Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2022-03-31 17:04:37 |
Simple Facebook Phishing Scam Takes an Unexpected Turn to Throw Potential Victims Off the Scent (lien direct) |
Rather than take the usual path of sending an email and linking to a spoofed logon page, this attack takes a different set of actions that at first make no sense but may actually be brilliant. |
|
|
|
|
2022-03-31 15:52:59 |
Cisco: Web 3.0 Will be the Next Frontier for Social Engineering and Phishing Attacks (lien direct) |
A look at what makes up Web 3.0 and how it may be used includes insight into what kinds of cyberattacks may plague it, as cybercriminals look for new profitable opportunities. |
|
|
|
|
2022-03-31 15:52:17 |
Cost of Internet Crimes in 2021 Increase 64% Exceeding $6.9 Billion (lien direct) |
New data from the FBI's Internet Crime Complaint Center (IC3) shows a massive increase in the cost of internet crimes, with phishing and BEC topping the list. |
|
|
|
|
2022-03-31 14:13:29 |
Obvious Phishbait, But Someone Will Bite (lien direct) |
A widespread phishing scam is circulating in Facebook Messenger, according to Jeff Parsons at Metro. The phishing messages simply contain the words, “Look what I found,” along with a link. If the user clicks the link, they'll be taken to a spoofed Facebook login page that will steal their credentials. Notably, the attackers send the messages from compromised accounts of the target's Facebook friends, which increases the appearance of legitimacy. |
|
|
|
|
2022-03-31 12:57:59 |
FBI Warns of Phishing Attacks Targeting Election Officials (lien direct) |
The FBI has issued a Private Industry Notification warning of phishing emails designed to steal login credentials from election officials. The Bureau believes these attacks will increase ahead of the 2022 midterm elections; the officials who need to be alert are at the state, local, territorial, and tribal levels. |
|
|
|
|
2022-03-30 12:16:33 |
A Lack of Employee Cyber Hygiene is the Next Big Threat (lien direct) |
A new report suggests that everything from endpoints, to passwords, to training, to security policies, to a lack of awareness is all contributing to much higher risk of cyberattack. |
Threat
|
|
|
|
2022-03-30 12:16:02 |
Ransomware Attack Volume Increases by 18% As the Number of Variants Jumps to 34 in Only One Quarter (lien direct) |
A new report reviewing ransomware activity in 2021 shows an impressive uptick in the number of targeted attacks in Q4 of 2021 to 772 as more players join (or rejoin) the game. |
|
|
|
|
2022-03-30 12:15:33 |
Mobile Device Usage Have Led to Security Incidents in Nearly Half of Organizations (lien direct) |
The shift in devices used by today's workforce has resulted in increases in cybersecurity concerns and incidents, despite a majority of orgs with defined BYOD programs in place. |
|
|
|
|
2022-03-29 13:59:07 |
(Déjà vu) CyberheistNews Vol 12 #13 [Heads Up] Published Zelenskyy Deepfake Video Demonstrates the Modern War is Online (lien direct) |
[Heads Up] Published Zelenskyy Deepfake Video Demonstrates the Modern War is Online
Email not displaying? |
CyberheistNews Vol 12 #13 | Mar. 29th., 2022
[Heads Up] Published Zelenskyy Deepfake Video Demonstrates the Modern War is Online
The video uploaded to a hacked Ukrainian news website shows how far the technology has come, how it can be used in social engineering, and how the tech still needs to improve.
While much of the headlines today around the Russian invasion of Ukraine focus on the war on the ground and in the air, a cyberwar is being waged behind the scenes. It began with wiper ransomware attacks on Ukrainian businesses and government agencies and has culminated so far with a newly released deepfake video of Ukrainian president Zelenskyy asking his troops to lay down their weapons and surrender.
|
Ransomware
|
|
|
|
2022-03-29 13:03:08 |
Email Conversation Hacking to Distribute Malware (lien direct) |
Researchers at Intezer warn that attackers are hijacking email conversations to distribute the IcedID banking Trojan. This technique makes the phishing emails appear more legitimate and helps them bypass security filters. |
Malware
|
|
|
|
2022-03-28 17:51:20 |
Making Better Push-Based MFA (lien direct) |
I used to be a huge fan of Push-Based Multifactor Authentication (MFA), but real-world use has shown that most of today's most popular implementations are not sufficiently protective against real attacks. In short, using social engineering, hackers have been able to bypass most Push-Based MFA like it was not even there. |
|
|
|
|
2022-03-28 13:31:28 |
Buy Now, Pay Later Scams (lien direct) |
Fraudsters are taking advantage of the buy-now, pay-later (BNPL) payment model, according to Jim Ducharme, COO of Outseer. On the CyberWire's Hacking Humans podcast, Ducharme explained that scammers can either impersonate victims or take over their accounts in order to make fraudulent purchases. |
|
|
|
|
2022-03-24 19:20:26 |
WIRED: "A Mysterious Satellite Hack Has Victims Far Beyond Ukraine" (lien direct) |
WIRED wrote: "More than 22,000 miles above Earth, the KA-SAT is locked in orbit. Traveling at 7,000 miles per hour, in sync with the planet's rotation, the satellite beams high-speed internet down to people across Europe. S |
Hack
|
|
|
|
2022-03-24 19:05:50 |
Fidelity: "Why cybersecurity is material to all industries" (lien direct) |
Fidelity just published an article titled "Cybersecurity: A growing risk". They note that the threat of Russian cyberattacks highlights vulnerabilities across industries. I'm quoting a small section and I suggest you read the rest of the article here. |
Threat
|
|
|
|
2022-03-24 14:21:32 |
Repertoire of Ukraine Charity Phishing Scams (lien direct) |
Scammers continue to exploit the crisis in Ukraine, according to researchers at Bitdefender. Over the past week, the researchers believe the fraudsters have adjusted their tactics in response to increased media coverage of these scams. |
|
|
|
|
2022-03-24 14:20:53 |
Initial Access Broker Group Relies on Social Engineering (lien direct) |
Google's Threat Analysis Group (TAG) describes a cybercriminal group it calls “EXOTIC LILY” that acts as an initial access broker for numerous financially motivated threat actors, including FIN12 and the Conti ransomware gang. EXOTIC LILY uses phishing attacks to gain access to organizations' networks, then sells this access to other gangs for further exploitation. |
Ransomware
Threat
|
|
|
|
2022-03-24 12:00:00 |
Try the New Compliance Audit Readiness Assessment Today for the SSAE18 Framework (lien direct) |
When it's time to complete a compliance audit, are you thinking, "Ugh, is it that time again?"
And, as more organizations demand proof that their data is protected in the cloud, keeping up with risk assessments and audits to prove compliance is a continuous problem. |
|
|
|
|
2022-03-23 18:00:34 |
Number of Phishing Attacks Hits an All-Time High in 2021, Tripling That of Early 2020 (lien direct) |
New data from the Anti-Phishing Working Group shows cybercriminals are stepping on the gas, focusing phishing attacks on credential theft and response-based scams. |
|
|
|
|
2022-03-23 18:00:26 |
Phishing Attack-Turned-Wire Fraud Case Sees a Win for the Policyholder (lien direct) |
In an unusual turn of events, a recent court decision sided with the policyholder, despite specific policy language that probably should have favored the insurer. |
|
|
|
|
2022-03-23 18:00:06 |
QakBot Banking Trojan Evolves and Now Takes Over Email Conversations to Spread Malware (lien direct) |
As if stealing all your credentials, cookies, and email wasn't bad enough, this new version of QakBot inserts itself into your emails, impersonating you to gain access to more victims. |
Malware
|
|
|
|
2022-03-23 17:59:56 |
Phishing Scam with Fraudulent Invoice Costs City of Fresno Over $600,000 (lien direct) |
This simple invoice scam appears to be a part of a much broader campaign targeting municipalities, posing as existing subcontractors. |
|
|
|
|
2022-03-23 12:46:14 |
Exploiting Trust in reCAPTCHA (lien direct) |
Researchers at Avanan warn that attackers are using reCAPTCHAs on their phishing sites to avoid detection by security scanners. |
|
|
|
|
2022-03-22 20:10:05 |
Published Zelenskyy Deepfake Video Demonstrates the Modern War is Online (lien direct) |
The video uploaded to a hacked Ukrainian news website shows how far the technology has come, how it can be used in social engineering, as well as how the tech still needs to improve. |
|
|
|
|
2022-03-22 20:08:43 |
SMBs Are 350% More Likely to Experience Social Engineering Attacks Via Phishing (lien direct) |
New data shows phishing, social engineering, and impersonation dominate as cybercriminals are becoming more frequent and successful with their attacks. |
|
|
|
|
2022-03-22 15:06:15 |
(Déjà vu) CyberheistNews Vol 12 #12 [New White House Alert] Train Your Users Against Threat of Russian Cyberattacks (lien direct) |
[New White House Alert] Train Your Users Against Threat of Russian Cyberattacks
Email not displaying? |
CyberheistNews Vol 12 #12 | Mar. 22nd., 2022
[New White House Alert] Train Your Users Against Threat of Russian Cyberattacks
With the recent cyber attacks between Russia and Ukraine and the current intelligence coming from the U.S. Government, organizations want to shore up their defenses to reduce the risk of a successful attack by any nation-state.
|
Threat
|
|
|
|
2022-03-21 22:16:51 |
[BREAKING] White House warns Russia is prepping possible cyberattacks against US (lien direct) |
With the recent cyber-attacks between Russia and Ukraine and the current intelligence coming from the US Government, organizations want to shore up their defenses to reduce the risk of a successful attack by any nation-state. |
|
|
|
|
2022-03-21 14:40:34 |
Chameleons Phish, Too (lien direct) |
One of the challenges cyber criminals face is that their scams often have a relatively short shelf-life. Once they've been used, the gaff is quickly blown, and the scammers hope to realize their gains before most of the potential marks are wise to the scam. |
|
|
|
|
2022-03-17 12:43:59 |
[Heads Up] New Evil Ransomware Feature: Disk Wiper if You Don\'t Pay (lien direct) |
There is a new ransomware-as-a-service (RaaS) strain called LokiLocker, researchers at Blackberry warn. The malware uses rare code obfuscation and includes a file wiper component that attackers can deploy if their victims don't pay. "It shouldn't be confused with an older ransomware family called Locky, which was notorious in 2016, or LokiBot, which is an infostealer. |
Ransomware
Malware
|
|
|
|
2022-03-17 12:00:00 |
KnowBe4 Named a Leader in The Forrester Wave for Security Awareness and Training Solutions (lien direct) |
We're thrilled to announce that KnowBe4 has been named a Leader in The Forrester WaveTM : Security Awareness and Training Solutions, Q1 2022 report based on our current offering, strategy and market presence. |
Guideline
|
|
|
|
2022-03-16 14:27:52 |
Ransomware-Related Data Leaks Increase 82% as the Number of Cybercriminal Groups Nearly Triples (lien direct) |
New insight into the state of the attacks and threats paints a picture where the cybercriminals are growing in number, sophistication and successes, while victims just sit back seemingly helpless. |
|
|
|
|
2022-03-16 14:25:21 |
Backups Become the Focus as Three-Fourths of Organizations Experienced Ransomware Attacks (lien direct) |
New data puts the spotlight on how most organizations unable to completely recover their data after a ransomware attack, making the case for better data protection for improved incident response. |
Ransomware
|
|
|
|
2022-03-16 14:20:57 |
New Phishing Method Uses VNC to Bypass MFA Measures and Gives Cybercriminals Needed Access (lien direct) |
Despite cloud vendors like Google detecting reverse proxies or man-in-the-middle (MiTM) attacks and halting logons to thwart malicious actions, a new method easily gains access. |
|
|
|
|
2022-03-15 20:10:10 |
[Eye Opener] Ukraine Is Now Being Hit With 4 Different Strains Of Wiper Malware (lien direct) |
Newly discovered data-destroying malware was found this week in attacks targeting Ukrainian organizations and deleting data across systems on compromised networks. "This new malware erases user data and partition information from attached drives," ESET Research Labs explained. |
Malware
|
|
|
|
2022-03-15 15:28:19 |
We Are In The First Open Source Intelligence War (lien direct) |
I am a member of OODA loop. They are a great team that keeps me up to date about InfoSec issues. Their site always has interesting articles and this one certainly got my attention. The title alone piqued my interest. I'm quoting the first few paragraphs and then link to the rest of the article. I think you will like it too: |
|
|
|
|
2022-03-15 13:41:15 |
(Déjà vu) CyberheistNews Vol 12 #11 [Heads Up] FBI: Ransomware Gang Breached 52 U.S. Critical Infrastructure Orgs (lien direct) |
[Heads Up] FBI: Ransomware Gang Breached 52 US Critical Infrastructure Orgs
Email not displaying? |
CyberheistNews Vol 12 #11 | Mar. 15th., 2022
[Heads Up] FBI: Ransomware Gang Breached 52 U.S. Critical Infrastructure Orgs
The U.S. Federal Bureau of Investigation (FBI) says the Ragnar Locker ransomware gang has breached the networks of at least 52 organizations from multiple U.S. critical infrastructure sectors.
|
Ransomware
|
|
|
|
2022-03-15 12:48:09 |
Shipping Fraud Rises Nearly 800% in 2021 (lien direct) |
Shipping fraud had a global increase of nearly 800% over the course of 2021, according to TransUnion's 2022 Global Digital Fraud Trends Report. |
|
|
|
|
2022-03-15 12:43:58 |
Cybercrime-as-a-Service: Its Evolution and What You Can Do to Fight Back (lien direct) |
The cybercrime market has skyrocketed in a frightening way. With threats such as ransomware to Business Email Compromise (BEC), the stakes are higher than ever for organizations across all industries. |
Ransomware
|
|
|
|
2022-03-14 13:16:00 |
Social Engineering through Contact Form (lien direct) |
Email is the familiar form of phishing, but there's an ongoing criminal campaign that follows a different, arguably subtler avenue of approach: the corporate contact form. Abnormal Security has found that the BazarBackdoor is being distributed through this social engineering technique that succeeds in bypassing email filters. |
|
|
|
|
2022-03-11 15:28:20 |
Email-Based Vishing Attacks Skyrocket 554% as Phishing, Social Media, and Malware Attacks Are All on the Rise (lien direct) |
New analysis of attacks in 2021 show massive increases across the board, painting a very concerning picture for this year around cyberattacks of all types. |
Malware
|
|
|
|
2022-03-10 14:31:37 |
“Warm Greetings” (or not) : Saudi Aramco Impersonation (lien direct) |
Researchers at Malwarebytes warn of a phishing campaign that's targeting the oil and gas industry by impersonating Saudi Aramco. |
|
|
|
|
2022-03-10 14:31:15 |
Phishing and Scam Pages Increase by 153% as Cybercriminals Seek to Establish Credibility (lien direct) |
As part of either impersonating known brands or simply leveraging credible cloud services, the use of a web page as part of an attack has become a staple for threat actors. |
Threat
|
|
|
|
2022-03-10 14:30:39 |
Passwords are Reused 64% of the Time as the Number of Passwords to Remember Reaches Over 100 (lien direct) |
New data focusing on user cyber hygiene around password use shows users are repeatedly reusing passwords across multiple applications and environments, despite the rise in breaches. |
|
|
|
|
2022-03-09 15:58:22 |
83% of all Successful Ransomware Attacks Featured Double and Triple Extortion (lien direct) |
With 2021 being the “testing ground” for ransomware extortion, 2022 is showing signs of ransomware gangs settling in on proven extortion tactics to ensure payment. |
Ransomware
|
|
|
|
2022-03-09 15:58:04 |
Social Engineering a Major Factor in Cyberattack on Camera Maker Axis Communications (lien direct) |
As details of the February attack continue to be divulged, it becomes evident that cybercriminals were able to get past both users and security controls. |
|
|
|
|
2022-03-09 14:05:47 |
Domains Associated with Phishing Directed Against Ukraine (lien direct) |
Researchers from Secureworks' Counter Threat Unit (CTU) are tracking phishing domains used by the “MOONSCAPE” threat actor to target users in Ukraine. The researchers note that Ukraine's Computer Emergency Response Team (CERT-UA) has attributed this campaign to the Belarusian threat actor UNC1151, but Secureworks hasn't yet confirmed this attribution. Belarus is one of Russia's closest allies, and is assisting in Moscow's war against Ukraine. |
Threat
|
|
|
|
2022-03-09 13:50:37 |
Phishing Impersonation and Attack Trends in 2021 (lien direct) |
Facebook overtook Microsoft as the most impersonated brand in phishing attacks last year, according to a new report from Vade Secure. |
|
|
|
|
2022-03-08 14:16:18 |
CyberheistNews Vol 12 #10 [Heads Up] A New Phishing Attack Warns About A Suspicious Russian Login (lien direct) |
[Heads Up] A New Phishing Attack Warns About A Suspicious Russian Login
Email not displaying? |
CyberheistNews Vol 12 #10 | Mar. 8th., 2022
[Heads Up] A New Phishing Attack Warns About a Suspicious Russian Login
The human cost of war is horrific. All Knowsters are shocked and saddened by the all-out Russia-Ukraine land war. However, we are also inspired by the Ukrainian people for their bravery, resistance and resilience. As we all know, the price of freedom is eternal vigilance combined with the willingness to fight back.
|
|
|
|
|
2022-03-08 13:30:14 |
[World Premiere] KnowBe4\'s New Season 4 of Netflix-Style Security Awareness Video Series - \'The Inside Man\' (lien direct) |
We're thrilled to announce the long-awaited fourth season of the award-winning KnowBe4 Original Series - 'The Inside Man' is now available in the KnowBe4 ModStore! |
|
|
|
|
2022-03-08 13:02:39 |
(Déjà vu) FBI: Ransomware gang breached 52 US critical infrastructure orgs (lien direct) |
The US Federal Bureau of Investigation (FBI) says the Ragnar Locker ransomware gang has breached the networks of at least 52 organizations from multiple US critical infrastructure sectors. |
Ransomware
|
|
|
|
2022-03-07 14:48:53 |
By the Way, There\'s No Draft - Smishing Campaign Alert (lien direct) |
Scammers are sending phony text messages (aka Smishing or SMS Phishing) informing people in the US that they've been drafted by the US Army, according to Army Times. |
|
|
|