Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2022-06-06 17:00:22 |
Homographic Domain Name Phishing Tactics (lien direct) |
|
|
|
|
|
2022-06-06 15:39:00 |
Understanding the Threat of NFT and Cryptocurrency Cyber Attacks and How to Defend Against Them (lien direct) |
|
Threat
|
|
|
|
2022-06-03 12:13:08 |
Why We Recommend Your Passwords Be Over 20-Characters Long (lien direct) |
KnowBe4 just released its official guidance and recommendations regarding password policy. It has been a project in the works for many months now, but we wanted to make sure we got it right. Here are our official password recommendations: |
|
|
|
|
2022-06-03 12:11:54 |
Introducing KnowBe4\'s Password Policy E-Book (lien direct) |
KnowBe4 just released its first e-book covering password attacks, defenses and what your password policy should be. Here is a summary of its recommendations: |
|
|
|
|
2022-06-03 12:09:30 |
(Déjà vu) Your KnowBe4 Fresh Content Updates from May 2022 (lien direct) |
|
|
|
|
|
2022-06-02 13:10:57 |
Smishing and Home Delivery (lien direct) |
A smishing campaign is impersonating the UK-based delivery company Evri with text messages informing recipients that their package couldn't be delivered, according to Paul Ducklin at Naked Security. The messages state that a driver tried to deliver a package, but no one was home. The texts contain a link for the recipient to reschedule their delivery. If a user clicks on this link, they'll be taken to a phishing site that attempts to harvest their personal and financial information. |
|
|
|
|
2022-06-02 13:09:56 |
SideWinder Targets Pakistani Entities With Phishing Attacks (lien direct) |
|
|
APT-C-17
|
|
|
2022-06-01 22:09:40 |
U.K.\'s National Health Service Becomes the Latest Victim of a Credential Harvesting Phishing Operation (lien direct) |
Part of a six-month attack, email accounts on the NHS' Microsoft 365 instance were compromised, resulting in over 1,100 targeted email attacks used to obtain more credentials. |
|
|
★★
|
|
2022-06-01 22:09:19 |
Phishing Attacks Rise 54% as the Initial Attack Vector Across All Threat Incidents (lien direct) |
|
Threat
|
|
★★★★★
|
|
2022-06-01 22:08:53 |
The Business (and Success) of Ransomware Explained as a Simple Funnel (lien direct) |
|
Ransomware
|
|
|
|
2022-06-01 12:59:33 |
CyberheistNews Vol 12 #22 [Heads Up] The New Verizon 2022 Data Breach Investigation Report Shows Sharp Rise in Ransomware (lien direct) |
|
Ransomware
Data Breach
|
|
|
|
2022-06-01 12:23:44 |
Phishing Campaign Targets QuickBooks Users (lien direct) |
Accounting software provider Intuit has warned of a phishing scam targeting its customers, BleepingComputer reports. The phishing campaign affected users of Intuit's QuickBooks product, informing them that their account has been put on hold. |
|
|
|
|
2022-05-27 12:04:40 |
We Do Not Talk Enough About Social Engineering and It\'s Hurting Us (lien direct) |
One of the most important things I have tried to communicate to audiences since at least the 1990s is how prevalent a role social engineering plays in cybersecurity attacks. I have written non-stop about this since then in books and no doubt hundreds of articles. I am a broken record. You cannot meet me or attend one of my presentations or webinars without this being the defining lesson I try to teach. |
|
|
|
|
2022-05-27 12:04:11 |
The $44 Billion Smishing Problem and How to Not Be a Victim (lien direct) |
Consumer Affairs reported on how big of a problem SMS phishing scams have become, and how it's about to get a lot worse. According to a recent FBI report, more than 320,000 Americans were targeted by these schemes in 2021, resulting in $44 billion in losses. Consumers on average get an average of 19.5 spam texts per month, over double the rate it was three years ago. |
Spam
|
|
|
|
2022-05-26 12:44:12 |
Collaring the (Alleged) Leader of a BEC Gang (lien direct) |
|
Guideline
|
|
|
|
2022-05-25 16:30:10 |
Verizon: Ransomware Involved in 25% of Data Breaches as Credentials and Phishing are Seen as “Key Paths” for Attack Success (lien direct) |
|
Ransomware
|
|
|
|
2022-05-25 12:55:58 |
That\'s Not Actually Elon Musk (lien direct) |
Scammers are using deepfake videos of Elon Musk in an attempt to trick people into handing over cryptocurrency, BleepingComputer reports. The scammers set up a phony cryptocurrency platform called “BitVex” that purports to be owned by Musk. The crooks then used hacked YouTube accounts to spread deepfaked videos of Musk and other people associated with cryptocurrency to promote the platform. |
|
|
|
|
2022-05-24 13:54:37 |
New Scam Uses Fraud Support Social Engineering to Take Victims for Thousands of Dollars (lien direct) |
|
|
|
|
|
2022-05-24 13:54:10 |
Phishing Scammers Benefit from Shady SEO Practices to Rank Better Than Legitimate Domains (lien direct) |
|
|
|
|
|
2022-05-24 13:53:40 |
New IRS Phishing Scam Uses Fake Notices to Steal Microsoft 365 Credentials (lien direct) |
|
|
|
|
|
2022-05-24 13:53:06 |
FBI Director Warns of “Unprecedented” Cyberespionage Attacks Originating in China (lien direct) |
|
|
|
|
|
2022-05-24 13:52:21 |
New Phishing Attack Uses Malicious Chatbot For Real Time Social Engineering (lien direct) |
Researchers at Trustwave have observed a phishing campaign that uses a chatbot to add legitimacy to the scam. The chatbot is on a harmless website, and is designed to convince the user to visit the phishing site by striking up a conversation and walking the victim through the process. |
|
|
|
|
2022-05-24 13:31:08 |
CyberheistNews Vol 12 #21 [EYE OPENER] Your Cyber Insurance Went up a Whopping 92% Last Year (lien direct) |
|
|
|
|
|
2022-05-23 12:00:00 |
Don\'t Just Have a Compliance Season, Have a Culture of Compliance (lien direct) |
|
|
|
|
|
2022-05-20 12:33:23 |
Phishing Attacks Increase by 54% as Initial Attack Vector for Access and Extortion Attacks (lien direct) |
|
|
|
|
|
2022-05-19 20:12:55 |
It\'s More Than Phishing; How to Supercharge Your Security Awareness Training (lien direct) |
Tell people not to click a link, pat each other on the back, and ride off into the sunset. If only security awareness training was that simple in Europe. |
|
|
|
|
2022-05-19 12:56:27 |
(Déjà vu) Phishing Campaign Impersonates Shipping Giant Maersk (lien direct) |
|
|
|
|
|
2022-05-18 12:45:08 |
WSJ: "Cyber Insurance Went Up A Whopping 92% In 2021" (lien direct) |
|
|
|
|
|
2022-05-17 13:30:09 |
Spear Phishing a Diplomat (lien direct) |
Researchers at Fortinet observed a spear phishing attack that targeted a Jordanian diplomat late last month. The researchers attribute this attack to the Iranian state-sponsored threat actor APT34 (also known as OilRig or Helix Kitten). The body of the phishing email isn't particularly detailed, but the attackers put a significant amount of effort into impersonating an employee at the targeted individual's organization. |
Threat
|
APT 34
|
|
|
2022-05-17 13:22:53 |
CyberheistNews Vol 12 #20 [Heads Up] Now You Need to Watch Out for Spoofed Vanity URLs... (lien direct) |
|
|
|
|
|
2022-05-16 17:51:27 |
Why People Fall for Scams (lien direct) |
|
|
|
|
|
2022-05-13 12:05:12 |
Think BEC Won\'t Cost You Much? How Does $130 Million Sound? (lien direct) |
A new lawsuit brings to light the all-too common occurrence of a attack, with this occurring during a business acquisition and costing the buyer more than they bargained for. |
|
|
|
|
2022-05-13 12:04:41 |
Homeland Security: U.S. Ransomware Attacks Have Doubled in the Last Year (lien direct) |
A March 2022 report from the Senate Committee on Homeland Security and Governmental Affairs zeros in on the growing problem of ransomware and lessons learned so far. |
Ransomware
|
|
|
|
2022-05-12 16:23:17 |
Trezor Crypto Wallet Attacks Results in Class Action Lawsuit Against MailChimp Owner Intuit (lien direct) |
Months after the MailChimp data breach targeting 102 companies in the crypto sector, a new lawsuit has been filed seeking millions of dollars in damages. |
Data Breach
|
|
★★★
|
|
2022-05-12 16:22:16 |
Happy Credit Union Customers Become the Target of Spoofing Scams Due to a Lack of Email Security (lien direct) |
Taking advantage of heightened levels of customer trust and satisfaction, along with lowered levels of properly implemented security, credit unions are seeing a rise in email-based scams. |
|
|
★★★
|
|
2022-05-12 16:21:37 |
European Wind-Energy Sector Is the Latest Target of Russian State-Sponsored Attacks (lien direct) |
While Russia consistently denies any launching of cyberattacks, attack details point to reasonable intent by and cybercriminal ties to the Russian government. |
|
|
★★★★
|
|
2022-05-12 12:58:50 |
Beware of Spoofed Vanity URLs (lien direct) |
Researchers at Varonis warn that attackers are using customizable URLs (also known as vanity URLS) on SaaS services to craft more convincing phishing links. The attackers have used this technique for links created through Box, Zoom, and Google Docs and Forms. |
|
|
★★
|
|
2022-05-11 13:47:43 |
KnowBe4 Earns 2022 Top Rated Award from TrustRadius (lien direct) |
We are proud to announce that TrustRadius has recognized KnowBe4 with a 2022 Top Rated Award. |
|
|
★★
|
|
2022-05-11 12:56:12 |
Another Report of SEO in Phishing (lien direct) |
Researchers at Netskope have observed a 450% increase in phishing downloads over the past twelve months, largely driven by attackers using SEO (search engine optimization) to improve the search engine ranking of malicious sites. Most of these downloads were malware-laden PDF files. |
|
|
|
|
2022-05-10 13:49:56 |
Mustang Panda Uses Spear Phishing to Conduct Cyberespionage (lien direct) |
The China-based threat actor Mustang Panda is conducting spear phishing campaigns against organizations in NATO countries and Russia, as well as entities in the US and Asia, according to researchers at Cisco Talos. The goal of this activity is cyberespionage. |
Threat
|
|
★★★★
|
|
2022-05-10 13:38:48 |
CyberheistNews Vol 12 #19 [Heads Up] There is a New Type of Phishing Campaign Using Simple Email Templates (lien direct) |
Tricky SMTP Relay Email Spoofing. Man Convicted For 23M Phishing Scam.
Email not displaying? | View Knowbe4 Blog
CyberheistNews Vol 12 #19 | May 10th, 2022
[Heads Up] There is a New Type of Phishing Campaign Using Simple Email Templates A phishing campaign is using short, terse emails to trick people into visiting a credential-harvesting site, according to Paul Ducklin at Naked Security. The email informs recipients that two incoming messages were returned to the sender and directs the user to visit a link in order to view the messages. Since the e |
Guideline
|
|
★★★
|
|
2022-05-09 14:29:12 |
Wave of Crypto Muggings Hits London\'s Financial District (lien direct) |
Criminals in London are targeting digital currency investors on the street in a wave of “crypto muggings”, with victims reporting that thousands of pounds were stolen from their crypto wallets after their mobile phones had been forcibly taken. City of London police provided |
|
|
★★★
|
|
2022-05-09 13:11:25 |
Business Email Compromise Shouldn\'t Be the Cost of Doing Business (lien direct) |
The FBI last week published a public service announcement updating its warnings about the continuing threat of business email compromise (BEC, also called CEO fraud). The problem has reached shocking proportions: between June of 2016 and December of 2021, the Bureau counted 241,206 domestic and international incidents of business email compromise. The “exposed dollar loss” (which includes both actual and attempted losses) is the real shocker: $43,312,749,946, more than forty-three-billion dollars. |
Threat
|
|
★★★
|
|
2022-05-06 16:46:44 |
10 of the Craziest Cyberattacks Seen In the Wild and How You Can Avoid Them (lien direct) |
It feels like we hear about a new devastating cyberattack in the news every day. And attack methods seem to be proliferating at an exponential rate. So, which tactics should you be aware of beyond standard “click and infect” attack vectors? |
|
|
★★★
|
|
2022-05-05 13:08:59 |
Cozy Bear Goes Typosquatting (lien direct) |
Researchers at Recorded Future's Insikt Group warn that the Russian threat actor NOBELIUM (also known as APT29 or Cozy Bear) is using typosquatting domains to target the news and media industries with phishing pages. |
Threat
|
APT 29
|
|
|
2022-05-05 13:08:33 |
Microsoft is Leading the Way to a Password-Less Future (lien direct) |
As we observe World Password Day to create awareness around the need for password security, Microsoft is looking for frictionless ways to eliminate passwords entirely. |
Guideline
|
|
|
|
2022-05-04 13:30:35 |
SMTP Relay Email Spoofing Technique (lien direct) |
Researchers at Avanan have observed a surge in phishing emails that abuse a flaw in SMTP relay services to bypass email security filters. |
|
|
|
|
2022-05-04 13:29:50 |
89% of Organizations Experienced One or More Successful Email Breach Types During the Last 12 Months (lien direct) |
With the number of email breaches per year almost doubling in the last three years, organizations still don't see email security solutions as being an effective means of stopping attacks. |
|
|
|
|
2022-05-04 13:28:52 |
FIN12 Threat Group Speeds Up Ransomware Attacks to Just Two Days After Initial Access (lien direct) |
As detection times are reducing across the board, threat groups are improving their craft and are prioritizing speed as the key ingredient in ransomware attacks. |
Ransomware
Threat
|
|
|
|
2022-05-04 13:28:05 |
Organizations Have a 76% Likelihood of a Successful Cyberattack in the Next Year (lien direct) |
New data from TrendMicro and Ponemon shows how almost organizations globally are not fully prepared for the looming threat of almost-certain cyberattacks. |
Threat
|
|
|