What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-04-03 12:16:08 | La majorité des employés du gouvernement travaillent partiellement pratiquement malgré une augmentation des cyber-risques liés aux utilisateurs Majority of Government Employees are Partially Working Virtually Despite Increased User-Related Cyber Risks (lien direct) |
|
Threat | ★★ | |
|
2023-04-03 12:16:05 | La fausse escroquerie de Chatgpt se transforme en un système de maquette frauduleux Fake ChatGPT Scam Turns into a Fraudulent Money-Making Scheme (lien direct) |
|
Threat | ChatGPT ChatGPT | ★★ |
|
2023-03-28 13:00:00 | Cyberheistnews Vol 13 # 13 [Oeil Overner] Comment déjouer les attaques de phishing basées sur l'IA sournoises [CyberheistNews Vol 13 #13 [Eye Opener] How to Outsmart Sneaky AI-Based Phishing Attacks] (lien direct) |
CyberheistNews Vol 13 #13 | March 28th, 2023
[Eye Opener] How to Outsmart Sneaky AI-Based Phishing Attacks
Users need to adapt to an evolving threat landscape in which attackers can use AI tools like ChatGPT to craft extremely convincing phishing emails, according to Matthew Tyson at CSO.
"A leader tasked with cybersecurity can get ahead of the game by understanding where we are in the story of machine learning (ML) as a hacking tool," Tyson writes. "At present, the most important area of relevance around AI for cybersecurity is content generation.
"This is where machine learning is making its greatest strides and it dovetails nicely for hackers with vectors such as phishing and malicious chatbots. The capacity to craft compelling, well-formed text is in the hands of anyone with access to ChatGPT, and that\'s basically anyone with an internet connection."
Tyson quotes Conal Gallagher, CIO and CISO at Flexera, as saying that since attackers can now write grammatically correct phishing emails, users will need to pay attention to the circumstances of the emails.
"Looking for bad grammar and incorrect spelling is a thing of the past - even pre-ChatGPT phishing emails have been getting more sophisticated," Gallagher said. "We must ask: \'Is the email expected? Is the from address legit? Is the email enticing you to click on a link?\' Security awareness training still has a place to play here."
Tyson explains that technical defenses have become very effective, so attackers focus on targeting humans to bypass these measures.
"Email and other elements of software infrastructure offer built-in fundamental security that largely guarantees we are not in danger until we ourselves take action," Tyson writes. "This is where we can install a tripwire in our mindsets: we should be hyper aware of what it is we are acting upon when we act upon it.
"Not until an employee sends a reply, runs an attachment, or fills in a form is sensitive information at risk. The first ring of defense in our mentality should be: \'Is the content I\'m looking at legit, not just based on its internal aspects, but given the entire context?\' The second ring of defense in our mentality then has to be, \'Wait! I\'m being asked to do something here.\'"
New-school security awareness training with simulated phishing tests enables your employees to recognize increasingly sophisticated phishing attacks and builds a strong security culture.
Remember: Culture eats strategy for breakfast and is always top-down.
Blog post with links:https://blog.knowbe4.com/identifying-ai-enabled-phishing
|
Ransomware Malware Hack Tool Threat Guideline | ChatGPT ChatGPT | ★★★ |
|
2023-03-28 12:59:04 | Confessions d'un ancien \\ 'The Inside Man \\' sceptique [Confessions of a Former \\'The Inside Man\\' Skeptic] (lien direct) |
|
★★ | ||
|
2023-03-24 15:03:14 | L'attaque de compromis de nouveau fournisseur par e-mail cherche 36 millions de dollars [New Vendor Email Compromise Attack Seeks $36 Million] (lien direct) |
|
Threat | ★★ | |
|
2023-03-24 12:15:00 | Ransomware Data Volt Extorsion augmente de 40% à 70% de \\ '21 à \\' 22 [Ransomware Data Theft Extortion Goes up 40% to 70% From \\'21 to \\'22] (lien direct) |
|
Ransomware | ★★★ | |
|
2023-03-23 12:13:58 | Les utilisateurs cliquant sur plusieurs liens de phishing mobile augmentent de 637% en seulement deux ans [Users Clicking on Multiple Mobile Phishing Links Increases 637% in Just Two Years] (lien direct) |
|
General Information | ★★★ | |
|
2023-03-23 12:13:56 | Les cyber-assureurs suppriment tranquillement la couverture de l'ingénierie sociale et des allégations d'instruction frauduleuse [Cyber Insurers Quietly Remove Coverage for Social Engineering and Fraudulent Instruction Claims] (lien direct) |
|
General Information | ★★ | |
|
2023-03-22 12:46:51 | L'avenir des cyberattaques?Vitesse, plus de vitesse [The Future of Cyber Attacks? Speed, More Speed] (lien direct) |
|
General Information | ★★ | |
|
2023-03-21 13:00:00 | CyberheistNews Vol 13 #12 [Heads Up] This Week\'s New SVB Meltdown Social Engineering Attacks (lien direct) |
CyberheistNews Vol 13 #12 | March 21st, 2023
[Heads Up] This Week's New SVB Meltdown Social Engineering Attacks
On Saturday March 11, I warned about the coming wave of phishing attacks that would undoubtedly follow the SVB collapse. We were not disappointed.
There is a raft of new registered domains that are SVB-related, for example login.svb[.]com and many others that will probably all be used for business email compromise (BEC) attacks.
Adi Ikan, CEO of Veriti, observed that "Phishing campaigns are leveraging SVB's recent collapse to impersonate the bank and its online services. We have observed an increase in the registration of fake phishing domains in the U.S. (88%), Spain (7%), France (3%) and Israel (2%), and we anticipate this number to grow."
INKY describes a phishing campaign that's impersonating (SVB) with phony DocuSign notifications: "Email recipients are told that the 'KYC Refresh Team' sent two malicious documents that require a signature. 'KYC' is a banking term that stands for 'Know Your Customer' or 'Know Your Client.' It's a mandatory process banks use to verify an account holder's identity.
Cyberwire Pro has a good summary. Their newsletter is a 'Stu's Warmly Recommended".https://thecyberwire.com/stories/4880d3b8100c464f83fcf8d8ec8d3f23/svbs-collapse-and-the-potential-for-fraud
Train users about the risks. We have simulated phishing attack templates in your Current Events section with SVB-themes ready-made for you to send to your users.
[Live Demo] Ridiculously Easy Security Awareness Training and Phishing
Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.
Join us Wednesday, April 5, @ 2:00 PM (ET), for a live demo of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing.
Get a look at THREE NEW FEATURES and see how easy it is to train and phish your users.
NEW! KnowBe4 Mobile Learner App - Users can now train anytime, anywhere!
NEW! Security Cul |
Guideline | ChatGPT | ★★ |
|
2023-03-20 14:08:42 | Report Shows Business Email Compromise (BEC) Attacks Increase and Phishing Used as Initial Attack Vector in the Last Year (lien direct) |
|
★★ | ||
|
2023-03-17 18:19:15 | Phishing Attacks Top List of Initial Access Vectors with Backdoor Deployment as Top Objective (lien direct) |
New data looking back at the cyber attacks observed in 2022 shows that phishing continues to dominate as initial access brokers seem to be growing their business using backdoors. |
★★★ | ||
|
2023-03-16 13:06:29 | [FREE RESOURCE KIT] New Phishing Security Resource Kit Now Available! (lien direct) |
![[FREE RESOURCE KIT] New Phishing Security Resource Kit Now Available!](https://blog.knowbe4.com/hubfs/Phishing-Kit-1200x675.jpg)
Phishing emails increase in volume every month and every year, so we created this free resource kit to help you defend against attacks.
Request your kit now to learn phishing mitigation strategies, what new trends and attack vectors you need to be prepared for, and our best advice on how to protect your users and your organization.
|
★★ | ||
|
2023-03-15 17:43:42 | Three-Quarters of Organizations Have Experienced an Increase in Email-Based Threats (lien direct) |
|
★★ | ||
|
2023-03-14 13:00:00 | CyberheistNews Vol 13 #11 [Heads Up] Employees Are Feeding Sensitive Biz Data to ChatGPT, Raising Security Fears (lien direct) |
CyberheistNews Vol 13 #11 | March 14th, 2023
[Heads Up] Employees Are Feeding Sensitive Biz Data to ChatGPT, Raising Security Fears
Robert Lemos at DARKReading just reported on a worrying trend. The title said it all, and the news is that more than 4% of employees have put sensitive corporate data into the large language model, raising concerns that its popularity may result in massive leaks of proprietary information. Yikes.
I'm giving you a short extract of the story and the link to the whole article is below.
"Employees are submitting sensitive business data and privacy-protected information to large language models (LLMs) such as ChatGPT, raising concerns that artificial intelligence (AI) services could be incorporating the data into their models, and that information could be retrieved at a later date if proper data security isn't in place for the service.
"In a recent report, data security service Cyberhaven detected and blocked requests to input data into ChatGPT from 4.2% of the 1.6 million workers at its client companies because of the risk of leaking confidential info, client data, source code, or regulated information to the LLM.
"In one case, an executive cut and pasted the firm's 2023 strategy document into ChatGPT and asked it to create a PowerPoint deck. In another case, a doctor input his patient's name and their medical condition and asked ChatGPT to craft a letter to the patient's insurance company.
"And as more employees use ChatGPT and other AI-based services as productivity tools, the risk will grow, says Howard Ting, CEO of Cyberhaven.
"'There was this big migration of data from on-prem to cloud, and the next big shift is going to be the migration of data into these generative apps," he says. "And how that plays out [remains to be seen] - I think, we're in pregame; we're not even in the first inning.'"
Your employees need to be stepped through new-school security awareness training so that they understand the risks of doing things like this.
Blog post with links:https://blog.knowbe4.com/employees-are-feeding-sensitive-biz-data-to-chatgpt-raising-security-fears
[New PhishER Feature] Immediately Add User-Reported Email Threats to Your M365 Blockl |
Ransomware Data Breach Spam Malware Threat Guideline Medical | ChatGPT ChatGPT | ★★ |
|
2023-03-13 17:13:45 | Microsoft Warns of Business Email Compromise Attacks Taking Hours (lien direct) |
|
Threat | ★★ | |
|
2023-03-10 14:46:12 | Use of Malware Decreases in Cyber Attacks as Exploit Usage Skyrockets (lien direct) |
|
Malware | ★★ | |
|
2023-03-07 14:00:00 | CyberheistNews Vol 13 #10 [Eye Opener] BusinessWeek: The Satellite Hack Everyone Is Finally Talking About (lien direct) |
CyberheistNews Vol 13 #10 | March 7th, 2023
[Eye Opener] BusinessWeek: The Satellite Hack Everyone Is Finally Talking About
This week, Bloomberg News pointed at a brand-new article at BusinessWeek, one of their media properties. This is an excellent article that exposes the vulnerabilities when communications systems are not secure by design. It is an excellent wake-up call for your C-level execs and powerful budget ammo.
They started out with: "As Putin began his invasion of Ukraine, a network used throughout Europe-and by the Ukrainian military-faced an unprecedented cyberattack that doubled as an industrywide wake-up call. What they refer to is the Viasat hack. The KnowBe4 blog initially reported on this hack on March 24, 2022 here: https://blog.knowbe4.com/wired-a-mysterious-satellite-hack-has-victims-far-beyond-ukraine and in our CyberheistNews May 17, 2022 here: https://blog.knowbe4.com/cyberheistnews-vol-12-20-heads-up-now-you-need-to-watch-out-for-spoofed-vanity-urls.
The article continues to describe how a large number of Viasat customers lost connectivity. Here is a quote: "Viasat staffers in the U.S., where the company is based, were caught by surprise, too. Across Europe and North Africa, tens of thousands of internet connections in at least 13 countries were going dead.
"Some of the biggest service disruptions affected providers Bigblu Broadband PLC in the U.K. and NordNet AB in France, as well as utility systems that monitor thousands of wind turbines in Germany. The most critical affected Ukraine: Several thousand satellite systems that President Volodymyr Zelenskiy's government depended on were all down, making it much tougher for the military and intelligence services to coordinate troop and drone movements in the hours after the invasion."
"Industry was caught flat-footed," says Gregory Falco, a space cybersecurity expert who has advised the U.S. government. "Ukrainians paid the price. The war is really just revealing the capabilities," says Erin Miller, who runs the Space Information Sharing and Analysis Center, a trade group that gathers data on orbital threats. Cyberattacks affecting the industry, she says, have become a daily occurrence. The Viasat hack was widely considered a harbinger of attacks to come."
For many end-users, the frustrating thing about the Viasat hack is that, unlike with a phishing attack, there was nothing they could have done to prevent it. But the Russians (this smells like GRU) would have to know a lot of detail about Viasat's systems to execute an attack like th |
Guideline | Uber | ★★ |
|
2023-03-07 13:00:00 | Three out of Four Organizations Have Experienced a Successful Email-Based Attack as Impacts Increase (lien direct) |
|
★★ | ||
|
2023-03-06 14:09:47 | Executive Impersonation Business Email Compromise Attacks Go Beyond English Worldwide (lien direct) |
|
★★★ | ||
|
2023-03-02 12:09:33 | [Eye Opener] Businessweek: The Satellite Hack Everyone Is Finally Talking About (lien direct) |
![[Eye Opener] Businessweek: The Satellite Hack Everyone Is Finally Talking About](https://blog.knowbe4.com/hubfs/satellites-over-europe-courtesy-Airbus.jpg)
|
Hack | ★★★ | |
|
2023-03-01 18:52:30 | Remote Workers Significantly Increase the Cost of Remediating Email-Based Cyberattacks as Costs Average $1 Million (lien direct) |
|
★★★ | ||
|
2023-02-28 14:00:00 | CyberheistNews Vol 13 #09 [Eye Opener] Should You Click on Unsubscribe? (lien direct) |
CyberheistNews Vol 13 #09 | February 28th, 2023
[Eye Opener] Should You Click on Unsubscribe?
By Roger A. Grimes.
Some common questions we get are "Should I click on an unwanted email's 'Unsubscribe' link? Will that lead to more or less unwanted email?"
The short answer is that, in general, it is OK to click on a legitimate vendor's unsubscribe link. But if you think the email is sketchy or coming from a source you would not want to validate your email address as valid and active, or are unsure, do not take the chance, skip the unsubscribe action.
In many countries, legitimate vendors are bound by law to offer (free) unsubscribe functionality and abide by a user's preferences. For example, in the U.S., the 2003 CAN-SPAM Act states that businesses must offer clear instructions on how the recipient can remove themselves from the involved mailing list and that request must be honored within 10 days.
Note: Many countries have laws similar to the CAN-SPAM Act, although with privacy protection ranging the privacy spectrum from very little to a lot more protection. The unsubscribe feature does not have to be a URL link, but it does have to be an "internet-based way." The most popular alternative method besides a URL link is an email address to use.
In some cases, there are specific instructions you have to follow, such as put "Unsubscribe" in the subject of the email. Other times you are expected to craft your own message. Luckily, most of the time simply sending any email to the listed unsubscribe email address is enough to remove your email address from the mailing list.
[CONTINUED] at the KnowBe4 blog:https://blog.knowbe4.com/should-you-click-on-unsubscribe
[Live Demo] Ridiculously Easy Security Awareness Training and Phishing
Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.
Join us TOMORROW, Wednesday, March 1, @ 2:00 PM (ET), for a live demo of how KnowBe4 introduces a new-school approac |
Malware Hack Tool Vulnerability Threat Guideline Prediction | APT 38 ChatGPT | ★★★ |
|
2023-02-23 16:28:45 | Malware Report: The Number of Unique Phishing Emails in Q4 Rose by 36% (lien direct) |
|
Malware | ★★★ | |
|
2023-02-23 16:28:04 | Ransomware Attacks Using Extortion Tactics Reaches Critical Mass at 96% of all Attacks (lien direct) |
|
Ransomware | ★★★ | |
|
2023-02-23 16:27:44 | 28% of Users Open BEC Emails as BEC Attack Volume Skyrockets by 178% (lien direct) |
|
Studies | ★★★ | |
|
2023-02-22 13:48:30 | Coinbase Attack Used Social Engineering (lien direct) |
Coinbase describes a targeted social engineering attack that led to the theft of some employee data. The attacker first sent smishing messages to several Coinbase employees, urging them to click a link and log in to their Coinbase work account. One employee fell for the attack, and the threat actor then attempted to use the victim's account to gain access to Coinbase's internal systems. Fortunately, the company's security solutions prevented this. |
Threat | ★★★ | |
|
2023-02-21 14:00:00 | CyberheistNews Vol 13 #08 [Heads Up] Reddit Is the Latest Victim of a Spear Phishing Attack Resulting in a Data Breach (lien direct) |
CyberheistNews Vol 13 #08 | February 21st, 2023
[Heads Up] Reddit Is the Latest Victim of a Spear Phishing Attack Resulting in a Data Breach
There is a lot to learn from Reddit's recent data breach, which was the result of an employee falling for a "sophisticated and highly-targeted" spear phishing attack.
I spend a lot of time talking about phishing attacks and the specifics that closely surround that pivotal action taken by the user once they are duped into believing the phishing email was legitimate.
However, there are additional details about the attack we can analyze to see what kind of access the attacker was able to garner from this attack. But first, here are the basics:
According to Reddit, an attacker set up a website that impersonated the company's intranet gateway, then sent targeted phishing emails to Reddit employees. The site was designed to steal credentials and two-factor authentication tokens.
There are only a few details from the breach, but the notification does mention that the threat actor was able to access "some internal docs, code, as well as some internal dashboards and business systems."
Since the notice does imply that only a single employee fell victim, we have to make a few assumptions about this attack:
The attacker had some knowledge of Reddit's internal workings – The fact that the attacker can spoof an intranet gateway shows they had some familiarity with the gateway's look and feel, and its use by Reddit employees.
The targeting of victims was limited to users with specific desired access – Given the knowledge about the intranet, it's reasonable to believe that the attacker(s) targeted users with specific roles within Reddit. From the use of the term "code," I'm going to assume the target was developers or someone on the product side of Reddit.
The attacker may have been an initial access broker – Despite the access gained that Reddit is making out to be not a big deal, they do also mention that no production systems were accessed. This makes me believe that this attack may have been focused on gaining a foothold within Reddit versus penetrating more sensitive systems and data.
There are also a few takeaways from this attack that you can learn from:
2FA is an important security measure – Despite the fact that the threat actor collected and (I'm guessing) passed the credentials and 2FA details onto the legitimate Intranet gateway-a classic man-in-the |
Data Breach Hack Threat Guideline | ChatGPT | ★★ |
|
2023-02-15 14:18:35 | New Survey Reveals Employees are the Attack Surface (lien direct) |
|
★★ | ||
|
2023-02-15 13:18:20 | Reddit is the Latest Victim of a Spear Phishing Attack Resulting in a Data Breach (lien direct) |
|
Data Breach | ★★ | |
|
2023-02-14 14:00:00 | CyberheistNews Vol 13 #07 [Scam of the Week] The Turkey-Syria Earthquake (lien direct) |
CyberheistNews Vol 13 #07 | February 14th, 2023
[Scam of the Week] The Turkey-Syria Earthquake
Just when you think they cannot sink any lower, criminal internet scum is now exploiting the recent earthquake in Turkey and Syria.
Less than 24 hours after two massive earthquakes claimed the lives of tens of thousands of people, cybercrooks are already piggybacking on the horrible humanitarian crisis. You need to alert your employees, friends and family... again.
Just one example are scammers that pose as representatives from a Ukrainian charity foundation that seeks money to help those affected by the natural disasters that struck in the early hours of Monday.
There are going to be a raft of scams varying from blood drives to pleas for charitable contributions for victims and their families. Unfortunately, this type of scam is the worst kind of phishbait, and it is a very good idea to inoculate people before they get suckered into falling for a scam like this.
I suggest you send the following short alert to as many people as you can. As usual, feel free to edit:
[ALERT] "Lowlife internet scum is trying to benefit from the Turkey-Syria earthquake. The first phishing campaigns have already been sent and more will be coming that try to trick you into clicking on a variety of links about blood drives, charitable donations, or "exclusive" videos.
"Don't let them shock you into clicking on anything, or open possibly dangerous attachments you did not ask for! Anything you receive about this recent earthquake, be very suspicious. With this topic, think three times before you click. It is very possible that it is a scam, even though it might look legit or was forwarded to you by a friend -- be especially careful when it seems to come from someone you know through email, a text or social media postings because their account may be hacked.
"In case you want to donate to charity, go to your usual charity by typing their name in the address bar of your browser and do not click on a link in any email. Remember, these precautions are just as important at the house as in the office, so tell your friends and family."
It is unfortunate that we continue to have to warn against the bad actors on the internet that use these tragedies for their own benefit. For KnowBe4 customers, we have a few templates with this topic in the Current Events. It's a good idea to send one to your users this week.
Blog post with links:https://blog.knowbe4.com/scam-of-the-week-the-turkey-syria-earthquake
|
Ransomware Spam Threat Guideline | ChatGPT | ★★ |
|
2023-02-07 18:52:22 | Do Not Fall Victim to Cyber Attacks – Find Out What the Latest Hiscox Report Reveals! (lien direct) |
|
Studies | ★★★ | |
|
2023-02-07 13:26:47 | How Artificial Intelligence Can Make or Break Cybersecurity (lien direct) |
|
★★★ | ||
|
2023-02-02 21:31:58 | Yahoo Suddenly Rises in Popularity in Q4 to Become the Most Impersonated Brand in Phishing Attacks (lien direct) |
|
Yahoo Yahoo | ★★ | |
|
2023-02-02 21:31:56 | Initial Access Brokers Leverage Legitimate Google Ads to Gain Malicious Access (lien direct) |
|
★★ | ||
|
2023-02-01 14:24:06 | Artificial Intelligence, ChatGPT and Cybersecurity: A Match Made in Heaven or a Hack Waiting to Happen? (lien direct) |
|
Hack | ChatGPT | ★★ |
|
2023-01-31 20:04:22 | Ransomware Targets are Getting Larger and Paying More as Fewer Victims Are Paying the Ransom (lien direct) |
|
Ransomware | ★★★ | |
|
2023-01-31 20:04:16 | Microsoft OneNote Attachments Become the Latest Method to Spread Malware (lien direct) |
|
Malware | ★★ | |
|
2023-01-30 13:52:25 | Russian and Iranian Spear Phishing Campaigns are Running Rampant in the UK (lien direct) |
The UK's National Cyber Security Centre (NCSC) has described two separate spear phishing campaigns launched by Russia's SEABORGIUM threat actor and Iran's TA453 (also known as Charming Kitten). The NCSC says both threat actors have targeted entities in the UK, including “academia, defence, governmental organisations, NGOs, think-tanks, as well as politicians, journalists, and activists." |
Threat Conference | APT 35 | ★★ |
|
2023-01-25 18:23:12 | Do Not Get Fooled Twice: Mailchimp\'s Latest Breach Raises Alarm Bells – Protect Yourself Now! (lien direct) |
For the second time in less than a year, Mailchimp has found itself in a precarious situation, having to admit that it has been breached. It appears that a social engineering attack tricked Mailchimp employees and contractors into giving up their login credentials, which were then used to access 133 Mailchimp accounts. |
★★ | ||
|
2023-01-25 15:50:54 | [Security Masterminds] Breaking It Down to Bits & Bytes: Analyzing Malware To Understand the Cybercriminal (lien direct) |
![[Security Masterminds] Breaking It Down to Bits & Bytes: Analyzing Malware To Understand the Cybercriminal](https://blog.knowbe4.com/hubfs/Screen%20Shot%202023-01-25%20at%209.40.35%20AM.png)
In our latest episode of Security Masterminds, we have the pleasure of interviewing Roger Grimes, Data-Driven Defense Evangelist for KnowBe4, who has held various roles throughout his career. In the episode, Roger discusses his early days of malware disassembly, the trials and tribulations of public speaking, and his magnum opus, his book about data-driven defense. |
Malware | ★★ | |
|
2023-01-25 15:49:17 | Phishing Campaign Impersonates Japanese Rail Company (lien direct) |
|
★★ | ||
|
2023-01-24 18:14:53 | (Déjà vu) 2022 Report Confirms Business-Related Phishing Emails Trend [INFOGRAPHIC] (lien direct) |
![2022 Report Confirms Business-Related Phishing Emails Trend [INFOGRAPHIC]](https://blog.knowbe4.com/hubfs/Q42022-SOCIAL.jpg)
KnowBe4's latest reports on top-clicked phishing email subjects have been released for 2022 and Q4 2022. We analyze 'in the wild' attacks reported via our Phish Alert Button, top subjects globally clicked on in phishing tests, top attack vector types, and holiday email phishing subjects. |
Prediction | ★★★★★ | |
|
2023-01-20 13:59:19 | Blank-Image Attacks Impersonate DocuSign (lien direct) |
|
★ | ||
|
2023-01-20 12:03:01 | [Eye Popper] Ransomware Victims Refused To Pay Last Year (lien direct) |
![[Eye Popper] Ransomware Victims Refused To Pay Last Year](https://blog.knowbe4.com/hubfs/Ransomware-payments-graphic-courtesy-chainalysis-1.png)
|
Ransomware | ★ | |
|
2023-01-17 14:00:00 | (Déjà vu) CyberheistNews Vol 13 #03 [Eye Opener] Password Managers Can Be Hacked Lots of Ways and Yes, You Should Still Use Them (lien direct) |
|
★ | ||
|
2023-01-17 13:51:45 | Cyberinsurer Beazley Introduces a $45M Cyber Catastrophe Bond to Offset Risk (lien direct) |
|
★★ | ||
|
2023-01-17 13:15:27 | Is Your Organization\'s Password Complexity Requirement Strong Enough? Probably Not (lien direct) |
|
★★ | ||
|
2023-01-16 14:21:53 | [New Feature] Continuously Monitor for Any Detected Password Vulnerabilities Within Your User Base with PasswordIQ (lien direct) |
![[New Feature] Continuously Monitor for Any Detected Password Vulnerabilities Within Your User Base with PasswordIQ](https://blog.knowbe4.com/hubfs/Password-IQ-SM-1-noCTA.jpg)
|
★★★ | ||
|
2023-01-10 21:43:49 | Password Managers Can Be Hacked Lots of Ways and Yes, You Should Still Use Them (lien direct) |
|
★★★ |
To see everything:
Our RSS (filtrered)
