Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

12/18/2019
11:00 AM
Special to Dark Reading: Sam Bocetta, Network Computing
Special to Dark Reading: Sam Bocetta, Network Computing
News
50%
50%

Trading Online? Steps to Take to Avoid Getting Phished

From an IT manager's perspective, any employee using such a mobile app on a phone they also use for business opens up risks to the corporate network.

Technology is more accessible and affordable than ever, levelling the playing field in everything from education to ecommerce. One of the latest innovations is in the field of finance and investing. One sector of the fintech industry employs machine learning algorithms that can predict stock performance and make recommendations.

The fact that many of these trading apps are mobile puts your financial future squarely into your own hands. However, it also makes your information accessible to others if you don't protect yourself from phishing exploits. From an IT manager's perspective, any employee using such a mobile app on a phone they also use for business opens up risks to the corporate network.

Particularly worrisome is spear phishing directed at a specific person. According to a study conducted by Iron Scales, 77% of these attempts are launched at 10 or fewer inboxes. The subject line and message mention you by name and include details that they've found on social media or professional profiles. Often, the message purports to be from a colleague or someone within your organization. They may want you to check out a work- or travel-related website or ask you to wire money to cover an emergency.

Read more here

Sam Bocetta is a freelance journalist specializing in U.S. diplomacy and national security, with emphases on technology trends in cyber warfare, cyber defense, and cryptography. Previously, Sam was a defense contractor. He worked in close partnership with architects and ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
44% of Security Threats Start in the Cloud
Kelly Sheridan, Staff Editor, Dark Reading,  2/19/2020
Zero-Factor Authentication: Owning Our Data
Nick Selby, Chief Security Officer at Paxos Trust Company,  2/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-0565
PUBLISHED: 2020-02-25
NaCl in 2015 allowed the CLFLUSH instruction, making rowhammer attacks possible.
CVE-2020-9393
PUBLISHED: 2020-02-25
An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. It allows XSS.
CVE-2020-9394
PUBLISHED: 2020-02-25
An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. It allows CSRF.
CVE-2019-3999
PUBLISHED: 2020-02-25
Improper neutralization of special elements used in an OS command in Druva inSync Windows Client 6.5.0 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges.
CVE-2020-8809
PUBLISHED: 2020-02-25
Gurux GXDLMS Director prior to 8.5.1905.1301 downloads updates to add-ins and OBIS code over an unencrypted HTTP connection. A man-in-the-middle attacker can prompt the user to download updates by modifying the contents of gurux.fi/obis/files.xml and gurux.fi/updates/updates.xml. Then, the attacker ...