SEC News

What's new arround internet

Last one

Src	Date (GMT)	Titre	Description	Tags	Stories	Notes
	2024-01-25 17:43:48	Le nombre de victimes d'attaque ransomware augmente en 2023 à plus de 4000 The Number of Ransomware Attack Victims Surge in 2023 to over 4000 (lien direct)	La poussée de ransomware -As-A-Service Affiliates est probablement la raison de l'augmentation spectaculaire du nombre d'organisations victimes, avec tous les indicateurs suggérant que cette tendance persistera en 2024. The surge in Ransomware-as-a-Service affiliates is likely the reason behind the dramatic increase in the number of victimized organizations, with all indicators suggesting that this trend will persist into 2024.	Ransomware Prediction		★★★
	2024-01-10 19:52:40	Pikabot malware se propage par les campagnes de phishing Pikabot Malware Spreading Through Phishing Campaigns (lien direct)		Malware Threat Prediction		★★
	2023-12-28 18:30:00	Les violations des données d'attaque d'identification prévues pour augmenter en 2024 Impersonation Attack Data Breaches Predicted to Increase in 2024 (lien direct)	avec une grande partie d'une attaque sur une capacité de cybercriminels à accéder aux systèmes, aux applications et aux données, les experts prédisent que la tendance à l'augmentation de l'identité ne fera qu'empirer. With so much of an attack riding on a cybercriminals ability to gain access to systems, applications and data, experts predict the trend of rising impersonation is only going to get worse.	Prediction		★★★
	2023-11-12 15:12:07	Désinformation de l'IA exposée: un faux "Tom Cruise" attaque les Jeux olympiques AI Disinformation Exposed: A Fake "Tom Cruise" Attacks the Olympics (lien direct)	En utilisant une page directement hors du livre de jeu KGB, une nouvelle attaque de désinformation dirigée par AI a été déchaînée.La dernière victime de cette tendance inquiétante n'est autre que le Comité international olympique (CIO).Voici plus sur la façon dont l'IA a été mal utilisée pour créer une fausse campagne de nouvelles ciblant l'un des corps sportifs les plus connus du monde. Une série "documentaire", fabriquée à l'aide d'une IA avancée,A présenté la star de la voix de Hollywood, Tom Cruise.Cependant, c'était une illusion.La voix, les allégations, le prétendu documentaire intitulé «Les Jeux olympiques ont diminué» & # 8211;Rien de tout cela n'était réel.Cette série a allégué une corruption au cœur du CIO, une affirmation qui a depuis été démystifiée mais pas avant de provoquer des ondulations importantes. Ce qui rend cet incident particulièrement alarmant, c'est l'utilisation sophistiquée de l'IA pour cloner les voix de célébrités.Il ne s'agit pas seulement du CIO ou des Jeux olympiques;C'est un exemple flagrant des défis éthiques et juridiques posés par l'IA.L'utilisation abusive des voix de célébrités comme Tom Cruise, Tom Hanks et Scarlett Johansson montre une responsabilité de l'industrie du divertissement & # 8211;L'utilisation non autorisée et contraire à l'éthique de l'IA pour Génie social . L'attaquea fait une mise en évidence avec la suspension du Comité olympique national de Russie sur les tensions géopolitiques, en particulier la reconnaissance des organisations sportives régionales dans les territoires ukrainiens contestés.Le moment de cette campagne de désinformation est un effort orchestré pour tirer parti des événements mondiaux à enjeux élevés pour influencer l'opinion publique. & Nbsp; Le CIO, en réponse, a été proactif En dénonçant ces Deepfakes générés par l'AI et a conseillé aux représentants des médias de confirmer l'authenticité d'un tel contenuavec leur bureau de presse.Malgré leurs efforts pour supprimer le contenu des plateformes comme YouTube, il a trouvé un paradis sur un canal télégramme, montrant qu'il est très difficile de contrôler la désinformation de la propagation sur Internet. Cet incident sert deUn rappel brutal de la nature à double tranchant de l'IA.Alors que l'IA a le potentiel de révolutionner notre monde de manière positive, son utilisation abusive peut entraîner des conséquences importantes.Pour des organisations comme le CIO, c'est un réveil aux menaces du nouvel âge auxquelles ils sont confrontés & # 8211;où le champ de bataille n'est pas seulement physique mais de plus en plus numérique. Using a page straight out of the KGB playbook, a new AI-driven disinformation attack has been unleashed. The latest victim of this disturbing trend is none other than the International Olym	Prediction		★★
	2023-05-23 13:00:00	Cyberheistnews Vol 13 # 21 [Double Trouble] 78% des victimes de ransomwares sont confrontées à plusieurs extensions en tendance effrayante CyberheistNews Vol 13 #21 [Double Trouble] 78% of Ransomware Victims Face Multiple Extortions in Scary Trend (lien direct)	CyberheistNews Vol 13 #21 \| May 23rd, 2023 [Double Trouble] 78% of Ransomware Victims Face Multiple Extortions in Scary Trend New data sheds light on how likely your organization will succumb to a ransomware attack, whether you can recover your data, and what\'s inhibiting a proper security posture. You have a solid grasp on what your organization\'s cybersecurity stance does and does not include. But is it enough to stop today\'s ransomware attacks? CyberEdge\'s 2023 Cyberthreat Defense Report provides some insight into just how prominent ransomware attacks are and what\'s keeping orgs from stopping them. According to the report, in 2023: 7% of organizations were victims of a ransomware attack 7% of those paid a ransom 73% were able to recover data Only 21.6% experienced solely the encryption of data and no other form of extortion It\'s this last data point that interests me. Nearly 78% of victim organizations experienced one or more additional forms of extortion. CyberEdge mentions threatening to publicly release data, notifying customers or media, and committing a DDoS attack as examples of additional threats mentioned by respondents. IT decision makers were asked to rate on a scale of 1-5 (5 being the highest) what were the top inhibitors of establishing and maintaining an adequate defense. The top inhibitor (with an average rank of 3.66) was a lack of skilled personnel – we\'ve long known the cybersecurity industry is lacking a proper pool of qualified talent. In second place, with an average ranking of 3.63, is low security awareness among employees – something only addressed by creating a strong security culture with new-school security awareness training at the center of it all. Blog post with links:https://blog.knowbe4.com/ransomware-victim-threats [Free Tool] Who Will Fall Victim to QR Code Phishing Attacks? Bad actors have a new way to launch phishing attacks to your users: weaponized QR codes. QR code phishing is especially dangerous because there is no URL to check and messages bypass traditional email filters. With the increased popularity of QR codes, users are more at	Ransomware Hack Tool Vulnerability Threat Prediction	ChatGPT	★★
	2023-05-09 13:00:00	Cyberheistnews Vol 13 # 19 [Watch Your Back] Nouvelle fausse erreur de mise à jour Chrome Attaque cible vos utilisateurs CyberheistNews Vol 13 #19 [Watch Your Back] New Fake Chrome Update Error Attack Targets Your Users (lien direct)	CyberheistNews Vol 13 #19 \| May 9th, 2023 [Watch Your Back] New Fake Chrome Update Error Attack Targets Your Users Compromised websites (legitimate sites that have been successfully compromised to support social engineering) are serving visitors fake Google Chrome update error messages. "Google Chrome users who use the browser regularly should be wary of a new attack campaign that distributes malware by posing as a Google Chrome update error message," Trend Micro warns. "The attack campaign has been operational since February 2023 and has a large impact area." The message displayed reads, "UPDATE EXCEPTION. An error occurred in Chrome automatic update. Please install the update package manually later, or wait for the next automatic update." A link is provided at the bottom of the bogus error message that takes the user to what\'s misrepresented as a link that will support a Chrome manual update. In fact the link will download a ZIP file that contains an EXE file. The payload is a cryptojacking Monero miner. A cryptojacker is bad enough since it will drain power and degrade device performance. This one also carries the potential for compromising sensitive information, particularly credentials, and serving as staging for further attacks. This campaign may be more effective for its routine, innocent look. There are no spectacular threats, no promises of instant wealth, just a notice about a failed update. Users can become desensitized to the potential risks bogus messages concerning IT issues carry with them. Informed users are the last line of defense against attacks like these. New school security awareness training can help any organization sustain that line of defense and create a strong security culture. Blog post with links:https://blog.knowbe4.com/fake-chrome-update-error-messages A Master Class on IT Security: Roger A. Grimes Teaches You Phishing Mitigation Phishing attacks have come a long way from the spray-and-pray emails of just a few decades ago. Now they\'re more targeted, more cunning and more dangerous. And this enormous security gap leaves you open to business email compromise, session hijacking, ransomware and more. Join Roger A. Grimes, KnowBe4\'s Data-Driven Defense Evangelist,	Ransomware Data Breach Spam Malware Tool Threat Prediction	NotPetya NotPetya APT 28 ChatGPT ChatGPT	★★
	2023-02-28 14:00:00	CyberheistNews Vol 13 #09 [Eye Opener] Should You Click on Unsubscribe? (lien direct)	CyberheistNews Vol 13 #09 \| February 28th, 2023 [Eye Opener] Should You Click on Unsubscribe? By Roger A. Grimes. Some common questions we get are "Should I click on an unwanted email's 'Unsubscribe' link? Will that lead to more or less unwanted email?" The short answer is that, in general, it is OK to click on a legitimate vendor's unsubscribe link. But if you think the email is sketchy or coming from a source you would not want to validate your email address as valid and active, or are unsure, do not take the chance, skip the unsubscribe action. In many countries, legitimate vendors are bound by law to offer (free) unsubscribe functionality and abide by a user's preferences. For example, in the U.S., the 2003 CAN-SPAM Act states that businesses must offer clear instructions on how the recipient can remove themselves from the involved mailing list and that request must be honored within 10 days. Note: Many countries have laws similar to the CAN-SPAM Act, although with privacy protection ranging the privacy spectrum from very little to a lot more protection. The unsubscribe feature does not have to be a URL link, but it does have to be an "internet-based way." The most popular alternative method besides a URL link is an email address to use. In some cases, there are specific instructions you have to follow, such as put "Unsubscribe" in the subject of the email. Other times you are expected to craft your own message. Luckily, most of the time simply sending any email to the listed unsubscribe email address is enough to remove your email address from the mailing list. [CONTINUED] at the KnowBe4 blog:https://blog.knowbe4.com/should-you-click-on-unsubscribe [Live Demo] Ridiculously Easy Security Awareness Training and Phishing Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense. Join us TOMORROW, Wednesday, March 1, @ 2:00 PM (ET), for a live demo of how KnowBe4 introduces a new-school approac	Malware Hack Tool Vulnerability Threat Guideline Prediction	APT 38 ChatGPT	★★★
	2023-01-24 18:14:53	(Déjà vu) 2022 Report Confirms Business-Related Phishing Emails Trend [INFOGRAPHIC] (lien direct)	KnowBe4's latest reports on top-clicked phishing email subjects have been released for 2022 and Q4 2022. We analyze 'in the wild' attacks reported via our Phish Alert Button, top subjects globally clicked on in phishing tests, top attack vector types, and holiday email phishing subjects.	Prediction		★★★★★

Last update at: 2024-05-31 07:08:03
See our sources.

To see everything: Our RSS (filtrered)