SEC News

What's new arround internet

Last one

Src	Date (GMT)	Titre	Description	Tags	Stories	Notes
	2022-02-11 13:53:08	FBI: Scammers Exploit Job Posting Sites with Fake Jobs to Steal Money and Personal Information (lien direct)	In the wake of the great reset, cybercriminals are finding success posing as legitimate companies in job postings seeking new hires on well-known job sites.
	2022-02-11 13:52:41	New Cyberattack Campaign Delivers Multiple RATs via Trusted Cloud Services (lien direct)	Abusing cloud providers including Microsoft Azure and AWS, cybercriminals are setting up malicious infrastructure to hide their operations and avoid detection.
	2022-02-11 13:00:00	Engaging Your Remote Workforce: Go Beyond Compliance with Training (lien direct)	Even after the pandemic ends, many employees say they want to stay home and continue to work remotely. A recent study by the Mckinsey & Company that looked at over 800 jobs in nine countries revealed that 1 in 5 healthcare workers, a third of education workers, and a whopping 76% of those in finance and insurance can work from home with no loss of productivity.
	2022-02-10 13:44:51	Brand Impersonation and the Healthcare Sector (lien direct)	The healthcare sector is particularly vulnerable to phishing attacks, according to Mike Azzara at Mimecast. Employees in the healthcare industry need to be wary of brand impersonation attacks designed to steal credentials or hijack payments.
	2022-02-09 19:33:21	Introducing the New \'Security Masterminds\' Podcast (lien direct)	We're excited to announce that we have launched a new podcast called "Security Masterminds”! This podcast covers a range of topics in cybersecurity, with a particular focus on the human element. A new podcast will be released each month, with episodes lasting approximately 30 minutes. A variety of cybersecurity industry experts will be featured as guests.
	2022-02-09 15:00:56	Updated Ransomware Hostage Rescue Manual (lien direct)	Ransomware is one of the most damaging types of cyber attacks of all time, and the one feared the most by business owners and cybersecurity defenders. This worry is not without reason. In an instant, an organization's critical IT infrastructure can be brought down for weeks to months, completely stopping all business. Some data and systems may be lost forever. Complete recovery may take over a year. Customer impacts may last long past the technical recovery process.	Ransomware
	2022-02-08 23:25:28	Use of Excel .XLL Add-Ins Soars Nearly 600% to Infect Systems in Phishing Attacks (lien direct)	Cybercriminals are taking to more advanced functionality than traditional VBA scripting to both execute complex malicious actions via Excel and to obfuscate their true intention - phishing attacks.
	2022-02-08 23:25:24	Average Ransomware Ransoms Jump 130% While Use of Data Exfiltration Grows (lien direct)	With pressures by law enforcement on ransomware gangs in 2021, and more stringent security requirements by cyber insurers, cybercriminals are changing their tactics to ensure a payoff.	Ransomware
	2022-02-08 18:04:46	The Evolution and Future of Ransomware (lien direct)	The history of ransomware spans over 30 years. The first specimen, known as the AIDS Trojan, was delivered via physical media using the postal system, and, upon its discovery, was quickly remediated by the security industry. More recent examples have proven comparatively more devastating, most notably the Colonial Pipeline incident, which caused fuel shortages and widespread disruption to much of the US East Coast.	Ransomware
	2022-02-08 14:53:21	Scammers Now Exploit \'Slinks\' in LinkedIn (lien direct)	Scammers are exploiting LinkedIn redirect links, or “Slinks,” to fool users and bypass email security filters, Brian Krebs reports. These links allow companies to track their marketing campaigns on LinkedIn, but they can be abused by criminals to create legitimate-looking URLs that redirect to phishing pages.
	2022-02-08 14:23:51	CyberheistNews Vol 12 #06 [Heads Up] Beware of New Quickbooks Payment Scams (lien direct)	[Heads Up] Beware of New QuickBooks Payment Scams Email not displaying? \| CyberheistNews Vol 12 #06 \| Feb. 8th., 2022 [Heads Up] Beware of New QuickBooks Payment Scams Many small and mid-sized companies use Intuit's popular QuickBooks program. They usually start out using its easy-to-use base accounting program and then the QuickBooks program aggressively pushes other complimentary features. One of those add-on features is the ability to send customers' invoices via email. The payee can click on a “Review and pay” button in the email to pay the invoice. It used to be a free, but less mature, feature years ago, but these days, it costs extra. Still, if you are using QuickBooks for your accounting, the ability to generate, send, receive and electronically track invoices all in one place is a pretty easy sell. Unfortunately, phishing criminals are using QuickBooks' popularity to send business email compromise (BEC) scams. The emails appear as if they are coming from a legitimate vendor using QuickBooks, but if the potential victim takes the bait, the invoice they pay will be to the scammer. Worse, the payment request can require that the payee use ACH (automated clearing house) method, which requires the payee to input their bank account details. So, if the victim falls for the scam, the criminal now has their bank account information. Not good. Note: Some other QuickBooks scam warnings will tell you that QuickBooks will never ask for your ACH or banking details. This is not completely true. QuickBooks, the company and its support staff, never will, but QuickBooks email payment requests often do. Warn your users in Accounting. CONTINUED at the KnowBe4 blog with both legit and malicious example screenshots: https://blog.knowbe4.com/beware-of-quickbooks-payment-scams	Malware Hack Threat Conference	APT 35
	2022-02-07 18:55:27	QR Codes in the Time of Cybercrime (lien direct)	QR codes have been around for many years. While they were adopted for certain niche uses, they never did quite reach their full potential. They are a bit like Rick Astley in that regard, really popular for one song, but well after the boat had sailed. Do not get me wrong, Rick Astley achieved a lot. In recent years, he has become immortalised as a meme and Rick roller, but he could have been so much more.
	2022-02-07 14:55:24	As Tax Season Starts, So Do IRS Scams - Here\'s What to Look For (lien direct)	It's that time again, when we all dread finding out if we owe money or not. And cybercriminals are banking on it with a wide range of scams that all impersonate the IRS.
	2022-02-04 18:28:02	KnowBe4 Named a Leader in the Winter 2022 G2 Grid Report for Security Orchestration, Automation, and Response (SOAR) (lien direct)	We are excited to announce that KnowBe4 has been named a leader in the Winter 2022 G2 Grid Report for Security Orchestration, Automation, and Response (SOAR) for the PhishER platform for the third consecutive quarter!	Guideline
	2022-02-04 13:59:55	Phone Number Only Phishing on the Rise (lien direct)	I do not have the data to support my conclusion, but myself and others have noticed the sharp increase in email phishing attempts that include only a phishing message and a phone number to call. There are no embedded links or file attachments, and the subjects are just plausible enough that I can see them slipping by normal phishing filters and tricking some very small percentage of people.
	2022-02-03 20:28:15	The 4 Things You Should Be Doing Right Now To Best Improve Your Cybersecurity (lien direct)	The key to really good cybersecurity is to concentrate on just 4 things. Master them first before you begin to try and do the other hundreds of things that everyone else is going to tell you need to do.
	2022-02-03 20:17:15	The Benefits of Paranoia (lien direct)	Security professionals can often be perceived as being overly paranoid. Don't click this or the criminals will get into the system, always have at least 3 firewalls to prevent the nuclear codes from being stolen, and any password shorter than 64 characters is about as useful as half a pair of scissors.
	2022-02-03 20:15:47	U.K. Snack Manufacturer Expects Months of Delays After Ransomware Attack (lien direct)	Orders of top-selling snack brands from KP Snacks are on hold in the aftermath of a Conti ransomware attack that includes data theft of confidential information.	Ransomware
	2022-02-03 14:14:53	(Déjà vu) Your KnowBe4 Fresh Content Updates from January 2022 (lien direct)	Check out the 20 new pieces of training content added in January, alongside the always fresh content update highlights and new features.
	2022-02-03 13:27:29	Web Trackers Collect Much More Info About Your Users\' Browsing Activity Than Previously Believed (lien direct)	Researchers at Norton LifeLock have found that web trackers are collecting much more information about users' browsing activity than had previously been believed. Such trackers can follow users around much of the Internet in order to build a profile about them. The profiles are usually compiled for advertising purposes.			★★★★
	2022-02-03 13:00:00	[New Feature] Give Your Users Additional Learning Opportunities Driven By AI with New AI-Recommended Optional Learning Feature (lien direct)	We are excited to announce that the power of AI has been brought to the KnowBe4 Optional Learning feature to offer users suggestions for additional training opportunities.
	2022-02-02 20:51:37	1 in 7 Ransomware Extortion Leaks Include Sensitive Operational Technology Details (lien direct)	New analysis of published data from ransomware attacks puts the spotlight on the potential that some of your most critical data stolen puts you materially at risk of another attack.	Ransomware
	2022-02-02 20:50:42	Opinion: Is Your Cyber Insurance Going To Cover “Cyber War”? (lien direct)	With the lines increasingly blurred between whether a cyber attack is “state sponsored” or just a malicious group of individuals, we're likely going to see more denials of claims.
	2022-02-02 13:00:00	KnowBe4 Unveils Official Trailer for \'The Inside Man\' Season 4 (lien direct)	We're excited to announce the release of the official trailer for Season 4 of the award-winning Knowbe4 Original Series - 'The Inside Man'!
	2022-02-01 19:40:11	COVID-19 Test-Related Phishing Scams Jump 521% Into January (lien direct)	New data shows a massive increase between October 2021 and January 2022 in phishing attacks focusing on one of the world's current concerns for home and in-office testing.
	2022-02-01 19:40:07	8 New Malware Payloads Spotted As Part of Attacks Against Ukrainian Targets (lien direct)	Security Threat Researchers at Symantec have published details about malware being put out by the “Gamaredon” threat group (who have been tied to Russian Federal Security Service), responsible for attacks in the Ukraine since 2013.	Malware Threat
	2022-02-01 19:40:04	New Phishing Campaign is Impersonating Zoom to Steal Credentials (lien direct)	A phishing campaign is impersonating Zoom in order to steal users' Microsoft credentials, according to Lauryn Cash at Armorblox. The emails landed in about 10,000 inboxes, and targeted “a major online mortgage brokerage company located in North America.”
	2022-02-01 14:37:29	CyberheistNews Vol 12 #05 [Heads Up] DHS Sounds Alarm on New Russian Destructive Disk Wiper Attack Potential (lien direct)		Ransomware Malware Hack Tool Threat Guideline	NotPetya NotPetya Wannacry Wannacry APT 27 APT 27
	2022-01-31 14:16:17	Beware of QuickBooks Payment Scams (lien direct)	Many small and mid-sized companies use Intuit's very popular QuickBooks program. They usually start out using its easy-to-use base accounting program and then the QuickBooks program aggressively pushes other complimentary features. One of those add-on features is the ability to send customers' invoices via email. The payee can click on a “Review and pay” button in the email to pay the invoice. It used to be a free, but less mature, feature years ago, but these days, it costs extra. Still, if you are using QuickBooks for your accounting, the ability to generate, send, receive and electronically track invoices all in one place is a pretty easy sell. Intuit touts QuickBooks' ability to send email invoices here.
	2022-01-31 14:16:14	Increased “Shipping Delays” Now Served as Phishbait (lien direct)	Attackers are exploiting pandemic-related supply-chain disruptions to launch phishing campaigns, according to Troy Gill, senior manager of threat intelligence at Zix. In an article for Threatpost, Gill describes a phishing attack that impersonated a major shipping company.	Threat
	2022-01-28 15:11:32	KnowBe4 Continues to be One of Okta\'s Most Popular Apps in the 2021 Businesses at Work Report (lien direct)	We're pleased to announce that we have been featured in Okta's eighth edition of the "Business at Work" report. This report is an in-depth look into how organizations and people work today - exploring workforces and customers, and the applications and services they use to be productive.
	2022-01-27 19:31:27	A Data-Driven Approach for Your Third-Party Risk Management Processes (lien direct)	As organizations have increased their scope of vendors and partners, they have also increased their digital risk surface and are facing new challenges regarding vendor risk management. By taking a data-driven approach to identifying, understanding, and acting on risk, you can efficiently eliminate your organization's most critical third-party security gaps.
	2022-01-27 14:13:57	Microsoft Warns of Latest “Consent Phishing” Attack Intent on Reading Your Email (lien direct)	Rather than steal your user's credentials, this latest attack takes the OAuth route to gain access to the victim's mailbox. This gives cybercriminals continual access, regardless of whether the user is logged on or not.
	2022-01-27 14:13:53	Dark Web Service Sells Access to Compromised Accounts and Browser Sessions (lien direct)	When we hear about compromised credentials, there's always the question of “How are they used post-compromise?” In one case, they are fully on display for sale to the highest bidder.
	2022-01-27 14:13:49	Malicious Office Documents Jump to 37% of All Malware Downloads at the End of 2021 (lien direct)	With the ubiquitous use of Microsoft Office today, it should come as no surprise that malicious macro-laden documents continue to reign, with PPT files delivering AgentTesla taking the spotlight.	Malware
	2022-01-27 13:01:08	[Heads Up!] DHS Sounds Alarm on New Russian Destructive Disk Wiper Attack Potential (lien direct)	CNN just reported on a Jan 23 Intelligence Bulletin from the US Department of Homeland Security (DHS) that warned state and local governments and critical infrastructure operators about the risk of Russia hitting the US with cyberattacks in retaliation for a possible US or NATO response to a potential Russian invasion of Ukraine.		NotPetya
	2022-01-26 13:37:30	Ransomware Operators Try to Recruit Insiders (lien direct)	Sixty-five percent of organizations report that their employees have been contacted by ransomware attackers in an attempt to recruit insider threats, according to researchers at Pulse and Hitachi ID.	Ransomware
	2022-01-25 15:30:43	Irish Teaching Council Fined €60,000 for Phishing-Induced Breach (lien direct)	Ireland's Teaching Council has been fined €60,000 by the country's Data Protection Commission (DPC) over a breach of nearly ten thousand teachers' data, the Irish Examiner reports. An attacker gained access to two employees' Gmail accounts by sending credential-harvesting phishing emails, then set up auto-forwarding rules to forward incoming emails to the attacker's email address.
	2022-01-25 14:17:54	CyberheistNews Vol 12 #04 [FBI HEADS UP] US Defense Industry Targeted with New USB-Based Ransomware Attacks (lien direct)		Ransomware
	2022-01-25 13:29:41	2022 Continues The New Decade of Privacy (lien direct)	Privacy issues came about all across the board in 2020, 2021, and 2022 will be no different. From WhatsApp updating their terms of service and losing millions of users to countless proposals by legislatures to enact stricter privacy laws, and the interconnectedness of everything and everyone in our lives, we will begin to see huge advancements in the area of data privacy over the next year. I'll take it up a notch and say that 2022 starts the next decade of privacy - and let's start with Data Privacy Week.
	2022-01-25 13:00:00	[New Benchmarking Feature] Compare Your Organization\'s Security Culture with Other Organizations in Your Industry (lien direct)	We are excited to announce that the KnowBe4 Industry Benchmarking feature has been expanded to now include industry benchmark comparison data for KnowBe4's Security Culture Survey (SCS).
	2022-01-24 14:11:49	A Generational Divide Among Social Engineering Victims (lien direct)	Younger and older people differ in their susceptibility to different types of social engineering attacks, according to researchers at Avast. Younger people tend to fall for scams distributed through social media apps, while older people are more likely to fall for banking and tech support scams.
	2022-01-21 13:24:40	FBI: US Defense Industry Organizations Targeted with USB-Based Ransomware Attacks (lien direct)	Using mailed out “BadUSB” drives as the initial attack vector, cybercriminals are attempting to infiltrate sensitive networks and infect them with BlackMatter or REvil ransomware strains.	Ransomware
	2022-01-21 13:24:37	New U.K. Vishing Scam Offers Significant Phone Plan Discounts in Exchange for your Phone Provider\'s One-Time Security Code (lien direct)	Scammers targeting customers of mobile carrier O2 are enticing victim engagement by offering discounts on their mobile plan as much as 40%.
	2022-01-20 15:22:17	In Order to Have Good Security Culture, Behaviour Comes First (lien direct)	In our efforts to raise awareness among users of the importance of cybersecurity and the part they have to play in it, we sometimes go about things in a long-winded manner.
	2022-01-20 14:26:04	DHL is Now the Most Spoofed Brand in Phishing (lien direct)	International shipping company DHL was the most impersonated brand in phishing attacks during the fourth quarter of 2022, researchers at Check Point have found.
	2022-01-20 14:26:01	Ransomware Attacks are Growing in Number, But Not in Sophistication (lien direct)	As organizations work to protect against the relentless series of ransomware attacks that have plagued businesses large and small, the methods of attack seem to be leveling out.
	2022-01-20 14:25:58	Google Docs Comment Feature is the Key to a New Wave of Phishing Campaigns (lien direct)	Hackers take advantage of legitimate comment functionality as a way to look legitimate, reach the Inbox, and avoid detection, despite using malicious links for phishing attacks.
	2022-01-20 14:25:55	Half of All Organizations Hit by Ransomware Experience Productivity Loss (lien direct)	According to new data, ransomware is expected to be a larger and more likely threat in the next year, making the impacts felt today very relevant as the impetus for improved cybersecurity.	Ransomware Threat
	2022-01-19 20:33:56	KnowBe4\'s Top-Clicked Phishing Email Results for Q4 2021 Compare the U.S. and EMEA [INFOGRAPHIC] (lien direct)	KnowBe4's latest quarterly report on top-clicked phishing email subjects is here. We analyze the top categories, general subjects (in both the United States and Europe, Middle East and Africa), and 'in the wild' attacks.

Last update at: 2024-05-09 05:07:49
See our sources.

To see everything: Our RSS (filtrered)