SEC News

What's new arround internet

Last one

Src	Date (GMT)	Titre	Description	Tags	Stories	Notes
	2022-01-31 14:16:17	Beware of QuickBooks Payment Scams (lien direct)	Many small and mid-sized companies use Intuit's very popular QuickBooks program. They usually start out using its easy-to-use base accounting program and then the QuickBooks program aggressively pushes other complimentary features. One of those add-on features is the ability to send customers' invoices via email. The payee can click on a “Review and pay” button in the email to pay the invoice. It used to be a free, but less mature, feature years ago, but these days, it costs extra. Still, if you are using QuickBooks for your accounting, the ability to generate, send, receive and electronically track invoices all in one place is a pretty easy sell. Intuit touts QuickBooks' ability to send email invoices here.
	2022-01-31 14:16:14	Increased “Shipping Delays” Now Served as Phishbait (lien direct)	Attackers are exploiting pandemic-related supply-chain disruptions to launch phishing campaigns, according to Troy Gill, senior manager of threat intelligence at Zix. In an article for Threatpost, Gill describes a phishing attack that impersonated a major shipping company.	Threat
	2022-01-28 15:11:32	KnowBe4 Continues to be One of Okta\'s Most Popular Apps in the 2021 Businesses at Work Report (lien direct)	We're pleased to announce that we have been featured in Okta's eighth edition of the "Business at Work" report. This report is an in-depth look into how organizations and people work today - exploring workforces and customers, and the applications and services they use to be productive.
	2022-01-27 19:31:27	A Data-Driven Approach for Your Third-Party Risk Management Processes (lien direct)	As organizations have increased their scope of vendors and partners, they have also increased their digital risk surface and are facing new challenges regarding vendor risk management. By taking a data-driven approach to identifying, understanding, and acting on risk, you can efficiently eliminate your organization's most critical third-party security gaps.
	2022-01-27 14:13:57	Microsoft Warns of Latest “Consent Phishing” Attack Intent on Reading Your Email (lien direct)	Rather than steal your user's credentials, this latest attack takes the OAuth route to gain access to the victim's mailbox. This gives cybercriminals continual access, regardless of whether the user is logged on or not.
	2022-01-27 14:13:53	Dark Web Service Sells Access to Compromised Accounts and Browser Sessions (lien direct)	When we hear about compromised credentials, there's always the question of “How are they used post-compromise?” In one case, they are fully on display for sale to the highest bidder.
	2022-01-27 14:13:49	Malicious Office Documents Jump to 37% of All Malware Downloads at the End of 2021 (lien direct)	With the ubiquitous use of Microsoft Office today, it should come as no surprise that malicious macro-laden documents continue to reign, with PPT files delivering AgentTesla taking the spotlight.	Malware
	2022-01-27 13:01:08	[Heads Up!] DHS Sounds Alarm on New Russian Destructive Disk Wiper Attack Potential (lien direct)	CNN just reported on a Jan 23 Intelligence Bulletin from the US Department of Homeland Security (DHS) that warned state and local governments and critical infrastructure operators about the risk of Russia hitting the US with cyberattacks in retaliation for a possible US or NATO response to a potential Russian invasion of Ukraine.		NotPetya
	2022-01-26 13:37:30	Ransomware Operators Try to Recruit Insiders (lien direct)	Sixty-five percent of organizations report that their employees have been contacted by ransomware attackers in an attempt to recruit insider threats, according to researchers at Pulse and Hitachi ID.	Ransomware
	2022-01-25 15:30:43	Irish Teaching Council Fined €60,000 for Phishing-Induced Breach (lien direct)	Ireland's Teaching Council has been fined €60,000 by the country's Data Protection Commission (DPC) over a breach of nearly ten thousand teachers' data, the Irish Examiner reports. An attacker gained access to two employees' Gmail accounts by sending credential-harvesting phishing emails, then set up auto-forwarding rules to forward incoming emails to the attacker's email address.
	2022-01-25 14:17:54	CyberheistNews Vol 12 #04 [FBI HEADS UP] US Defense Industry Targeted with New USB-Based Ransomware Attacks (lien direct)		Ransomware
	2022-01-25 13:29:41	2022 Continues The New Decade of Privacy (lien direct)	Privacy issues came about all across the board in 2020, 2021, and 2022 will be no different. From WhatsApp updating their terms of service and losing millions of users to countless proposals by legislatures to enact stricter privacy laws, and the interconnectedness of everything and everyone in our lives, we will begin to see huge advancements in the area of data privacy over the next year. I'll take it up a notch and say that 2022 starts the next decade of privacy - and let's start with Data Privacy Week.
	2022-01-25 13:00:00	[New Benchmarking Feature] Compare Your Organization\'s Security Culture with Other Organizations in Your Industry (lien direct)	We are excited to announce that the KnowBe4 Industry Benchmarking feature has been expanded to now include industry benchmark comparison data for KnowBe4's Security Culture Survey (SCS).
	2022-01-24 14:11:49	A Generational Divide Among Social Engineering Victims (lien direct)	Younger and older people differ in their susceptibility to different types of social engineering attacks, according to researchers at Avast. Younger people tend to fall for scams distributed through social media apps, while older people are more likely to fall for banking and tech support scams.
	2022-01-21 13:24:40	FBI: US Defense Industry Organizations Targeted with USB-Based Ransomware Attacks (lien direct)	Using mailed out “BadUSB” drives as the initial attack vector, cybercriminals are attempting to infiltrate sensitive networks and infect them with BlackMatter or REvil ransomware strains.	Ransomware
	2022-01-21 13:24:37	New U.K. Vishing Scam Offers Significant Phone Plan Discounts in Exchange for your Phone Provider\'s One-Time Security Code (lien direct)	Scammers targeting customers of mobile carrier O2 are enticing victim engagement by offering discounts on their mobile plan as much as 40%.
	2022-01-20 15:22:17	In Order to Have Good Security Culture, Behaviour Comes First (lien direct)	In our efforts to raise awareness among users of the importance of cybersecurity and the part they have to play in it, we sometimes go about things in a long-winded manner.
	2022-01-20 14:26:04	DHL is Now the Most Spoofed Brand in Phishing (lien direct)	International shipping company DHL was the most impersonated brand in phishing attacks during the fourth quarter of 2022, researchers at Check Point have found.
	2022-01-20 14:26:01	Ransomware Attacks are Growing in Number, But Not in Sophistication (lien direct)	As organizations work to protect against the relentless series of ransomware attacks that have plagued businesses large and small, the methods of attack seem to be leveling out.
	2022-01-20 14:25:58	Google Docs Comment Feature is the Key to a New Wave of Phishing Campaigns (lien direct)	Hackers take advantage of legitimate comment functionality as a way to look legitimate, reach the Inbox, and avoid detection, despite using malicious links for phishing attacks.
	2022-01-20 14:25:55	Half of All Organizations Hit by Ransomware Experience Productivity Loss (lien direct)	According to new data, ransomware is expected to be a larger and more likely threat in the next year, making the impacts felt today very relevant as the impetus for improved cybersecurity.	Ransomware Threat
	2022-01-19 20:33:56	KnowBe4\'s Top-Clicked Phishing Email Results for Q4 2021 Compare the U.S. and EMEA [INFOGRAPHIC] (lien direct)	KnowBe4's latest quarterly report on top-clicked phishing email subjects is here. We analyze the top categories, general subjects (in both the United States and Europe, Middle East and Africa), and 'in the wild' attacks.
	2022-01-19 13:33:29	A Cyberespionage Group Uses Social Engineering (lien direct)	A sophisticated China-aligned threat actor is using social engineering to carry out cyberespionage and financially motivated attacks, according to researchers at Trend Micro.	Threat
	2022-01-18 20:04:43	(Déjà vu) CyberheistNews Vol 12 #03 FBI: Beware of a New Google Voice Authentication Scam – Even if You Don\'t Use Google Voice! (lien direct)
	2022-01-18 16:59:26	North Korean Cryptocurrency Theft Relies on Social Engineering (lien direct)	A North Korean threat actor being called “BlueNoroff,” a subunit of Pyongyang's Lazarus Group, has been targeting cryptocurrency startups with financially motivated attacks, researchers at Kaspersky have found. The campaign, “SnatchCrypto,” is using malicious documents to gain access to internal communications, then using social engineering to manipulate employees.	Threat Medical	APT 38 APT 28
	2022-01-17 13:00:00	KnowBe4 Named a 2021 Gartner Peer Insights™ Customers\' Choice for Security Awareness Computer-Based Training (lien direct)	KnowBe4 is excited to announce that we have been recognized as an overall Customers' Choice in the December 2021 Gartner Peer Insights 'Voice of the Customer': Security Awareness Computer-Based Training Report. KnowBe4 also received two additional category distinctions across Company Size and Deployment Region, including Customers' Choice Midsize Enterprise and Customers' Choice North America.
	2022-01-14 13:27:37	Nuclear Ransomware 3.0: We Thought It Was Bad and Then It Got Even Worse (lien direct)	We thought it was bad enough when traditional ransomware started to steal data in its second generation of evolution, now dubbed "double extortion". The third stage of ransomware is beginning to happen now and will make us wish for the good, old days of Ransomware 2.0.	Ransomware
	2022-01-13 20:08:08	Fifty FIFA eSports Accounts Were Hacked Via Social Engineering (lien direct)	Video game maker Electronic Arts (EA) has stated that around fifty high-profile accounts for the soccer game FIFA 22 were hacked after attackers manipulated the company's customer service employees.
	2022-01-12 17:11:13	FBI: Beware of a New Google Voice Authentication Scam – Even if You Don\'t Use Google Voice! (lien direct)	A new advisory warns of a scam that can affect literally anyone designed as a precursor to additional vishing scams and/or to perform Gmail account takeovers.
	2022-01-12 17:11:06	Payment Fraud Moves to the Real World with Fake QR Codes on Parking Meters (lien direct)	Scammers are using the professional-looking stickers to point those parking to an alternate pay site to collect credit card details in the perfect situation where victims would be none the wiser.
	2022-01-12 15:31:17	U.S. Government Warns of More Cyberattacks Targeting Critical Infrastructure (lien direct)	A new joint cybersecurity advisory from CISA, the FBI, and the NSA cautions organizations against Russian-based attacks and provides mitigations to be implemented.
	2022-01-12 14:37:22	It\'s a Fact: Cyberattacks Continue Because Your Users Forget (lien direct)	The weakest part of your cybersecurity can be identified by looking at how cyberattacks take place, and how well your defenses stand up. But did you know the answer comes from the year 1885?
	2022-01-12 14:37:18	“Information Disorder”: Giving a Name to One of the Most Impactful Parts of Phishing Scams (lien direct)	At the core of every phishing scam is a combination of a bunch of lies and (sometimes) a few truths. A new focus on better defining the misuse of information provides insight into why phishing works.
	2022-01-12 14:37:15	Over 200 Ransomware Strains Detected in Last Part of 2021 (lien direct)	With the news focused on just a few key ransomware strains, it's understandable to think you'll never be a target. But newly-released data shows who's doing the attacking and who's being targeted.	Ransomware
	2022-01-12 13:00:00	KnowBe4 Named a Leader in the Winter 2022 G2 Grid Report for Security Awareness Training (lien direct)	The latest G2 Grid Report compares Security Awareness Training (SAT) vendors based on user reviews, customer satisfaction, popularity and market presence.	Guideline
	2022-01-11 14:52:45	Business Email Compromise Attack Leads to Millions in Non-Profit Loss (lien direct)	A business email compromise attack at Illinois's Office of the Special Deputy Receiver led to a loss of $6.85 million, Ray Long at the Chicago Tribune reports. Long describes the Office as “a nonprofit that works with the director of the Illinois Department of Insurance and exists largely to protect creditors and policyholders of financially troubled or insolvent insurance companies.”	Guideline
	2022-01-11 14:31:56	CyberheistNews Vol 12 #02 [Eye Opener] 3 Tips To Pass Your Certified Security Awareness and Culture Professional (SACP) Exam (lien direct)
	2022-01-07 13:23:08	Ransomware Attacks Could Result in Higher Cybersecurity Stocks (lien direct)	Ransomware attacks have been dominant for hackers. And according to Investor's recent article, this means good news for cybersecurity stocks.
	2022-01-07 13:00:00	Your KnowBe4 Fresh Content Updates from December 2021 (lien direct)	Check out the 38 new pieces of training content added in December, alongside the always fresh content update highlights and new features.
	2022-01-06 19:20:00	Hive Ransomware-as-a-Service Races to the Top as Affiliates Breach 350 Organizations in Just 4 Months (lien direct)	A mere blip on the ransomware radar a quarter ago, the massive onslaught of attacks using Hive Ransomware demonstrates how dangerous the “as-a-Service” model really is.	Ransomware
	2022-01-06 19:19:54	Over 1200 Man-in-the-Middle Phishing Toolkits Designed to Intercept 2FA Found in the Wild (lien direct)	An academic partnership between Stony Brook University and Palo Alto Networks uncovered a massive use of tools that will steal authentication cookies mid-stream instead of credentials.
	2022-01-06 19:19:37	121 Brands Impersonated in Massive 91-Country Survey-Turned-Fraud Scam (lien direct)	With an estimated take of over $80 million a month, this scam uses new evasive tactics designed to make detection and investigation of these attacks difficult at best.
	2022-01-06 18:20:04	Obvious, but Probably Effective: Konni RAT Screensaver (lien direct)	A North Korean threat actor is targeting users in Russia with a New Year's Eve-themed phony screensaver file, the Record reports. Researchers at Cluster25 spotted the activity, and say the campaign “started at least from August 2021 aimed at Russian targets operating in the diplomatic sector.” The researchers note that the threat actor used a ZIP file in this spear phishing attack, as opposed to a document with malicious macros.	Threat
	2022-01-06 18:17:59	New York State Warns of Credential Stuffing (lien direct)	New York Attorney General Letitia James has released a guide to help businesses defend themselves against credential stuffing attacks. Credential stuffing is a type of brute-force attack in which attackers use automation to test stolen usernames and passwords against many different websites. New York's advisory explains that credential stuffing “leverages the natural human tendency to reuse passwords to cope with the ever-growing number of online accounts that must be managed. Attackers know that the username and password used at one website may also be used at a half-dozen others.”
	2022-01-05 14:17:59	CyberheistNews Vol 12 #01 [Heads Up] New Omicron-Themed Phishing Attack is Now Running Rampant (lien direct)
	2022-01-04 15:04:02	Cryptocurrency Scam Profits Jump 81% in 2021 to $7.7 Billion (lien direct)	Despite a massive drop in crypto scams in 2020 due to the pandemic, a new report highlights the massive growth in crypto scams… and the profitable results they're yielding.
	2022-01-04 15:03:58	Reducing Stress with CBD Is the Latest Theming for Phishing Attacks (lien direct)	Spanning three languages and at least 15,000 unique phishing emails, this latest phishing campaign targets stressed out workers in the U.S. and France, avoiding detection and promising to help with their ailments.
	2022-01-04 15:03:54	Copyright Infringement Notice to Instagram Users Serves as Newest Phishbait (lien direct)	Scammers are sending phony accusations of copyright infringement to Instagram users in a new phishing attack, Paul Ducklin writes at Naked Security. The scammers are taking advantage of the fact that many Instagram pages with large followings are concerned about being banned for posting copyrighted content.
	2022-01-04 15:03:50	Shoulder Surfing is Still a Thing for Successful Social Engineering Attacks (lien direct)	Social engineering isn't concerned with either novelty or elegance. All that matters is whether it works. ESET's Jake Moore described a case in point for We Live Security: all someone might need to gain access to your snapchat account is look over your shoulder at the right moment, just like the kid at the next desk trying to cheat on a test back in elementary school.
	2022-01-01 16:59:12	2022 Resolution: "I\'ll Be A Certified Security Awareness and Culture Professional (SACP)™" (lien direct)		Threat Guideline

Last update at: 2024-06-17 15:10:21
See our sources.

To see everything: Our RSS (filtrered)