What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-05-02 12:22:23 | Les deux meilleures choses que vous pouvez faire pour vous protéger et l'organisation The Two Best Things You Can Do To Protect Yourself and Organization (lien direct) |
Depuis le début, deux types d'attaques informatiques (appelés Exploits de cause racine initiale ) ont composé la grande majorité des attaques réussies: Génie social et exploiter les vulnérabilités non corrigées.Ces deux causes profondes représentent entre 50% et 90% de toutes les attaques réussies.Il y a des tonnes d'autres façons dont vous pouvez être attaqué (par exemple, devinettes de mot de passe, une mauvaise configuration, des écoutes, des attaques physiques, etc.), mais tous les autres types d'attaques additionnés ne sont pas égaux à l'une ou l'autre des deux autres méthodes les plus populaires.
Since the beginning, two types of computer attacks (known as initial root cause exploits) have composed the vast majority of successful attacks: social engineering and exploiting unpatched vulnerabilities. These two root causes account for somewhere between 50% to 90% of all successful attacks. There are tons of other ways you can be attacked (e.g., password guessing, misconfiguration, eavesdropping, physical attacks, etc.), but all other types of attacks added up all together do not equal either of the other two more popular methods. |
★★ | ||
|
2023-05-02 12:21:31 | Phishing comme tactique d'espionnage pour les cybercriminels Phishing as an Espionage Tactic for Cybercriminals (lien direct) |
★★ | |||
|
2023-05-01 14:31:33 | La fréquence d'attaque de phishing augmente près de 50% à mesure que certains secteurs augmentent jusqu'à 576% Phishing Attack Frequency Rises Nearly 50% as Some Sectors Increase by as Much as 576% (lien direct) |
|
★★★ | ||
|
2023-04-27 12:08:22 | Les dernières attaques QBOT utilisent un mélange de pièces jointes PDF et de fichiers hôtes de script Windows pour infecter les victimes Latest QBot Attacks Use a Mixture of PDF Attachments and Windows Scripting Host Files to Infect Victims (lien direct) |
Malware | ★★ | ||
|
2023-04-27 12:07:48 | Malgré la majorité des organisations croyant qu'elles étaient préparées pour les cyberattaques, la moitié étaient toujours victimes Despite a Majority of Organizations Believing They\\'re Prepared for Cyber Attacks, Half Were Still Victims (lien direct) |
|
★★ | ||
|
2023-04-25 13:00:00 | Cyberheistnews Vol 13 # 17 [Head Start] Méthodes efficaces Comment enseigner l'ingénierie sociale à une IA CyberheistNews Vol 13 #17 [Head Start] Effective Methods How To Teach Social Engineering to an AI (lien direct) |
CyberheistNews Vol 13 #16 | April 18th, 2023
[Finger on the Pulse]: How Phishers Leverage Recent AI Buzz
Curiosity leads people to suspend their better judgment as a new campaign of credential theft exploits a person\'s excitement about the newest AI systems not yet available to the general public. On Tuesday morning, April 11th, Veriti explained that several unknown actors are making false Facebook ads which advertise a free download of AIs like ChatGPT and Google Bard.
Veriti writes "These posts are designed to appear legitimate, using the buzz around OpenAI language models to trick unsuspecting users into downloading the files. However, once the user downloads and extracts the file, the Redline Stealer (aka RedStealer) malware is activated and is capable of stealing passwords and downloading further malware onto the user\'s device."
Veriti describes the capabilities of the Redline Stealer malware which, once downloaded, can take sensitive information like credit card numbers, passwords, and personal information like user location, and hardware. Veriti added "The malware can upload and download files, execute commands, and send back data about the infected computer at regular intervals."
Experts recommend using official Google or OpenAI websites to learn when their products will be available and only downloading files from reputable sources. With the rising use of Google and Facebook ads as attack vectors experts also suggest refraining from clicking on suspicious advertisements promising early access to any product on the Internet.
Employees can be helped to develop sound security habits like these by stepping them through monthly social engineering simulations.
Blog post with links:https://blog.knowbe4.com/ai-hype-used-for-phishbait
[New PhishER Feature] Immediately Add User-Reported Email Threats to Your M365 Blocklist
Now there\'s a super easy way to keep malicious emails away from all your users through the power of the KnowBe4 PhishER platform!
The new PhishER Blocklist feature lets you use reported messages to prevent future malicious email with the same sender, URL or attachment from reaching other users. Now you can create a unique list of blocklist entries and dramatically improve your Microsoft 365 email filters with |
Spam Malware Hack Threat | APT 28 ChatGPT ChatGPT | ★★★ |
|
2023-04-22 12:48:10 | [Heads Up] Le nouveau service Fednow ouvre une nouvelle surface d'attaque massive [Heads Up] The New FedNow Service Opens Massive New Attack Surface (lien direct) |
![[Heads Up] Le nouveau service FedNow ouvre une nouvelle surface d'attaque massive](https://blog.knowbe4.com/hubfs/idebar-fednow-Explorer-v3.jpg )
Vous n'avez peut-être pas entendu parler de ce service prévu pour juillet 2023, mais cela promet unMassive Nouveau Génie social Surface d'attaque.Ceci provient de leur site Web: "À propos du service FedNowsm. Le service Fednow est une nouvelle infrastructure de paiement instantané développée par la Réserve fédérale qui permetServices de paiement. "Grâce à des institutions financières participant au service Fednow, les entreprises et les particuliers peuvent envoyer et recevoir des paiements instantanés en temps réel, 24 heures sur 24, tous les jours de l'année.Les institutions financières et leur service & nbsp;Les fournisseurs peuvent utiliser le service pour fournir des services de paiement instantané innovants aux clients, et les destinataires auront un accès complet aux fonds immédiatement, ce qui permet une plus grande flexibilité financière lors de la mise en temps sensible au temps. "Ceci est le site: https://www.frbservices.org/financial-services/fednow/about.html VousPeut imaginer la boîte de Pandora \\ que cela s'ouvre. Nous, chez Knowbe4, organisons un concours interne pour trouver des exploits d'ingénierie sociale potentiels et phishing Modèles. Nous avons un tas de personnes très créatives travaillant ici, ce sont les principales soumissions:
![[Heads Up] The New FedNow Service Opens Massive New Attack Surface](https://blog.knowbe4.com/hubfs/sidebar-fednow-explorer-v3.jpg)
You may not have heard of this service planned for July 2023, but it promises a massive new social engineering attack surface. This is from their website:"About the FedNowSM Service. The FedNow Service is a new instant payment infrastructure developed by the Federal Reserve that allows financial institutions of every size across the U.S. to provide safe and efficient instant payment services."Through financial institutions participating in the FedNow Service, businesses and individuals can send and receive instant payments in real time, around the clock, every day of the year. Financial institutions and their service providers can use the service to provide innovative instant payment services to customers, and recipients will have full access to funds immediately, allowing for greater financial flexibility when making time-sensitive payments." This is the site: https://www.frbservices.org/financial-services/fednow/about.htmlYou can imagine the pandora\'s box this opens up. We at KnowBe4 ran an internal contest to come up with potential social engineering exploits and phishing templates. We have a bunch of very creative people working here, these are the top submissions: |
★★ | ||
|
2023-04-20 12:22:15 | Plus d'entreprises avec cyber-assurance sont touchées par des ransomwares que ceux sans More Companies with Cyber Insurance Are Hit by Ransomware Than Those Without (lien direct) |
|
Ransomware | ★★★★ | |
|
2023-04-20 12:21:59 | Près de la moitié des professionnels de l'informatique sont invités à se taire sur les violations de sécurité Nearly One-Half of IT Pros are Told to Keep Quiet About Security Breaches (lien direct) |
|
★★ | ||
|
2023-04-20 12:21:53 | Le volume des e-mails de phishing double au premier trimestre alors que l'utilisation de logiciels malveillants dans les attaques diminue légèrement Phishing Email Volume Doubles in Q1 as the use of Malware in Attacks Slightly Declines (lien direct) |
|
Malware | ★★ | |
|
2023-04-18 18:43:56 | [ARM et une jambe] Les cyber-assureurs s'inquiètent du coût des attaques à longue queue [Arm and a Leg] Cyber Insurers Are Worried About The Long-tail Cost of Attacks (lien direct) |
![[ARM et une jambe] Les cyber-assureurs sont préoccupés par le coût à longue queue des attaques]( https: //blog.knowbe4.com/hubfs/jasperart_2023-04-18_14.36.00_4.png )
[munitions budgétaires] James Rundle au Wall Street Journal a publié aujourd'hui un article très intéressant sur les coûts à long terme des cyberattaques et le faitQue les cyber-assureurs deviennent de plus en plus inquiets que leurs modèles ne couvrent pas ces répercussions à longue queue.L'un des problèmes est qu'il existe un nombre important de réclamations qui ne se sont pas encore réglées devant les tribunaux, ce qui pourrait prendre des années pour être finalement conclu. & Nbsp;
![[Arm and a Leg] Cyber Insurers Are Worried About The Long-tail Cost of Attacks](https://blog.knowbe4.com/hubfs/JasperArt_2023-04-18_14.36.00_4.png)
[BUDGET AMMO] James Rundle at the The Wall Street Journal today published a very interesting article about the long-term costs of cyber attacks and the fact that cyber insurers are getting more and more worried that their models do not cover these long-tail repercussions. One of the problems is that there are a significant number of claims that have not settled out in the courts yet, which might take years to get finally concluded. |
★★ | ||
|
2023-04-18 13:00:00 | Cyberheistnews Vol 13 # 16 [doigt sur le pouls]: comment les phishers tirent parti de l'IA récent Buzz CyberheistNews Vol 13 #16 [Finger on the Pulse]: How Phishers Leverage Recent AI Buzz (lien direct) |
CyberheistNews Vol 13 #16 | April 18th, 2023
[Finger on the Pulse]: How Phishers Leverage Recent AI Buzz
Curiosity leads people to suspend their better judgment as a new campaign of credential theft exploits a person\'s excitement about the newest AI systems not yet available to the general public. On Tuesday morning, April 11th, Veriti explained that several unknown actors are making false Facebook ads which advertise a free download of AIs like ChatGPT and Google Bard.
Veriti writes "These posts are designed to appear legitimate, using the buzz around OpenAI language models to trick unsuspecting users into downloading the files. However, once the user downloads and extracts the file, the Redline Stealer (aka RedStealer) malware is activated and is capable of stealing passwords and downloading further malware onto the user\'s device."
Veriti describes the capabilities of the Redline Stealer malware which, once downloaded, can take sensitive information like credit card numbers, passwords, and personal information like user location, and hardware. Veriti added "The malware can upload and download files, execute commands, and send back data about the infected computer at regular intervals."
Experts recommend using official Google or OpenAI websites to learn when their products will be available and only downloading files from reputable sources. With the rising use of Google and Facebook ads as attack vectors experts also suggest refraining from clicking on suspicious advertisements promising early access to any product on the Internet.
Employees can be helped to develop sound security habits like these by stepping them through monthly social engineering simulations.
Blog post with links:https://blog.knowbe4.com/ai-hype-used-for-phishbait
[New PhishER Feature] Immediately Add User-Reported Email Threats to Your M365 Blocklist
Now there\'s a super easy way to keep malicious emails away from all your users through the power of the KnowBe4 PhishER platform!
The new PhishER Blocklist feature lets you use reported messages to prevent future malicious email with the same sender, URL or attachment from reaching other users. Now you can create a unique list of blocklist entries and dramatically improve your Microsoft 365 email filters without ever leav |
Spam Malware Hack Threat | APT 28 ChatGPT ChatGPT | ★★★ |
|
2023-04-17 15:39:56 | La plate-forme de billetterie indienne des passagères révèle la fraude en ligne Indian Rail Passenger Ticketing Platform Warns of Online Fraud (lien direct) |
|
★★ | ||
|
2023-04-12 12:20:54 | Gagnez les guerres d'IA pour améliorer la sécurité et réduire le cyber-risque Win The AI Wars To Enhance Security And Decrease Cyber Risk (lien direct) |
ChatGPT ChatGPT | ★★ | ||
|
2023-04-11 13:16:54 | Cyberheistnews Vol 13 # 15 [Le nouveau visage de la fraude] FTC fait la lumière sur les escroqueries d'urgence familiale améliorées AI-AI CyberheistNews Vol 13 #15 [The New Face of Fraud] FTC Sheds Light on AI-Enhanced Family Emergency Scams (lien direct) |
CyberheistNews Vol 13 #15 | April 11th, 2023
[The New Face of Fraud] FTC Sheds Light on AI-Enhanced Family Emergency Scams
The Federal Trade Commission is alerting consumers about a next-level, more sophisticated family emergency scam that uses AI which imitates the voice of a "family member in distress."
They started out with: "You get a call. There\'s a panicked voice on the line. It\'s your grandson. He says he\'s in deep trouble - he wrecked the car and landed in jail. But you can help by sending money. You take a deep breath and think. You\'ve heard about grandparent scams. But darn, it sounds just like him. How could it be a scam? Voice cloning, that\'s how."
"Don\'t Trust The Voice"
The FTC explains: "Artificial intelligence is no longer a far-fetched idea out of a sci-fi movie. We\'re living with it, here and now. A scammer could use AI to clone the voice of your loved one. All he needs is a short audio clip of your family member\'s voice - which he could get from content posted online - and a voice-cloning program. When the scammer calls you, he\'ll sound just like your loved one.
"So how can you tell if a family member is in trouble or if it\'s a scammer using a cloned voice? Don\'t trust the voice. Call the person who supposedly contacted you and verify the story. Use a phone number you know is theirs. If you can\'t reach your loved one, try to get in touch with them through another family member or their friends."
Full text of the alert is at the FTC website. Share with friends, family and co-workers:https://blog.knowbe4.com/the-new-face-of-fraud-ftc-sheds-light-on-ai-enhanced-family-emergency-scams
A Master Class on IT Security: Roger A. Grimes Teaches Ransomware Mitigation
Cybercriminals have become thoughtful about ransomware attacks; taking time to maximize your organization\'s potential damage and their payoff. Protecting your network from this growing threat is more important than ever. And nobody knows this more than Roger A. Grimes, Data-Driven Defense Evangelist at KnowBe4.
With 30+ years of experience as a computer security consultant, instructor, and award-winning author, Roger has dedicated his life to making |
Ransomware Data Breach Spam Malware Hack Tool Threat | ChatGPT ChatGPT | ★★ |
|
2023-04-11 12:20:01 | Top à emporter, vous pourriez manquer ma prochaine classe de maître de ransomware Top Takeaways You Could be Missing Out on my Upcoming Ransomware Master Class (lien direct) |
|
Ransomware | ★★ | |
|
2023-04-11 12:00:00 | [Outil gratuit] Voir quels utilisateurs sont susceptibles de se faire un comportement de sécurité risqué avec l'aperçu gratuit de SecurityCoach! [Free Tool] See Which Users Are Susceptible to Risky Security Behavior with SecurityCoach Free Preview! (lien direct) |
Data Breach Hack | ★★ | ||
|
2023-04-10 14:21:40 | La campagne alarmante de phishing fiscal nous cible avec des logiciels malveillants Alarming Tax Phishing Campaign Targets US with Malware (lien direct) |
|
Malware | ★★ | |
|
2023-04-06 12:33:39 | New Emotet Phishing Campaign fait semblant d'être les formulaires IRS livrant W-9 New Emotet Phishing Campaign Pretends to be the IRS Delivering W-9 Forms (lien direct) |
|
★★ | ||
|
2023-04-06 12:33:35 | FBI: Les attaques de compromis par courrier électronique d'entreprise sont utilisées pour effectuer des achats de marchandises en vrac auprès des fournisseurs FBI: Business Email Compromise Attacks Are Being Used to Make Bulk Goods Purchases from Vendors (lien direct) |
|
★★ | ||
|
2023-04-04 13:50:02 | Scareware d'un groupe de ransomwares bidon Scareware From a Phony Ransomware Group (lien direct) |
|
Ransomware | ★★ | |
|
2023-04-04 13:00:00 | CyberheistNews Vol 13 # 14 [Eyes sur le prix] Comment les inconvénients croissants ont tenté un courteur par e-mail de 36 millions de vendeurs CyberheistNews Vol 13 #14 [Eyes on the Prize] How Crafty Cons Attempted a 36 Million Vendor Email Heist (lien direct) |
CyberheistNews Vol 13 #14 | April 4th, 2023
[Eyes on the Prize] How Crafty Cons Attempted a 36 Million Vendor Email Heist
The details in this thwarted VEC attack demonstrate how the use of just a few key details can both establish credibility and indicate the entire thing is a scam.
It\'s not every day you hear about a purely social engineering-based scam taking place that is looking to run away with tens of millions of dollars. But, according to security researchers at Abnormal Security, cybercriminals are becoming brazen and are taking their shots at very large prizes.
This attack begins with a case of VEC – where a domain is impersonated. In the case of this attack, the impersonated vendor\'s domain (which had a .com top level domain) was replaced with a matching .cam domain (.cam domains are supposedly used for photography enthusiasts, but there\'s the now-obvious problem with it looking very much like .com to the cursory glance).
The email attaches a legitimate-looking payoff letter complete with loan details. According to Abnormal Security, nearly every aspect of the request looked legitimate. The telltale signs primarily revolved around the use of the lookalike domain, but there were other grammatical mistakes (that can easily be addressed by using an online grammar service or ChatGPT).
This attack was identified well before it caused any damage, but the social engineering tactics leveraged were nearly enough to make this attack successful. Security solutions will help stop most attacks, but for those that make it past scanners, your users need to play a role in spotting and stopping BEC, VEC and phishing attacks themselves – something taught through security awareness training combined with frequent simulated phishing and other social engineering tests.
Blog post with screenshots and links:https://blog.knowbe4.com/36-mil-vendor-email-compromise-attack
[Live Demo] Ridiculously Easy Security Awareness Training and Phishing
Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.
Join us TOMORROW, Wednesday, April 5, @ 2:00 PM (ET), for a live demo of how KnowBe4 i |
Ransomware Malware Hack Threat | ChatGPT ChatGPT APT 43 | ★★ |
|
2023-04-03 18:32:00 | Latitude forcée d'arrêter d'ajouter de nouveaux clients à la suite de la violation Latitude Forced To Stop Adding New Customers in Aftermath of Breach (lien direct) |
Data Breach Threat | ★★ | ||
|
2023-04-03 15:51:13 | La police ukrainienne élimine la cybercriminalité Ukrainian Police Take Down Cybercrime Ring (lien direct) |
|
★★ | ||
|
2023-04-03 12:16:08 | La majorité des employés du gouvernement travaillent partiellement pratiquement malgré une augmentation des cyber-risques liés aux utilisateurs Majority of Government Employees are Partially Working Virtually Despite Increased User-Related Cyber Risks (lien direct) |
|
Threat | ★★ | |
|
2023-04-03 12:16:05 | La fausse escroquerie de Chatgpt se transforme en un système de maquette frauduleux Fake ChatGPT Scam Turns into a Fraudulent Money-Making Scheme (lien direct) |
|
Threat | ChatGPT ChatGPT | ★★ |
|
2023-03-28 13:00:00 | Cyberheistnews Vol 13 # 13 [Oeil Overner] Comment déjouer les attaques de phishing basées sur l'IA sournoises [CyberheistNews Vol 13 #13 [Eye Opener] How to Outsmart Sneaky AI-Based Phishing Attacks] (lien direct) |
CyberheistNews Vol 13 #13 | March 28th, 2023
[Eye Opener] How to Outsmart Sneaky AI-Based Phishing Attacks
Users need to adapt to an evolving threat landscape in which attackers can use AI tools like ChatGPT to craft extremely convincing phishing emails, according to Matthew Tyson at CSO.
"A leader tasked with cybersecurity can get ahead of the game by understanding where we are in the story of machine learning (ML) as a hacking tool," Tyson writes. "At present, the most important area of relevance around AI for cybersecurity is content generation.
"This is where machine learning is making its greatest strides and it dovetails nicely for hackers with vectors such as phishing and malicious chatbots. The capacity to craft compelling, well-formed text is in the hands of anyone with access to ChatGPT, and that\'s basically anyone with an internet connection."
Tyson quotes Conal Gallagher, CIO and CISO at Flexera, as saying that since attackers can now write grammatically correct phishing emails, users will need to pay attention to the circumstances of the emails.
"Looking for bad grammar and incorrect spelling is a thing of the past - even pre-ChatGPT phishing emails have been getting more sophisticated," Gallagher said. "We must ask: \'Is the email expected? Is the from address legit? Is the email enticing you to click on a link?\' Security awareness training still has a place to play here."
Tyson explains that technical defenses have become very effective, so attackers focus on targeting humans to bypass these measures.
"Email and other elements of software infrastructure offer built-in fundamental security that largely guarantees we are not in danger until we ourselves take action," Tyson writes. "This is where we can install a tripwire in our mindsets: we should be hyper aware of what it is we are acting upon when we act upon it.
"Not until an employee sends a reply, runs an attachment, or fills in a form is sensitive information at risk. The first ring of defense in our mentality should be: \'Is the content I\'m looking at legit, not just based on its internal aspects, but given the entire context?\' The second ring of defense in our mentality then has to be, \'Wait! I\'m being asked to do something here.\'"
New-school security awareness training with simulated phishing tests enables your employees to recognize increasingly sophisticated phishing attacks and builds a strong security culture.
Remember: Culture eats strategy for breakfast and is always top-down.
Blog post with links:https://blog.knowbe4.com/identifying-ai-enabled-phishing
|
Ransomware Malware Hack Tool Threat Guideline | ChatGPT ChatGPT | ★★★ |
|
2023-03-28 12:59:04 | Confessions d'un ancien \\ 'The Inside Man \\' sceptique [Confessions of a Former \\'The Inside Man\\' Skeptic] (lien direct) |
|
★★ | ||
|
2023-03-24 15:03:14 | L'attaque de compromis de nouveau fournisseur par e-mail cherche 36 millions de dollars [New Vendor Email Compromise Attack Seeks $36 Million] (lien direct) |
|
Threat | ★★ | |
|
2023-03-24 12:15:00 | Ransomware Data Volt Extorsion augmente de 40% à 70% de \\ '21 à \\' 22 [Ransomware Data Theft Extortion Goes up 40% to 70% From \\'21 to \\'22] (lien direct) |
|
Ransomware | ★★★ | |
|
2023-03-23 12:13:58 | Les utilisateurs cliquant sur plusieurs liens de phishing mobile augmentent de 637% en seulement deux ans [Users Clicking on Multiple Mobile Phishing Links Increases 637% in Just Two Years] (lien direct) |
|
General Information | ★★★ | |
|
2023-03-23 12:13:56 | Les cyber-assureurs suppriment tranquillement la couverture de l'ingénierie sociale et des allégations d'instruction frauduleuse [Cyber Insurers Quietly Remove Coverage for Social Engineering and Fraudulent Instruction Claims] (lien direct) |
|
General Information | ★★ | |
|
2023-03-22 12:46:51 | L'avenir des cyberattaques?Vitesse, plus de vitesse [The Future of Cyber Attacks? Speed, More Speed] (lien direct) |
|
General Information | ★★ | |
|
2023-03-21 13:00:00 | CyberheistNews Vol 13 #12 [Heads Up] This Week\'s New SVB Meltdown Social Engineering Attacks (lien direct) |
CyberheistNews Vol 13 #12 | March 21st, 2023
[Heads Up] This Week's New SVB Meltdown Social Engineering Attacks
On Saturday March 11, I warned about the coming wave of phishing attacks that would undoubtedly follow the SVB collapse. We were not disappointed.
There is a raft of new registered domains that are SVB-related, for example login.svb[.]com and many others that will probably all be used for business email compromise (BEC) attacks.
Adi Ikan, CEO of Veriti, observed that "Phishing campaigns are leveraging SVB's recent collapse to impersonate the bank and its online services. We have observed an increase in the registration of fake phishing domains in the U.S. (88%), Spain (7%), France (3%) and Israel (2%), and we anticipate this number to grow."
INKY describes a phishing campaign that's impersonating (SVB) with phony DocuSign notifications: "Email recipients are told that the 'KYC Refresh Team' sent two malicious documents that require a signature. 'KYC' is a banking term that stands for 'Know Your Customer' or 'Know Your Client.' It's a mandatory process banks use to verify an account holder's identity.
Cyberwire Pro has a good summary. Their newsletter is a 'Stu's Warmly Recommended".https://thecyberwire.com/stories/4880d3b8100c464f83fcf8d8ec8d3f23/svbs-collapse-and-the-potential-for-fraud
Train users about the risks. We have simulated phishing attack templates in your Current Events section with SVB-themes ready-made for you to send to your users.
[Live Demo] Ridiculously Easy Security Awareness Training and Phishing
Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.
Join us Wednesday, April 5, @ 2:00 PM (ET), for a live demo of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing.
Get a look at THREE NEW FEATURES and see how easy it is to train and phish your users.
NEW! KnowBe4 Mobile Learner App - Users can now train anytime, anywhere!
NEW! Security Cul |
Guideline | ChatGPT | ★★ |
|
2023-03-20 14:08:42 | Report Shows Business Email Compromise (BEC) Attacks Increase and Phishing Used as Initial Attack Vector in the Last Year (lien direct) |
|
★★ | ||
|
2023-03-17 18:19:15 | Phishing Attacks Top List of Initial Access Vectors with Backdoor Deployment as Top Objective (lien direct) |
New data looking back at the cyber attacks observed in 2022 shows that phishing continues to dominate as initial access brokers seem to be growing their business using backdoors. |
★★★ | ||
|
2023-03-16 13:06:29 | [FREE RESOURCE KIT] New Phishing Security Resource Kit Now Available! (lien direct) |
![[FREE RESOURCE KIT] New Phishing Security Resource Kit Now Available!](https://blog.knowbe4.com/hubfs/Phishing-Kit-1200x675.jpg)
Phishing emails increase in volume every month and every year, so we created this free resource kit to help you defend against attacks.
Request your kit now to learn phishing mitigation strategies, what new trends and attack vectors you need to be prepared for, and our best advice on how to protect your users and your organization.
|
★★ | ||
|
2023-03-15 17:43:42 | Three-Quarters of Organizations Have Experienced an Increase in Email-Based Threats (lien direct) |
|
★★ | ||
|
2023-03-14 13:00:00 | CyberheistNews Vol 13 #11 [Heads Up] Employees Are Feeding Sensitive Biz Data to ChatGPT, Raising Security Fears (lien direct) |
CyberheistNews Vol 13 #11 | March 14th, 2023
[Heads Up] Employees Are Feeding Sensitive Biz Data to ChatGPT, Raising Security Fears
Robert Lemos at DARKReading just reported on a worrying trend. The title said it all, and the news is that more than 4% of employees have put sensitive corporate data into the large language model, raising concerns that its popularity may result in massive leaks of proprietary information. Yikes.
I'm giving you a short extract of the story and the link to the whole article is below.
"Employees are submitting sensitive business data and privacy-protected information to large language models (LLMs) such as ChatGPT, raising concerns that artificial intelligence (AI) services could be incorporating the data into their models, and that information could be retrieved at a later date if proper data security isn't in place for the service.
"In a recent report, data security service Cyberhaven detected and blocked requests to input data into ChatGPT from 4.2% of the 1.6 million workers at its client companies because of the risk of leaking confidential info, client data, source code, or regulated information to the LLM.
"In one case, an executive cut and pasted the firm's 2023 strategy document into ChatGPT and asked it to create a PowerPoint deck. In another case, a doctor input his patient's name and their medical condition and asked ChatGPT to craft a letter to the patient's insurance company.
"And as more employees use ChatGPT and other AI-based services as productivity tools, the risk will grow, says Howard Ting, CEO of Cyberhaven.
"'There was this big migration of data from on-prem to cloud, and the next big shift is going to be the migration of data into these generative apps," he says. "And how that plays out [remains to be seen] - I think, we're in pregame; we're not even in the first inning.'"
Your employees need to be stepped through new-school security awareness training so that they understand the risks of doing things like this.
Blog post with links:https://blog.knowbe4.com/employees-are-feeding-sensitive-biz-data-to-chatgpt-raising-security-fears
[New PhishER Feature] Immediately Add User-Reported Email Threats to Your M365 Blockl |
Ransomware Data Breach Spam Malware Threat Guideline Medical | ChatGPT ChatGPT | ★★ |
|
2023-03-13 17:13:45 | Microsoft Warns of Business Email Compromise Attacks Taking Hours (lien direct) |
|
Threat | ★★ | |
|
2023-03-10 14:46:12 | Use of Malware Decreases in Cyber Attacks as Exploit Usage Skyrockets (lien direct) |
|
Malware | ★★ | |
|
2023-03-07 14:00:00 | CyberheistNews Vol 13 #10 [Eye Opener] BusinessWeek: The Satellite Hack Everyone Is Finally Talking About (lien direct) |
CyberheistNews Vol 13 #10 | March 7th, 2023
[Eye Opener] BusinessWeek: The Satellite Hack Everyone Is Finally Talking About
This week, Bloomberg News pointed at a brand-new article at BusinessWeek, one of their media properties. This is an excellent article that exposes the vulnerabilities when communications systems are not secure by design. It is an excellent wake-up call for your C-level execs and powerful budget ammo.
They started out with: "As Putin began his invasion of Ukraine, a network used throughout Europe-and by the Ukrainian military-faced an unprecedented cyberattack that doubled as an industrywide wake-up call. What they refer to is the Viasat hack. The KnowBe4 blog initially reported on this hack on March 24, 2022 here: https://blog.knowbe4.com/wired-a-mysterious-satellite-hack-has-victims-far-beyond-ukraine and in our CyberheistNews May 17, 2022 here: https://blog.knowbe4.com/cyberheistnews-vol-12-20-heads-up-now-you-need-to-watch-out-for-spoofed-vanity-urls.
The article continues to describe how a large number of Viasat customers lost connectivity. Here is a quote: "Viasat staffers in the U.S., where the company is based, were caught by surprise, too. Across Europe and North Africa, tens of thousands of internet connections in at least 13 countries were going dead.
"Some of the biggest service disruptions affected providers Bigblu Broadband PLC in the U.K. and NordNet AB in France, as well as utility systems that monitor thousands of wind turbines in Germany. The most critical affected Ukraine: Several thousand satellite systems that President Volodymyr Zelenskiy's government depended on were all down, making it much tougher for the military and intelligence services to coordinate troop and drone movements in the hours after the invasion."
"Industry was caught flat-footed," says Gregory Falco, a space cybersecurity expert who has advised the U.S. government. "Ukrainians paid the price. The war is really just revealing the capabilities," says Erin Miller, who runs the Space Information Sharing and Analysis Center, a trade group that gathers data on orbital threats. Cyberattacks affecting the industry, she says, have become a daily occurrence. The Viasat hack was widely considered a harbinger of attacks to come."
For many end-users, the frustrating thing about the Viasat hack is that, unlike with a phishing attack, there was nothing they could have done to prevent it. But the Russians (this smells like GRU) would have to know a lot of detail about Viasat's systems to execute an attack like th |
Guideline | Uber | ★★ |
|
2023-03-07 13:00:00 | Three out of Four Organizations Have Experienced a Successful Email-Based Attack as Impacts Increase (lien direct) |
|
★★ | ||
|
2023-03-06 14:09:47 | Executive Impersonation Business Email Compromise Attacks Go Beyond English Worldwide (lien direct) |
|
★★★ | ||
|
2023-03-02 12:09:33 | [Eye Opener] Businessweek: The Satellite Hack Everyone Is Finally Talking About (lien direct) |
![[Eye Opener] Businessweek: The Satellite Hack Everyone Is Finally Talking About](https://blog.knowbe4.com/hubfs/satellites-over-europe-courtesy-Airbus.jpg)
|
Hack | ★★★ | |
|
2023-03-01 18:52:30 | Remote Workers Significantly Increase the Cost of Remediating Email-Based Cyberattacks as Costs Average $1 Million (lien direct) |
|
★★★ | ||
|
2023-02-28 14:00:00 | CyberheistNews Vol 13 #09 [Eye Opener] Should You Click on Unsubscribe? (lien direct) |
CyberheistNews Vol 13 #09 | February 28th, 2023
[Eye Opener] Should You Click on Unsubscribe?
By Roger A. Grimes.
Some common questions we get are "Should I click on an unwanted email's 'Unsubscribe' link? Will that lead to more or less unwanted email?"
The short answer is that, in general, it is OK to click on a legitimate vendor's unsubscribe link. But if you think the email is sketchy or coming from a source you would not want to validate your email address as valid and active, or are unsure, do not take the chance, skip the unsubscribe action.
In many countries, legitimate vendors are bound by law to offer (free) unsubscribe functionality and abide by a user's preferences. For example, in the U.S., the 2003 CAN-SPAM Act states that businesses must offer clear instructions on how the recipient can remove themselves from the involved mailing list and that request must be honored within 10 days.
Note: Many countries have laws similar to the CAN-SPAM Act, although with privacy protection ranging the privacy spectrum from very little to a lot more protection. The unsubscribe feature does not have to be a URL link, but it does have to be an "internet-based way." The most popular alternative method besides a URL link is an email address to use.
In some cases, there are specific instructions you have to follow, such as put "Unsubscribe" in the subject of the email. Other times you are expected to craft your own message. Luckily, most of the time simply sending any email to the listed unsubscribe email address is enough to remove your email address from the mailing list.
[CONTINUED] at the KnowBe4 blog:https://blog.knowbe4.com/should-you-click-on-unsubscribe
[Live Demo] Ridiculously Easy Security Awareness Training and Phishing
Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.
Join us TOMORROW, Wednesday, March 1, @ 2:00 PM (ET), for a live demo of how KnowBe4 introduces a new-school approac |
Malware Hack Tool Vulnerability Threat Guideline Prediction | APT 38 ChatGPT | ★★★ |
|
2023-02-23 16:28:45 | Malware Report: The Number of Unique Phishing Emails in Q4 Rose by 36% (lien direct) |
|
Malware | ★★★ | |
|
2023-02-23 16:28:04 | Ransomware Attacks Using Extortion Tactics Reaches Critical Mass at 96% of all Attacks (lien direct) |
|
Ransomware | ★★★ | |
|
2023-02-23 16:27:44 | 28% of Users Open BEC Emails as BEC Attack Volume Skyrockets by 178% (lien direct) |
|
Studies | ★★★ |
To see everything:
Our RSS (filtrered)
