Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2022-01-25 13:00:00 |
[New Benchmarking Feature] Compare Your Organization\'s Security Culture with Other Organizations in Your Industry (lien direct) |
We are excited to announce that the KnowBe4 Industry Benchmarking feature has been expanded to now include industry benchmark comparison data for KnowBe4's Security Culture Survey (SCS). |
|
|
|
|
2022-01-24 14:11:49 |
A Generational Divide Among Social Engineering Victims (lien direct) |
Younger and older people differ in their susceptibility to different types of social engineering attacks, according to researchers at Avast. Younger people tend to fall for scams distributed through social media apps, while older people are more likely to fall for banking and tech support scams. |
|
|
|
|
2022-01-21 13:24:40 |
FBI: US Defense Industry Organizations Targeted with USB-Based Ransomware Attacks (lien direct) |
Using mailed out “BadUSB” drives as the initial attack vector, cybercriminals are attempting to infiltrate sensitive networks and infect them with BlackMatter or REvil ransomware strains. |
Ransomware
|
|
|
|
2022-01-21 13:24:37 |
New U.K. Vishing Scam Offers Significant Phone Plan Discounts in Exchange for your Phone Provider\'s One-Time Security Code (lien direct) |
Scammers targeting customers of mobile carrier O2 are enticing victim engagement by offering discounts on their mobile plan as much as 40%. |
|
|
|
|
2022-01-20 15:22:17 |
In Order to Have Good Security Culture, Behaviour Comes First (lien direct) |
In our efforts to raise awareness among users of the importance of cybersecurity and the part they have to play in it, we sometimes go about things in a long-winded manner. |
|
|
|
|
2022-01-20 14:26:04 |
DHL is Now the Most Spoofed Brand in Phishing (lien direct) |
International shipping company DHL was the most impersonated brand in phishing attacks during the fourth quarter of 2022, researchers at Check Point have found. |
|
|
|
|
2022-01-20 14:26:01 |
Ransomware Attacks are Growing in Number, But Not in Sophistication (lien direct) |
As organizations work to protect against the relentless series of ransomware attacks that have plagued businesses large and small, the methods of attack seem to be leveling out. |
|
|
|
|
2022-01-20 14:25:58 |
Google Docs Comment Feature is the Key to a New Wave of Phishing Campaigns (lien direct) |
Hackers take advantage of legitimate comment functionality as a way to look legitimate, reach the Inbox, and avoid detection, despite using malicious links for phishing attacks. |
|
|
|
|
2022-01-20 14:25:55 |
Half of All Organizations Hit by Ransomware Experience Productivity Loss (lien direct) |
According to new data, ransomware is expected to be a larger and more likely threat in the next year, making the impacts felt today very relevant as the impetus for improved cybersecurity. |
Threat
Ransomware
|
|
|
|
2022-01-19 20:33:56 |
KnowBe4\'s Top-Clicked Phishing Email Results for Q4 2021 Compare the U.S. and EMEA [INFOGRAPHIC] (lien direct) |
KnowBe4's latest quarterly report on top-clicked phishing email subjects is here. We analyze the top categories, general subjects (in both the United States and Europe, Middle East and Africa), and 'in the wild' attacks. |
|
|
|
|
2022-01-19 13:33:29 |
A Cyberespionage Group Uses Social Engineering (lien direct) |
A sophisticated China-aligned threat actor is using social engineering to carry out cyberespionage and financially motivated attacks, according to researchers at Trend Micro. |
Threat
|
|
|
|
2022-01-18 20:04:43 |
(Déjà vu) CyberheistNews Vol 12 #03 FBI: Beware of a New Google Voice Authentication Scam – Even if You Don\'t Use Google Voice! (lien direct) |
|
|
|
|
|
2022-01-18 16:59:26 |
North Korean Cryptocurrency Theft Relies on Social Engineering (lien direct) |
A North Korean threat actor being called “BlueNoroff,” a subunit of Pyongyang's Lazarus Group, has been targeting cryptocurrency startups with financially motivated attacks, researchers at Kaspersky have found. The campaign, “SnatchCrypto,” is using malicious documents to gain access to internal communications, then using social engineering to manipulate employees. |
Threat
Medical
|
APT 38
APT 28
|
|
|
2022-01-17 13:00:00 |
KnowBe4 Named a 2021 Gartner Peer Insights™ Customers\' Choice for Security Awareness Computer-Based Training (lien direct) |
KnowBe4 is excited to announce that we have been recognized as an overall Customers' Choice in the December 2021 Gartner Peer Insights 'Voice of the Customer': Security Awareness Computer-Based Training Report. KnowBe4 also received two additional category distinctions across Company Size and Deployment Region, including Customers' Choice Midsize Enterprise and Customers' Choice North America. |
|
|
|
|
2022-01-14 13:27:37 |
Nuclear Ransomware 3.0: We Thought It Was Bad and Then It Got Even Worse (lien direct) |
We thought it was bad enough when traditional ransomware started to steal data in its second generation of evolution, now dubbed "double extortion". The third stage of ransomware is beginning to happen now and will make us wish for the good, old days of Ransomware 2.0. |
Ransomware
|
|
|
|
2022-01-13 20:08:08 |
Fifty FIFA eSports Accounts Were Hacked Via Social Engineering (lien direct) |
Video game maker Electronic Arts (EA) has stated that around fifty high-profile accounts for the soccer game FIFA 22 were hacked after attackers manipulated the company's customer service employees. |
|
|
|
|
2022-01-12 17:11:13 |
FBI: Beware of a New Google Voice Authentication Scam – Even if You Don\'t Use Google Voice! (lien direct) |
A new advisory warns of a scam that can affect literally anyone designed as a precursor to additional vishing scams and/or to perform Gmail account takeovers. |
|
|
|
|
2022-01-12 17:11:06 |
Payment Fraud Moves to the Real World with Fake QR Codes on Parking Meters (lien direct) |
Scammers are using the professional-looking stickers to point those parking to an alternate pay site to collect credit card details in the perfect situation where victims would be none the wiser. |
|
|
|
|
2022-01-12 15:31:17 |
U.S. Government Warns of More Cyberattacks Targeting Critical Infrastructure (lien direct) |
A new joint cybersecurity advisory from CISA, the FBI, and the NSA cautions organizations against Russian-based attacks and provides mitigations to be implemented. |
|
|
|
|
2022-01-12 14:37:22 |
It\'s a Fact: Cyberattacks Continue Because Your Users Forget (lien direct) |
The weakest part of your cybersecurity can be identified by looking at how cyberattacks take place, and how well your defenses stand up. But did you know the answer comes from the year 1885? |
|
|
|
|
2022-01-12 14:37:18 |
“Information Disorder”: Giving a Name to One of the Most Impactful Parts of Phishing Scams (lien direct) |
At the core of every phishing scam is a combination of a bunch of lies and (sometimes) a few truths. A new focus on better defining the misuse of information provides insight into why phishing works. |
|
|
|
|
2022-01-12 14:37:15 |
Over 200 Ransomware Strains Detected in Last Part of 2021 (lien direct) |
With the news focused on just a few key ransomware strains, it's understandable to think you'll never be a target. But newly-released data shows who's doing the attacking and who's being targeted. |
Ransomware
|
|
|
|
2022-01-12 13:00:00 |
KnowBe4 Named a Leader in the Winter 2022 G2 Grid Report for Security Awareness Training (lien direct) |
The latest G2 Grid Report compares Security Awareness Training (SAT) vendors based on user reviews, customer satisfaction, popularity and market presence. |
Guideline
|
|
|
|
2022-01-11 14:52:45 |
Business Email Compromise Attack Leads to Millions in Non-Profit Loss (lien direct) |
A business email compromise attack at Illinois's Office of the Special Deputy Receiver led to a loss of $6.85 million, Ray Long at the Chicago Tribune reports. Long describes the Office as “a nonprofit that works with the director of the Illinois Department of Insurance and exists largely to protect creditors and policyholders of financially troubled or insolvent insurance companies.” |
Guideline
|
|
|
|
2022-01-11 14:31:56 |
CyberheistNews Vol 12 #02 [Eye Opener] 3 Tips To Pass Your Certified Security Awareness and Culture Professional (SACP) Exam (lien direct) |
|
|
|
|
|
2022-01-07 13:23:08 |
Ransomware Attacks Could Result in Higher Cybersecurity Stocks (lien direct) |
Ransomware attacks have been dominant for hackers. And according to Investor's recent article, this means good news for cybersecurity stocks. |
|
|
|
|
2022-01-07 13:00:00 |
Your KnowBe4 Fresh Content Updates from December 2021 (lien direct) |
Check out the 38 new pieces of training content added in December, alongside the always fresh content update highlights and new features. |
|
|
|
|
2022-01-06 19:20:00 |
Hive Ransomware-as-a-Service Races to the Top as Affiliates Breach 350 Organizations in Just 4 Months (lien direct) |
A mere blip on the ransomware radar a quarter ago, the massive onslaught of attacks using Hive Ransomware demonstrates how dangerous the “as-a-Service” model really is. |
Ransomware
|
|
|
|
2022-01-06 19:19:54 |
Over 1200 Man-in-the-Middle Phishing Toolkits Designed to Intercept 2FA Found in the Wild (lien direct) |
An academic partnership between Stony Brook University and Palo Alto Networks uncovered a massive use of tools that will steal authentication cookies mid-stream instead of credentials. |
|
|
|
|
2022-01-06 19:19:37 |
121 Brands Impersonated in Massive 91-Country Survey-Turned-Fraud Scam (lien direct) |
With an estimated take of over $80 million a month, this scam uses new evasive tactics designed to make detection and investigation of these attacks difficult at best. |
|
|
|
|
2022-01-06 18:20:04 |
Obvious, but Probably Effective: Konni RAT Screensaver (lien direct) |
A North Korean threat actor is targeting users in Russia with a New Year's Eve-themed phony screensaver file, the Record reports. Researchers at Cluster25 spotted the activity, and say the campaign “started at least from August 2021 aimed at Russian targets operating in the diplomatic sector.” The researchers note that the threat actor used a ZIP file in this spear phishing attack, as opposed to a document with malicious macros. |
Threat
|
|
|
|
2022-01-06 18:17:59 |
New York State Warns of Credential Stuffing (lien direct) |
New York Attorney General Letitia James has released a guide to help businesses defend themselves against credential stuffing attacks. Credential stuffing is a type of brute-force attack in which attackers use automation to test stolen usernames and passwords against many different websites. New York's advisory explains that credential stuffing “leverages the natural human tendency to reuse passwords to cope with the ever-growing number of online accounts that must be managed. Attackers know that the username and password used at one website may also be used at a half-dozen others.” |
|
|
|
|
2022-01-05 14:17:59 |
CyberheistNews Vol 12 #01 [Heads Up] New Omicron-Themed Phishing Attack is Now Running Rampant (lien direct) |
|
|
|
|
|
2022-01-04 15:04:02 |
Cryptocurrency Scam Profits Jump 81% in 2021 to $7.7 Billion (lien direct) |
Despite a massive drop in crypto scams in 2020 due to the pandemic, a new report highlights the massive growth in crypto scams… and the profitable results they're yielding. |
|
|
|
|
2022-01-04 15:03:58 |
Reducing Stress with CBD Is the Latest Theming for Phishing Attacks (lien direct) |
Spanning three languages and at least 15,000 unique phishing emails, this latest phishing campaign targets stressed out workers in the U.S. and France, avoiding detection and promising to help with their ailments. |
|
|
|
|
2022-01-04 15:03:54 |
Copyright Infringement Notice to Instagram Users Serves as Newest Phishbait (lien direct) |
Scammers are sending phony accusations of copyright infringement to Instagram users in a new phishing attack, Paul Ducklin writes at Naked Security. The scammers are taking advantage of the fact that many Instagram pages with large followings are concerned about being banned for posting copyrighted content. |
|
|
|
|
2022-01-04 15:03:50 |
Shoulder Surfing is Still a Thing for Successful Social Engineering Attacks (lien direct) |
Social engineering isn't concerned with either novelty or elegance. All that matters is whether it works. ESET's Jake Moore described a case in point for We Live Security: all someone might need to gain access to your snapchat account is look over your shoulder at the right moment, just like the kid at the next desk trying to cheat on a test back in elementary school. |
|
|
|
|
2022-01-01 16:59:12 |
2022 Resolution: "I\'ll Be A Certified Security Awareness and Culture Professional (SACP)™" (lien direct) |
|
Threat
Guideline
|
|
|
|
2021-12-30 20:58:38 |
Amazon Token Crypto “Presale” Scam Takes Advantage of News Hype and Steals Your Real Cryptocurrency (lien direct) |
The growing interest in new cryptocurrencies and the potential to get in early on Amazon's supposedly forthcoming crypto has scammers taking victims for thousands of dollars. |
|
|
|
|
2021-12-30 20:58:33 |
New “Karakurt” Threat Group is Gaining Attention Through Multiple and Frequent Extortion Attacks (lien direct) |
A new warning from Accenture Security highlights this new cybercriminal group making waves that focuses on a "data breach and extortion” MO rather than relying on ransomware. |
Threat
|
|
|
|
2021-12-29 16:01:30 |
Omicron-Themed Phishing Campaign is Running Rampant (lien direct) |
A mean-spirited phishing campaign is mocking victims after infecting their devices with Dridex malware, according to Lawrence Abrams at BleepingComputer. |
|
|
|
|
2021-12-29 16:01:23 |
Organizations Worldwide Experience Over 722 Million Attacks in the Last 30 Days! (lien direct) |
Analysis of data collected by Internet and security services vendor Akamai shows an unimaginable number of cyberattacks, demonstrating how frequently these attacks are happening. |
|
|
|
|
2021-12-29 16:01:12 |
(Déjà vu) 5 Notable Obscure Phishing Scams (lien direct) |
I love that KnowBe4's customers are among the most knowledgeable and educated people in the world in avoiding phishing scams. KnowBe4's products help its customers to educate and test which scams a worker will easily recognize and which ones they need more education on. KnowBe4's product helps administrators figure out exactly who needs more education and on what topics. We know that customers who frequently educate and test their co-workers reduce cybersecurity risk lower than those that do not. |
|
|
|
|
2021-12-29 16:01:00 |
Conti Ransomware Affiliate Attacks Australian Utilities Giant\'s Corporate Network (lien direct) |
While news reports indicate no impact to the utilities company's ability to deliver electricity to its' customers, this could be the start of attacks on critical infrastructure in Australia. |
Ransomware
|
|
|
|
2021-12-29 16:00:50 |
Google Takes a Step Towards Reducing the Use of Calendar Invitations as Phishing Tools (lien direct) |
Doing their part, Google adds new functionality that defaults to automatically adding Google-based calendar invites to a victim's calendar to lower the malicious value of an invite. |
|
|
|
|
2021-12-29 14:36:00 |
CyberheistNews Vol 11 #51 [Heads Up] Phishing Attacks Remain the Top Type of Cybersecurity Breach This Year (lien direct) |
|
|
|
|
|
2021-12-28 18:28:54 |
West Virginia Healthcare Breach Traced to Phishing (lien direct) |
Monongalia Health System in West Virginia has disclosed a data breach that exposed sensitive patient and employee information. |
Data Breach
|
|
|
|
2021-12-28 16:19:30 |
The Impacts of Phishing Attacks (lien direct) |
More than half (55%) of phishing attacks target IT departments, according to research commissioned by OpenText. Additionally, nearly half of survey respondents said they had fallen for a malware phishing attack. |
Malware
|
|
|
|
2021-12-23 21:17:23 |
New Nigerian Phishing Scams Target U.S. Military Families with Needed “Services” (lien direct) |
With loved ones potentially a half a world away, scammers prey on families with scams that offer to assist with communication, care packages, leave, and more. |
|
|
|
|
2021-12-23 21:17:00 |
Office 365 “Spam Notification” Phishing Emails Seek to Capture Credentials (lien direct) |
A new campaign spotted in the wild uses a tried-and-true method of convincing victims to provide their Office 365 logon credentials to be used in future attacks. |
|
|
|