What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-06-12 13:17:52 | Les organisations prennent 43 heures pour détecter une cyberattaque de phishing de lance Organizations Take 43 Hours to Detect an Spear Phishing Cyber Attack (lien direct) |
|
★★ | ||
|
2023-06-12 00:01:42 | Comment les cybercriminels de NK \\ ont volé 3 milliards de crypto pour financer leurs armes nucléaires How NK\\'s Cyber Criminals Stole 3 Billion in Crypto To Fund Their Nukes (lien direct) |
|
★★ | ||
|
2023-06-07 17:27:13 | Verizon: Email Reigns Supreme comme vecteur d'attaque initial pour les attaques de ransomwares Verizon: Email Reigns Supreme as Initial Attack Vector for Ransomware Attacks (lien direct) |
|
Ransomware | ★★ | |
|
2023-06-06 13:00:00 | Cyberheistnews Vol 13 # 23 [réveil] Il est temps de se concentrer davantage sur la prévention du phishing de lance CyberheistNews Vol 13 #23 [Wake-Up Call] It\\'s Time to Focus More on Preventing Spear Phishing (lien direct) |
CyberheistNews Vol 13 #23 | June 6th, 2023
[Wake-Up Call] It\'s Time to Focus More on Preventing Spear Phishing
Fighting spear phishing attacks is the single best thing you can do to prevent breaches. Social engineering is involved in 70% to 90% of successful compromises. It is the number one way that all hackers and malware compromise devices and networks. No other initial root cause comes close (unpatched software and firmware is a distant second being involved in about 33% of attacks).
A new, HUGE, very important, fact has been gleaned by Barracuda Networks which should impact the way that EVERYONE does security awareness training. Everyone needs to know about this fact and react accordingly.
This is that fact: "...spear phishing attacks that use personalized messages... make up only 0.1% of all email-based attacks according to Barracuda\'s data but are responsible for 66% of all breaches."
Let that sink in for a moment.
What exactly is spear phishing? Spear phishing is when a social engineering attacker uses personal or confidential information they have learned about a potential victim or organization in order to more readily fool the victim into performing a harmful action. Within that definition, spear phishing can be accomplished in thousands of different ways, ranging from basic attacks to more advanced, longer-range attacks.
[CONTINUED] at KnowBe4 blog:https://blog.knowbe4.com/wake-up-call-its-time-to-focus-more-on-preventing-spear-phishing
[Live Demo] Ridiculously Easy Security Awareness Training and Phishing
Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.
Join us TOMORROW, Wednesday, June 7, @ 2:00 PM (ET), for a live demonstration of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing.
Get a look at THREE NEW FEATURES and see how easy it is to train and phish your users.
NEW! Executive Reports - Can create, tailor and deliver advanced executive-level reports
NEW! KnowBe4 |
Ransomware Malware Hack Tool Threat | ★★ | |
|
2023-06-05 14:00:28 | Être un professionnel certifié de sensibilisation à la sécurité et de la culture (SACP) ™ Be a Certified Security Awareness and Culture Professional (SACP)™ (lien direct) |
Threat | ★★★ | ||
|
2023-06-01 17:37:09 | Protéger les données des patients: l'importance de la cybersécurité dans les soins de santé Protecting Patient Data: The Importance of Cybersecurity in Healthcare (lien direct) |
★★ | |||
|
2023-05-31 13:00:00 | Cyberheistnews Vol 13 # 22 [Eye on Fraud] Un examen plus approfondi de la hausse massive de 72% des attaques de phishing financier CyberheistNews Vol 13 #22 [Eye on Fraud] A Closer Look at the Massive 72% Spike in Financial Phishing Attacks (lien direct) |
CyberheistNews Vol 13 #22 | May 31st, 2023
[Eye on Fraud] A Closer Look at the Massive 72% Spike in Financial Phishing Attacks
With attackers knowing financial fraud-based phishing attacks are best suited for the one industry where the money is, this massive spike in attacks should both surprise you and not surprise you at all.
When you want tires, where do you go? Right – to the tire store. Shoes? Yup – shoe store. The most money you can scam from a single attack? That\'s right – the financial services industry, at least according to cybersecurity vendor Armorblox\'s 2023 Email Security Threat Report.
According to the report, the financial services industry as a target has increased by 72% over 2022 and was the single largest target of financial fraud attacks, representing 49% of all such attacks. When breaking down the specific types of financial fraud, it doesn\'t get any better for the financial industry:
51% of invoice fraud attacks targeted the financial services industry
42% were payroll fraud attacks
63% were payment fraud
To make matters worse, nearly one-quarter (22%) of financial fraud attacks successfully bypassed native email security controls, according to Armorblox. That means one in five email-based attacks made it all the way to the Inbox.
The next layer in your defense should be a user that\'s properly educated using security awareness training to easily identify financial fraud and other phishing-based threats, stopping them before they do actual damage.
Blog post with links:https://blog.knowbe4.com/financial-fraud-phishing
[Live Demo] Ridiculously Easy Security Awareness Training and Phishing
Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.
Join us Wednesday, June 7, @ 2:00 PM (ET), for a live demonstration of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing.
Get a look at THREE NEW FEATURES and see how easy it is to train and phish your users.
|
Ransomware Malware Hack Tool Threat Conference | Uber ChatGPT ChatGPT Guam | ★★ |
|
2023-05-24 12:52:37 | Batloader malware est désormais distribué dans des attaques d'entraînement BatLoader Malware is Now Distributed in Drive-By Attacks (lien direct) |
Malware | ★★ | ||
|
2023-05-23 13:00:00 | Cyberheistnews Vol 13 # 21 [Double Trouble] 78% des victimes de ransomwares sont confrontées à plusieurs extensions en tendance effrayante CyberheistNews Vol 13 #21 [Double Trouble] 78% of Ransomware Victims Face Multiple Extortions in Scary Trend (lien direct) |
CyberheistNews Vol 13 #21 | May 23rd, 2023
[Double Trouble] 78% of Ransomware Victims Face Multiple Extortions in Scary Trend
New data sheds light on how likely your organization will succumb to a ransomware attack, whether you can recover your data, and what\'s inhibiting a proper security posture.
You have a solid grasp on what your organization\'s cybersecurity stance does and does not include. But is it enough to stop today\'s ransomware attacks? CyberEdge\'s 2023 Cyberthreat Defense Report provides some insight into just how prominent ransomware attacks are and what\'s keeping orgs from stopping them.
According to the report, in 2023:
7% of organizations were victims of a ransomware attack
7% of those paid a ransom
73% were able to recover data
Only 21.6% experienced solely the encryption of data and no other form of extortion
It\'s this last data point that interests me. Nearly 78% of victim organizations experienced one or more additional forms of extortion. CyberEdge mentions threatening to publicly release data, notifying customers or media, and committing a DDoS attack as examples of additional threats mentioned by respondents.
IT decision makers were asked to rate on a scale of 1-5 (5 being the highest) what were the top inhibitors of establishing and maintaining an adequate defense. The top inhibitor (with an average rank of 3.66) was a lack of skilled personnel – we\'ve long known the cybersecurity industry is lacking a proper pool of qualified talent.
In second place, with an average ranking of 3.63, is low security awareness among employees – something only addressed by creating a strong security culture with new-school security awareness training at the center of it all.
Blog post with links:https://blog.knowbe4.com/ransomware-victim-threats
[Free Tool] Who Will Fall Victim to QR Code Phishing Attacks?
Bad actors have a new way to launch phishing attacks to your users: weaponized QR codes. QR code phishing is especially dangerous because there is no URL to check and messages bypass traditional email filters.
With the increased popularity of QR codes, users are more at |
Ransomware Hack Tool Vulnerability Threat Prediction | ChatGPT | ★★ |
|
2023-05-22 12:00:00 | Cyber Insurance: Is Paying a Ransom Counter-Productive? (lien direct) |
Food à réflexion comme indiqué le 18 mai 2023, un article publié dans Le Conseil de l'assurance australien: Banning Paying A Ransom to Cyber Thaskers est les brouettes Cyber sont les brouettes de cyber l'est les brouettes du cyberCounter-Productive où Andrew Hall, directeur général du Conseil d'assurance de l'Australie (ICA), a déclaré que «tente d'interdire aux entreprises de payer des rançons pour les risques de cyberattaques érodantsconfiance et relations avec le gouvernement. »
Food for thought as discussed on May 18, 2023, an article posted in The Australian Insurance Council: Banning paying a ransom to cyber hackers is counter-productive where Andrew Hall, the Chief Executive of the Insurance Council of Australia (ICA), stated that “attempts to ban businesses from paying ransoms for cyber attacks risks eroding trust and relationships with government.” |
★★ | ||
|
2023-05-18 20:22:37 | Le phishing est en tête de liste dans le monde en tant que vecteur d'attaque initial et dans le cadre des cyberattaques Phishing Tops the List Globally as Both Initial Attack Vector and as part of Cyberattacks (lien direct) |
|
★★ | ||
|
2023-05-16 13:00:00 | CyberheistNews Vol 13 # 20 [pied dans la porte] Les escroqueries de phishing du Q1 2023 \\ |Infographie CyberheistNews Vol 13 #20 [Foot in the Door] The Q1 2023\\'s Top-Clicked Phishing Scams | INFOGRAPHIC (lien direct) |
CyberheistNews Vol 13 #20 | May 16th, 2023
[Foot in the Door] The Q1 2023\'s Top-Clicked Phishing Scams | INFOGRAPHIC
KnowBe4\'s latest reports on top-clicked phishing email subjects have been released for Q1 2023. We analyze "in the wild" attacks reported via our Phish Alert Button, top subjects globally clicked on in phishing tests, top attack vector types, and holiday email phishing subjects.
IT and Online Services Emails Drive Dangerous Attack Trend
This last quarter\'s results reflect the shift to IT and online service notifications such as laptop refresh or account suspension notifications that can affect your end users\' daily work.
Cybercriminals are constantly increasing the damage they cause to organizations by luring unsuspecting employees into clicking on malicious links or downloading fake attachments that seem realistic. Emails that are disguised as coming from an internal source, such as the IT department, are especially dangerous because they appear to come from a trusted place where an employee would not necessarily question it or be as skeptical.
Building up your organization\'s human firewall by fostering a strong security culture is essential to outsmart bad actors. The report covers the following:
Common "In-The-Wild" Emails for Q1 2023
Top Phishing Email Subjects Globally
Top 5 Attack Vector Types
Top 10 Holiday Phishing Email Subjects in Q1 2023
This post has a full PDF infographic you can download and share with your users:https://blog.knowbe4.com/q1-2023-top-clicked-phishing
[New PhishER Feature] Immediately Add User-Reported Email Threats to Your M365 Blocklist
Now there\'s a super easy way to keep malicious emails away from all your users through the power of the KnowBe4 PhishER platform!
The new PhishER Blocklist feature lets you use reported messages to prevent future malicious email with the same sender, URL or attachment from reaching other users. Now you can create a unique list of blocklist entries and dramatically improve your Microsoft 365 email filters without ever leaving the PhishER console.
Join us TOMORROW, Wednesday, May 17, @ 2:00 PM (ET) for a l |
Ransomware Spam Malware Hack Tool Threat | ★★ | |
|
2023-05-15 18:25:35 | L'état des cyber-défenses organisationnelles a un impact The State of Organizational Cyber Defenses Impacts Cyber Insurance Availability, Cost, and Terms (lien direct) |
|
★★ | ||
|
2023-05-15 12:09:55 | Ransomware Gangs are “Big Game Hunting” as Victim Org Sizes and Ransom Payments Continue to Rise (lien direct) |
|
Ransomware | ★★ | |
|
2023-05-11 12:14:18 | Munich Re: "3x croissance estimée en cas de cybercriminalité au cours des 4 prochaines années" Munich Re: "3x growth estimated in cyber crime costs over the next 4 years" (lien direct) |
Alors que les cyberattaques continuent de croître en sophistication et en fréquence, les cyber-assureurs s'attendent à ce que leur marché double au cours des deux prochaines années.
As cyber attacks continue to grow in sophistication and frequency, cyber insurers are expecting their market to double in the next two years. |
★★ | ||
|
2023-05-11 12:14:18 | La demande de cyber-assurance augmente à mesure que la cybercriminalité devrait atteindre 24 billions de dollars d'ici 2027 Cyber Insurance Demand Grows as Cybercrime is Expected to Rise to $24 Trillion by 2027 (lien direct) |
|
★★ | ||
|
2023-05-09 20:43:09 | [Doigt sur la gâchette] Comment le FBI a nuculé le vol de données de data de serpent russe [Finger on the Trigger] How the FBI Nuked Russian FSB\\'s Snake Data Theft Malware (lien direct) |
![[Finger on the Trigger] How the FBI Nuked Russian FSB\'s Snake Data Theft Malware](https://blog.knowbe4.com/hubfs/JasperArt_2023-05-09_16.25.49_1.png)
|
Malware | ★★ | |
|
2023-05-09 14:03:14 | [Infographie] [INFOGRAPHIC] (lien direct) |
★★★★ | |||
|
2023-05-09 13:00:00 | Cyberheistnews Vol 13 # 19 [Watch Your Back] Nouvelle fausse erreur de mise à jour Chrome Attaque cible vos utilisateurs CyberheistNews Vol 13 #19 [Watch Your Back] New Fake Chrome Update Error Attack Targets Your Users (lien direct) |
CyberheistNews Vol 13 #19 | May 9th, 2023
[Watch Your Back] New Fake Chrome Update Error Attack Targets Your Users
Compromised websites (legitimate sites that have been successfully compromised to support social engineering) are serving visitors fake Google Chrome update error messages.
"Google Chrome users who use the browser regularly should be wary of a new attack campaign that distributes malware by posing as a Google Chrome update error message," Trend Micro warns. "The attack campaign has been operational since February 2023 and has a large impact area."
The message displayed reads, "UPDATE EXCEPTION. An error occurred in Chrome automatic update. Please install the update package manually later, or wait for the next automatic update." A link is provided at the bottom of the bogus error message that takes the user to what\'s misrepresented as a link that will support a Chrome manual update. In fact the link will download a ZIP file that contains an EXE file. The payload is a cryptojacking Monero miner.
A cryptojacker is bad enough since it will drain power and degrade device performance. This one also carries the potential for compromising sensitive information, particularly credentials, and serving as staging for further attacks.
This campaign may be more effective for its routine, innocent look. There are no spectacular threats, no promises of instant wealth, just a notice about a failed update. Users can become desensitized to the potential risks bogus messages concerning IT issues carry with them.
Informed users are the last line of defense against attacks like these. New school security awareness training can help any organization sustain that line of defense and create a strong security culture.
Blog post with links:https://blog.knowbe4.com/fake-chrome-update-error-messages
A Master Class on IT Security: Roger A. Grimes Teaches You Phishing Mitigation
Phishing attacks have come a long way from the spray-and-pray emails of just a few decades ago. Now they\'re more targeted, more cunning and more dangerous. And this enormous security gap leaves you open to business email compromise, session hijacking, ransomware and more.
Join Roger A. Grimes, KnowBe4\'s Data-Driven Defense Evangelist, |
Ransomware Data Breach Spam Malware Tool Threat Prediction | NotPetya NotPetya APT 28 ChatGPT ChatGPT | ★★ |
|
2023-05-09 12:00:00 | Le département de police de Dallas est la dernière victime d'une attaque de ransomware Dallas Police Department is the Latest Victim of a Ransomware Attack (lien direct) |
|
Ransomware | ★★ | |
|
2023-05-08 13:59:46 | Améligations anti-phishing complètes: un aperçu rapide Comprehensive Anti-Phishing Mitigations: A Quick Overview (lien direct) |
|
★★ | ||
|
2023-05-04 12:39:05 | Les cyberattaques mondiales continuent d'augmenter alors que le premier trimestre voit une augmentation de 7% Global Cyber Attacks Continue to Rise as Q1 Sees a 7% Increase (lien direct) |
|
★★ | ||
|
2023-05-04 12:28:47 | Téléchargements de logiciels malveillants facilités par l'ingénierie sociale Malware Downloads Facilitated by Social Engineering (lien direct) |
|
Malware | ★★ | |
|
2023-05-04 12:00:00 | [Kit de ressources gratuit] Nouveau kit de ressources de sécurité de mot de passe pour célébrer la Journée mondiale des mots de passe! [FREE RESOURCE KIT] New Password Security Resource Kit to Celebrate World Password Day! (lien direct) |
![[FREE RESOURCE KIT] New Password Security Resource Kit to Celebrate World Password Day!](https://blog.knowbe4.com/hs-fs/hubfs/Password-Kit-Group-Image.png?width=600&height=363&name=Password-Kit-Group-Image.png)
|
★★★ | ||
|
2023-05-02 14:34:03 | Faux messages d'erreur de mise à jour Chrome Fake Chrome Update Error Messages (lien direct) |
|
★★ | ||
|
2023-05-02 13:00:00 | Cyberheistnews Vol 13 # 18 [Eye on Ai] Chatgpt a-t-il la cybersécurité indique-t-elle? CyberheistNews Vol 13 #18 [Eye on AI] Does ChatGPT Have Cybersecurity Tells? (lien direct) |
CyberheistNews Vol 13 #18 | May 2nd, 2023
[Eye on AI] Does ChatGPT Have Cybersecurity Tells?
Poker players and other human lie detectors look for "tells," that is, a sign by which someone might unwittingly or involuntarily reveal what they know, or what they intend to do. A cardplayer yawns when they\'re about to bluff, for example, or someone\'s pupils dilate when they\'ve successfully drawn a winning card.
It seems that artificial intelligence (AI) has its tells as well, at least for now, and some of them have become so obvious and so well known that they\'ve become internet memes. "ChatGPT and GPT-4 are already flooding the internet with AI-generated content in places famous for hastily written inauthentic content: Amazon user reviews and Twitter," Vice\'s Motherboard observes, and there are some ways of interacting with the AI that lead it into betraying itself for what it is.
"When you ask ChatGPT to do something it\'s not supposed to do, it returns several common phrases. When I asked ChatGPT to tell me a dark joke, it apologized: \'As an AI language model, I cannot generate inappropriate or offensive content,\' it said. Those two phrases, \'as an AI language model\' and \'I cannot generate inappropriate content,\' recur so frequently in ChatGPT generated content that they\'ve become memes."
That happy state of easy detection, however, is unlikely to endure. As Motherboard points out, these tells are a feature of "lazily executed" AI. With a little more care and attention, they\'ll grow more persuasive.
One risk of the AI language models is that they can be adapted to perform social engineering at scale. In the near term, new-school security awareness training can help alert your people to the tells of automated scamming. And in the longer term, that training will adapt and keep pace with the threat as it evolves.
Blog post with links:https://blog.knowbe4.com/chatgpt-cybersecurity-tells
[Live Demo] Ridiculously Easy Security Awareness Training and Phishing
Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.
Join us TOMORROW, Wednesday, May 3, @ 2:00 PM (ET), for a live demonstration of how KnowBe4 |
Ransomware Malware Hack Threat | ChatGPT ChatGPT | ★★ |
|
2023-05-02 12:22:23 | Les deux meilleures choses que vous pouvez faire pour vous protéger et l'organisation The Two Best Things You Can Do To Protect Yourself and Organization (lien direct) |
Depuis le début, deux types d'attaques informatiques (appelés Exploits de cause racine initiale ) ont composé la grande majorité des attaques réussies: Génie social et exploiter les vulnérabilités non corrigées.Ces deux causes profondes représentent entre 50% et 90% de toutes les attaques réussies.Il y a des tonnes d'autres façons dont vous pouvez être attaqué (par exemple, devinettes de mot de passe, une mauvaise configuration, des écoutes, des attaques physiques, etc.), mais tous les autres types d'attaques additionnés ne sont pas égaux à l'une ou l'autre des deux autres méthodes les plus populaires.
Since the beginning, two types of computer attacks (known as initial root cause exploits) have composed the vast majority of successful attacks: social engineering and exploiting unpatched vulnerabilities. These two root causes account for somewhere between 50% to 90% of all successful attacks. There are tons of other ways you can be attacked (e.g., password guessing, misconfiguration, eavesdropping, physical attacks, etc.), but all other types of attacks added up all together do not equal either of the other two more popular methods. |
★★ | ||
|
2023-05-02 12:21:31 | Phishing comme tactique d'espionnage pour les cybercriminels Phishing as an Espionage Tactic for Cybercriminals (lien direct) |
★★ | |||
|
2023-05-01 14:31:33 | La fréquence d'attaque de phishing augmente près de 50% à mesure que certains secteurs augmentent jusqu'à 576% Phishing Attack Frequency Rises Nearly 50% as Some Sectors Increase by as Much as 576% (lien direct) |
|
★★★ | ||
|
2023-04-27 12:08:22 | Les dernières attaques QBOT utilisent un mélange de pièces jointes PDF et de fichiers hôtes de script Windows pour infecter les victimes Latest QBot Attacks Use a Mixture of PDF Attachments and Windows Scripting Host Files to Infect Victims (lien direct) |
Malware | ★★ | ||
|
2023-04-27 12:07:48 | Malgré la majorité des organisations croyant qu'elles étaient préparées pour les cyberattaques, la moitié étaient toujours victimes Despite a Majority of Organizations Believing They\\'re Prepared for Cyber Attacks, Half Were Still Victims (lien direct) |
|
★★ | ||
|
2023-04-25 13:00:00 | Cyberheistnews Vol 13 # 17 [Head Start] Méthodes efficaces Comment enseigner l'ingénierie sociale à une IA CyberheistNews Vol 13 #17 [Head Start] Effective Methods How To Teach Social Engineering to an AI (lien direct) |
CyberheistNews Vol 13 #16 | April 18th, 2023
[Finger on the Pulse]: How Phishers Leverage Recent AI Buzz
Curiosity leads people to suspend their better judgment as a new campaign of credential theft exploits a person\'s excitement about the newest AI systems not yet available to the general public. On Tuesday morning, April 11th, Veriti explained that several unknown actors are making false Facebook ads which advertise a free download of AIs like ChatGPT and Google Bard.
Veriti writes "These posts are designed to appear legitimate, using the buzz around OpenAI language models to trick unsuspecting users into downloading the files. However, once the user downloads and extracts the file, the Redline Stealer (aka RedStealer) malware is activated and is capable of stealing passwords and downloading further malware onto the user\'s device."
Veriti describes the capabilities of the Redline Stealer malware which, once downloaded, can take sensitive information like credit card numbers, passwords, and personal information like user location, and hardware. Veriti added "The malware can upload and download files, execute commands, and send back data about the infected computer at regular intervals."
Experts recommend using official Google or OpenAI websites to learn when their products will be available and only downloading files from reputable sources. With the rising use of Google and Facebook ads as attack vectors experts also suggest refraining from clicking on suspicious advertisements promising early access to any product on the Internet.
Employees can be helped to develop sound security habits like these by stepping them through monthly social engineering simulations.
Blog post with links:https://blog.knowbe4.com/ai-hype-used-for-phishbait
[New PhishER Feature] Immediately Add User-Reported Email Threats to Your M365 Blocklist
Now there\'s a super easy way to keep malicious emails away from all your users through the power of the KnowBe4 PhishER platform!
The new PhishER Blocklist feature lets you use reported messages to prevent future malicious email with the same sender, URL or attachment from reaching other users. Now you can create a unique list of blocklist entries and dramatically improve your Microsoft 365 email filters with |
Spam Malware Hack Threat | APT 28 ChatGPT ChatGPT | ★★★ |
|
2023-04-22 12:48:10 | [Heads Up] Le nouveau service Fednow ouvre une nouvelle surface d'attaque massive [Heads Up] The New FedNow Service Opens Massive New Attack Surface (lien direct) |
![[Heads Up] Le nouveau service FedNow ouvre une nouvelle surface d'attaque massive](https://blog.knowbe4.com/hubfs/idebar-fednow-Explorer-v3.jpg )
Vous n'avez peut-être pas entendu parler de ce service prévu pour juillet 2023, mais cela promet unMassive Nouveau Génie social Surface d'attaque.Ceci provient de leur site Web: "À propos du service FedNowsm. Le service Fednow est une nouvelle infrastructure de paiement instantané développée par la Réserve fédérale qui permetServices de paiement. "Grâce à des institutions financières participant au service Fednow, les entreprises et les particuliers peuvent envoyer et recevoir des paiements instantanés en temps réel, 24 heures sur 24, tous les jours de l'année.Les institutions financières et leur service & nbsp;Les fournisseurs peuvent utiliser le service pour fournir des services de paiement instantané innovants aux clients, et les destinataires auront un accès complet aux fonds immédiatement, ce qui permet une plus grande flexibilité financière lors de la mise en temps sensible au temps. "Ceci est le site: https://www.frbservices.org/financial-services/fednow/about.html VousPeut imaginer la boîte de Pandora \\ que cela s'ouvre. Nous, chez Knowbe4, organisons un concours interne pour trouver des exploits d'ingénierie sociale potentiels et phishing Modèles. Nous avons un tas de personnes très créatives travaillant ici, ce sont les principales soumissions:
![[Heads Up] The New FedNow Service Opens Massive New Attack Surface](https://blog.knowbe4.com/hubfs/sidebar-fednow-explorer-v3.jpg)
You may not have heard of this service planned for July 2023, but it promises a massive new social engineering attack surface. This is from their website:"About the FedNowSM Service. The FedNow Service is a new instant payment infrastructure developed by the Federal Reserve that allows financial institutions of every size across the U.S. to provide safe and efficient instant payment services."Through financial institutions participating in the FedNow Service, businesses and individuals can send and receive instant payments in real time, around the clock, every day of the year. Financial institutions and their service providers can use the service to provide innovative instant payment services to customers, and recipients will have full access to funds immediately, allowing for greater financial flexibility when making time-sensitive payments." This is the site: https://www.frbservices.org/financial-services/fednow/about.htmlYou can imagine the pandora\'s box this opens up. We at KnowBe4 ran an internal contest to come up with potential social engineering exploits and phishing templates. We have a bunch of very creative people working here, these are the top submissions: |
★★ | ||
|
2023-04-20 12:22:15 | Plus d'entreprises avec cyber-assurance sont touchées par des ransomwares que ceux sans More Companies with Cyber Insurance Are Hit by Ransomware Than Those Without (lien direct) |
|
Ransomware | ★★★★ | |
|
2023-04-20 12:21:59 | Près de la moitié des professionnels de l'informatique sont invités à se taire sur les violations de sécurité Nearly One-Half of IT Pros are Told to Keep Quiet About Security Breaches (lien direct) |
|
★★ | ||
|
2023-04-20 12:21:53 | Le volume des e-mails de phishing double au premier trimestre alors que l'utilisation de logiciels malveillants dans les attaques diminue légèrement Phishing Email Volume Doubles in Q1 as the use of Malware in Attacks Slightly Declines (lien direct) |
|
Malware | ★★ | |
|
2023-04-18 18:43:56 | [ARM et une jambe] Les cyber-assureurs s'inquiètent du coût des attaques à longue queue [Arm and a Leg] Cyber Insurers Are Worried About The Long-tail Cost of Attacks (lien direct) |
![[ARM et une jambe] Les cyber-assureurs sont préoccupés par le coût à longue queue des attaques]( https: //blog.knowbe4.com/hubfs/jasperart_2023-04-18_14.36.00_4.png )
[munitions budgétaires] James Rundle au Wall Street Journal a publié aujourd'hui un article très intéressant sur les coûts à long terme des cyberattaques et le faitQue les cyber-assureurs deviennent de plus en plus inquiets que leurs modèles ne couvrent pas ces répercussions à longue queue.L'un des problèmes est qu'il existe un nombre important de réclamations qui ne se sont pas encore réglées devant les tribunaux, ce qui pourrait prendre des années pour être finalement conclu. & Nbsp;
![[Arm and a Leg] Cyber Insurers Are Worried About The Long-tail Cost of Attacks](https://blog.knowbe4.com/hubfs/JasperArt_2023-04-18_14.36.00_4.png)
[BUDGET AMMO] James Rundle at the The Wall Street Journal today published a very interesting article about the long-term costs of cyber attacks and the fact that cyber insurers are getting more and more worried that their models do not cover these long-tail repercussions. One of the problems is that there are a significant number of claims that have not settled out in the courts yet, which might take years to get finally concluded. |
★★ | ||
|
2023-04-18 13:00:00 | Cyberheistnews Vol 13 # 16 [doigt sur le pouls]: comment les phishers tirent parti de l'IA récent Buzz CyberheistNews Vol 13 #16 [Finger on the Pulse]: How Phishers Leverage Recent AI Buzz (lien direct) |
CyberheistNews Vol 13 #16 | April 18th, 2023
[Finger on the Pulse]: How Phishers Leverage Recent AI Buzz
Curiosity leads people to suspend their better judgment as a new campaign of credential theft exploits a person\'s excitement about the newest AI systems not yet available to the general public. On Tuesday morning, April 11th, Veriti explained that several unknown actors are making false Facebook ads which advertise a free download of AIs like ChatGPT and Google Bard.
Veriti writes "These posts are designed to appear legitimate, using the buzz around OpenAI language models to trick unsuspecting users into downloading the files. However, once the user downloads and extracts the file, the Redline Stealer (aka RedStealer) malware is activated and is capable of stealing passwords and downloading further malware onto the user\'s device."
Veriti describes the capabilities of the Redline Stealer malware which, once downloaded, can take sensitive information like credit card numbers, passwords, and personal information like user location, and hardware. Veriti added "The malware can upload and download files, execute commands, and send back data about the infected computer at regular intervals."
Experts recommend using official Google or OpenAI websites to learn when their products will be available and only downloading files from reputable sources. With the rising use of Google and Facebook ads as attack vectors experts also suggest refraining from clicking on suspicious advertisements promising early access to any product on the Internet.
Employees can be helped to develop sound security habits like these by stepping them through monthly social engineering simulations.
Blog post with links:https://blog.knowbe4.com/ai-hype-used-for-phishbait
[New PhishER Feature] Immediately Add User-Reported Email Threats to Your M365 Blocklist
Now there\'s a super easy way to keep malicious emails away from all your users through the power of the KnowBe4 PhishER platform!
The new PhishER Blocklist feature lets you use reported messages to prevent future malicious email with the same sender, URL or attachment from reaching other users. Now you can create a unique list of blocklist entries and dramatically improve your Microsoft 365 email filters without ever leav |
Spam Malware Hack Threat | APT 28 ChatGPT ChatGPT | ★★★ |
|
2023-04-17 15:39:56 | La plate-forme de billetterie indienne des passagères révèle la fraude en ligne Indian Rail Passenger Ticketing Platform Warns of Online Fraud (lien direct) |
|
★★ | ||
|
2023-04-12 12:20:54 | Gagnez les guerres d'IA pour améliorer la sécurité et réduire le cyber-risque Win The AI Wars To Enhance Security And Decrease Cyber Risk (lien direct) |
ChatGPT ChatGPT | ★★ | ||
|
2023-04-11 13:16:54 | Cyberheistnews Vol 13 # 15 [Le nouveau visage de la fraude] FTC fait la lumière sur les escroqueries d'urgence familiale améliorées AI-AI CyberheistNews Vol 13 #15 [The New Face of Fraud] FTC Sheds Light on AI-Enhanced Family Emergency Scams (lien direct) |
CyberheistNews Vol 13 #15 | April 11th, 2023
[The New Face of Fraud] FTC Sheds Light on AI-Enhanced Family Emergency Scams
The Federal Trade Commission is alerting consumers about a next-level, more sophisticated family emergency scam that uses AI which imitates the voice of a "family member in distress."
They started out with: "You get a call. There\'s a panicked voice on the line. It\'s your grandson. He says he\'s in deep trouble - he wrecked the car and landed in jail. But you can help by sending money. You take a deep breath and think. You\'ve heard about grandparent scams. But darn, it sounds just like him. How could it be a scam? Voice cloning, that\'s how."
"Don\'t Trust The Voice"
The FTC explains: "Artificial intelligence is no longer a far-fetched idea out of a sci-fi movie. We\'re living with it, here and now. A scammer could use AI to clone the voice of your loved one. All he needs is a short audio clip of your family member\'s voice - which he could get from content posted online - and a voice-cloning program. When the scammer calls you, he\'ll sound just like your loved one.
"So how can you tell if a family member is in trouble or if it\'s a scammer using a cloned voice? Don\'t trust the voice. Call the person who supposedly contacted you and verify the story. Use a phone number you know is theirs. If you can\'t reach your loved one, try to get in touch with them through another family member or their friends."
Full text of the alert is at the FTC website. Share with friends, family and co-workers:https://blog.knowbe4.com/the-new-face-of-fraud-ftc-sheds-light-on-ai-enhanced-family-emergency-scams
A Master Class on IT Security: Roger A. Grimes Teaches Ransomware Mitigation
Cybercriminals have become thoughtful about ransomware attacks; taking time to maximize your organization\'s potential damage and their payoff. Protecting your network from this growing threat is more important than ever. And nobody knows this more than Roger A. Grimes, Data-Driven Defense Evangelist at KnowBe4.
With 30+ years of experience as a computer security consultant, instructor, and award-winning author, Roger has dedicated his life to making |
Ransomware Data Breach Spam Malware Hack Tool Threat | ChatGPT ChatGPT | ★★ |
|
2023-04-11 12:20:01 | Top à emporter, vous pourriez manquer ma prochaine classe de maître de ransomware Top Takeaways You Could be Missing Out on my Upcoming Ransomware Master Class (lien direct) |
|
Ransomware | ★★ | |
|
2023-04-11 12:00:00 | [Outil gratuit] Voir quels utilisateurs sont susceptibles de se faire un comportement de sécurité risqué avec l'aperçu gratuit de SecurityCoach! [Free Tool] See Which Users Are Susceptible to Risky Security Behavior with SecurityCoach Free Preview! (lien direct) |
Data Breach Hack | ★★ | ||
|
2023-04-10 14:21:40 | La campagne alarmante de phishing fiscal nous cible avec des logiciels malveillants Alarming Tax Phishing Campaign Targets US with Malware (lien direct) |
|
Malware | ★★ | |
|
2023-04-06 12:33:39 | New Emotet Phishing Campaign fait semblant d'être les formulaires IRS livrant W-9 New Emotet Phishing Campaign Pretends to be the IRS Delivering W-9 Forms (lien direct) |
|
★★ | ||
|
2023-04-06 12:33:35 | FBI: Les attaques de compromis par courrier électronique d'entreprise sont utilisées pour effectuer des achats de marchandises en vrac auprès des fournisseurs FBI: Business Email Compromise Attacks Are Being Used to Make Bulk Goods Purchases from Vendors (lien direct) |
|
★★ | ||
|
2023-04-04 13:50:02 | Scareware d'un groupe de ransomwares bidon Scareware From a Phony Ransomware Group (lien direct) |
|
Ransomware | ★★ | |
|
2023-04-04 13:00:00 | CyberheistNews Vol 13 # 14 [Eyes sur le prix] Comment les inconvénients croissants ont tenté un courteur par e-mail de 36 millions de vendeurs CyberheistNews Vol 13 #14 [Eyes on the Prize] How Crafty Cons Attempted a 36 Million Vendor Email Heist (lien direct) |
CyberheistNews Vol 13 #14 | April 4th, 2023
[Eyes on the Prize] How Crafty Cons Attempted a 36 Million Vendor Email Heist
The details in this thwarted VEC attack demonstrate how the use of just a few key details can both establish credibility and indicate the entire thing is a scam.
It\'s not every day you hear about a purely social engineering-based scam taking place that is looking to run away with tens of millions of dollars. But, according to security researchers at Abnormal Security, cybercriminals are becoming brazen and are taking their shots at very large prizes.
This attack begins with a case of VEC – where a domain is impersonated. In the case of this attack, the impersonated vendor\'s domain (which had a .com top level domain) was replaced with a matching .cam domain (.cam domains are supposedly used for photography enthusiasts, but there\'s the now-obvious problem with it looking very much like .com to the cursory glance).
The email attaches a legitimate-looking payoff letter complete with loan details. According to Abnormal Security, nearly every aspect of the request looked legitimate. The telltale signs primarily revolved around the use of the lookalike domain, but there were other grammatical mistakes (that can easily be addressed by using an online grammar service or ChatGPT).
This attack was identified well before it caused any damage, but the social engineering tactics leveraged were nearly enough to make this attack successful. Security solutions will help stop most attacks, but for those that make it past scanners, your users need to play a role in spotting and stopping BEC, VEC and phishing attacks themselves – something taught through security awareness training combined with frequent simulated phishing and other social engineering tests.
Blog post with screenshots and links:https://blog.knowbe4.com/36-mil-vendor-email-compromise-attack
[Live Demo] Ridiculously Easy Security Awareness Training and Phishing
Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.
Join us TOMORROW, Wednesday, April 5, @ 2:00 PM (ET), for a live demo of how KnowBe4 i |
Ransomware Malware Hack Threat | ChatGPT ChatGPT APT 43 | ★★ |
|
2023-04-03 18:32:00 | Latitude forcée d'arrêter d'ajouter de nouveaux clients à la suite de la violation Latitude Forced To Stop Adding New Customers in Aftermath of Breach (lien direct) |
Data Breach Threat | ★★ | ||
|
2023-04-03 15:51:13 | La police ukrainienne élimine la cybercriminalité Ukrainian Police Take Down Cybercrime Ring (lien direct) |
|
★★ |
To see everything:
Our RSS (filtrered)
