What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-06-28 15:16:46 | Le National Cyber Security Center Notes Les cabinets d'avocats britanniques sont principaux pour les cybercriminels National Cyber Security Centre Notes UK Law Firms are Main Target for Cybercriminals (lien direct) |
|
★★ | ||
|
2023-06-27 13:00:00 | Cyberheistnews Vol 13 # 26 [Eyes Open] La FTC révèle les cinq dernières escroqueries par SMS CyberheistNews Vol 13 #26 [Eyes Open] The FTC Reveals the Latest Top Five Text Message Scams (lien direct) |
CyberheistNews Vol 13 #26 | June 27th, 2023
[Eyes Open] The FTC Reveals the Latest Top Five Text Message Scams
The U.S. Federal Trade Commission (FTC) has published a data spotlight outlining the most common text message scams. Phony bank fraud prevention alerts were the most common type of text scam last year. "Reports about texts impersonating banks are up nearly tenfold since 2019 with median reported individual losses of $3,000 last year," the report says.
These are the top five text scams reported by the FTC:
Copycat bank fraud prevention alerts
Bogus "gifts" that can cost you
Fake package delivery problems
Phony job offers
Not-really-from-Amazon security alerts
"People get a text supposedly from a bank asking them to call a number ASAP about suspicious activity or to reply YES or NO to verify whether a transaction was authorized. If they reply, they\'ll get a call from a phony \'fraud department\' claiming they want to \'help get your money back.\' What they really want to do is make unauthorized transfers.
"What\'s more, they may ask for personal information like Social Security numbers, setting people up for possible identity theft."
Fake gift card offers took second place, followed by phony package delivery problems. "Scammers understand how our shopping habits have changed and have updated their sleazy tactics accordingly," the FTC says. "People may get a text pretending to be from the U.S. Postal Service, FedEx, or UPS claiming there\'s a problem with a delivery.
"The text links to a convincing-looking – but utterly bogus – website that asks for a credit card number to cover a small \'redelivery fee.\'"
Scammers also target job seekers with bogus job offers in an attempt to steal their money and personal information. "With workplaces in transition, some scammers are using texts to perpetrate old-school forms of fraud – for example, fake \'mystery shopper\' jobs or bogus money-making offers for driving around with cars wrapped in ads," the report says.
"Other texts target people who post their resumes on employment websites. They claim to offer jobs and even send job seekers checks, usually with instructions to send some of the money to a different address for materials, training, or the like. By the time the check bounces, the person\'s money – and the phony \'employer\' – are long gone."
Finally, scammers impersonate Amazon and send fake security alerts to trick victims into sending money. "People may get what looks like a message from \'Amazon,\' asking to verify a big-ticket order they didn\'t place," the FTC says. "Concerned |
Ransomware Spam Malware Hack Tool Threat | FedEx APT 28 APT 15 ChatGPT ChatGPT | ★★ |
|
2023-06-27 12:54:20 | Le nouveau rapport de Singapore Cyber Landscape 2022 montre que les conflits de la Russie-Ukraine, les attaques de phishing et les attaques de ransomware augmentent, et bien plus encore New Singapore Cyber Landscape 2022 Report Shows Russia-Ukraine Conflict, Phishing and Ransomware Attack Increases, and Much More (lien direct) |
|
Ransomware | ★★★ | |
|
2023-06-24 14:43:00 | Solarwinds \\ 'Head refuse de reculer au milieu d'une action réglementaire américaine potentielle sur le piratage russe SolarWinds\\' Head Refuses to Back Down Amid Potential US Regulatory Action over Russian hack (lien direct) |
|
Hack | ★★ | |
|
2023-06-23 15:35:38 | La technique d'attaque de phishing «Image in Picture» est si simple, cela fonctionne “Picture in Picture” Phishing Attack Technique Is So Simple, It Works (lien direct) |
|
★★★ | ||
|
2023-06-23 15:35:18 | La moitié des chefs d'entreprise croient que les utilisateurs ne sont pas conscients de la sécurité, malgré la plupart d'un programme en place Half of Business Leaders Believe Users Aren\\'t Security Aware, Despite Most Having a Program in Place (lien direct) |
|
★★ | ||
|
2023-06-20 13:00:00 | Cyberheistnews Vol 13 # 25 [empreintes digitales partout] Les informations d'identification volées sont la cause profonde n ° 1 des violations de données CyberheistNews Vol 13 #25 [Fingerprints All Over] Stolen Credentials Are the No. 1 Root Cause of Data Breaches (lien direct) |
CyberheistNews Vol 13 #25 | June 20th, 2023
[Fingerprints All Over] Stolen Credentials Are the No. 1 Root Cause of Data Breaches
Verizon\'s DBIR always has a lot of information to unpack, so I\'ll continue my review by covering how stolen credentials play a role in attacks.
This year\'s Data Breach Investigations Report has nearly 1 million incidents in their data set, making it the most statistically relevant set of report data anywhere.
So, what does the report say about the most common threat actions that are involved in data breaches? Overall, the use of stolen credentials is the overwhelming leader in data breaches, being involved in nearly 45% of breaches – this is more than double the second-place spot of "Other" (which includes a number of types of threat actions) and ransomware, which sits at around 20% of data breaches.
According to Verizon, stolen credentials were the "most popular entry point for breaches." As an example, in Basic Web Application Attacks, the use of stolen credentials was involved in 86% of attacks. The prevalence of credential use should come as no surprise, given the number of attacks that have focused on harvesting online credentials to provide access to both cloud platforms and on-premises networks alike.
And it\'s the social engineering attacks (whether via phish, vish, SMiSh, or web) where these credentials are compromised - something that can be significantly diminished by engaging users in security awareness training to familiarize them with common techniques and examples of attacks, so when they come across an attack set on stealing credentials, the user avoids becoming a victim.
Blog post with links:https://blog.knowbe4.com/stolen-credentials-top-breach-threat
[New PhishER Feature] Immediately Add User-Reported Email Threats to Your M365 Blocklist
Now there\'s a super easy way to keep malicious emails away from all your users through the power of the KnowBe4 PhishER platform!
The new PhishER Blocklist feature lets you use reported messages to prevent future malicious email with the same sender, URL or attachment from reaching other users. Now you can create a unique list of blocklist entries and dramatically improve your Microsoft 365 email filters without ever l |
Ransomware Data Breach Spam Malware Hack Vulnerability Threat Cloud | ChatGPT ChatGPT | ★★ |
|
2023-06-15 19:20:18 | Déchange d'une attaque d'identité: utiliser des IPF et une personnalisation pour améliorer le succès de l'attaque Breakdown of an Impersonation Attack: Using IPFS and Personalization to Improve Attack Success (lien direct) |
|
★★ | ||
|
2023-06-15 19:20:15 | Un attaquant britannique responsable d'une attaque littérale «man-in-the-middle» est finalement traduit en justice UK Attacker Responsible for a Literal “Man-in-the-Middle” Ransomware Attack is Finally Brought to Justice (lien direct) |
|
Ransomware | ★★ | |
|
2023-06-13 13:56:50 | 85% des organisations ont connu au moins une attaque de ransomware au cours de la dernière année 85% of Organizations Have Experienced At Least One Ransomware Attack in the Last Year (lien direct) |
|
Ransomware | ★★ | |
|
2023-06-13 13:56:46 | Les cyberattaques basées sur l'État continuent d'être une épine du côté du cyber-assureur State-Based Cyber Attacks Continue to Be a Thorn in the Cyber Insurer\\'s Side (lien direct) |
|
★★ | ||
|
2023-06-13 13:00:00 | CyberheistNews Vol 13 # 24 [Le biais de l'esprit \\] le prétexage dépasse désormais le phishing dans les attaques d'ingénierie sociale CyberheistNews Vol 13 #24 [The Mind\\'s Bias] Pretexting Now Tops Phishing in Social Engineering Attacks (lien direct) |
CyberheistNews Vol 13 #24 | June 13th, 2023
[The Mind\'s Bias] Pretexting Now Tops Phishing in Social Engineering Attacks
The New Verizon DBIR is a treasure trove of data. As we will cover a bit below, Verizon reported that 74% of data breaches Involve the "Human Element," so people are one of the most common factors contributing to successful data breaches. Let\'s drill down a bit more in the social engineering section.
They explained: "Now, who has received an email or a direct message on social media from a friend or family member who desperately needs money? Probably fewer of you. This is social engineering (pretexting specifically) and it takes more skill.
"The most convincing social engineers can get into your head and convince you that someone you love is in danger. They use information they have learned about you and your loved ones to trick you into believing the message is truly from someone you know, and they use this invented scenario to play on your emotions and create a sense of urgency. The DBIR Figure 35 shows that Pretexting is now more prevalent than Phishing in Social Engineering incidents. However, when we look at confirmed breaches, Phishing is still on top."
A social attack known as BEC, or business email compromise, can be quite intricate. In this type of attack, the perpetrator uses existing email communications and information to deceive the recipient into carrying out a seemingly ordinary task, like changing a vendor\'s bank account details. But what makes this attack dangerous is that the new bank account provided belongs to the attacker. As a result, any payments the recipient makes to that account will simply disappear.
BEC Attacks Have Nearly Doubled
It can be difficult to spot these attacks as the attackers do a lot of preparation beforehand. They may create a domain doppelganger that looks almost identical to the real one and modify the signature block to show their own number instead of the legitimate vendor.
Attackers can make many subtle changes to trick their targets, especially if they are receiving many similar legitimate requests. This could be one reason why BEC attacks have nearly doubled across the DBIR entire incident dataset, as shown in Figure 36, and now make up over 50% of incidents in this category.
Financially Motivated External Attackers Double Down on Social Engineering
Timely detection and response is crucial when dealing with social engineering attacks, as well as most other attacks. Figure 38 shows a steady increase in the median cost of BECs since 2018, now averaging around $50,000, emphasizing the significance of quick detection.
However, unlike the times we live in, this section isn\'t all doom and |
Spam Malware Vulnerability Threat Patching | Uber APT 37 ChatGPT ChatGPT APT 43 | ★★ |
|
2023-06-12 13:18:26 | La moitié des entreprises du Royaume-Uni ont été victimes de cyberattaques au cours des trois dernières années Half of U.K. Companies Have Been a Cyber Attack Victim in the Last Three Years (lien direct) |
|
★★ | ||
|
2023-06-12 13:18:07 | Forrester: L'IA, le cloud computing et la géopolitique sont des cyber-états émergents en 2023 Forrester: AI, Cloud Computing, and Geopolitics are Emerging Cyberthreats in 2023 (lien direct) |
|
Cloud | ★★ | |
|
2023-06-12 13:17:52 | Les organisations prennent 43 heures pour détecter une cyberattaque de phishing de lance Organizations Take 43 Hours to Detect an Spear Phishing Cyber Attack (lien direct) |
|
★★ | ||
|
2023-06-12 00:01:42 | Comment les cybercriminels de NK \\ ont volé 3 milliards de crypto pour financer leurs armes nucléaires How NK\\'s Cyber Criminals Stole 3 Billion in Crypto To Fund Their Nukes (lien direct) |
|
★★ | ||
|
2023-06-07 17:27:13 | Verizon: Email Reigns Supreme comme vecteur d'attaque initial pour les attaques de ransomwares Verizon: Email Reigns Supreme as Initial Attack Vector for Ransomware Attacks (lien direct) |
|
Ransomware | ★★ | |
|
2023-06-06 13:00:00 | Cyberheistnews Vol 13 # 23 [réveil] Il est temps de se concentrer davantage sur la prévention du phishing de lance CyberheistNews Vol 13 #23 [Wake-Up Call] It\\'s Time to Focus More on Preventing Spear Phishing (lien direct) |
CyberheistNews Vol 13 #23 | June 6th, 2023
[Wake-Up Call] It\'s Time to Focus More on Preventing Spear Phishing
Fighting spear phishing attacks is the single best thing you can do to prevent breaches. Social engineering is involved in 70% to 90% of successful compromises. It is the number one way that all hackers and malware compromise devices and networks. No other initial root cause comes close (unpatched software and firmware is a distant second being involved in about 33% of attacks).
A new, HUGE, very important, fact has been gleaned by Barracuda Networks which should impact the way that EVERYONE does security awareness training. Everyone needs to know about this fact and react accordingly.
This is that fact: "...spear phishing attacks that use personalized messages... make up only 0.1% of all email-based attacks according to Barracuda\'s data but are responsible for 66% of all breaches."
Let that sink in for a moment.
What exactly is spear phishing? Spear phishing is when a social engineering attacker uses personal or confidential information they have learned about a potential victim or organization in order to more readily fool the victim into performing a harmful action. Within that definition, spear phishing can be accomplished in thousands of different ways, ranging from basic attacks to more advanced, longer-range attacks.
[CONTINUED] at KnowBe4 blog:https://blog.knowbe4.com/wake-up-call-its-time-to-focus-more-on-preventing-spear-phishing
[Live Demo] Ridiculously Easy Security Awareness Training and Phishing
Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.
Join us TOMORROW, Wednesday, June 7, @ 2:00 PM (ET), for a live demonstration of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing.
Get a look at THREE NEW FEATURES and see how easy it is to train and phish your users.
NEW! Executive Reports - Can create, tailor and deliver advanced executive-level reports
NEW! KnowBe4 |
Ransomware Malware Hack Tool Threat | ★★ | |
|
2023-06-05 14:00:28 | Être un professionnel certifié de sensibilisation à la sécurité et de la culture (SACP) ™ Be a Certified Security Awareness and Culture Professional (SACP)™ (lien direct) |
Threat | ★★★ | ||
|
2023-06-01 17:37:09 | Protéger les données des patients: l'importance de la cybersécurité dans les soins de santé Protecting Patient Data: The Importance of Cybersecurity in Healthcare (lien direct) |
★★ | |||
|
2023-05-31 13:00:00 | Cyberheistnews Vol 13 # 22 [Eye on Fraud] Un examen plus approfondi de la hausse massive de 72% des attaques de phishing financier CyberheistNews Vol 13 #22 [Eye on Fraud] A Closer Look at the Massive 72% Spike in Financial Phishing Attacks (lien direct) |
CyberheistNews Vol 13 #22 | May 31st, 2023
[Eye on Fraud] A Closer Look at the Massive 72% Spike in Financial Phishing Attacks
With attackers knowing financial fraud-based phishing attacks are best suited for the one industry where the money is, this massive spike in attacks should both surprise you and not surprise you at all.
When you want tires, where do you go? Right – to the tire store. Shoes? Yup – shoe store. The most money you can scam from a single attack? That\'s right – the financial services industry, at least according to cybersecurity vendor Armorblox\'s 2023 Email Security Threat Report.
According to the report, the financial services industry as a target has increased by 72% over 2022 and was the single largest target of financial fraud attacks, representing 49% of all such attacks. When breaking down the specific types of financial fraud, it doesn\'t get any better for the financial industry:
51% of invoice fraud attacks targeted the financial services industry
42% were payroll fraud attacks
63% were payment fraud
To make matters worse, nearly one-quarter (22%) of financial fraud attacks successfully bypassed native email security controls, according to Armorblox. That means one in five email-based attacks made it all the way to the Inbox.
The next layer in your defense should be a user that\'s properly educated using security awareness training to easily identify financial fraud and other phishing-based threats, stopping them before they do actual damage.
Blog post with links:https://blog.knowbe4.com/financial-fraud-phishing
[Live Demo] Ridiculously Easy Security Awareness Training and Phishing
Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.
Join us Wednesday, June 7, @ 2:00 PM (ET), for a live demonstration of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing.
Get a look at THREE NEW FEATURES and see how easy it is to train and phish your users.
|
Ransomware Malware Hack Tool Threat Conference | Uber ChatGPT ChatGPT Guam | ★★ |
|
2023-05-24 12:52:37 | Batloader malware est désormais distribué dans des attaques d'entraînement BatLoader Malware is Now Distributed in Drive-By Attacks (lien direct) |
Malware | ★★ | ||
|
2023-05-23 13:00:00 | Cyberheistnews Vol 13 # 21 [Double Trouble] 78% des victimes de ransomwares sont confrontées à plusieurs extensions en tendance effrayante CyberheistNews Vol 13 #21 [Double Trouble] 78% of Ransomware Victims Face Multiple Extortions in Scary Trend (lien direct) |
CyberheistNews Vol 13 #21 | May 23rd, 2023
[Double Trouble] 78% of Ransomware Victims Face Multiple Extortions in Scary Trend
New data sheds light on how likely your organization will succumb to a ransomware attack, whether you can recover your data, and what\'s inhibiting a proper security posture.
You have a solid grasp on what your organization\'s cybersecurity stance does and does not include. But is it enough to stop today\'s ransomware attacks? CyberEdge\'s 2023 Cyberthreat Defense Report provides some insight into just how prominent ransomware attacks are and what\'s keeping orgs from stopping them.
According to the report, in 2023:
7% of organizations were victims of a ransomware attack
7% of those paid a ransom
73% were able to recover data
Only 21.6% experienced solely the encryption of data and no other form of extortion
It\'s this last data point that interests me. Nearly 78% of victim organizations experienced one or more additional forms of extortion. CyberEdge mentions threatening to publicly release data, notifying customers or media, and committing a DDoS attack as examples of additional threats mentioned by respondents.
IT decision makers were asked to rate on a scale of 1-5 (5 being the highest) what were the top inhibitors of establishing and maintaining an adequate defense. The top inhibitor (with an average rank of 3.66) was a lack of skilled personnel – we\'ve long known the cybersecurity industry is lacking a proper pool of qualified talent.
In second place, with an average ranking of 3.63, is low security awareness among employees – something only addressed by creating a strong security culture with new-school security awareness training at the center of it all.
Blog post with links:https://blog.knowbe4.com/ransomware-victim-threats
[Free Tool] Who Will Fall Victim to QR Code Phishing Attacks?
Bad actors have a new way to launch phishing attacks to your users: weaponized QR codes. QR code phishing is especially dangerous because there is no URL to check and messages bypass traditional email filters.
With the increased popularity of QR codes, users are more at |
Ransomware Hack Tool Vulnerability Threat Prediction | ChatGPT | ★★ |
|
2023-05-22 12:00:00 | Cyber Insurance: Is Paying a Ransom Counter-Productive? (lien direct) |
Food à réflexion comme indiqué le 18 mai 2023, un article publié dans Le Conseil de l'assurance australien: Banning Paying A Ransom to Cyber Thaskers est les brouettes Cyber sont les brouettes de cyber l'est les brouettes du cyberCounter-Productive où Andrew Hall, directeur général du Conseil d'assurance de l'Australie (ICA), a déclaré que «tente d'interdire aux entreprises de payer des rançons pour les risques de cyberattaques érodantsconfiance et relations avec le gouvernement. »
Food for thought as discussed on May 18, 2023, an article posted in The Australian Insurance Council: Banning paying a ransom to cyber hackers is counter-productive where Andrew Hall, the Chief Executive of the Insurance Council of Australia (ICA), stated that “attempts to ban businesses from paying ransoms for cyber attacks risks eroding trust and relationships with government.” |
★★ | ||
|
2023-05-18 20:22:37 | Le phishing est en tête de liste dans le monde en tant que vecteur d'attaque initial et dans le cadre des cyberattaques Phishing Tops the List Globally as Both Initial Attack Vector and as part of Cyberattacks (lien direct) |
|
★★ | ||
|
2023-05-16 13:00:00 | CyberheistNews Vol 13 # 20 [pied dans la porte] Les escroqueries de phishing du Q1 2023 \\ |Infographie CyberheistNews Vol 13 #20 [Foot in the Door] The Q1 2023\\'s Top-Clicked Phishing Scams | INFOGRAPHIC (lien direct) |
CyberheistNews Vol 13 #20 | May 16th, 2023
[Foot in the Door] The Q1 2023\'s Top-Clicked Phishing Scams | INFOGRAPHIC
KnowBe4\'s latest reports on top-clicked phishing email subjects have been released for Q1 2023. We analyze "in the wild" attacks reported via our Phish Alert Button, top subjects globally clicked on in phishing tests, top attack vector types, and holiday email phishing subjects.
IT and Online Services Emails Drive Dangerous Attack Trend
This last quarter\'s results reflect the shift to IT and online service notifications such as laptop refresh or account suspension notifications that can affect your end users\' daily work.
Cybercriminals are constantly increasing the damage they cause to organizations by luring unsuspecting employees into clicking on malicious links or downloading fake attachments that seem realistic. Emails that are disguised as coming from an internal source, such as the IT department, are especially dangerous because they appear to come from a trusted place where an employee would not necessarily question it or be as skeptical.
Building up your organization\'s human firewall by fostering a strong security culture is essential to outsmart bad actors. The report covers the following:
Common "In-The-Wild" Emails for Q1 2023
Top Phishing Email Subjects Globally
Top 5 Attack Vector Types
Top 10 Holiday Phishing Email Subjects in Q1 2023
This post has a full PDF infographic you can download and share with your users:https://blog.knowbe4.com/q1-2023-top-clicked-phishing
[New PhishER Feature] Immediately Add User-Reported Email Threats to Your M365 Blocklist
Now there\'s a super easy way to keep malicious emails away from all your users through the power of the KnowBe4 PhishER platform!
The new PhishER Blocklist feature lets you use reported messages to prevent future malicious email with the same sender, URL or attachment from reaching other users. Now you can create a unique list of blocklist entries and dramatically improve your Microsoft 365 email filters without ever leaving the PhishER console.
Join us TOMORROW, Wednesday, May 17, @ 2:00 PM (ET) for a l |
Ransomware Spam Malware Hack Tool Threat | ★★ | |
|
2023-05-15 18:25:35 | L'état des cyber-défenses organisationnelles a un impact The State of Organizational Cyber Defenses Impacts Cyber Insurance Availability, Cost, and Terms (lien direct) |
|
★★ | ||
|
2023-05-15 12:09:55 | Ransomware Gangs are “Big Game Hunting” as Victim Org Sizes and Ransom Payments Continue to Rise (lien direct) |
|
Ransomware | ★★ | |
|
2023-05-11 12:14:18 | Munich Re: "3x croissance estimée en cas de cybercriminalité au cours des 4 prochaines années" Munich Re: "3x growth estimated in cyber crime costs over the next 4 years" (lien direct) |
Alors que les cyberattaques continuent de croître en sophistication et en fréquence, les cyber-assureurs s'attendent à ce que leur marché double au cours des deux prochaines années.
As cyber attacks continue to grow in sophistication and frequency, cyber insurers are expecting their market to double in the next two years. |
★★ | ||
|
2023-05-11 12:14:18 | La demande de cyber-assurance augmente à mesure que la cybercriminalité devrait atteindre 24 billions de dollars d'ici 2027 Cyber Insurance Demand Grows as Cybercrime is Expected to Rise to $24 Trillion by 2027 (lien direct) |
|
★★ | ||
|
2023-05-09 20:43:09 | [Doigt sur la gâchette] Comment le FBI a nuculé le vol de données de data de serpent russe [Finger on the Trigger] How the FBI Nuked Russian FSB\\'s Snake Data Theft Malware (lien direct) |
![[Finger on the Trigger] How the FBI Nuked Russian FSB\'s Snake Data Theft Malware](https://blog.knowbe4.com/hubfs/JasperArt_2023-05-09_16.25.49_1.png)
|
Malware | ★★ | |
|
2023-05-09 14:03:14 | [Infographie] [INFOGRAPHIC] (lien direct) |
★★★★ | |||
|
2023-05-09 13:00:00 | Cyberheistnews Vol 13 # 19 [Watch Your Back] Nouvelle fausse erreur de mise à jour Chrome Attaque cible vos utilisateurs CyberheistNews Vol 13 #19 [Watch Your Back] New Fake Chrome Update Error Attack Targets Your Users (lien direct) |
CyberheistNews Vol 13 #19 | May 9th, 2023
[Watch Your Back] New Fake Chrome Update Error Attack Targets Your Users
Compromised websites (legitimate sites that have been successfully compromised to support social engineering) are serving visitors fake Google Chrome update error messages.
"Google Chrome users who use the browser regularly should be wary of a new attack campaign that distributes malware by posing as a Google Chrome update error message," Trend Micro warns. "The attack campaign has been operational since February 2023 and has a large impact area."
The message displayed reads, "UPDATE EXCEPTION. An error occurred in Chrome automatic update. Please install the update package manually later, or wait for the next automatic update." A link is provided at the bottom of the bogus error message that takes the user to what\'s misrepresented as a link that will support a Chrome manual update. In fact the link will download a ZIP file that contains an EXE file. The payload is a cryptojacking Monero miner.
A cryptojacker is bad enough since it will drain power and degrade device performance. This one also carries the potential for compromising sensitive information, particularly credentials, and serving as staging for further attacks.
This campaign may be more effective for its routine, innocent look. There are no spectacular threats, no promises of instant wealth, just a notice about a failed update. Users can become desensitized to the potential risks bogus messages concerning IT issues carry with them.
Informed users are the last line of defense against attacks like these. New school security awareness training can help any organization sustain that line of defense and create a strong security culture.
Blog post with links:https://blog.knowbe4.com/fake-chrome-update-error-messages
A Master Class on IT Security: Roger A. Grimes Teaches You Phishing Mitigation
Phishing attacks have come a long way from the spray-and-pray emails of just a few decades ago. Now they\'re more targeted, more cunning and more dangerous. And this enormous security gap leaves you open to business email compromise, session hijacking, ransomware and more.
Join Roger A. Grimes, KnowBe4\'s Data-Driven Defense Evangelist, |
Ransomware Data Breach Spam Malware Tool Threat Prediction | NotPetya NotPetya APT 28 ChatGPT ChatGPT | ★★ |
|
2023-05-09 12:00:00 | Le département de police de Dallas est la dernière victime d'une attaque de ransomware Dallas Police Department is the Latest Victim of a Ransomware Attack (lien direct) |
|
Ransomware | ★★ | |
|
2023-05-08 13:59:46 | Améligations anti-phishing complètes: un aperçu rapide Comprehensive Anti-Phishing Mitigations: A Quick Overview (lien direct) |
|
★★ | ||
|
2023-05-04 12:39:05 | Les cyberattaques mondiales continuent d'augmenter alors que le premier trimestre voit une augmentation de 7% Global Cyber Attacks Continue to Rise as Q1 Sees a 7% Increase (lien direct) |
|
★★ | ||
|
2023-05-04 12:28:47 | Téléchargements de logiciels malveillants facilités par l'ingénierie sociale Malware Downloads Facilitated by Social Engineering (lien direct) |
|
Malware | ★★ | |
|
2023-05-04 12:00:00 | [Kit de ressources gratuit] Nouveau kit de ressources de sécurité de mot de passe pour célébrer la Journée mondiale des mots de passe! [FREE RESOURCE KIT] New Password Security Resource Kit to Celebrate World Password Day! (lien direct) |
![[FREE RESOURCE KIT] New Password Security Resource Kit to Celebrate World Password Day!](https://blog.knowbe4.com/hs-fs/hubfs/Password-Kit-Group-Image.png?width=600&height=363&name=Password-Kit-Group-Image.png)
|
★★★ | ||
|
2023-05-02 14:34:03 | Faux messages d'erreur de mise à jour Chrome Fake Chrome Update Error Messages (lien direct) |
|
★★ | ||
|
2023-05-02 13:00:00 | Cyberheistnews Vol 13 # 18 [Eye on Ai] Chatgpt a-t-il la cybersécurité indique-t-elle? CyberheistNews Vol 13 #18 [Eye on AI] Does ChatGPT Have Cybersecurity Tells? (lien direct) |
CyberheistNews Vol 13 #18 | May 2nd, 2023
[Eye on AI] Does ChatGPT Have Cybersecurity Tells?
Poker players and other human lie detectors look for "tells," that is, a sign by which someone might unwittingly or involuntarily reveal what they know, or what they intend to do. A cardplayer yawns when they\'re about to bluff, for example, or someone\'s pupils dilate when they\'ve successfully drawn a winning card.
It seems that artificial intelligence (AI) has its tells as well, at least for now, and some of them have become so obvious and so well known that they\'ve become internet memes. "ChatGPT and GPT-4 are already flooding the internet with AI-generated content in places famous for hastily written inauthentic content: Amazon user reviews and Twitter," Vice\'s Motherboard observes, and there are some ways of interacting with the AI that lead it into betraying itself for what it is.
"When you ask ChatGPT to do something it\'s not supposed to do, it returns several common phrases. When I asked ChatGPT to tell me a dark joke, it apologized: \'As an AI language model, I cannot generate inappropriate or offensive content,\' it said. Those two phrases, \'as an AI language model\' and \'I cannot generate inappropriate content,\' recur so frequently in ChatGPT generated content that they\'ve become memes."
That happy state of easy detection, however, is unlikely to endure. As Motherboard points out, these tells are a feature of "lazily executed" AI. With a little more care and attention, they\'ll grow more persuasive.
One risk of the AI language models is that they can be adapted to perform social engineering at scale. In the near term, new-school security awareness training can help alert your people to the tells of automated scamming. And in the longer term, that training will adapt and keep pace with the threat as it evolves.
Blog post with links:https://blog.knowbe4.com/chatgpt-cybersecurity-tells
[Live Demo] Ridiculously Easy Security Awareness Training and Phishing
Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.
Join us TOMORROW, Wednesday, May 3, @ 2:00 PM (ET), for a live demonstration of how KnowBe4 |
Ransomware Malware Hack Threat | ChatGPT ChatGPT | ★★ |
|
2023-05-02 12:22:23 | Les deux meilleures choses que vous pouvez faire pour vous protéger et l'organisation The Two Best Things You Can Do To Protect Yourself and Organization (lien direct) |
Depuis le début, deux types d'attaques informatiques (appelés Exploits de cause racine initiale ) ont composé la grande majorité des attaques réussies: Génie social et exploiter les vulnérabilités non corrigées.Ces deux causes profondes représentent entre 50% et 90% de toutes les attaques réussies.Il y a des tonnes d'autres façons dont vous pouvez être attaqué (par exemple, devinettes de mot de passe, une mauvaise configuration, des écoutes, des attaques physiques, etc.), mais tous les autres types d'attaques additionnés ne sont pas égaux à l'une ou l'autre des deux autres méthodes les plus populaires.
Since the beginning, two types of computer attacks (known as initial root cause exploits) have composed the vast majority of successful attacks: social engineering and exploiting unpatched vulnerabilities. These two root causes account for somewhere between 50% to 90% of all successful attacks. There are tons of other ways you can be attacked (e.g., password guessing, misconfiguration, eavesdropping, physical attacks, etc.), but all other types of attacks added up all together do not equal either of the other two more popular methods. |
★★ | ||
|
2023-05-02 12:21:31 | Phishing comme tactique d'espionnage pour les cybercriminels Phishing as an Espionage Tactic for Cybercriminals (lien direct) |
★★ | |||
|
2023-05-01 14:31:33 | La fréquence d'attaque de phishing augmente près de 50% à mesure que certains secteurs augmentent jusqu'à 576% Phishing Attack Frequency Rises Nearly 50% as Some Sectors Increase by as Much as 576% (lien direct) |
|
★★★ | ||
|
2023-04-27 12:08:22 | Les dernières attaques QBOT utilisent un mélange de pièces jointes PDF et de fichiers hôtes de script Windows pour infecter les victimes Latest QBot Attacks Use a Mixture of PDF Attachments and Windows Scripting Host Files to Infect Victims (lien direct) |
Malware | ★★ | ||
|
2023-04-27 12:07:48 | Malgré la majorité des organisations croyant qu'elles étaient préparées pour les cyberattaques, la moitié étaient toujours victimes Despite a Majority of Organizations Believing They\\'re Prepared for Cyber Attacks, Half Were Still Victims (lien direct) |
|
★★ | ||
|
2023-04-25 13:00:00 | Cyberheistnews Vol 13 # 17 [Head Start] Méthodes efficaces Comment enseigner l'ingénierie sociale à une IA CyberheistNews Vol 13 #17 [Head Start] Effective Methods How To Teach Social Engineering to an AI (lien direct) |
CyberheistNews Vol 13 #16 | April 18th, 2023
[Finger on the Pulse]: How Phishers Leverage Recent AI Buzz
Curiosity leads people to suspend their better judgment as a new campaign of credential theft exploits a person\'s excitement about the newest AI systems not yet available to the general public. On Tuesday morning, April 11th, Veriti explained that several unknown actors are making false Facebook ads which advertise a free download of AIs like ChatGPT and Google Bard.
Veriti writes "These posts are designed to appear legitimate, using the buzz around OpenAI language models to trick unsuspecting users into downloading the files. However, once the user downloads and extracts the file, the Redline Stealer (aka RedStealer) malware is activated and is capable of stealing passwords and downloading further malware onto the user\'s device."
Veriti describes the capabilities of the Redline Stealer malware which, once downloaded, can take sensitive information like credit card numbers, passwords, and personal information like user location, and hardware. Veriti added "The malware can upload and download files, execute commands, and send back data about the infected computer at regular intervals."
Experts recommend using official Google or OpenAI websites to learn when their products will be available and only downloading files from reputable sources. With the rising use of Google and Facebook ads as attack vectors experts also suggest refraining from clicking on suspicious advertisements promising early access to any product on the Internet.
Employees can be helped to develop sound security habits like these by stepping them through monthly social engineering simulations.
Blog post with links:https://blog.knowbe4.com/ai-hype-used-for-phishbait
[New PhishER Feature] Immediately Add User-Reported Email Threats to Your M365 Blocklist
Now there\'s a super easy way to keep malicious emails away from all your users through the power of the KnowBe4 PhishER platform!
The new PhishER Blocklist feature lets you use reported messages to prevent future malicious email with the same sender, URL or attachment from reaching other users. Now you can create a unique list of blocklist entries and dramatically improve your Microsoft 365 email filters with |
Spam Malware Hack Threat | APT 28 ChatGPT ChatGPT | ★★★ |
|
2023-04-22 12:48:10 | [Heads Up] Le nouveau service Fednow ouvre une nouvelle surface d'attaque massive [Heads Up] The New FedNow Service Opens Massive New Attack Surface (lien direct) |
![[Heads Up] Le nouveau service FedNow ouvre une nouvelle surface d'attaque massive](https://blog.knowbe4.com/hubfs/idebar-fednow-Explorer-v3.jpg )
Vous n'avez peut-être pas entendu parler de ce service prévu pour juillet 2023, mais cela promet unMassive Nouveau Génie social Surface d'attaque.Ceci provient de leur site Web: "À propos du service FedNowsm. Le service Fednow est une nouvelle infrastructure de paiement instantané développée par la Réserve fédérale qui permetServices de paiement. "Grâce à des institutions financières participant au service Fednow, les entreprises et les particuliers peuvent envoyer et recevoir des paiements instantanés en temps réel, 24 heures sur 24, tous les jours de l'année.Les institutions financières et leur service & nbsp;Les fournisseurs peuvent utiliser le service pour fournir des services de paiement instantané innovants aux clients, et les destinataires auront un accès complet aux fonds immédiatement, ce qui permet une plus grande flexibilité financière lors de la mise en temps sensible au temps. "Ceci est le site: https://www.frbservices.org/financial-services/fednow/about.html VousPeut imaginer la boîte de Pandora \\ que cela s'ouvre. Nous, chez Knowbe4, organisons un concours interne pour trouver des exploits d'ingénierie sociale potentiels et phishing Modèles. Nous avons un tas de personnes très créatives travaillant ici, ce sont les principales soumissions:
![[Heads Up] The New FedNow Service Opens Massive New Attack Surface](https://blog.knowbe4.com/hubfs/sidebar-fednow-explorer-v3.jpg)
You may not have heard of this service planned for July 2023, but it promises a massive new social engineering attack surface. This is from their website:"About the FedNowSM Service. The FedNow Service is a new instant payment infrastructure developed by the Federal Reserve that allows financial institutions of every size across the U.S. to provide safe and efficient instant payment services."Through financial institutions participating in the FedNow Service, businesses and individuals can send and receive instant payments in real time, around the clock, every day of the year. Financial institutions and their service providers can use the service to provide innovative instant payment services to customers, and recipients will have full access to funds immediately, allowing for greater financial flexibility when making time-sensitive payments." This is the site: https://www.frbservices.org/financial-services/fednow/about.htmlYou can imagine the pandora\'s box this opens up. We at KnowBe4 ran an internal contest to come up with potential social engineering exploits and phishing templates. We have a bunch of very creative people working here, these are the top submissions: |
★★ | ||
|
2023-04-20 12:22:15 | Plus d'entreprises avec cyber-assurance sont touchées par des ransomwares que ceux sans More Companies with Cyber Insurance Are Hit by Ransomware Than Those Without (lien direct) |
|
Ransomware | ★★★★ | |
|
2023-04-20 12:21:59 | Près de la moitié des professionnels de l'informatique sont invités à se taire sur les violations de sécurité Nearly One-Half of IT Pros are Told to Keep Quiet About Security Breaches (lien direct) |
|
★★ | ||
|
2023-04-20 12:21:53 | Le volume des e-mails de phishing double au premier trimestre alors que l'utilisation de logiciels malveillants dans les attaques diminue légèrement Phishing Email Volume Doubles in Q1 as the use of Malware in Attacks Slightly Declines (lien direct) |
|
Malware | ★★ |
To see everything:
Our RSS (filtrered)
