Coming Soon!  Triage Custom AI Spam Filtering 

Author: Rachel Roldan, Senior Director of Product Management  I’m excited to share with our customers that coming soon, Triage will offer a new, AI-powered Spam Filtering feature within our Triage Phishing Analysis product.   Triage Custom AI Spam filtering is an optional add-on feature that uses a Bayesian Machine Learning model ... Read More
Cofense Catches Phishing Emails Missed by Proofpoint and Abnormal Security

Cofense Catches Phishing Emails Missed by Proofpoint and Abnormal Security

In a recent wave of phishing attacks, cybercriminals managed to bypass secure email gateways (SEGs) from both Proofpoint and Abnormal Security to deliver emails that employed Microsoft-spoofing and artificial notifications into victims’ inboxes. These emails contained embedded URLs that led unsuspecting users to fake login pages designed to harvest credentials ... Read More
Malware Exploit Bypasses SEGs Leaving Organizations at Risk

Malware Exploit Bypasses SEGs Leaving Organizations at Risk

Threat actors continually leverage and create a plethora of tactics to bypass Secure Email Gateways (SEGs). These include encoding malicious URLs with other SEG protection tools, obfuscating file contents, and abusing SEG treatment of “legitimate” files. Recently, threat actors appear to be abusing how SEGs scan the contents of archive ... Read More
Beware of the Latest Phishing Tactic Targeting Employees

Beware of the Latest Phishing Tactic Targeting Employees

Found in Environments Protected By: Google, Outlook 365, Proofpoint By Sabi Kiss, Cofense Phishing Defense Center Phishing attacks are becoming increasingly sophisticated, and the latest attack strategy targeting employees highlights this evolution. In this blog post, we’ll dissect a recent phishing attempt that impersonates a company’s Human Resources (HR) department, ... Read More
New Malware Campaign Targeting Spanish Language Victims

New Malware Campaign Targeting Spanish Language Victims

Cofense recently identified and named a new malware called Poco RAT, which is a simple Remote Access Trojan that targets Spanish language victims. It was first observed in early 2024, primarily focusing on companies in the Mining sector and initially was delivered via embedded links to 7zip archives containing executables ... Read More
Figure 1: Phishing email that reached a user’s inbox.

Unmasking a Cyber Attack that Targets Meta Business Accounts

By Dylan Duncan The majority of businesses today utilize social media platforms for advertising products, sharing updates, and customer engagements. But what happens when a business account falls into the hands of a threat actor? This report explores the inner workings of an advanced phishing campaign capable of bypassing multi-factor ... Read More

Artificial Intelligence and Machine Learning in Email Security: Our Learnings and Results

At Cofense, we have been active in testing, validating, and deploying general AI tools for the last three years – and we have learned a lot. How these tools integrate with our products and processes are constantly evolving, and the trends we are observing may surprise some of you. AI ... Read More

Phishing Detection and Response: What You Need to Know

What is Phishing Detection and Response (PDR)?  In today’s digital world, the strength of an organization’s cybersecurity posture directly influences its resilience against disruptions. Phishing Detection and Response is a critical component of this defensive matrix––it involves identifying, assessing, and neutralizing malicious or suspicious activities within email systems as quickly ... Read More
Figure 1: Agent Tesla volumes by year.

Agent Tesla: The Punches Keep Coming

By Nathaniel Raymond Agent Tesla has become a massively popular choice of malware for threat actors since its first appearance in 2014 and for good reasons. This vetted Malware-as-a-Service, MaaS, owes its popularity to many attractive factors that Cofense has broken down in a previous Strategic Analysis which include being ... Read More
Figure 1: Infection chain of the phishing campaign.

Recently Updated Rhadamanthys Stealer Delivered in Federal Bureau of Transportation Campaign 

By Dylan Duncan On February 21st, 2024, Cofense Intelligence identified an advanced phishing campaign that targeted the Oil and Gas sector to deliver Rhadamanthys Stealer, an advanced information stealer offered as Malware-as-a-Service (MaaS). The campaign incorporates several complex tactics, techniques, and procedures (TTPs) along with a unique vehicle incident lure ... Read More