SEC News

What's new arround internet

Last one

Src	Date (GMT)	Titre	Description	Tags	Stories	Notes
	2022-06-09 16:02:12	Approaching Ransomware Victims Privately (lien direct)	Researchers at KELA warn that ransomware gangs are increasingly refraining from mentioning their victims' names after the initial attack, giving the victims a chance to pay up before the attack is publicized. This puts an additional layer of pressure on the victim to pay quickly, because it may allow them to avoid the reputational damage that's among the biggest threats a victim faces. If the victim refuses to pay, the attackers can then publish their name and threaten to release the stolen data.	Ransomware Threat
	2022-06-09 14:13:18	What About Password Manager Risks? (lien direct)	In KnowBe4's new Password Policy ebook, What Your Password Policy Should Be, we recommend that all users use a password manager to create and use perfectly random passwords. A perfectly random 12-character or longer password is impervious to all known password guessing and cracking attacks. A human-created password has to be 20 characters or longer to get the same protection. Humans do not like creating or using very long (and sometimes also complex) passwords, so we recommend using a trusted password manager program instead.
	2022-06-08 13:23:51	Karakurt Adds Irritating Phone Calls to its Crimes (lien direct)
	2022-06-07 23:17:38	40% of CSOs say Their Organization is Not Prepared for Cyberattacks as Phishing is the Top Likely Cause of Breaches (lien direct)				★★
	2022-06-07 23:17:26	Old Dog, New Trick: Hackers Use Logons in URLs to Bypass Email Scanners (lien direct)
	2022-06-07 23:17:12	“Five Eyes” Nations Cybersecurity Authorities Issue Warning to MSPs of Stepped-Up Cyberattacks (lien direct)
	2022-06-07 23:16:59	The Good, the Bad, and the Necessary State of Cyber Insurance (lien direct)
	2022-06-07 23:16:28	Phishing Attacks Reach an All-Time High, More Than Tripling Attacks in Early 2022 (lien direct)	Reaching more than 1 million attacks in a single quarter for the first time, new data on phishing attacks in Q1 of 2022 show an emphasis on impersonation and credential theft.
	2022-06-07 13:11:51	CyberheistNews Vol 12 #23 [Heads Up] Our Global Ransomware Damage Will Be More Than 265 Billion by 2031 (lien direct)		Ransomware
	2022-06-07 12:44:38	FTC Warns that Scammers are Turning to Cryptocurrencies (lien direct)	The US Federal Trade Commission (FTC) has warned that people have reported losing over $1 billion in crypto to scams since the beginning of 2021. The vast majority of these losses were due to investment scams, in which people are tricked into buying cryptocurrency with the promise of a large return. Notably, younger people (aged 20 to 49) are more than three times as likely to fall for cryptocurrency scams than older people. When older people do fall for these scams, however, they tend to lose more money.
	2022-06-07 12:27:31	What is a security tech stack (lien direct)
	2022-06-06 22:14:34	[Live Demo] Ridiculously Easy Security Awareness Training and Phishing (lien direct)	Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.	Hack
	2022-06-06 17:00:22	Homographic Domain Name Phishing Tactics (lien direct)
	2022-06-06 15:39:00	Understanding the Threat of NFT and Cryptocurrency Cyber Attacks and How to Defend Against Them (lien direct)		Threat
	2022-06-03 12:13:08	Why We Recommend Your Passwords Be Over 20-Characters Long (lien direct)	KnowBe4 just released its official guidance and recommendations regarding password policy. It has been a project in the works for many months now, but we wanted to make sure we got it right. Here are our official password recommendations:
	2022-06-03 12:11:54	Introducing KnowBe4\'s Password Policy E-Book (lien direct)	KnowBe4 just released its first e-book covering password attacks, defenses and what your password policy should be. Here is a summary of its recommendations:
	2022-06-03 12:09:30	(Déjà vu) Your KnowBe4 Fresh Content Updates from May 2022 (lien direct)
	2022-06-02 13:10:57	Smishing and Home Delivery (lien direct)	A smishing campaign is impersonating the UK-based delivery company Evri with text messages informing recipients that their package couldn't be delivered, according to Paul Ducklin at Naked Security. The messages state that a driver tried to deliver a package, but no one was home. The texts contain a link for the recipient to reschedule their delivery. If a user clicks on this link, they'll be taken to a phishing site that attempts to harvest their personal and financial information.
	2022-06-02 13:09:56	SideWinder Targets Pakistani Entities With Phishing Attacks (lien direct)			APT-C-17
	2022-06-01 22:09:40	U.K.\'s National Health Service Becomes the Latest Victim of a Credential Harvesting Phishing Operation (lien direct)	Part of a six-month attack, email accounts on the NHS' Microsoft 365 instance were compromised, resulting in over 1,100 targeted email attacks used to obtain more credentials.			★★
	2022-06-01 22:09:19	Phishing Attacks Rise 54% as the Initial Attack Vector Across All Threat Incidents (lien direct)		Threat		★★★★★
	2022-06-01 22:08:53	The Business (and Success) of Ransomware Explained as a Simple Funnel (lien direct)		Ransomware
	2022-06-01 12:59:33	CyberheistNews Vol 12 #22 [Heads Up] The New Verizon 2022 Data Breach Investigation Report Shows Sharp Rise in Ransomware (lien direct)		Ransomware Data Breach
	2022-06-01 12:23:44	Phishing Campaign Targets QuickBooks Users (lien direct)	Accounting software provider Intuit has warned of a phishing scam targeting its customers, BleepingComputer reports. The phishing campaign affected users of Intuit's QuickBooks product, informing them that their account has been put on hold.
	2022-05-27 12:04:40	We Do Not Talk Enough About Social Engineering and It\'s Hurting Us (lien direct)	One of the most important things I have tried to communicate to audiences since at least the 1990s is how prevalent a role social engineering plays in cybersecurity attacks. I have written non-stop about this since then in books and no doubt hundreds of articles. I am a broken record. You cannot meet me or attend one of my presentations or webinars without this being the defining lesson I try to teach.
	2022-05-27 12:04:11	The $44 Billion Smishing Problem and How to Not Be a Victim (lien direct)	Consumer Affairs reported on how big of a problem SMS phishing scams have become, and how it's about to get a lot worse. According to a recent FBI report, more than 320,000 Americans were targeted by these schemes in 2021, resulting in $44 billion in losses. Consumers on average get an average of 19.5 spam texts per month, over double the rate it was three years ago.	Spam
	2022-05-26 12:44:12	Collaring the (Alleged) Leader of a BEC Gang (lien direct)		Guideline
	2022-05-25 16:30:10	Verizon: Ransomware Involved in 25% of Data Breaches as Credentials and Phishing are Seen as “Key Paths” for Attack Success (lien direct)		Ransomware
	2022-05-25 12:55:58	That\'s Not Actually Elon Musk (lien direct)	Scammers are using deepfake videos of Elon Musk in an attempt to trick people into handing over cryptocurrency, BleepingComputer reports. The scammers set up a phony cryptocurrency platform called “BitVex” that purports to be owned by Musk. The crooks then used hacked YouTube accounts to spread deepfaked videos of Musk and other people associated with cryptocurrency to promote the platform.
	2022-05-24 13:54:37	New Scam Uses Fraud Support Social Engineering to Take Victims for Thousands of Dollars (lien direct)
	2022-05-24 13:54:10	Phishing Scammers Benefit from Shady SEO Practices to Rank Better Than Legitimate Domains (lien direct)
	2022-05-24 13:53:40	New IRS Phishing Scam Uses Fake Notices to Steal Microsoft 365 Credentials (lien direct)
	2022-05-24 13:53:06	FBI Director Warns of “Unprecedented” Cyberespionage Attacks Originating in China (lien direct)
	2022-05-24 13:52:21	New Phishing Attack Uses Malicious Chatbot For Real Time Social Engineering (lien direct)	Researchers at Trustwave have observed a phishing campaign that uses a chatbot to add legitimacy to the scam. The chatbot is on a harmless website, and is designed to convince the user to visit the phishing site by striking up a conversation and walking the victim through the process.
	2022-05-24 13:31:08	CyberheistNews Vol 12 #21 [EYE OPENER] Your Cyber Insurance Went up a Whopping 92% Last Year (lien direct)
	2022-05-23 12:00:00	Don\'t Just Have a Compliance Season, Have a Culture of Compliance (lien direct)
	2022-05-20 12:33:23	Phishing Attacks Increase by 54% as Initial Attack Vector for Access and Extortion Attacks (lien direct)
	2022-05-19 20:12:55	It\'s More Than Phishing; How to Supercharge Your Security Awareness Training (lien direct)	Tell people not to click a link, pat each other on the back, and ride off into the sunset. If only security awareness training was that simple in Europe.
	2022-05-19 12:56:27	(Déjà vu) Phishing Campaign Impersonates Shipping Giant Maersk (lien direct)
	2022-05-18 12:45:08	WSJ: "Cyber Insurance Went Up A Whopping 92% In 2021" (lien direct)
	2022-05-17 13:30:09	Spear Phishing a Diplomat (lien direct)	Researchers at Fortinet observed a spear phishing attack that targeted a Jordanian diplomat late last month. The researchers attribute this attack to the Iranian state-sponsored threat actor APT34 (also known as OilRig or Helix Kitten). The body of the phishing email isn't particularly detailed, but the attackers put a significant amount of effort into impersonating an employee at the targeted individual's organization.	Threat	APT 34
	2022-05-17 13:22:53	CyberheistNews Vol 12 #20 [Heads Up] Now You Need to Watch Out for Spoofed Vanity URLs... (lien direct)
	2022-05-16 17:51:27	Why People Fall for Scams (lien direct)
	2022-05-13 12:05:12	Think BEC Won\'t Cost You Much? How Does $130 Million Sound? (lien direct)	A new lawsuit brings to light the all-too common occurrence of a attack, with this occurring during a business acquisition and costing the buyer more than they bargained for.
	2022-05-13 12:04:41	Homeland Security: U.S. Ransomware Attacks Have Doubled in the Last Year (lien direct)	A March 2022 report from the Senate Committee on Homeland Security and Governmental Affairs zeros in on the growing problem of ransomware and lessons learned so far.	Ransomware
	2022-05-12 16:23:17	Trezor Crypto Wallet Attacks Results in Class Action Lawsuit Against MailChimp Owner Intuit (lien direct)	Months after the MailChimp data breach targeting 102 companies in the crypto sector, a new lawsuit has been filed seeking millions of dollars in damages.	Data Breach		★★★
	2022-05-12 16:22:16	Happy Credit Union Customers Become the Target of Spoofing Scams Due to a Lack of Email Security (lien direct)	Taking advantage of heightened levels of customer trust and satisfaction, along with lowered levels of properly implemented security, credit unions are seeing a rise in email-based scams.			★★★
	2022-05-12 16:21:37	European Wind-Energy Sector Is the Latest Target of Russian State-Sponsored Attacks (lien direct)	While Russia consistently denies any launching of cyberattacks, attack details point to reasonable intent by and cybercriminal ties to the Russian government.			★★★★
	2022-05-12 12:58:50	Beware of Spoofed Vanity URLs (lien direct)	Researchers at Varonis warn that attackers are using customizable URLs (also known as vanity URLS) on SaaS services to craft more convincing phishing links. The attackers have used this technique for links created through Box, Zoom, and Google Docs and Forms.			★★
	2022-05-11 13:47:43	KnowBe4 Earns 2022 Top Rated Award from TrustRadius (lien direct)	We are proud to announce that TrustRadius has recognized KnowBe4 with a 2022 Top Rated Award.			★★

Last update at: 2024-05-09 13:07:59
See our sources.

To see everything: Our RSS (filtrered)