Fighting Phishing I: Get phish or die tryin.
|
|
- Giles Cummings
- 5 years ago
- Views:
Transcription
1 Fighting Phishing I: Get phish or die tryin. Micah Nelson and Max Hyppolite
2 bit.ly/nercomp_sap918 Please, don t forget to submit your feedback for today s session at the above URL. If you use social media please, use the following hashtag (aka Pound sign) --#NERCOMPPDO1
3 Phishing is a numbers game we can t win.
4 Phishing is a numbers game we can t win. It only takes One click Sending costs Very little More Scary gets More Clicky
5 Obligatory Stats Slide 76% 95% 30% 12% Businesses that were victim of Phishing attack in past year. Enterprise Network attacks that Start with Spearphish Phish Open Rate / Click Rate 100%
6 Obligatory Stats Slide 76% 95% 30% 12% 100% Businesses that were victim of Phishing attack in past year. Enterprise Network attacks that Start with Spearphish Phish Open Rate / Click Rate Phishing talks with a slide like This one.
7 What do we do about it?
8 Solutions Defense against known bad URLS Works wherever goes something.com/?=2uhe URL Rewriting Will rewrite bad links too Limits user ability to spot bad links
9 Solutions Removes malware from phishing messages before it arrives Attachment Defense Doesn t stop unsafe links May not stop new malware
10 Solutions Alerts the user to the source of a message External Sender! External Tag in Internal phishing (BEC) made easier Mailing services may get tagged
11 Solutions Engages users Shows examples Demonstrates Risk Phish Bowls Lots of effort on users to add Lots of effort to use Maintenance
12 Solutions Identifies risky groups and people Gives people a safe way to practice spotting phish People may feel tricked Consequences Phishing Assessments
13 Solutions Customize information to your needs and risks Engages people Really tough to do correctly (More on this later) Awareness Training
14 What is our solution?
15 Report Phishing Forward phishing s to
16 Phishing is a numbers game we can t win. It only takes One click Sending costs Very little More Scary gets More Clicky
17 Phishing is a numbers game we can t win, unless we Change the numbers. It only takes One report Reporting Costs little More Scary gets More Noticed
18 How do you get people to Report Phishing?
19 Do Anything How do you get people to Report Phishing?
20 Identify Phish Call Helpdesk / Open Ticket Attach Full Message With Headers
21
22 Behavior Ability Motivation Trigger (I want to, I know how, and I remember)
23 Can t Identify Phishing Don t want to Open Ticket Don t know how to report Don t think it matters
24 Don t want to open a ticket Don t think it matters M Can t Identify Phishing Don t know how to report A
25 Can t Identify Phishing A
26 Can t Identify Phishing A Too Complicated Too Simple
27 Can t Identify Phishing A How does this make you feel?
28 Don t Know How to Report A phishing@harvard.edu
29 Don t Know How to Report A phishing@harvard.edu
30 Don t think it matters M Stories > Stats
31 Don t think it matters M
32 Don t think it matters M You re so smart
33 Don t want to open a ticket M (phishing@harvard.edu)
34 Triggers T 1) Practice Assessments 2) Printed Materials 3) The Phish Itself
35 Increased Motivation Decreased Difficulty Added Triggers
36 Results
37 ~50 / Month
38 ~1000 / Month
39 Success Disaster!
40 To Be Continued!
41 Fighting Phishing 2: So long, and Thanks for all the phish! Micah Nelson and Max Hyppolite
42 42
43 43
44 Problem 1, ,113 1) Helpdesk 2) Call Christian Nov 2017 Dec 2017 Jan 2018 Feb
45
46 Mail Routing & Parsing PHISH PHISH PHISH Chum bucket ParseR Splunk 46
47 Automated Response to Reporter Reported Phish Your phishing report was received. Thank you for alerting us to a potential phishing threat within Harvard! What happens next? We take it from here and examine the message. If it is a phishing attack, we take steps to protect Harvard recipients and systems. Was it phishing or a real message I need to address? Unfortunately, we cannot provide individual responses to each case of suspected phishing. If you think the message could be legitimate, verify with the source outside of . For example, go directly to the website for your online account and log in don t use the link in the . If you received an unexpected file, call or text the sender to check with them don t ask via reply. What if I already clicked? If you already clicked an unsafe link or opened a file attached to a suspicious message, contact your local IT Support. 47 More questions? For tips on identifying phishing messages and how we use your phishing reports, visit
48 What are we going to do with all of these phish? What problem are we trying to solve? Investigate every message? No. Block every phish? No. Stop only phish that impact Harvard? Yes. Harvard accounts sending Phish Protect VIP recipients Harvard services being spoofed Important external services being spoofed 48
49 What are we going to do with all of these phish? Phish Reporting is a Threat Feed We don t respond to everything We automate, triage, and respond as appropriate. 49
50 Phishing Framework New Event Phishing/ Spam Triage Message Payload Phishing Spam Close Investigation - Who sent it? - Who received it? - What do they want? - Attachment? - Link? - Instructions? - Sophisticated forgery? - VIP Recipients? Level of Sophistication Determine Scope - Click rate - Submission Rate - After action review for large or impactful events Response Impact - Change Password - DNS Blocking - Google Reporting - CrowdStrike Containment 50
51 Automation New Event Phishing/ Spam Triage Message Payload Phishing Spam Close Investigation - Who sent it? - Who received it? - What do they want? - Attachment? - Link? - Instructions? - Sophisticated forgery? - VIP Recipients? Level of Sophistication Determine Scope - Click rate - Submission Rate - After action review for large or impactful events Response Impact - Change Password - DNS Blocking - Google Reporting - CrowdStrike Containment 51
52 $$$ Bad-Looking Legit Spam Possible Phish
53 Splunk Processing & Alerting Splunk - Filter out the noise: - Prescription Drugs - Known False Positives - Parse forwarded headers - Grab sender - Grab subject - Grab URLs - Grab file hashes - Every 30min: - Strip out previously alerted phish - Send out new Alert 53
54 Investigating Phish Review DNS queries Review Bro queries Snapshot Check Crowdstrike Dashboard 54
55
56 Splunk Dashboard Main Screen Enter the Domain Name or IP address of the Bad Domain 56
57 Phishing Dash Board Detailed cont 57
58 Phishing Dash Board Detailed cont 58
59 Phishing Dash Board Detailed cont 59
60 Key Takeaways Phishing is a Numbers Game. You can flip the tables on phish. Behaviors can change (B=MAT). Phishing reports are threat feeds. Volume can be filtered down. Remaining data is actionable. Part One Part Two
61 Questions? How do you engage people? Do you teach people not to send in spam? Isn t awareness a big waste of time? Part One What tools do you use to investigate? How long does it take to react? Can I use your malicious picture? Part Two
62 bit.ly/nercomp_sap918 Please, don t forget to submit your feedback for today s session at the above URL. If you use social media please, use the following hashtag (aka Pound sign) --#NERCOMPPDO1
One Phish, Two Phish, Three! Building an Active Threat Management Framework for Malicious
One Phish, Two Phish, Three! Building an Active Threat Management Framework for Malicious Email - Ron Weiss, Incident Response Team lead Disclaimer: The information in this presentation is based on lessons
More informationMachine-Powered Learning for People-Centered Security
White paper Machine-Powered Learning for People-Centered Security Protecting Email with the Proofpoint Stateful Composite Scoring Service www.proofpoint.com INTRODUCTION: OUTGUNNED AND OVERWHELMED Today
More informationHow Enterprise Tackles Phishing. Nelson Yuen Technology Manager, Cybersecurity Microsoft Hong Kong
How Enterprise Tackles Phishing Nelson Yuen Technology Manager, Cybersecurity Microsoft Hong Kong Hackers turning to easy marks - Social engineering Phishing was the #1 threat vector (> 50%) for Office
More informationTrain employees to avoid inadvertent cyber security breaches
Train employees to avoid inadvertent cyber security breaches TRAIN EMPLOYEES TO AVOID INADVERTENT CYBER SECURITY BREACHES PAGE 2 How much do you know about cyber security? Small business owners often lack
More informationSpam Protection Guide
Spam Email Protection Guide Version 1.0 Last Modified 5/29/2014 by Mike Copening Contents Overview of Spam at RTS... 1 Types of Spam... 1 Spam Tricks... 2 Imitation of 3 rd Party Email Template... 2 Spoofed
More informationAges Donʼt Fall for Fake: Activity 1 Don t bite that phishing hook! Goals for children. Letʼs talk
Ages 11-14 Donʼt Fall for : Activity 1 Don t bite that phishing hook! Children play a game where they study various emails and texts and try to decide which messages are legit and which are phishing scams.
More informationIT & DATA SECURITY BREACH PREVENTION
IT & DATA SECURITY BREACH PREVENTION A PRACTICAL GUIDE Part 1: Reducing Employee and Application Risks CONTENTS EMPLOYEES: IT security hygiene best practice APPLICATIONS: Make patching a priority AS CORPORATE
More informationEBOOK. Stopping Fraud. How Proofpoint Helps Protect Your Organization from Impostors, Phishers and Other Non-Malware Threats.
EBOOK Stopping Email Fraud How Proofpoint Helps Protect Your Organization from Impostors, Phishers and Other Non-Malware Threats www.proofpoint.com EBOOK Stopping Email Fraud 2 Today s email attacks have
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationFAQ. Usually appear to be sent from official address
FAQ 1. What is Phishing Email? A form of fraud by which an attacker masquerades as a reputable entity in order to obtain your personal information. Usually appear to be sent from official email address
More information10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS
10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS WHITE PAPER INTRODUCTION BANKS ARE A COMMON TARGET FOR CYBER CRIMINALS AND OVER THE LAST YEAR, FIREEYE HAS BEEN HELPING CUSTOMERS RESPOND
More informationEBOOK. Stopping Fraud. How Proofpoint Helps Protect Your Organisation from Impostors, Phishers and Other Non-Malware Threats.
EBOOK Stopping Email Fraud How Proofpoint Helps Protect Your Organisation from Impostors, Phishers and Other Non-Malware Threats www.proofpoint.com EBOOK Stopping Email Fraud 2 Today s email attacks have
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationSECURITY AUTOMATION BEST PRACTICES. A Guide on Making Your Security Team Successful with Automation SECURITY AUTOMATION BEST PRACTICES - 1
SECURITY AUTOMATION BEST PRACTICES A Guide on Making Your Security Team Successful with Automation SECURITY AUTOMATION BEST PRACTICES - 1 Introduction The best security postures are those that are built
More informationSecurity and Privacy
E-mail Security and Privacy Department of Computer Science Montclair State University Course : CMPT 320 Internet/Intranet Security Semester : Fall 2008 Student Instructor : Alex Chen : Dr. Stefan Robila
More informationPhishing. Eugene Davis UAH Information Security Club April 11, 2013
Phishing Eugene Davis UAH Information Security Club April 11, 2013 Overview A social engineering attack in which the attacker impersonates a trusted entity Attacker attempts to retrieve privileged information
More informationCyber Security Guide for NHSmail
Cyber Security Guide for NHSmail Version 3.0 February 2017 Copyright 2017Health and Social Care Information Centre. The Health and Social Care Information Centre is a non-departmental body created by statute,
More informationSecurity Automation Best Practices
WHITEPAPER Security Automation Best Practices A guide to making your security team successful with automation TABLE OF CONTENTS Introduction 3 What Is Security Automation? 3 Security Automation: A Tough
More informationIncident Play Book: Phishing
Incident Play Book: Phishing Issue: 1.0 Issue Date: September 12, 2017 Copyright 2017 Independent Electricity System Operator. Some Rights Reserved. The following work is licensed under the Creative Commons
More informationOn the Surface. Security Datasheet. Security Datasheet
Email Security Datasheet Email Security Datasheet On the Surface No additional hardware or software required to achieve 99.9%+ spam and malware filtering effectiveness Initiate service by changing MX Record
More informationGetting Security Operations Right with TTP0
0 Getting Security Operations Right with TTP0 Ismael Valenzuela SANS Instructor, McAfee @aboutsecurity Rob Gresham Splunk> Phantom @SOCologize Where were you in 1986? 0 What is the story? Google Market
More informationThreatConnect Learning Exercises
ThreatConnect Learning Exercises The following exercises will teach you some of the important features within the ThreatConnect platform. You will learn various ways of adding intelligence data into ThreatConnect,
More informationWho We Are! Natalie Timpone
Who We Are! Natalie Timpone Manager of Security Business Management Office Enterprise Security Awareness Manager Carmelo Walsh Security, Risk, and Compliance Security Awareness Subject Matter Expert Who
More informationSecurity Automation Case Study Maricopa Community Colleges. Watch the full webinar replay
Security Automation Case Study Maricopa Community Colleges Watch the full webinar replay Your Speakers Rich Lang Technical Director: Information Technology Security & Planning Maricopa Community Colleges
More informationTHE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson
THE RSA NETWITNESS SUITE REINVENT YOUR SIEM Presented by: Walter Abeson 1 Reality Goals GOALS VERSUS REALITY OF SIEM 1.0 Single compliance & security interface Analyze & prioritize alerts across various
More informationThe Rise of the Purple Team
SESSION ID: AIR-W02 The Rise of the Purple Team Robert Wood Head of Security Nuna @robertwood50 William Bengtson Senior Security Program Manager Nuna @waggie2009 Typical Team Responsibilities Red Vulnerability
More informationDetecting Credential Spearphishing Attacks in Enterprise Settings
Detecting Credential Spearphishing Attacks in Enterprise Settings Grant Ho UC Berkeley Aashish Sharma, Mobin Javed, Vern Paxson, David Wagner 1 Spear Phishing Targeted email that tricks victim into giving
More informationSECURITY AUTOMATION BEST PRACTICES. A Guide to Making Your Security Team Successful with Automation
SECURITY AUTOMATION BEST PRACTICES A Guide to Making Your Security Team Successful with Automation TABLE OF CONTENTS Introduction 3 What Is Security Automation? 3 Security Automation: A Tough Nut to Crack
More informationThe Mimecast Security Risk Assessment Quarterly Report May 2017
The Mimecast Email Security Risk Assessment Quarterly Report May 2017 The Mimecast Email Security Risk Assessment Quarterly Report May 2017 Many organizations think their current email security systems
More information2 User Guide. Contents
E-mail User Guide 2 E-mail User Guide Contents Logging in to your web mail... 3 Changing your password... 5 Editing your signature... 6 Adding an e-mail account to Outlook 2010/2013/2016... 7 Adding an
More informationKnowBe4 is the world s largest integrated platform for awareness training combined with simulated phishing attacks.
KnowBe4 is the world s largest integrated platform for awareness training combined with simulated phishing attacks. About Us The world s most popular integrated Security Awareness Training and Simulated
More informationTrend Micro Business Support Portal
Lorem Ipsum Dolor Sit Amet Consectetur Adipiscing Trend Micro Business Support Portal User Guide Welcome to the Trend Micro Business Support Portal. This portal provides full online support for Trend Micro
More informationEvaluating the Wisdom of Crowds in Assessing Phishing Sites
Evaluating the Wisdom of Crowds in Assessing Phishing Websites and Richard Clayton University of Cambridge Computer Laboratory 12th International Financial Cryptography and Data Security Conference (FC08)
More informationKASPERSKY FRAUD PREVENTION FOR ENDPOINTS
KASPERSKY FRAUD PREVENTION FOR ENDPOINTS www.kaspersky.com KASPERSKY FRAUD PREVENTION 1. Ways of Attacking Online Banking The prime motive behind cybercrime is making money and today s sophisticated criminal
More informationPROTECTING YOUR BUSINESS ASSETS
PROTECTING YOUR BUSINESS ASSETS How to Spot Danger Before Your Computer Gets Infected, Your Site Hosts Malware, and Your Credit Card Number Gets Stolen A MyNAMS Presentation by Regina Smola @2012 Regina
More informationEasy Activation Effortless web-based administration that can be activated in as little as one business day - no integration or migration necessary.
Security Solutions Our security suite protects against email spam, viruses, web-based threats and spyware while delivering disaster recovery, giving you peace of mind so you can focus on what matters most:
More informationCS 161 Computer Security
Paxson Spring 2017 CS 161 Computer Security Discussion 4 Week of February 13, 2017 Question 1 Clickjacking (5 min) Watch the following video: https://www.youtube.com/watch?v=sw8ch-m3n8m Question 2 Session
More informationBusiness Logic Attacks BATs and BLBs
Business Logic Attacks BATs and BLBs Noa Bar-Yosef Security Research Engineer Imperva 12/02/2009 noa@imperva.com Copyright The Foundation Permission is granted to copy, distribute and/or modify this document
More informationCisco Cloud Security. How to Protect Business to Support Digital Transformation
Cisco Cloud Security How to Protect Business to Support Digital Transformation Dragan Novakovic Cybersecurity Consulting Systems Engineer January 2018. Security Enables Digitization Digital Disruption,
More information6 TIPS FOR IMPROVING YOUR WEB PRESENCE
6 TIPS FOR IMPROVING YOUR WEB PRESENCE 6 TIPS FOR IMPROVING YOUR WEB PRESENCE We all want to get noticed on the web. If you are running a business you want to be on the first page in Google via organic
More informationHow to Conquer Targeted Threats: SANS Review of Agari Enterprise Protect
How to Conquer Targeted Email Threats: SANS Review of Agari Enterprise Protect A SANS Product Review Written by Dave Shackleford May 2017 Sponsored by Agari 2017 SANS Institute Introduction: Email Is a
More information10 FOCUS AREAS FOR BREACH PREVENTION
10 FOCUS AREAS FOR BREACH PREVENTION Keith Turpin Chief Information Security Officer Universal Weather and Aviation Why It Matters Loss of Personally Identifiable Information (PII) Loss of Intellectual
More informationCyber Security Guide. For Politicians and Political Parties
Cyber Security Guide For Politicians and Political Parties Indian Election Integrity Initiative Design by ccm.design Cover Image by Paul Dufour Helping to Safeguard the Integrity of the Electoral Process
More informationIncident Response Agility: Leverage the Past and Present into the Future
SESSION ID: SPO1-W03 Incident Response Agility: Leverage the Past and Present into the Future Torry Campbell CTO, Endpoint and Management Technologies Intel Security The Reality we Face Reconnaissance
More informationEU GENERAL DATA PROTECTION: TIME TO ACT. Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux
EU GENERAL DATA PROTECTION: TIME TO ACT Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux Is this the WAY you handle GDPR today 2 3 area s to consider
More informationPEOPLE CENTRIC SECURITY THE NEW
PEOPLE CENTRIC SECURITY THE NEW PARADIGM IN CYBERSECURITY David Karlsson SE Nordics March 2018 1 2018 Proofpoint, Inc. Proofpoint at a Glance LEADING CUSTOMERS DEEP SECURITY DNA UNIQUE VISIBILITY PARTNERS
More informationTrustwave SEG Cloud BEC Fraud Detection Basics
.trust Trustwave SEG Cloud BEC Fraud Detection Basics Table of Contents About This Document 1 1 Background 2 2 Configuring Trustwave SEG Cloud for BEC Fraud Detection 5 2.1 Enable the Block Business Email
More information6 Ways Office 365 Keeps Your and Business Secure
6 Ways Office 365 Keeps Your Email and Business Secure Acora House, Albert Drive, Burgess Hill, West Sussex, RH15 9TN T: +44 (0) 844 264 2222 W: acora.com E: sales@acora.com Introduction Microsoft have
More informationAdvanced Threat Intelligence to Detect Advanced Malware Jim Deerman
Advanced Threat Intelligence to Detect Advanced Malware Jim Deerman jdeerman@isc8.com Safe Harbor Statement All statements included or incorporated by reference in these slides, other than statements or
More informationReduce Your Network's Attack Surface
WHITE PAPER Reduce Your Network's Attack Surface Ixia's ThreatARMOR Frees Up Security Resources and Personnel The Threat Landscape When you re dealing with network security, one of the primary measurements
More informationSecurity analytics: From data to action Visual and analytical approaches to detecting modern adversaries
Security analytics: From data to action Visual and analytical approaches to detecting modern adversaries Chris Calvert, CISSP, CISM Director of Solutions Innovation Copyright 2013 Hewlett-Packard Development
More informationCyber Hygiene Guide. Politicians and Political Parties
Cyber Hygiene Guide Politicians and Political Parties Canadian Election Integrity Initiative Design by ccm.design Cover Image by Songquan Deng Helping to Safeguard the Integrity of the Electoral Process
More informationWayward Wi-Fi. How Rogue Hotspots Can Hijack Your Data and Put Your Mobile Devices at Risk
Wayward Wi-Fi How Rogue Hotspots Can Hijack Your Data and Put Your Mobile Devices at Risk 288 MILLION There are more than 288 million unique Wi-Fi networks worldwide. Source: Wireless Geographic Logging
More informationProtection FAQs
Email Protection FAQs Table of Contents Email Protection FAQs... 3 General Information... 3 Which University email domains are configured to use Email Protection for Anti-Spam?... 3 What if I am still
More informationUsing Threat Analytics to Protect Privileged Access and Prevent Breaches
Using Threat Analytics to Protect Privileged Access and Prevent Breaches Under Attack Protecting privileged access and preventing breaches remains an urgent concern for companies of all sizes. Attackers
More informationOnline Scams. Ready to get started? Click on the green button to continue.
Online Scams Hi, I m Kate. We re here to learn how to protect ourselves from online scams. We ll follow along with Kevin to learn what types of scams are out there, how to recognize the warning signs,
More informationMPEG Frame Types intrapicture predicted picture bidirectional predicted picture. I frames reference frames
MPEG o We now turn our attention to the MPEG format, named after the Moving Picture Experts Group that defined it. To a first approximation, a moving picture (i.e., video) is simply a succession of still
More informationTHE HOME BUILDER S GUIDE TO. Mastering New Home Marketing with Your CRM
THE HOME BUILDER S GUIDE TO Mastering New Home Marketing with Your CRM Table of Contents Introduction 1 Capture Every Lead Automatically 2 Email Marketing 3 Email & Website Analytics 6 Nurturing Leads
More informationThe Fight Against Phishing: Defining Metrics That Matter
The Fight Against Phishing: Defining Metrics That Matter Mark T. Chapman CFE CISSP President and Founder Quick Movie Reference After being subjected to terribly boring stories for days, Steve Martin s
More informationWeb insecurity Security strategies General security Listing of server-side risks Language specific security. Web Security.
Web Security Web Programming Uta Priss ZELL, Ostfalia University 2013 Web Programming Web Security Slide 1/25 Outline Web insecurity Security strategies General security Listing of server-side risks Language
More informationHTTP Security Headers Explained
HTTP Security Headers Explained Scott Sauber Slides at scottsauber.com scottsauber Audience Anyone with a website Agenda What are HTTP Security Headers? Why do they matter? HSTS, XFO, XSS, CSP, CTO, RH,
More informationRemote social engineering techniques involving Microsoft Universal Naming Convention (UNC) function.
10 March 2016 Remote social engineering techniques involving Microsoft Universal Naming Convention (UNC) function. Presented by Neil Lines Who am I? Neil Lines - Pen Tester Involved in a range of security
More informationTABLE OF CONTENTS Introduction: IS A TOP THREAT VECTOR... 3 THE PROBLEM: ATTACKS ARE EVOLVING FASTER THAN DEFENSES...
The Guide TABLE OF CONTENTS Introduction: EMAIL IS A TOP THREAT VECTOR... 3 THE PROBLEM: ATTACKS ARE EVOLVING FASTER THAN EMAIL DEFENSES... 4 Today s Top Email Fraud Tactics...5 Advanced Malware...8 Outbound
More informationManually Create Phishing Page For Facebook 2014
Manually Create Phishing Page For Facebook 2014 While you are creating phishing page manually you have to do a lot of work Web Templates -- For importing premade template for Gmail, Facebook from SET.
More informationELECTRONIC BANKING & ONLINE AUTHENTICATION
ELECTRONIC BANKING & ONLINE AUTHENTICATION How Internet fraudsters are trying to trick you What you can do to stop them How multi-factor authentication and other new techniques can help HELPING YOU STAY
More informationJohn Coggeshall Copyright 2006, Zend Technologies Inc.
PHP Security Basics John Coggeshall Copyright 2006, Zend Technologies Inc. Welcome! Welcome to PHP Security Basics Who am I: John Coggeshall Lead, North American Professional Services PHP 5 Core Contributor
More informationHello! we are here to share some stories
SHARING SESSION Hello! Paulus Tamba CISSP, former PCI-QSA Was with Verizon-CyberTrust, BT Global Services, and FireEye Specialize in Threat and Vulnerability Management, Security Operation, and Managed
More informationDEFENCE IN DEPTH HOW ANTIVIRUS, TRADITIONAL FIREWALLS, AND DNS FIREWALLS WORK TOGETHER
DEFENCE IN DEPTH HOW ANTIVIRUS, TRADITIONAL FIREWALLS, AND DNS FIREWALLS WORK TOGETHER D-Zone DNS Firewall 18-10-20171 EXECUTIVE SUMMARY Cyber attacks continue to grow at an alarming rate with ransomware
More informationUsing WebQuarantine for Managing Quarantined Messages
Using WebQuarantine for Managing Quarantined Messages Logging In To start a new mail session: Open your Internet browser and to go the WebQuarantine login page, URL: http://spam.mmc.org/quarantine/login.aspx
More informationPhishing. What do phishing s do?
Phishing We have become all too familiar with phishing emails but if that s the case, why do we as a community still fall victim? In this newsletter our goal is to provide you with some basic information
More informationSecurity Awareness & Best Practices Best Practices for Maintaining Data Security in Your Business Environment
Security Awareness & Best Practices Best Practices for Maintaining Data Security in Your Business Environment Ray Colado, Information Security Analyst Raise awareness around information security to help
More informationPhishing Discussion. Pete Scheidt Lead Information Security Analyst California ISO
Phishing Discussion Pete Scheidt Lead Information Security Analyst California ISO 2 Phish What is Phishing Types of Phish 3 Phish What is Phishing Attackers (Phishers) would email (cast their nets) far
More informationto Stay Out of the Spam Folder
Tips and Tricks to Stay Out of the Spam Folder At SendGrid we are very serious about email deliverability. We live and breathe it each day. Similar to how Google keeps adjusting its search algorithm to
More informationIntroduction to
Introduction to Email gcflearnfree.org/print/email101/introduction-to-email Introduction Do you ever feel like the only person who doesn't use email? You don't have to feel left out. If you're just getting
More informationKaspersky Security Network
The Kaspersky Security Network (KSN) is a complex distributed infrastructure dedicated to intelligently processing cybersecurity-related data streams from millions of voluntary participants around the
More informationClickbank Domination Presents. A case study by Devin Zander. A look into how absolutely easy internet marketing is. Money Mindset Page 1
Presents A case study by Devin Zander A look into how absolutely easy internet marketing is. Money Mindset Page 1 Hey guys! Quick into I m Devin Zander and today I ve got something everybody loves! Me
More informationPHP-security Software lifecycle General Security Webserver security PHP security. Security Summary. Server-Side Web Languages
Security Summary Server-Side Web Languages Uta Priss School of Computing Napier University, Edinburgh, UK Copyright Napier University Security Summary Slide 1/15 Outline PHP-security Software lifecycle
More informationSEO: SEARCH ENGINE OPTIMISATION
SEO: SEARCH ENGINE OPTIMISATION SEO IN 11 BASIC STEPS EXPLAINED What is all the commotion about this SEO, why is it important? I have had a professional content writer produce my content to make sure that
More informationUse and Abuse of Anti-Spam White/Black Lists
Page 1 of 5 Use and Abuse of Anti-Spam White/Black Lists September 26, 2006 White and Black lists are standard spam filters. Their typically simple interface, provide a way to quickly identify emails as
More informationKey Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved.
Key Technologies for Security Operations 2 Traditional Security Is Not Working 97% of breaches led to compromise within days or less with 72% leading to data exfiltration in the same time Source: Verizon
More informationAMP-Based Flow Collection. Greg Virgin - RedJack
AMP-Based Flow Collection Greg Virgin - RedJack AMP- Based Flow Collection AMP - Analytic Metadata Producer : Patented US Government flow / metadata producer AMP generates data including Flows Host metadata
More informationHow Breaches Really Happen
How Breaches Really Happen www.10dsecurity.com About Dedicated Information Security Firm Clients Nationwide, primarily in financial industry Services Penetration Testing Social Engineering Vulnerability
More informationAutomated Context and Incident Response
Technical Brief Automated Context and Incident Response www.proofpoint.com Incident response requires situational awareness of the target, his or her environment, and the attacker. However, security alerts
More informationDiscover threats quickly, remediate immediately, and mitigate the impact of malware and breaches
Discover threats quickly, remediate immediately, and mitigate the impact of malware and breaches Introduction No matter how hard you work to educate your employees about the constant and evolving threats
More informationBEST PRACTICES FOR PERSONAL Security
BEST PRACTICES FOR PERSONAL Email Security Sometimes it feels that the world of email and internet communication is fraught with dangers: malware, viruses, cyber attacks and so on. There are some simple
More informationHow to recognize phishing s
Phishing email messages, websites, and phone calls are designed to steal money, steal data and/or destroy information. Cybercriminals can do this by installing malicious software on your computer or stealing
More informationEliminating the Blind Spot: Rapidly Detect and Respond to the Advanced and Evasive Threat
WHITE PAPER Eliminating the Blind Spot: Rapidly Detect and Respond to the Advanced and Evasive Threat Executive Summary Unfortunately, it s a foregone conclusion that no organisation is 100 percent safe
More informationybersecurity for the Modern Era Three Steps to Stopping malware, Credential Phishing, Fraud and More
ybersecurity for the Modern Era Three Steps to Stopping malware, Credential Phishing, Email Fraud and More www.proofpoint.com EBOOK Cybersecurity in the modern era 2 ONLY AMATEURS ATTACK MACHINES. PROFESSIONALS
More informationTIPS TO AVOID PHISHING SCAMS
TIPS TO AVOID PHISHING SCAMS WHAT IS PHISHING? Phishing is the use of fraudulent email, websites, text messages and phone calls to trick people into disclosing personal financial or identity information,
More informationTrend Micro Incorporated reserves the right to make changes to this document and to the product described herein without notice. Before installing and using the product, review the readme files, release
More informationJordan Levesque Making sure your business is PCI compliant
Jordan Levesque Making sure your business is PCI compliant Brief overview of PCIDSS What's new in PCI DSS 3.2 Why is PCI important? Dive in! Simple things you can do to be secure Tomorrows session: What
More informationWHILE YOU RE GETTING ORGANIZED
CAMPTECH.CA WHILE YOU RE GETTING ORGANIZED 1. Go to camptech.ca/wordpress and download the PDF of slides. 2. If you have to leave early, please remember to fill out the (100% anonymous) feedback form on
More informationSecurity. The DynaSis Education Series for C-Level Executives
Email Security The DynaSis Education Series for C-Level Executives Threats to your IT network abound, many of them delivered through email. Fortunately, there are cost effective tools available to protect
More informationRobust Defenses for Cross-Site Request Forgery
University of Cyprus Department of Computer Science Advanced Security Topics Robust Defenses for Cross-Site Request Forgery Name: Elena Prodromou Instructor: Dr. Elias Athanasopoulos Authors: Adam Barth,
More informationMESSAGING SECURITY GATEWAY. Solution overview
MESSAGING SECURITY GATEWAY Solution overview April 2017 CONTENTS Executive Summary...3 The case for email protection and privacy... 3 Privacy in email communication... 3 LinkedIn Phishing Sample...4 Messaging
More informationWhat are we going to talk about today?
For those of you who haven t worked with me over the past 6 years, I m Bryan Senter. I ve been in Wiesbaden in a different role for 5 years. I followed the crowd from Heidelberg before that. EPMSaaS stands
More informationIncident Response Tools
Incident Response Tools James Madison University Dept. of Computer Science June 13, 2013 1 Introduction Being successfully attacked is inevitable. A determined hacker WILL be able to penetrate your network.
More informationFrequently Asked Questions (FAQ)
Your personal information and account security is important to us. This product employs a Secure Sign On process that includes layers of protection at time of product log in to mitigate risk, and thwart
More informationAnti-Phishing Working Group
Phishing Attack Trends Report April, 2004 Phishing attacks use spoofed e-mails and fraudulent websites designed to fool recipients into divulging personal financial data such as credit card numbers, account
More informationEtiquette FOR A BUSY WORLD. Brevity can be off-putting. Always reply
Email Etiquette FOR A BUSY WORLD How many email messages do you send every day? If you re like most of us, it s dozens, perhaps scores of them. Now, are you doing anything to make the recipients of your
More information