Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
![knowbe4.webp](./Ressources/img/knowbe4.webp) |
2022-04-21 16:25:45 |
LinkedIn is the Most Impersonated Brand in Phishing Attacks (lien direct) |
Social media companies, particularly LinkedIn, are now the most impersonated brands in phishing campaigns, researchers at Check Point have found. |
|
|
|
![knowbe4.webp](./Ressources/img/knowbe4.webp) |
2022-04-21 15:46:04 |
New Phishing Attack Targets MetaMask Users for their Crypto Wallet Private Keys (lien direct) |
A new phishing campaign impersonates MetaMask, informs victims their cryptocurrency wallets aren't “verified” and threatens suspension. |
|
|
|
![knowbe4.webp](./Ressources/img/knowbe4.webp) |
2022-04-21 15:45:27 |
UK Information Commissioner: Many Cybersecurity Incidents are “Preventable” (lien direct) |
In a recent article about the largest cyberthreats currently facing the UK, John Edwards – the UK's newly-appointed information commissioner- talks about the need for a security culture in the workplace. |
|
|
|
![knowbe4.webp](./Ressources/img/knowbe4.webp) |
2022-04-21 14:14:00 |
Critical: CISA Warns of Potential Attacks on Infrastructure by Russian State-Sponsored and Criminal Cyber Gangs (lien direct) |
In a joint multi-country cybersecurity advisory (CSA), governments are warning their respective critical infrastructure organizations to be vigilant against increased malicious cyber threat activity. |
Threat
|
|
|
![knowbe4.webp](./Ressources/img/knowbe4.webp) |
2022-04-20 12:49:57 |
TraderTraitor: When States do Social Engineering (lien direct) |
North Korea's Lazarus Group is using social engineering attacks to target users of cryptocurrency, according to a joint advisory from the US FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and the US Treasury Department. |
Medical
|
APT 38
APT 28
|
|
![knowbe4.webp](./Ressources/img/knowbe4.webp) |
2022-04-19 14:33:27 |
Ransomware Attacks Show Temporary Slowing but are Expected to Increase in 2022 [Graphs] (lien direct) |
New data from Recorded Future shows how the war in Ukraine is causing a brief slowdown of ransomware attacks on healthcare, governments and schools that is predicted to return to growing levels. |
|
|
★★★
|
![knowbe4.webp](./Ressources/img/knowbe4.webp) |
2022-04-19 14:31:40 |
Only Half of All Organizations Have Refreshed Their Security Strategy Based on the Pandemic (lien direct) |
A new study published by Ponemon Institute shows that a material portion of organizations are still using pre-pandemic security processes and policies, putting the org at risk. |
|
|
★★★
|
![knowbe4.webp](./Ressources/img/knowbe4.webp) |
2022-04-19 14:31:22 |
FBI Warns of Bank Fraud Phishing Campaign (lien direct) |
The FBI has warned of a smishing campaign that's targeting people in the US with phony bank fraud notifications. The text messages inform users that someone has attempted to initiate a money transfer on their account. |
|
|
★★★
|
![knowbe4.webp](./Ressources/img/knowbe4.webp) |
2022-04-19 13:57:22 |
CyberheistNews Vol 12 #16 [Eye Opener] The Costliest Cybercrime: Business Email Compromise (BEC) (lien direct) |
|
|
|
|
![knowbe4.webp](./Ressources/img/knowbe4.webp) |
2022-04-18 13:40:04 |
Social Engineering Campaign against African Banks (lien direct) |
A phishing campaign is targeting African banks with a technique called “HTML smuggling” to bypass security filters, according to threat researchers at HP. |
|
|
|
![knowbe4.webp](./Ressources/img/knowbe4.webp) |
2022-04-18 12:42:15 |
“Being Annoying” as a Social Engineering Approach (lien direct) |
Attackers are spamming multifactor authentication (MFA) prompts in an attempt to irritate users into approving the login, Ars Technica reports. Both criminal and nation-state actors are using this technique. Researchers at Mandiant observed the Russian state-sponsored actor Cozy Bear launching repeated MFA prompts until the user accepted the request. |
|
APT 29
APT 29
|
|
![knowbe4.webp](./Ressources/img/knowbe4.webp) |
2022-04-15 14:49:24 |
Q1 2022 Report: Holiday-Themed Phishing Emails Get Employees to Click (lien direct) |
KnowBe4's latest quarterly report on top-clicked phishing email subjects is here. We analyze the top categories, general subjects (in both the United States and globally), and 'in the wild' attacks. |
|
|
|
![knowbe4.webp](./Ressources/img/knowbe4.webp) |
2022-04-15 14:00:00 |
Storytelling to Improve Your Organization\'s Security Culture [PODCAST] (lien direct) |
The latest podcast episode of Security Masterminds features our special guest Jim Shields, Creative Director at KnowBe4. He sat down with our hosts, Erich Kron and Jelle Wieringa to discuss storytelling to improve an organization's security culture. |
|
|
|
![knowbe4.webp](./Ressources/img/knowbe4.webp) |
2022-04-14 15:38:26 |
Reduce Your Chances of Getting Scammed (lien direct) |
In today's connected world, nearly everyone has a story where they have been targeted by a scam and either that person or someone they know have lost money to scams. |
|
|
|
![knowbe4.webp](./Ressources/img/knowbe4.webp) |
2022-04-14 15:35:04 |
Strategies to Achieve Compliance and Real Risk Reduction at the Same Time (lien direct) |
Organizations like yours use regulatory guides and compliance frameworks as the foundation of their list of controls. You can easily have many hundreds to thousands of controls to create and manage. |
|
|
|
![knowbe4.webp](./Ressources/img/knowbe4.webp) |
2022-04-13 20:44:27 |
Small and Medium Businesses Account for Nearly Half of all Ransomware Victim Organizations (lien direct) |
As ransomware costs increase, along with the effectiveness and use of extortions, smaller businesses are paying the price, according to new data from Webroot. |
Ransomware
|
|
|
![knowbe4.webp](./Ressources/img/knowbe4.webp) |
2022-04-13 20:43:29 |
One in Three U.K. Businesses Experience Cyber Attacks Weekly (lien direct) |
New data from the U.K. Government's Cyber Security Breaches Survey 2022 report shows that a material portion of businesses and charities are being attacked and feeling the repercussions. |
|
|
|
![knowbe4.webp](./Ressources/img/knowbe4.webp) |
2022-04-13 20:43:06 |
Meta Stops Three Cyber Espionage Groups Targeting Critical Industries (lien direct) |
Impersonating legitimate companies and using a complex mix of fake personas across Facebook, Telegram, and other platforms, these groups used social engineering to gain network access. |
|
|
|
![knowbe4.webp](./Ressources/img/knowbe4.webp) |
2022-04-13 13:54:14 |
Smishing Scams Abuse Name of Legitimate Ukrainian Charity (lien direct) |
Researchers at Trend Micro have spotted yet another scam taking advantage of the crisis in Ukraine by impersonating a legitimate charity. In this case, the scammers are posing as the relief organization Mercury One, attempting to steal money and personal information. We wrote about a "Help Ukraine" cryptocurrency scam and a Ukranian charity phishing scam last month, this is just the latest variety. |
|
|
|
![knowbe4.webp](./Ressources/img/knowbe4.webp) |
2022-04-12 13:31:43 |
(Déjà vu) CyberheistNews Vol 12 #15 [Heads Up] Hard-boiled Social Engineering by a Fake "Emergency Data Request" (lien direct) |
|
|
|
|
![knowbe4.webp](./Ressources/img/knowbe4.webp) |
2022-04-12 12:52:35 |
Business Email Compromise (BEC): the Costliest Cybercrime (lien direct) |
Organizations in the US lost $2.4 billion to business email compromise (BEC) scams (also known as CEO fraud) last year, according to Alan Suderman at Fortune. |
|
|
|
![knowbe4.webp](./Ressources/img/knowbe4.webp) |
2022-04-11 19:15:00 |
Microsoft Azure\'s Static Web Apps Service Becomes the New Home for Phishing Attacks (lien direct) |
Taking advantage of the value of a legitimate web service, along with a valid SSL certificate, a new campaign of phishing attack targeting online Microsoft credentials is leveraging Azure. |
|
|
|
![knowbe4.webp](./Ressources/img/knowbe4.webp) |
2022-04-11 12:00:00 |
(Déjà vu) KnowBe4 Named a Leader in the Spring 2022 G2 Grid Report for Security Awareness Training (lien direct) |
We are thrilled to announce that KnowBe4 has been named a leader in the latest G2 Grid Report that compares Security Awareness Training (SAT) vendors based on user reviews, customer satisfaction, popularity and market presence. |
Guideline
|
|
|
![knowbe4.webp](./Ressources/img/knowbe4.webp) |
2022-04-08 13:06:44 |
(Déjà vu) KnowBe4\'s PhishER Platform Named a Leader in the Spring 2022 G2 Grid Report for Security Orchestration, Automation, and Response (SOAR) (lien direct) |
We are excited to announce that KnowBe4 has been named a leader in the Spring 2022 G2 Grid Report for Security Orchestration, Automation, and Response (SOAR) for the fourth consecutive quarter! |
Guideline
|
|
|
![knowbe4.webp](./Ressources/img/knowbe4.webp) |
2022-04-08 12:30:51 |
The Ransomware Hostage Rescue Checklist: Your Step-by-Step Guide to Preventing and Surviving an Ransomware Attack (lien direct) |
Skyrocketing attack rates, double and triple extortion, increasing ransom demands… cybercriminals are inflicting pain in every way imaginable when it comes to today's ransomware attacks. And you need to be prepared to protect your network, NOW. |
Ransomware
|
|
|
![knowbe4.webp](./Ressources/img/knowbe4.webp) |
2022-04-07 12:52:18 |
Phishbait Invokes Russia\'s Ministry of Internal Affairs (Road Safety Division) (lien direct) |
A phishing campaign impersonating WhatsApp has targeted more than 27,000 mailboxes, according to researchers at Armorblox. It's not clear who the attackers were, but they used an old version of a road safety operations website belonging to Russia's Ministry of Internal Affairs, which helped the emails to bypass authentication checks. |
|
|
|
![knowbe4.webp](./Ressources/img/knowbe4.webp) |
2022-04-07 12:28:50 |
“Human Error” Ranked as the Top Cybersecurity Threat While Budgets Remain Misaligned (lien direct) |
New insights into the state of data security show a clear focus on the weakest part of your security stance – your users – and organizations doing little to address it. |
Threat
|
|
|
![knowbe4.webp](./Ressources/img/knowbe4.webp) |
2022-04-07 12:28:16 |
Multi-Million Dollar Scam Call Center Shut Down by Multinational Police Efforts (lien direct) |
Last month, Latvian and Lithuanian police – in conjunction with Europol – coordinated a raid on 3 call centers responsible for an international effort to defraud victims worldwide. |
|
|
|
![knowbe4.webp](./Ressources/img/knowbe4.webp) |
2022-04-06 13:32:36 |
Mailchimp Phishing Attack Results in Potential Hit on 100K Trezor Crypto Wallets (lien direct) |
Stolen client data from Mailchimp put customers of the cryptocurrency hardware wallets on notice of potential social engineering attacks claiming to be Trezor. |
|
|
|
![knowbe4.webp](./Ressources/img/knowbe4.webp) |
2022-04-06 12:55:09 |
“Europol Calling” (Not Necessarily) (lien direct) |
Scammers are impersonating Europol with fraudulent phone calls in an attempt to steal personal and financial information, according to Kristina Ohr at Avast. The German Federal Criminal Police Office (Bundeskriminalamt, BKA) recently warned of this campaign as well. |
|
|
|
![knowbe4.webp](./Ressources/img/knowbe4.webp) |
2022-04-05 18:38:15 |
Microsoft Warns of Lapsus$ “Targeting Organizations for Data Exfiltration and Destruction” (lien direct) |
The group behind the recent attacks on Okta, NVIDIA, and Microsoft may be moving on to less-prominent organizations, using their data destruction extortion model on new victims. |
|
|
|
![knowbe4.webp](./Ressources/img/knowbe4.webp) |
2022-04-05 18:37:54 |
Info Stealer Malware Vidar Uses Microsoft Help Files to Launch Attacks (lien direct) |
It appears that the use of Microsoft CHM files is gaining popularity, and from the way this latest attack works, it's a rather ingenious and flexible method that could become more prevalent. |
Malware
|
|
|
![knowbe4.webp](./Ressources/img/knowbe4.webp) |
2022-04-05 18:36:44 |
Ransomware Victims See Ransom Demands and Payments Increase as The Number of Published Data Victims Spikes (lien direct) |
Cybercriminals Groups and “as a Service” threat actor affiliates alike seem to be doing well, according to a new report on the state of ransomware from Palo Alto Networks' Unit42. |
Threat
|
|
|
![knowbe4.webp](./Ressources/img/knowbe4.webp) |
2022-04-05 18:35:39 |
Social Engineering from Tehran (lien direct) |
Social engineering continues to be a core component of the Iranian government's hacking operations, according to researchers at Recorded Future. |
|
|
|
![knowbe4.webp](./Ressources/img/knowbe4.webp) |
2022-04-05 12:48:00 |
(Déjà vu) CyberheistNews Vol 12 #14 [EYE OPENER] A Lack of Employee Cyber Hygiene is the Next Big Threat (lien direct) |
[EYE OPENER] A Lack of Employee Cyber Hygiene is the Next Big Threat
Email not displaying? |
CyberheistNews Vol 12 #14 | Apr. 5th., 2022
[EYE OPENER] A Lack of Employee Cyber Hygiene is the Next Big Threat
A new report suggests that everything from endpoints, to passwords, to training, to security policies, to a lack of awareness is all contributing to much higher risk of cyberattack.
Employee cyber risk is a multifaceted issue that revolves a lot around cyber hygiene, according to new data in Mobile Mentor's inaugural Endpoint Ecosystem Report. It involves a number of issues that organizations are going to need to address effectively and quickly.
|
Threat
|
|
|
![knowbe4.webp](./Ressources/img/knowbe4.webp) |
2022-04-04 12:50:33 |
Social Engineering by "Emergency Data Request" (lien direct) |
Bloomberg has reported that forged "Emergency Data Requests" last year induced Apple and Meta to surrender "basic subscriber details, such as a customer's address, phone number and IP address." |
|
|
|
![knowbe4.webp](./Ressources/img/knowbe4.webp) |
2022-04-01 12:00:00 |
(Déjà vu) Your KnowBe4 Fresh Content Updates from March 2022 (lien direct) |
Check out the 74 new pieces of training content added in March, alongside the always fresh content update highlights and new features. |
|
|
|
![knowbe4.webp](./Ressources/img/knowbe4.webp) |
2022-03-31 17:04:37 |
Simple Facebook Phishing Scam Takes an Unexpected Turn to Throw Potential Victims Off the Scent (lien direct) |
Rather than take the usual path of sending an email and linking to a spoofed logon page, this attack takes a different set of actions that at first make no sense but may actually be brilliant. |
|
|
|
![knowbe4.webp](./Ressources/img/knowbe4.webp) |
2022-03-31 15:52:59 |
Cisco: Web 3.0 Will be the Next Frontier for Social Engineering and Phishing Attacks (lien direct) |
A look at what makes up Web 3.0 and how it may be used includes insight into what kinds of cyberattacks may plague it, as cybercriminals look for new profitable opportunities. |
|
|
|
![knowbe4.webp](./Ressources/img/knowbe4.webp) |
2022-03-31 15:52:17 |
Cost of Internet Crimes in 2021 Increase 64% Exceeding $6.9 Billion (lien direct) |
New data from the FBI's Internet Crime Complaint Center (IC3) shows a massive increase in the cost of internet crimes, with phishing and BEC topping the list. |
|
|
|
![knowbe4.webp](./Ressources/img/knowbe4.webp) |
2022-03-31 14:13:29 |
Obvious Phishbait, But Someone Will Bite (lien direct) |
A widespread phishing scam is circulating in Facebook Messenger, according to Jeff Parsons at Metro. The phishing messages simply contain the words, “Look what I found,” along with a link. If the user clicks the link, they'll be taken to a spoofed Facebook login page that will steal their credentials. Notably, the attackers send the messages from compromised accounts of the target's Facebook friends, which increases the appearance of legitimacy. |
|
|
|
![knowbe4.webp](./Ressources/img/knowbe4.webp) |
2022-03-31 12:57:59 |
FBI Warns of Phishing Attacks Targeting Election Officials (lien direct) |
The FBI has issued a Private Industry Notification warning of phishing emails designed to steal login credentials from election officials. The Bureau believes these attacks will increase ahead of the 2022 midterm elections; the officials who need to be alert are at the state, local, territorial, and tribal levels. |
|
|
|
![knowbe4.webp](./Ressources/img/knowbe4.webp) |
2022-03-30 12:16:33 |
A Lack of Employee Cyber Hygiene is the Next Big Threat (lien direct) |
A new report suggests that everything from endpoints, to passwords, to training, to security policies, to a lack of awareness is all contributing to much higher risk of cyberattack. |
Threat
|
|
|
![knowbe4.webp](./Ressources/img/knowbe4.webp) |
2022-03-30 12:16:02 |
Ransomware Attack Volume Increases by 18% As the Number of Variants Jumps to 34 in Only One Quarter (lien direct) |
A new report reviewing ransomware activity in 2021 shows an impressive uptick in the number of targeted attacks in Q4 of 2021 to 772 as more players join (or rejoin) the game. |
|
|
|
![knowbe4.webp](./Ressources/img/knowbe4.webp) |
2022-03-30 12:15:33 |
Mobile Device Usage Have Led to Security Incidents in Nearly Half of Organizations (lien direct) |
The shift in devices used by today's workforce has resulted in increases in cybersecurity concerns and incidents, despite a majority of orgs with defined BYOD programs in place. |
|
|
|
![knowbe4.webp](./Ressources/img/knowbe4.webp) |
2022-03-29 13:59:07 |
(Déjà vu) CyberheistNews Vol 12 #13 [Heads Up] Published Zelenskyy Deepfake Video Demonstrates the Modern War is Online (lien direct) |
[Heads Up] Published Zelenskyy Deepfake Video Demonstrates the Modern War is Online
Email not displaying? |
CyberheistNews Vol 12 #13 | Mar. 29th., 2022
[Heads Up] Published Zelenskyy Deepfake Video Demonstrates the Modern War is Online
The video uploaded to a hacked Ukrainian news website shows how far the technology has come, how it can be used in social engineering, and how the tech still needs to improve.
While much of the headlines today around the Russian invasion of Ukraine focus on the war on the ground and in the air, a cyberwar is being waged behind the scenes. It began with wiper ransomware attacks on Ukrainian businesses and government agencies and has culminated so far with a newly released deepfake video of Ukrainian president Zelenskyy asking his troops to lay down their weapons and surrender.
|
Ransomware
|
|
|
![knowbe4.webp](./Ressources/img/knowbe4.webp) |
2022-03-29 13:03:08 |
Email Conversation Hacking to Distribute Malware (lien direct) |
Researchers at Intezer warn that attackers are hijacking email conversations to distribute the IcedID banking Trojan. This technique makes the phishing emails appear more legitimate and helps them bypass security filters. |
Malware
|
|
|
![knowbe4.webp](./Ressources/img/knowbe4.webp) |
2022-03-28 17:51:20 |
Making Better Push-Based MFA (lien direct) |
I used to be a huge fan of Push-Based Multifactor Authentication (MFA), but real-world use has shown that most of today's most popular implementations are not sufficiently protective against real attacks. In short, using social engineering, hackers have been able to bypass most Push-Based MFA like it was not even there. |
|
|
|
![knowbe4.webp](./Ressources/img/knowbe4.webp) |
2022-03-28 13:31:28 |
Buy Now, Pay Later Scams (lien direct) |
Fraudsters are taking advantage of the buy-now, pay-later (BNPL) payment model, according to Jim Ducharme, COO of Outseer. On the CyberWire's Hacking Humans podcast, Ducharme explained that scammers can either impersonate victims or take over their accounts in order to make fraudulent purchases. |
|
|
|
![knowbe4.webp](./Ressources/img/knowbe4.webp) |
2022-03-24 19:20:26 |
WIRED: "A Mysterious Satellite Hack Has Victims Far Beyond Ukraine" (lien direct) |
WIRED wrote: "More than 22,000 miles above Earth, the KA-SAT is locked in orbit. Traveling at 7,000 miles per hour, in sync with the planet's rotation, the satellite beams high-speed internet down to people across Europe. S |
Hack
|
|
|