Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2023-03-13 17:13:45 |
Microsoft Warns of Business Email Compromise Attacks Taking Hours (lien direct) |
|
Threat
|
|
★★
|
|
2023-03-10 14:46:12 |
Use of Malware Decreases in Cyber Attacks as Exploit Usage Skyrockets (lien direct) |
|
Malware
|
|
★★
|
|
2023-03-07 14:00:00 |
CyberheistNews Vol 13 #10 [Eye Opener] BusinessWeek: The Satellite Hack Everyone Is Finally Talking About (lien direct) |
CyberheistNews Vol 13 #10 | March 7th, 2023
[Eye Opener] BusinessWeek: The Satellite Hack Everyone Is Finally Talking About
This week, Bloomberg News pointed at a brand-new article at BusinessWeek, one of their media properties. This is an excellent article that exposes the vulnerabilities when communications systems are not secure by design. It is an excellent wake-up call for your C-level execs and powerful budget ammo.
They started out with: "As Putin began his invasion of Ukraine, a network used throughout Europe-and by the Ukrainian military-faced an unprecedented cyberattack that doubled as an industrywide wake-up call. What they refer to is the Viasat hack. The KnowBe4 blog initially reported on this hack on March 24, 2022 here: https://blog.knowbe4.com/wired-a-mysterious-satellite-hack-has-victims-far-beyond-ukraine and in our CyberheistNews May 17, 2022 here: https://blog.knowbe4.com/cyberheistnews-vol-12-20-heads-up-now-you-need-to-watch-out-for-spoofed-vanity-urls.
The article continues to describe how a large number of Viasat customers lost connectivity. Here is a quote: "Viasat staffers in the U.S., where the company is based, were caught by surprise, too. Across Europe and North Africa, tens of thousands of internet connections in at least 13 countries were going dead.
"Some of the biggest service disruptions affected providers Bigblu Broadband PLC in the U.K. and NordNet AB in France, as well as utility systems that monitor thousands of wind turbines in Germany. The most critical affected Ukraine: Several thousand satellite systems that President Volodymyr Zelenskiy's government depended on were all down, making it much tougher for the military and intelligence services to coordinate troop and drone movements in the hours after the invasion."
"Industry was caught flat-footed," says Gregory Falco, a space cybersecurity expert who has advised the U.S. government. "Ukrainians paid the price. The war is really just revealing the capabilities," says Erin Miller, who runs the Space Information Sharing and Analysis Center, a trade group that gathers data on orbital threats. Cyberattacks affecting the industry, she says, have become a daily occurrence. The Viasat hack was widely considered a harbinger of attacks to come."
For many end-users, the frustrating thing about the Viasat hack is that, unlike with a phishing attack, there was nothing they could have done to prevent it. But the Russians (this smells like GRU) would have to know a lot of detail about Viasat's systems to execute an attack like th |
Guideline
|
Uber
|
★★
|
|
2023-03-07 13:00:00 |
Three out of Four Organizations Have Experienced a Successful Email-Based Attack as Impacts Increase (lien direct) |
|
|
|
★★
|
|
2023-03-06 14:09:47 |
Executive Impersonation Business Email Compromise Attacks Go Beyond English Worldwide (lien direct) |
|
|
|
★★★
|
|
2023-03-02 12:09:33 |
[Eye Opener] Businessweek: The Satellite Hack Everyone Is Finally Talking About (lien direct) |
|
Hack
|
|
★★★
|
|
2023-03-01 18:52:30 |
Remote Workers Significantly Increase the Cost of Remediating Email-Based Cyberattacks as Costs Average $1 Million (lien direct) |
|
|
|
★★★
|
|
2023-02-28 14:00:00 |
CyberheistNews Vol 13 #09 [Eye Opener] Should You Click on Unsubscribe? (lien direct) |
CyberheistNews Vol 13 #09 | February 28th, 2023
[Eye Opener] Should You Click on Unsubscribe?
By Roger A. Grimes.
Some common questions we get are "Should I click on an unwanted email's 'Unsubscribe' link? Will that lead to more or less unwanted email?"
The short answer is that, in general, it is OK to click on a legitimate vendor's unsubscribe link. But if you think the email is sketchy or coming from a source you would not want to validate your email address as valid and active, or are unsure, do not take the chance, skip the unsubscribe action.
In many countries, legitimate vendors are bound by law to offer (free) unsubscribe functionality and abide by a user's preferences. For example, in the U.S., the 2003 CAN-SPAM Act states that businesses must offer clear instructions on how the recipient can remove themselves from the involved mailing list and that request must be honored within 10 days.
Note: Many countries have laws similar to the CAN-SPAM Act, although with privacy protection ranging the privacy spectrum from very little to a lot more protection. The unsubscribe feature does not have to be a URL link, but it does have to be an "internet-based way." The most popular alternative method besides a URL link is an email address to use.
In some cases, there are specific instructions you have to follow, such as put "Unsubscribe" in the subject of the email. Other times you are expected to craft your own message. Luckily, most of the time simply sending any email to the listed unsubscribe email address is enough to remove your email address from the mailing list.
[CONTINUED] at the KnowBe4 blog:https://blog.knowbe4.com/should-you-click-on-unsubscribe
[Live Demo] Ridiculously Easy Security Awareness Training and Phishing
Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.
Join us TOMORROW, Wednesday, March 1, @ 2:00 PM (ET), for a live demo of how KnowBe4 introduces a new-school approac |
Malware
Hack
Tool
Vulnerability
Threat
Guideline
Prediction
|
APT 38
ChatGPT
|
★★★
|
|
2023-02-23 16:28:45 |
Malware Report: The Number of Unique Phishing Emails in Q4 Rose by 36% (lien direct) |
|
Malware
|
|
★★★
|
|
2023-02-23 16:28:04 |
Ransomware Attacks Using Extortion Tactics Reaches Critical Mass at 96% of all Attacks (lien direct) |
|
Ransomware
|
|
★★★
|
|
2023-02-23 16:27:44 |
28% of Users Open BEC Emails as BEC Attack Volume Skyrockets by 178% (lien direct) |
|
Studies
|
|
★★★
|
|
2023-02-22 13:48:30 |
Coinbase Attack Used Social Engineering (lien direct) |
Coinbase describes a targeted social engineering attack that led to the theft of some employee data. The attacker first sent smishing messages to several Coinbase employees, urging them to click a link and log in to their Coinbase work account. One employee fell for the attack, and the threat actor then attempted to use the victim's account to gain access to Coinbase's internal systems. Fortunately, the company's security solutions prevented this. |
Threat
|
|
★★★
|
|
2023-02-21 14:00:00 |
CyberheistNews Vol 13 #08 [Heads Up] Reddit Is the Latest Victim of a Spear Phishing Attack Resulting in a Data Breach (lien direct) |
CyberheistNews Vol 13 #08 | February 21st, 2023
[Heads Up] Reddit Is the Latest Victim of a Spear Phishing Attack Resulting in a Data Breach
There is a lot to learn from Reddit's recent data breach, which was the result of an employee falling for a "sophisticated and highly-targeted" spear phishing attack.
I spend a lot of time talking about phishing attacks and the specifics that closely surround that pivotal action taken by the user once they are duped into believing the phishing email was legitimate.
However, there are additional details about the attack we can analyze to see what kind of access the attacker was able to garner from this attack. But first, here are the basics:
According to Reddit, an attacker set up a website that impersonated the company's intranet gateway, then sent targeted phishing emails to Reddit employees. The site was designed to steal credentials and two-factor authentication tokens.
There are only a few details from the breach, but the notification does mention that the threat actor was able to access "some internal docs, code, as well as some internal dashboards and business systems."
Since the notice does imply that only a single employee fell victim, we have to make a few assumptions about this attack:
The attacker had some knowledge of Reddit's internal workings – The fact that the attacker can spoof an intranet gateway shows they had some familiarity with the gateway's look and feel, and its use by Reddit employees.
The targeting of victims was limited to users with specific desired access – Given the knowledge about the intranet, it's reasonable to believe that the attacker(s) targeted users with specific roles within Reddit. From the use of the term "code," I'm going to assume the target was developers or someone on the product side of Reddit.
The attacker may have been an initial access broker – Despite the access gained that Reddit is making out to be not a big deal, they do also mention that no production systems were accessed. This makes me believe that this attack may have been focused on gaining a foothold within Reddit versus penetrating more sensitive systems and data.
There are also a few takeaways from this attack that you can learn from:
2FA is an important security measure – Despite the fact that the threat actor collected and (I'm guessing) passed the credentials and 2FA details onto the legitimate Intranet gateway-a classic man-in-the |
Data Breach
Hack
Threat
Guideline
|
ChatGPT
|
★★
|
|
2023-02-15 14:18:35 |
New Survey Reveals Employees are the Attack Surface (lien direct) |
|
|
|
★★
|
|
2023-02-15 13:18:20 |
Reddit is the Latest Victim of a Spear Phishing Attack Resulting in a Data Breach (lien direct) |
|
Data Breach
|
|
★★
|
|
2023-02-14 14:00:00 |
CyberheistNews Vol 13 #07 [Scam of the Week] The Turkey-Syria Earthquake (lien direct) |
CyberheistNews Vol 13 #07 | February 14th, 2023
[Scam of the Week] The Turkey-Syria Earthquake
Just when you think they cannot sink any lower, criminal internet scum is now exploiting the recent earthquake in Turkey and Syria.
Less than 24 hours after two massive earthquakes claimed the lives of tens of thousands of people, cybercrooks are already piggybacking on the horrible humanitarian crisis. You need to alert your employees, friends and family... again.
Just one example are scammers that pose as representatives from a Ukrainian charity foundation that seeks money to help those affected by the natural disasters that struck in the early hours of Monday.
There are going to be a raft of scams varying from blood drives to pleas for charitable contributions for victims and their families. Unfortunately, this type of scam is the worst kind of phishbait, and it is a very good idea to inoculate people before they get suckered into falling for a scam like this.
I suggest you send the following short alert to as many people as you can. As usual, feel free to edit:
[ALERT] "Lowlife internet scum is trying to benefit from the Turkey-Syria earthquake. The first phishing campaigns have already been sent and more will be coming that try to trick you into clicking on a variety of links about blood drives, charitable donations, or "exclusive" videos.
"Don't let them shock you into clicking on anything, or open possibly dangerous attachments you did not ask for! Anything you receive about this recent earthquake, be very suspicious. With this topic, think three times before you click. It is very possible that it is a scam, even though it might look legit or was forwarded to you by a friend -- be especially careful when it seems to come from someone you know through email, a text or social media postings because their account may be hacked.
"In case you want to donate to charity, go to your usual charity by typing their name in the address bar of your browser and do not click on a link in any email. Remember, these precautions are just as important at the house as in the office, so tell your friends and family."
It is unfortunate that we continue to have to warn against the bad actors on the internet that use these tragedies for their own benefit. For KnowBe4 customers, we have a few templates with this topic in the Current Events. It's a good idea to send one to your users this week.
Blog post with links:https://blog.knowbe4.com/scam-of-the-week-the-turkey-syria-earthquake
|
Ransomware
Spam
Threat
Guideline
|
ChatGPT
|
★★
|
|
2023-02-07 18:52:22 |
Do Not Fall Victim to Cyber Attacks – Find Out What the Latest Hiscox Report Reveals! (lien direct) |
|
Studies
|
|
★★★
|
|
2023-02-07 13:26:47 |
How Artificial Intelligence Can Make or Break Cybersecurity (lien direct) |
|
|
|
★★★
|
|
2023-02-02 21:31:58 |
Yahoo Suddenly Rises in Popularity in Q4 to Become the Most Impersonated Brand in Phishing Attacks (lien direct) |
|
|
Yahoo
Yahoo
|
★★
|
|
2023-02-02 21:31:56 |
Initial Access Brokers Leverage Legitimate Google Ads to Gain Malicious Access (lien direct) |
|
|
|
★★
|
|
2023-02-01 14:24:06 |
Artificial Intelligence, ChatGPT and Cybersecurity: A Match Made in Heaven or a Hack Waiting to Happen? (lien direct) |
|
Hack
|
ChatGPT
|
★★
|
|
2023-01-31 20:04:22 |
Ransomware Targets are Getting Larger and Paying More as Fewer Victims Are Paying the Ransom (lien direct) |
|
Ransomware
|
|
★★★
|
|
2023-01-31 20:04:16 |
Microsoft OneNote Attachments Become the Latest Method to Spread Malware (lien direct) |
|
Malware
|
|
★★
|
|
2023-01-30 13:52:25 |
Russian and Iranian Spear Phishing Campaigns are Running Rampant in the UK (lien direct) |
The UK's National Cyber Security Centre (NCSC) has described two separate spear phishing campaigns launched by Russia's SEABORGIUM threat actor and Iran's TA453 (also known as Charming Kitten). The NCSC says both threat actors have targeted entities in the UK, including “academia, defence, governmental organisations, NGOs, think-tanks, as well as politicians, journalists, and activists." |
Threat
Conference
|
APT 35
|
★★
|
|
2023-01-25 18:23:12 |
Do Not Get Fooled Twice: Mailchimp\'s Latest Breach Raises Alarm Bells – Protect Yourself Now! (lien direct) |
For the second time in less than a year, Mailchimp has found itself in a precarious situation, having to admit that it has been breached. It appears that a social engineering attack tricked Mailchimp employees and contractors into giving up their login credentials, which were then used to access 133 Mailchimp accounts. |
|
|
★★
|
|
2023-01-25 15:50:54 |
[Security Masterminds] Breaking It Down to Bits & Bytes: Analyzing Malware To Understand the Cybercriminal (lien direct) |
In our latest episode of Security Masterminds, we have the pleasure of interviewing Roger Grimes, Data-Driven Defense Evangelist for KnowBe4, who has held various roles throughout his career. In the episode, Roger discusses his early days of malware disassembly, the trials and tribulations of public speaking, and his magnum opus, his book about data-driven defense. |
Malware
|
|
★★
|
|
2023-01-25 15:49:17 |
Phishing Campaign Impersonates Japanese Rail Company (lien direct) |
|
|
|
★★
|
|
2023-01-24 18:14:53 |
(Déjà vu) 2022 Report Confirms Business-Related Phishing Emails Trend [INFOGRAPHIC] (lien direct) |
KnowBe4's latest reports on top-clicked phishing email subjects have been released for 2022 and Q4 2022. We analyze 'in the wild' attacks reported via our Phish Alert Button, top subjects globally clicked on in phishing tests, top attack vector types, and holiday email phishing subjects. |
Prediction
|
|
★★★★★
|
|
2023-01-20 13:59:19 |
Blank-Image Attacks Impersonate DocuSign (lien direct) |
|
|
|
★
|
|
2023-01-20 12:03:01 |
[Eye Popper] Ransomware Victims Refused To Pay Last Year (lien direct) |
|
Ransomware
|
|
★
|
|
2023-01-17 14:00:00 |
(Déjà vu) CyberheistNews Vol 13 #03 [Eye Opener] Password Managers Can Be Hacked Lots of Ways and Yes, You Should Still Use Them (lien direct) |
|
|
|
★
|
|
2023-01-17 13:51:45 |
Cyberinsurer Beazley Introduces a $45M Cyber Catastrophe Bond to Offset Risk (lien direct) |
|
|
|
★★
|
|
2023-01-17 13:15:27 |
Is Your Organization\'s Password Complexity Requirement Strong Enough? Probably Not (lien direct) |
|
|
|
★★
|
|
2023-01-16 14:21:53 |
[New Feature] Continuously Monitor for Any Detected Password Vulnerabilities Within Your User Base with PasswordIQ (lien direct) |
|
|
|
★★★
|
|
2023-01-10 21:43:49 |
Password Managers Can Be Hacked Lots of Ways and Yes, You Should Still Use Them (lien direct) |
|
|
|
★★★
|
|
2023-01-09 15:36:23 |
The Good, the Bad and the Truth About Password Managers (lien direct) |
|
|
|
★★★
|
|
2023-01-06 13:51:44 |
Ransomware and Fraudulent Funds Transfer are the Two Main Drivers of Cyber Loss (lien direct) |
|
Ransomware
|
|
★★
|
|
2023-01-05 13:34:42 |
Phishing Campaigns Impersonate the UK Government (lien direct) |
|
|
|
★★★
|
|
2023-01-05 13:32:40 |
These grim figures show that the ransomware problem isn\'t going away (lien direct) |
|
Ransomware
|
|
★★
|
|
2023-01-04 14:30:00 |
CyberheistNews Vol 13 #01 [Heads Up] Giant LastPass Breach Can Supercharge Spear Phishing Attacks (lien direct) |
|
|
LastPass
|
★★
|
|
2022-12-29 15:22:48 |
Phishing Activity Rose 130% in the Second Half of 2022, Representing Three-Quarters of All Email-Based Attacks (lien direct) |
|
Studies
|
|
★★
|
|
2022-12-28 19:27:36 |
[Heads Up] LastPass Attack Could Supercharge Spear Phishing Attacks (lien direct) |
|
|
LastPass
|
★★
|
|
2022-12-28 14:30:15 |
CyberheistNews Vol 12 #52 [Heads Up] Top 10 Cyber Security Predictions for Next Year. Read It, This Is a Good One (lien direct) |
|
|
|
★★
|
|
2022-12-28 12:15:35 |
[Eye Opener] Insurance policy doesn\'t cover ransomware attack, Ohio Supreme Court says (lien direct) |
|
Ransomware
|
|
★★★
|
|
2022-12-27 14:24:49 |
Attackers Pose as Facebook Support Using Legitimate Facebook Posts to Bypass Security Solutions (lien direct) |
|
|
|
★
|
|
2022-12-27 14:20:16 |
(Déjà vu) QBot Malware Attacks Use SVG files to Perform HTML Smuggling (lien direct) |
|
Malware
|
|
★
|
|
2022-12-22 21:17:28 |
Microsoft Warns of Signed Drivers Being Used to Terminate AV and EDR Processes (lien direct) |
|
|
|
★★★
|
|
2022-12-22 14:44:21 |
New Polymorphic Wiper Malware Leaves Attacked Environments “Unrecoverable” (lien direct) |
|
Malware
|
|
★★
|
|
2022-12-21 13:59:29 |
XLL Files Used to Deliver Malware (lien direct) |
|
Malware
|
|
★★★
|
|
2022-12-16 13:15:38 |
Hospitals Warned of Royal Ransomware Attacks by U.S. Department of Health (lien direct) |
|
Ransomware
|
|
★★
|