Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2021-12-23 17:07:22 |
U.K. Workers Aren\'t Concerned about Company Cybersecurity Despite 60% Having Been Victims of a Cyberattack (lien direct) |
New data shows a huge disparity between the likelihood of cyberattack against U.K. organizations and their employee's cybersecurity awareness and vigilance. |
|
|
|
|
2021-12-23 16:39:19 |
One-Third of Phishing Pages Are Inactive After Just One Day (lien direct) |
We've always known phishing scammers work very quickly, moving from campaign to campaign, but new data indicates some scammers are moving on in terms of literally hours. |
|
|
|
|
2021-12-23 16:38:50 |
Canadian Government Urges Organizations to Take Additional Steps to Protect Against Ransomware Attacks (lien direct) |
Citing upticks in attacks, Canada's Centre for Cyber Security asks organizations to step up protective measures, offering guidance and a playbook to improve security. |
Ransomware
|
|
|
|
2021-12-23 14:06:46 |
Having an Efficient Security Awareness Training Program (lien direct) |
I love that KnowBe4's customers are among the most knowledgeable and educated people in the world in avoiding phishing scams. KnowBe4's products help its customers to educate and test what scams a worker will easily recognize and which ones they need more education on. KnowBe4's product helps administrators figure out exactly who needs more education and on what topics. We know that customers who more consistently and frequently educate and test their co-workers reduce cybersecurity risk lower than those who do not. |
|
|
★★★★★
|
|
2021-12-22 17:00:01 |
[Scam of the Week] Black Friday & Cyber Monday Cybersecurity Tips 2021 (lien direct) |
Cybercriminals are at it again with holiday phishing scams. Because of the popularity of online shopping, retailers' online Black Friday deals attract more and more scammers every year. Cyber Monday will also mean big online sales. That means you and your users need to be extra cautious when shopping online over the Black Friday and Cyber Monday weekend. |
|
|
|
|
2021-12-21 16:51:13 |
With KnowBe4\'s Phish Alert Button, You Can Now Collect Feedback from Your Users When They Report Suspicious Emails (lien direct) |
We are excited to announce the availability of KnowBe4's enhanced Phish Alert Button for Microsoft 365 with the new User Comments feature! |
|
|
|
|
2021-12-21 15:20:31 |
Phishing Campaign Impersonates Pfizer (lien direct) |
A phishing campaign is impersonating Pfizer with phony request-for-quotation (RFQ) emails, according to Roger Kay at INKY. The email lures had fairly convincing PDF attachments that didn't contain any malicious links or malware, and instead prompted the user to reach out to the scammer for more details. |
|
|
|
|
2021-12-21 14:20:08 |
(Déjà vu) CyberheistNews Vol 11 #50 [EYE OPENER] New EU Phishing Study Shows That Crowd-sourcing Phishing Defense Is Successful (lien direct) |
|
|
|
|
|
2021-12-20 20:14:15 |
Phishing Remains Top Form of Cybersecurity Breach in 2021 (lien direct) |
Over half of organizations say they've experienced a cybersecurity breach caused by phishing in the last 12 months, dwarfing the second-place breach cause (malware) by almost 30%. |
|
|
|
|
2021-12-20 20:13:47 |
Double Extortion Ransomware Attacks That Publish Victim Data Increase 935% (lien direct) |
According to new data, the number of victim companies impacted by double extortion has jumped from 229 by the first half of 2020 to nearly 2400 by the first half of 2021. |
Ransomware
|
|
|
|
2021-12-20 20:13:11 |
Embedded Email Attacks Are on the Rise and Aren\'t Being Detected by Security Solutions (lien direct) |
This classic tactic is making a comeback and is elegantly simple to execute, yet sufficiently complex enough to keep email scanning solutions from seeing it as malicious. |
|
|
|
|
2021-12-20 16:56:12 |
Spam Calling Rates Spike Globally (lien direct) |
Spam calls in the US spiked in October, according to Truecaller's annual Global Spam Report. The report observed that Truecaller customers in the US received 3,115,861 spam calls in October. The researchers note that a user in the US receives an average of 4.8 spam calls per month, totalling approximately 1.4 billion calls across the country every month. |
Spam
|
|
|
|
2021-12-20 15:53:58 |
Whitelisting On Known Headers Not Recommended (lien direct) |
We found a discussion on Twitter about this topic and we thought it would be useful to provide to provide the correct technical background related to whitelisting. |
|
|
|
|
2021-12-16 21:27:59 |
(Déjà vu) [EYE OPENER] New EU Phishing Study Shows That Crowd-sourcing Phishing Defense Is Successful (lien direct) |
A Swiss phishing study involving roughly 15,000 participants in a 15-month experiment produced some interesting results. The study was run by researchers at ETH Zurich, working together with a company that remained anonymous.
The company did not inform their employees about the simulated phishing program they were going to be part of. The four goals of the study were to determine: |
|
|
|
|
2021-12-16 21:27:59 |
[EYE OPENER] New EU Phishing Study Shows That Crowd-sourcing Phishing Alerts Is Successful (lien direct) |
A Swiss phishing study involving roughly 15,000 participants in a 15-month experiment produced some interesting results. The study was run by researchers at ETH Zurich, working together with a company that remained anonymous. The company did not inform their employees about the simulated phishing program they were going to be part of. The four goals of the study were to determine: |
|
|
|
|
2021-12-16 17:44:04 |
$148 Million Lost to Gift Card Scams in 2021 (So Far) (lien direct) |
A US Federal Trade Commission (FTC) data spotlight has found that people in the US lost $148 million to gift-card-related scams in the first nine months of 2021. The spotlight also found that median reported losses from these scams increased from $700 to $1,000 throughout the same period. |
|
|
|
|
2021-12-15 21:24:13 |
NSA: Cyberattacks are Putting the “Security of our Nation” at Stake (lien direct) |
When most see cyberattacks as something that is impactful at the organizational level, the head of the National Security Agency sees cyberattacks as being a threat to the entire nation. |
Threat
|
|
|
|
2021-12-15 21:24:05 |
The Evolving State of Cyber Insurance May Indicate More Scrutiny for IT and Security Teams (lien direct) |
The need to balance offering coverage for cyber incidents with maintaining a profit has cyber insurers rethinking how they will approach measuring insured risk and exposure. |
|
|
|
|
2021-12-15 21:24:01 |
Over 1000 Arrests and $27 Million Intercepted in Massive INTERPOL Sting Operation (lien direct) |
Bringing together specialized police units from 20 countries, Operation HAECHI-II targeted those involved in online fraud, romance scams, investment fraud and money laundering. |
|
|
|
|
2021-12-15 21:23:55 |
Netflix is the Latest Impersonated Brand in Ongoing Subscriber Targeting Scams (lien direct) |
With the increased interest in and availability of movie and TV streaming services, plenty of new scams are popping up attempting to steal personal details and credit card information. |
|
|
|
|
2021-12-15 18:31:44 |
Wall Street Journal article: "Shaming Employees For Phishing is Counterproductive" (lien direct) |
Shaming employees for falling for phishing attacks is the wrong approach, according to Dr. Karen Renaud, a chancellor's fellow at the University of Strathclyde. In an article for the Wall Street Journal, Renaud described a study she conducted alongside fellow researchers Rosalind Searle and Marc Dupuis in which the researchers asked people if they had ever been responsible for a cybersecurity incident at work, and how their management responded. |
|
|
|
|
2021-12-15 14:59:45 |
Log4j vulnerability - KnowBe4 Not Affected (lien direct) |
KnowBe4 is aware of the recent log4j vulnerability (CVE-2021-44228) and has been investigating this issue in-depth. We can confirm that no KnowBe4 products are affected by this at this time and therefore no actions are required to be taken by our customers. |
Vulnerability
|
|
★★
|
|
2021-12-14 19:19:57 |
Answer 4 Questions To Avoid a Social Engineering Attack (lien direct) |
I am usually not a man of a few words. I am the opposite. I write hundreds of pages a month and talk non-stop in person. But lately, I have been trying to be better at saying more with less. With that in mind, I tried to boil down social engineering attacks in as few words as possible. |
|
|
|
|
2021-12-14 14:35:53 |
CyberheistNews Vol 11 #49 [HEADS UP] Tricky New TSA PreCheck Scam Steals Your Personal and Credit Card Details (lien direct) |
|
|
|
|
|
2021-12-14 13:45:50 |
The Unbearable Lightness of Phishing Pages (lien direct) |
Researchers at Kaspersky have found that most phishing pages are active for less than one day, with many of them going offline after just a few hours. Most of these short-lived pages were set up through hosting providers. |
|
|
|
|
2021-12-13 14:09:38 |
Socially Engineering Your Way to Customer Data (lien direct) |
US telecommunications company Cox Communications has disclosed a data breach that exposed some customers' information, BleepingComputer reports. The company said in a breach notification letter that an attacker was able to gain access to some customer accounts after using social engineering tactics to impersonate a Cox employee. |
Data Breach
|
|
|
|
2021-12-09 21:00:15 |
2021 Security Hints & Tips for Holiday Travels (lien direct) |
The holiday season may be closer to "normal" this year, and that means your users will be even more focused on holiday activities - including travel. Cybercriminals will undoubtedly be using relevant social engineering tactics to take advantage of people that have been cooped up the last two years. In fact, the FBI recently sent a warning to beware of travel scams during the holidays. |
|
|
|
|
2021-12-09 13:46:20 |
Real Cyberattack as Phishbait for a Scammer (lien direct) |
Scammers are exploiting a real “cyber incident” at a Riverhead New York high school to send out robocalls that claim to be coming from the local police department, RiverheadLOCAL reports. |
|
|
|
|
2021-12-08 15:47:28 |
Credential-Harvesting Phishing Campaign Urges Review of Spam (lien direct) |
Researchers at MailGuard have observed a phishing campaign that's using phony “spam notification” emails that purport to come from Microsoft Office 365. The emails tell recipients that an important-looking email has been sent to their spam folder, and they'll need to click a link to view the supposed message. |
Spam
|
|
|
|
2021-12-07 15:53:12 |
Victims: After a Data Breach, Changing Passwords and Good Password Hygiene Remain Unimportant (lien direct) |
New shocking data shows how unconcerned victim users are after being notified of a data breach involving their credentials, personal information, and even social media accounts. |
Data Breach
|
|
|
|
2021-12-07 15:53:06 |
New TSA PreCheck Scam Seeks to Collect Your Personal and Credit Card Details (lien direct) |
Doing one of the best jobs impersonating a website ever seen, this new scam attempts to take those renewing or initially signing up through a believable process that most would fall for. |
|
|
|
|
2021-12-07 15:52:59 |
Half of All Organizations Have Had Employees Approached to Aid in Ransomware Attacks (lien direct) |
Partially due to the shift to working remotely, cybercriminals are finding some resemblance of success in getting internal assistance, begging the question of what to do about it. |
Ransomware
|
|
|
|
2021-12-07 15:15:15 |
SideCopy: How an Intelligence Service Uses Phishbait (lien direct) |
Researchers at Malwarebytes offer more details on a spear phishing campaign run by a Pakistani threat actor that's come to be known as “SideCopy.” The campaign was first reported by Facebook earlier this year. |
Threat
|
|
|
|
2021-12-07 14:27:41 |
CyberheistNews Vol 11 #48 [Heads Up] Morgan Stanley Warns Against Recent “Brushing Scam” (lien direct) |
|
|
|
|
|
2021-12-06 21:14:54 |
Conducting Data Protection Impact Assessments on Your Cloud Environments (lien direct) |
Whether you're creating a new product, going through mergers & acquisitions, or significantly changing a process in your organization, new processing activities can present high risk. |
Guideline
|
|
|