SEC News

What's new arround internet

Last one

Src	Date (GMT)	Titre	Description	Tags	Stories	Notes
	2022-03-15 12:48:09	Shipping Fraud Rises Nearly 800% in 2021 (lien direct)	Shipping fraud had a global increase of nearly 800% over the course of 2021, according to TransUnion's 2022 Global Digital Fraud Trends Report.
	2022-03-15 12:43:58	Cybercrime-as-a-Service: Its Evolution and What You Can Do to Fight Back (lien direct)	The cybercrime market has skyrocketed in a frightening way. With threats such as ransomware to Business Email Compromise (BEC), the stakes are higher than ever for organizations across all industries.	Ransomware
	2022-03-14 13:16:00	Social Engineering through Contact Form (lien direct)	Email is the familiar form of phishing, but there's an ongoing criminal campaign that follows a different, arguably subtler avenue of approach: the corporate contact form. Abnormal Security has found that the BazarBackdoor is being distributed through this social engineering technique that succeeds in bypassing email filters.
	2022-03-11 15:28:20	Email-Based Vishing Attacks Skyrocket 554% as Phishing, Social Media, and Malware Attacks Are All on the Rise (lien direct)	New analysis of attacks in 2021 show massive increases across the board, painting a very concerning picture for this year around cyberattacks of all types.	Malware
	2022-03-10 14:31:37	“Warm Greetings” (or not) : Saudi Aramco Impersonation (lien direct)	Researchers at Malwarebytes warn of a phishing campaign that's targeting the oil and gas industry by impersonating Saudi Aramco.
	2022-03-10 14:31:15	Phishing and Scam Pages Increase by 153% as Cybercriminals Seek to Establish Credibility (lien direct)	As part of either impersonating known brands or simply leveraging credible cloud services, the use of a web page as part of an attack has become a staple for threat actors.	Threat
	2022-03-10 14:30:39	Passwords are Reused 64% of the Time as the Number of Passwords to Remember Reaches Over 100 (lien direct)	New data focusing on user cyber hygiene around password use shows users are repeatedly reusing passwords across multiple applications and environments, despite the rise in breaches.
	2022-03-09 15:58:22	83% of all Successful Ransomware Attacks Featured Double and Triple Extortion (lien direct)	With 2021 being the “testing ground” for ransomware extortion, 2022 is showing signs of ransomware gangs settling in on proven extortion tactics to ensure payment.	Ransomware
	2022-03-09 15:58:04	Social Engineering a Major Factor in Cyberattack on Camera Maker Axis Communications (lien direct)	As details of the February attack continue to be divulged, it becomes evident that cybercriminals were able to get past both users and security controls.
	2022-03-09 14:05:47	Domains Associated with Phishing Directed Against Ukraine (lien direct)	Researchers from Secureworks' Counter Threat Unit (CTU) are tracking phishing domains used by the “MOONSCAPE” threat actor to target users in Ukraine. The researchers note that Ukraine's Computer Emergency Response Team (CERT-UA) has attributed this campaign to the Belarusian threat actor UNC1151, but Secureworks hasn't yet confirmed this attribution. Belarus is one of Russia's closest allies, and is assisting in Moscow's war against Ukraine.	Threat
	2022-03-09 13:50:37	Phishing Impersonation and Attack Trends in 2021 (lien direct)	Facebook overtook Microsoft as the most impersonated brand in phishing attacks last year, according to a new report from Vade Secure.
	2022-03-08 14:16:18	CyberheistNews Vol 12 #10 [Heads Up] A New Phishing Attack Warns About A Suspicious Russian Login (lien direct)	[Heads Up] A New Phishing Attack Warns About A Suspicious Russian Login Email not displaying? \| CyberheistNews Vol 12 #10 \| Mar. 8th., 2022 [Heads Up] A New Phishing Attack Warns About a Suspicious Russian Login The human cost of war is horrific. All Knowsters are shocked and saddened by the all-out Russia-Ukraine land war. However, we are also inspired by the Ukrainian people for their bravery, resistance and resilience. As we all know, the price of freedom is eternal vigilance combined with the willingness to fight back.
	2022-03-08 13:30:14	[World Premiere] KnowBe4\'s New Season 4 of Netflix-Style Security Awareness Video Series - \'The Inside Man\' (lien direct)	We're thrilled to announce the long-awaited fourth season of the award-winning KnowBe4 Original Series - 'The Inside Man' is now available in the KnowBe4 ModStore!
	2022-03-08 13:02:39	(Déjà vu) FBI: Ransomware gang breached 52 US critical infrastructure orgs (lien direct)	The US Federal Bureau of Investigation (FBI) says the Ragnar Locker ransomware gang has breached the networks of at least 52 organizations from multiple US critical infrastructure sectors.	Ransomware
	2022-03-07 14:48:53	By the Way, There\'s No Draft - Smishing Campaign Alert (lien direct)	Scammers are sending phony text messages (aka Smishing or SMS Phishing) informing people in the US that they've been drafted by the US Army, according to Army Times.
	2022-03-07 13:00:00	Log4j - Kevin Mitnick Explains One of the Most Serious Vulnerabilities in the Last Decade (lien direct)	The Log4j vulnerability caused widespread panic for IT professionals when it was uncovered. Sleepless nights followed for many. But a shortage of time and manpower has left this vulnerability wide open in many organizations. Is your organization one of them?	Vulnerability
	2022-03-04 19:42:05	The Recent Log4J Vulnerability Equation: Remote Code Execution (RCE) + National Vulnerability Database (NVD) = 10.0 (lien direct)	RCE. These three letters add increased levels of stress to cybersecurity professionals regarding vulnerabilities against their hardware or software within their risk management program.	Vulnerability
	2022-03-04 15:24:28	According to KnowBe4 Research\'s Q1 2022 Report: Shadow IT Is Real (lien direct)	Imagine needing to share a large PDF non-confidential document with a customer. It is too large to send via email, and recently you started using a cloud file sharing service to store files and make them accessible on your smartphone, tablet or other computers. You upload the file to the filesharing service and then share the link with the customer to make things easier. After a few clicks, a link is sent to the customer and they download the PDF document. The next day, you get a phone call from one of the information security officers from the organization asking about a file they noticed you transferred out of the company to the filesharing service.
	2022-03-04 13:34:15	Phishing Attacks Impersonating LinkedIn are up 232% in the Last Month Alone! (lien direct)	During the period the world has dubbed “the great resignation”, phishing scammers are shifting tactics to take advantage of those looking for a new career or place of employment.
	2022-03-04 13:34:12	FBI: Scammers Take Business Email Compromise Attacks to Virtual Meeting Platforms (lien direct)	In a new twist on an old scam, BEC attacks switch from email to a virtual meeting where social engineering tactics are used to further establish credibility and increase the likelihood of a successful scam.
	2022-03-04 13:34:08	CISA: 2021 Cyberattack Trends Indicate Increases in Global Ransomware Attacks (lien direct)	New advisory sees critical infrastructure once again in the crosshairs and makes critical recommendations to both protect against ransomware and to reduce its' impact.	Ransomware
	2022-03-04 13:00:00	(Déjà vu) Your KnowBe4 Fresh Content Updates from February 2022 (lien direct)	Check out the 28 new pieces of training content added in February, alongside the always fresh content update highlights and new features.
	2022-03-03 13:40:41	What It\'s Like to Be the Face of Romance (Scams) (lien direct)	A real US Army colonel named Daniel Blackmon is being impersonated in hundreds or even thousands of romance scams, according to Haley Britzky at Task & Purpose. The scammers took pictures from Col. Blackmon's social media pages and used them to craft phony profiles. The real Blackmon, who is happily married and utterly unconnected with the scammers, is aware of these scams and is doing his best to let people know that he won't message them if he doesn't know them, and that he won't ask for money.
	2022-03-02 19:19:06	Gain Insight into Where Your Organization Stands with the Security Culture Maturity Model (lien direct)	We're thrilled to introduce the Security Culture Maturity Model, the industry's first maturity model specifically geared to measure security culture!
	2022-03-02 18:32:16	Data Breach Volumes in the U.S. Grow by 10% in 2021 (lien direct)	New data shows despite decreases in global data breach levels (-5%) in 2021, the U.S. experienced proportionally more data breaches than in the previous year.	Data Breach
	2022-03-02 18:32:00	Timely “Help Ukraine” Online Crypto Scams Take in Millions (lien direct)	A new series of "help Ukraine" donation posts have sprouted up across the Internet, but are really a cryptocurrency scam enticing users send crypto donations to counterfeit addresses.
	2022-03-02 18:31:47	FBI: SIM Swapping Attacks See More Than 500% Increases in The Number of Attacks and Monetary Losses (lien direct)	With mobile devices used as secondary authentication, threat actors have been stepping up activity, looking for ways to transfer phone numbers to cybercriminal-controlled devices.	Threat
	2022-03-02 18:31:34	UK ICO Sees a Massive Increase in Targeted Email Attacks (lien direct)	New data obtained from the UK's Information Commissioner's Office by think tank Parliament Street shows an unprecedented rise in attacks against the UK's information rights organization.
	2022-03-02 13:48:36	Phishing Emails Warn of a Suspicious Login From Russia (lien direct)	Researchers at Malwarebytes warn that a phishing campaign is informing users that someone logged into their account from an IP address in Moscow. The email contains a button to report the issue, which “opens a fresh email with a pre-filled message to be sent to a specific email account.” If a user sends this email, the attacker will reply and attempt to rope them further into the scam.
	2022-03-01 19:07:44	(Déjà vu) CyberheistNews Vol 12 #09 [Heads Up] The Ukraine War Started A New Wiper Malware Spillover Risk (lien direct)	[Heads Up] The Ukraine War Started A New Wiper Malware Spillover Risk Email not displaying? \| CyberheistNews Vol 12 #09 \| Mar. 1st., 2022 [Heads Up] The Ukraine War Started A New Wiper Malware Spillover Risk The war in Ukraine increases the risk of wiper malware to spill over. I'm sure you remember NotPetya, which caused billions of dollars of downtime damage. The WSJ reports that Symantec observed wiper malware was put in motion just hours before Russian tanks arrived in Ukraine.	Malware	NotPetya
	2022-03-01 14:42:52	Scammers Will Take Advantage of New IRS Rules (lien direct)	New IRS requirements will soon be used as phishbait, according to Gene Marks, owner of Marks Group PC and a columnist for the Guardian.
	2022-03-01 11:49:52	Russia Could “Absolutely” Lash Out at US Through Cyber, Lawmaker Warns (lien direct)	NextGov reports: "Chairman Sen. Mark Warner, D-Va, gives an opening statement as FireEye CEO Kevin Mandia, SolarWinds CEO Sudhakar Ramakrishna and Microsoft President Brad Smith testify at a Senate Intelligence Committee hearing on Capitol Hill on February 23, 2021.
	2022-02-28 15:45:46	Wartime Suffering as Phishbait (lien direct)	It's easy to forget, when a hybrid war like the one currently raging in Ukraine is occupying so much attention, that ordinary criminal lowlifes continue to seek victims, and the war only gives them another pretext to dangle in front of the unwary.
	2022-02-27 13:26:32	[EYES OPEN] The Kremlin Propaganda Machine Now Works Overtime. INFOGRAPHIC (lien direct)	With an ongoing land war in Ukraine, everyone needs to be alert for the Kremlin's parallel disinformation campaigns. Many people simply are not aware of the massive amount of false data that is being spread by an extensive, Russia-controlled network of media outlets, websites and social media accounts. The Russian government is spreading disinformation to at least 4 different audiences:
	2022-02-25 12:12:46	[Heads Up] The Ukraine War Started A New Wiper Malware Spillover Risk (lien direct)	The war in Ukraine increases the risk of wiper malware to spill over. I'm sure you remember NotPetya, which caused billions of dollars of downtime damage. The WSJ reports that Symantec observed wiper malware was put in motion just hours before Russian tanks arrived in Ukraine.	Malware	NotPetya
	2022-02-23 14:46:21	When the Phishers Want a Reply, not a Click (lien direct)	A sextortion phishing campaign is targeting French speakers accusing them of viewing child abuse content, according to Paul Ducklin at Naked Security. The emails purport to come from the French police, and are designed to frighten users into replying to the email to assert their innocence. After a user replies, the scammer will attempt to convince them to pay a bogus fine to have the matter dropped.
	2022-02-22 14:52:39	CyberheistNews Vol 12 #08 [Eye Opener] Here Are the 4 Traits of Most Scams (lien direct)
	2022-02-22 14:02:06	New Phishing Campaign Angles for Monzo Banking Customers (lien direct)	A phishing campaign is targeting users of the UK-based digital banking company Monzo, BleepingComputer reports. Security researcher William Thomas came across an SMS phishing (smishing) campaign that's sending text messages that purport to come from Monzo.
	2022-02-22 14:01:58	20 Year-Old “Right-to-Left Override” Functionality Used in Attacks to Trick Microsoft 365 Users Out of Credentials (lien direct)	Used to disguise malicious file extensions, this legacy functionality is being repurposed in attacks to obfuscate attachment types and steal credentials in an impressive way.
	2022-02-22 14:01:50	New QBot Attack Only Takes 30 Minutes to Elevate Privileges and Steal Data (lien direct)	This banking trojan-turned-information-stealer has been around for nearly 15 years. But its latest iteration – seen even in the past few weeks – has stepped up in its' ability to act quickly.
	2022-02-21 19:50:06	Phishing Campaign Targets NFT Speculators (lien direct)	Scams follow fashion because money follows fashion. So it's no surprise that non-fungible tokens (NFTs), which have become a hot speculative property, have drawn scam artists for phishing campaigns. They're not so much interested in the NFTs themselves as they are in the speculators' cash. OceanSea, a leading NFT marketplace, has responded to panicky tweets from users to reassure them that it's on top of rumors of “an exploit” connected to the smart contracts traders use.	Guideline	APT 32
	2022-02-20 19:56:23	[Heads Up] There Is A Whole New Type of Blockchain Scam Called "Ice phishing" (lien direct)	In a post Wednesday last week, Microsoft issued a warning that they are seeing a brand new type of blockchain-centric attack aimed at web3 -- a term used to describe the decentralized environment created on the blockchain.
	2022-02-17 15:08:55	Conti Ransomware Attacks Reap in $180 Million in 2021 as Average Ransomware Payments Rise by 34% (lien direct)	New analysis of ransomware attacks shows growth in the number of active strains, ransoms collected, and use of third-party services all adding up to a more organized and profitable industry.	Ransomware
	2022-02-17 15:08:51	Coinbase\'s QR Code Superbowl Ad Only Helps Normalize QR-Based Scams (lien direct)	Use of QR codes is becoming a mainstream part of advertising, but also is getting the attention of scammers intent on redirecting you to a malicious site they control.
	2022-02-17 15:08:48	Scammers Use a Mix of Stolen Credentials, Inbox Rules, and a Rogue Outlook Client Install to Phish Internal and External Victims (lien direct)	Organizations that are not using Microsoft's multi-factor authentication are finding themselves victims of credential attacks that involve threat actors installing Outlook on a controlled device.	Threat
	2022-02-16 20:01:55	Traits of Most Scams (lien direct)	There are a lot of scams in the world, and they seem to be proliferating at an exponential rate. My Facebook friend's accounts are compromised all the time and I get sent scam requests for easy money. I get at least one scam message via SMS every day. My email inbox is full of phishing scams. I occasionally get phone calls from criminals claiming to be from my bank or some other local provider.
	2022-02-16 13:38:03	Phishing Attacks on Social Media Doubled Over 2021 (lien direct)	Phishing attacks on social media doubled over the course of 2021, according to a new report from PhishLabs by HelpSystems. Most (68%) of these attacks targeted organizations in the financial sector, followed by the telecommunications sector in second place at 24%.
	2022-02-15 14:24:51	CyberheistNews Vol 12 #07 [Heads Up] FBI Warns Against New Criminal QR Code Scams (lien direct)	[Heads Up] FBI Warns Against New Criminal QR Code Scams Email not displaying? \| CyberheistNews Vol 12 #07 \| Feb. 15th., 2022 [Heads Up] FBI Warns Against New Criminal QR Code Scams QR codes have been around for many years. While they were adopted for certain niche uses, they never did quite reach their full potential. They are a bit like Rick Astley in that regard, really popular for one song, but well after the boat had sailed. Do not get me wrong, Rick Astley achieved a lot. In recent years, he has become immortalized as a meme and Rick roller, but he could have been so much more. However, in recent years, with lockdown and the drive to keep things at arms length, QR codes have become an efficient way to facilitate contactless communications, or the transfer of offers without physically handing over a coupon. As this has grown in popularity, more people have become familiar with how to generate their own QR codes and how to use them as virtual business cards, discount codes, links to videos and all sorts of other things. QRime Codes As with most things, once they begin to gain a bit of popularity, criminals move in to see how they can manipulate the situation to their advantage. Recently, we have seen fake QR codes stuck to parking meters enticing unwitting drivers to scan the code, and hand over their payment details believing they were paying for parking, whereas they were actually handing over their payment information to criminals. The rise in QR code fraud resulted in the FBI releasing an advisory warning against fake QR codes that are being used to scam users. In many cases, a fake QR code will lead people to a website that looks like the intended legitimate site. So, the usual verification process of checking the URL and any other red flags apply. CONTINUED with links and 4 example malicious QR codes on the KnowBe4 blog: https://blog.knowbe4.com/qr-codes-in-the-time-of-cybercrime	Ransomware Data Breach Spam Malware Threat Guideline	APT 15 APT 43
	2022-02-14 20:58:14	Incredible Email Hacks You\'d Never Expect and How You Can Stop Them (lien direct)	If you think the only way your network and devices can be compromised via email is phishing, think again!
	2022-02-14 13:54:05	Meta Files Lawsuit Over Phishing Attacks (lien direct)	Meta (Facebook's corporate parent) and the digital banking company Chime have filed a joint lawsuit against two Nigerian citizens for allegedly impersonating Chime in phishing attacks, BleepingComputer reports. The defendants are accused of using “more than five Facebook accounts and more than 800 Instagram accounts” to direct users to spoofed Chime login pages in order to harvest their credentials.

Last update at: 2024-05-09 03:07:47
See our sources.

To see everything: Our RSS (filtrered)