Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2022-02-07 14:55:24 |
As Tax Season Starts, So Do IRS Scams - Here\'s What to Look For (lien direct) |
It's that time again, when we all dread finding out if we owe money or not. And cybercriminals are banking on it with a wide range of scams that all impersonate the IRS. |
|
|
|
|
2022-02-04 18:28:02 |
KnowBe4 Named a Leader in the Winter 2022 G2 Grid Report for Security Orchestration, Automation, and Response (SOAR) (lien direct) |
We are excited to announce that KnowBe4 has been named a leader in the Winter 2022 G2 Grid Report for Security Orchestration, Automation, and Response (SOAR) for the PhishER platform for the third consecutive quarter! |
Guideline
|
|
|
|
2022-02-04 13:59:55 |
Phone Number Only Phishing on the Rise (lien direct) |
I do not have the data to support my conclusion, but myself and others have noticed the sharp increase in email phishing attempts that include only a phishing message and a phone number to call. There are no embedded links or file attachments, and the subjects are just plausible enough that I can see them slipping by normal phishing filters and tricking some very small percentage of people. |
|
|
|
|
2022-02-03 20:28:15 |
The 4 Things You Should Be Doing Right Now To Best Improve Your Cybersecurity (lien direct) |
The key to really good cybersecurity is to concentrate on just 4 things. Master them first before you begin to try and do the other hundreds of things that everyone else is going to tell you need to do. |
|
|
|
|
2022-02-03 20:17:15 |
The Benefits of Paranoia (lien direct) |
Security professionals can often be perceived as being overly paranoid. Don't click this or the criminals will get into the system, always have at least 3 firewalls to prevent the nuclear codes from being stolen, and any password shorter than 64 characters is about as useful as half a pair of scissors. |
|
|
|
|
2022-02-03 20:15:47 |
U.K. Snack Manufacturer Expects Months of Delays After Ransomware Attack (lien direct) |
Orders of top-selling snack brands from KP Snacks are on hold in the aftermath of a Conti ransomware attack that includes data theft of confidential information. |
Ransomware
|
|
|
|
2022-02-03 14:14:53 |
(Déjà vu) Your KnowBe4 Fresh Content Updates from January 2022 (lien direct) |
Check out the 20 new pieces of training content added in January, alongside the always fresh content update highlights and new features. |
|
|
|
|
2022-02-03 13:27:29 |
Web Trackers Collect Much More Info About Your Users\' Browsing Activity Than Previously Believed (lien direct) |
Researchers at Norton LifeLock have found that web trackers are collecting much more information about users' browsing activity than had previously been believed. Such trackers can follow users around much of the Internet in order to build a profile about them. The profiles are usually compiled for advertising purposes. |
|
|
★★★★
|
|
2022-02-03 13:00:00 |
[New Feature] Give Your Users Additional Learning Opportunities Driven By AI with New AI-Recommended Optional Learning Feature (lien direct) |
We are excited to announce that the power of AI has been brought to the KnowBe4 Optional Learning feature to offer users suggestions for additional training opportunities. |
|
|
|
|
2022-02-02 20:51:37 |
1 in 7 Ransomware Extortion Leaks Include Sensitive Operational Technology Details (lien direct) |
New analysis of published data from ransomware attacks puts the spotlight on the potential that some of your most critical data stolen puts you materially at risk of another attack. |
Ransomware
|
|
|
|
2022-02-02 20:50:42 |
Opinion: Is Your Cyber Insurance Going To Cover “Cyber War”? (lien direct) |
With the lines increasingly blurred between whether a cyber attack is “state sponsored” or just a malicious group of individuals, we're likely going to see more denials of claims. |
|
|
|
|
2022-02-02 13:00:00 |
KnowBe4 Unveils Official Trailer for \'The Inside Man\' Season 4 (lien direct) |
We're excited to announce the release of the official trailer for Season 4 of the award-winning Knowbe4 Original Series - 'The Inside Man'! |
|
|
|
|
2022-02-01 19:40:11 |
COVID-19 Test-Related Phishing Scams Jump 521% Into January (lien direct) |
New data shows a massive increase between October 2021 and January 2022 in phishing attacks focusing on one of the world's current concerns for home and in-office testing. |
|
|
|
|
2022-02-01 19:40:07 |
8 New Malware Payloads Spotted As Part of Attacks Against Ukrainian Targets (lien direct) |
Security Threat Researchers at Symantec have published details about malware being put out by the “Gamaredon” threat group (who have been tied to Russian Federal Security Service), responsible for attacks in the Ukraine since 2013. |
Malware
Threat
|
|
|
|
2022-02-01 19:40:04 |
New Phishing Campaign is Impersonating Zoom to Steal Credentials (lien direct) |
A phishing campaign is impersonating Zoom in order to steal users' Microsoft credentials, according to Lauryn Cash at Armorblox. The emails landed in about 10,000 inboxes, and targeted “a major online mortgage brokerage company located in North America.” |
|
|
|
|
2022-02-01 14:37:29 |
CyberheistNews Vol 12 #05 [Heads Up] DHS Sounds Alarm on New Russian Destructive Disk Wiper Attack Potential (lien direct) |
|
Ransomware
Malware
Hack
Tool
Threat
Guideline
|
NotPetya
NotPetya
Wannacry
Wannacry
APT 27
APT 27
|
|
|
2022-01-31 14:16:17 |
Beware of QuickBooks Payment Scams (lien direct) |
Many small and mid-sized companies use Intuit's very popular QuickBooks program. They usually start out using its easy-to-use base accounting program and then the QuickBooks program aggressively pushes other complimentary features. One of those add-on features is the ability to send customers' invoices via email. The payee can click on a “Review and pay” button in the email to pay the invoice. It used to be a free, but less mature, feature years ago, but these days, it costs extra. Still, if you are using QuickBooks for your accounting, the ability to generate, send, receive and electronically track invoices all in one place is a pretty easy sell. Intuit touts QuickBooks' ability to send email invoices here. |
|
|
|
|
2022-01-31 14:16:14 |
Increased “Shipping Delays” Now Served as Phishbait (lien direct) |
Attackers are exploiting pandemic-related supply-chain disruptions to launch phishing campaigns, according to Troy Gill, senior manager of threat intelligence at Zix. In an article for Threatpost, Gill describes a phishing attack that impersonated a major shipping company. |
Threat
|
|
|
|
2022-01-28 15:11:32 |
KnowBe4 Continues to be One of Okta\'s Most Popular Apps in the 2021 Businesses at Work Report (lien direct) |
We're pleased to announce that we have been featured in Okta's eighth edition of the "Business at Work" report. This report is an in-depth look into how organizations and people work today - exploring workforces and customers, and the applications and services they use to be productive. |
|
|
|
|
2022-01-27 19:31:27 |
A Data-Driven Approach for Your Third-Party Risk Management Processes (lien direct) |
As organizations have increased their scope of vendors and partners, they have also increased their digital risk surface and are facing new challenges regarding vendor risk management. By taking a data-driven approach to identifying, understanding, and acting on risk, you can efficiently eliminate your organization's most critical third-party security gaps. |
|
|
|
|
2022-01-27 14:13:57 |
Microsoft Warns of Latest “Consent Phishing” Attack Intent on Reading Your Email (lien direct) |
Rather than steal your user's credentials, this latest attack takes the OAuth route to gain access to the victim's mailbox. This gives cybercriminals continual access, regardless of whether the user is logged on or not. |
|
|
|
|
2022-01-27 14:13:53 |
Dark Web Service Sells Access to Compromised Accounts and Browser Sessions (lien direct) |
When we hear about compromised credentials, there's always the question of “How are they used post-compromise?” In one case, they are fully on display for sale to the highest bidder. |
|
|
|
|
2022-01-27 14:13:49 |
Malicious Office Documents Jump to 37% of All Malware Downloads at the End of 2021 (lien direct) |
With the ubiquitous use of Microsoft Office today, it should come as no surprise that malicious macro-laden documents continue to reign, with PPT files delivering AgentTesla taking the spotlight. |
Malware
|
|
|
|
2022-01-27 13:01:08 |
[Heads Up!] DHS Sounds Alarm on New Russian Destructive Disk Wiper Attack Potential (lien direct) |
CNN just reported on a Jan 23 Intelligence Bulletin from the US Department of Homeland Security (DHS) that warned state and local governments and critical infrastructure operators about the risk of Russia hitting the US with cyberattacks in retaliation for a possible US or NATO response to a potential Russian invasion of Ukraine. |
|
NotPetya
|
|
|
2022-01-26 13:37:30 |
Ransomware Operators Try to Recruit Insiders (lien direct) |
Sixty-five percent of organizations report that their employees have been contacted by ransomware attackers in an attempt to recruit insider threats, according to researchers at Pulse and Hitachi ID. |
Ransomware
|
|
|
|
2022-01-25 15:30:43 |
Irish Teaching Council Fined €60,000 for Phishing-Induced Breach (lien direct) |
Ireland's Teaching Council has been fined €60,000 by the country's Data Protection Commission (DPC) over a breach of nearly ten thousand teachers' data, the Irish Examiner reports. An attacker gained access to two employees' Gmail accounts by sending credential-harvesting phishing emails, then set up auto-forwarding rules to forward incoming emails to the attacker's email address. |
|
|
|
|
2022-01-25 14:17:54 |
CyberheistNews Vol 12 #04 [FBI HEADS UP] US Defense Industry Targeted with New USB-Based Ransomware Attacks (lien direct) |
|
Ransomware
|
|
|
|
2022-01-25 13:29:41 |
2022 Continues The New Decade of Privacy (lien direct) |
Privacy issues came about all across the board in 2020, 2021, and 2022 will be no different. From WhatsApp updating their terms of service and losing millions of users to countless proposals by legislatures to enact stricter privacy laws, and the interconnectedness of everything and everyone in our lives, we will begin to see huge advancements in the area of data privacy over the next year. I'll take it up a notch and say that 2022 starts the next decade of privacy - and let's start with Data Privacy Week. |
|
|
|
|
2022-01-25 13:00:00 |
[New Benchmarking Feature] Compare Your Organization\'s Security Culture with Other Organizations in Your Industry (lien direct) |
We are excited to announce that the KnowBe4 Industry Benchmarking feature has been expanded to now include industry benchmark comparison data for KnowBe4's Security Culture Survey (SCS). |
|
|
|
|
2022-01-24 14:11:49 |
A Generational Divide Among Social Engineering Victims (lien direct) |
Younger and older people differ in their susceptibility to different types of social engineering attacks, according to researchers at Avast. Younger people tend to fall for scams distributed through social media apps, while older people are more likely to fall for banking and tech support scams. |
|
|
|
|
2022-01-21 13:24:40 |
FBI: US Defense Industry Organizations Targeted with USB-Based Ransomware Attacks (lien direct) |
Using mailed out “BadUSB” drives as the initial attack vector, cybercriminals are attempting to infiltrate sensitive networks and infect them with BlackMatter or REvil ransomware strains. |
Ransomware
|
|
|
|
2022-01-21 13:24:37 |
New U.K. Vishing Scam Offers Significant Phone Plan Discounts in Exchange for your Phone Provider\'s One-Time Security Code (lien direct) |
Scammers targeting customers of mobile carrier O2 are enticing victim engagement by offering discounts on their mobile plan as much as 40%. |
|
|
|
|
2022-01-20 15:22:17 |
In Order to Have Good Security Culture, Behaviour Comes First (lien direct) |
In our efforts to raise awareness among users of the importance of cybersecurity and the part they have to play in it, we sometimes go about things in a long-winded manner. |
|
|
|
|
2022-01-20 14:26:04 |
DHL is Now the Most Spoofed Brand in Phishing (lien direct) |
International shipping company DHL was the most impersonated brand in phishing attacks during the fourth quarter of 2022, researchers at Check Point have found. |
|
|
|
|
2022-01-20 14:26:01 |
Ransomware Attacks are Growing in Number, But Not in Sophistication (lien direct) |
As organizations work to protect against the relentless series of ransomware attacks that have plagued businesses large and small, the methods of attack seem to be leveling out. |
|
|
|
|
2022-01-20 14:25:58 |
Google Docs Comment Feature is the Key to a New Wave of Phishing Campaigns (lien direct) |
Hackers take advantage of legitimate comment functionality as a way to look legitimate, reach the Inbox, and avoid detection, despite using malicious links for phishing attacks. |
|
|
|
|
2022-01-20 14:25:55 |
Half of All Organizations Hit by Ransomware Experience Productivity Loss (lien direct) |
According to new data, ransomware is expected to be a larger and more likely threat in the next year, making the impacts felt today very relevant as the impetus for improved cybersecurity. |
Ransomware
Threat
|
|
|
|
2022-01-19 20:33:56 |
KnowBe4\'s Top-Clicked Phishing Email Results for Q4 2021 Compare the U.S. and EMEA [INFOGRAPHIC] (lien direct) |
KnowBe4's latest quarterly report on top-clicked phishing email subjects is here. We analyze the top categories, general subjects (in both the United States and Europe, Middle East and Africa), and 'in the wild' attacks. |
|
|
|
|
2022-01-19 13:33:29 |
A Cyberespionage Group Uses Social Engineering (lien direct) |
A sophisticated China-aligned threat actor is using social engineering to carry out cyberespionage and financially motivated attacks, according to researchers at Trend Micro. |
Threat
|
|
|
|
2022-01-18 20:04:43 |
(Déjà vu) CyberheistNews Vol 12 #03 FBI: Beware of a New Google Voice Authentication Scam – Even if You Don\'t Use Google Voice! (lien direct) |
|
|
|
|
|
2022-01-18 16:59:26 |
North Korean Cryptocurrency Theft Relies on Social Engineering (lien direct) |
A North Korean threat actor being called “BlueNoroff,” a subunit of Pyongyang's Lazarus Group, has been targeting cryptocurrency startups with financially motivated attacks, researchers at Kaspersky have found. The campaign, “SnatchCrypto,” is using malicious documents to gain access to internal communications, then using social engineering to manipulate employees. |
Threat
Medical
|
APT 38
APT 28
|
|
|
2022-01-17 13:00:00 |
KnowBe4 Named a 2021 Gartner Peer Insights™ Customers\' Choice for Security Awareness Computer-Based Training (lien direct) |
KnowBe4 is excited to announce that we have been recognized as an overall Customers' Choice in the December 2021 Gartner Peer Insights 'Voice of the Customer': Security Awareness Computer-Based Training Report. KnowBe4 also received two additional category distinctions across Company Size and Deployment Region, including Customers' Choice Midsize Enterprise and Customers' Choice North America. |
|
|
|
|
2022-01-14 13:27:37 |
Nuclear Ransomware 3.0: We Thought It Was Bad and Then It Got Even Worse (lien direct) |
We thought it was bad enough when traditional ransomware started to steal data in its second generation of evolution, now dubbed "double extortion". The third stage of ransomware is beginning to happen now and will make us wish for the good, old days of Ransomware 2.0. |
Ransomware
|
|
|
|
2022-01-13 20:08:08 |
Fifty FIFA eSports Accounts Were Hacked Via Social Engineering (lien direct) |
Video game maker Electronic Arts (EA) has stated that around fifty high-profile accounts for the soccer game FIFA 22 were hacked after attackers manipulated the company's customer service employees. |
|
|
|
|
2022-01-12 17:11:13 |
FBI: Beware of a New Google Voice Authentication Scam – Even if You Don\'t Use Google Voice! (lien direct) |
A new advisory warns of a scam that can affect literally anyone designed as a precursor to additional vishing scams and/or to perform Gmail account takeovers. |
|
|
|
|
2022-01-12 17:11:06 |
Payment Fraud Moves to the Real World with Fake QR Codes on Parking Meters (lien direct) |
Scammers are using the professional-looking stickers to point those parking to an alternate pay site to collect credit card details in the perfect situation where victims would be none the wiser. |
|
|
|
|
2022-01-12 15:31:17 |
U.S. Government Warns of More Cyberattacks Targeting Critical Infrastructure (lien direct) |
A new joint cybersecurity advisory from CISA, the FBI, and the NSA cautions organizations against Russian-based attacks and provides mitigations to be implemented. |
|
|
|
|
2022-01-12 14:37:22 |
It\'s a Fact: Cyberattacks Continue Because Your Users Forget (lien direct) |
The weakest part of your cybersecurity can be identified by looking at how cyberattacks take place, and how well your defenses stand up. But did you know the answer comes from the year 1885? |
|
|
|
|
2022-01-12 14:37:18 |
“Information Disorder”: Giving a Name to One of the Most Impactful Parts of Phishing Scams (lien direct) |
At the core of every phishing scam is a combination of a bunch of lies and (sometimes) a few truths. A new focus on better defining the misuse of information provides insight into why phishing works. |
|
|
|
|
2022-01-12 14:37:15 |
Over 200 Ransomware Strains Detected in Last Part of 2021 (lien direct) |
With the news focused on just a few key ransomware strains, it's understandable to think you'll never be a target. But newly-released data shows who's doing the attacking and who's being targeted. |
Ransomware
|
|
|