March 1, 2019, Rapid7 will no longer offer or support InsightPhishing,
and the beta program will end. Click here
[https://kb.help.rapid7.com/docs/insightphishing-end-of-program-announcement]
for more information.
We often talk about running phishing simulation campaigns as a way of training
our teams on what phishing emails look like. Given that 92% of breaches
[http://www.verizonenterprise.com/resources/reports/rp_data-breach-digest-2017-perspective-is-reality_xg_en.pdf]
have a thre