www.secnews.physaphae.fr

www.secnews.physaphae.fr This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-20T15:11:17+00:00 www.secnews.physaphae.fr knowbe4 - cybersecurity services Rapports de Bloomberg: Attaque de phishing du code QR furtif contre la grande société d'énergie américaine Bloomberg Reports: Stealth QR Code Phishing Attack On Major US Energy Company

]]> 2023-08-18T12:41:06+00:00 https://blog.knowbe4.com/bloomberg-reports-stealth-qr-code-phishing-attack-on-major-us-energy-company www.secnews.physaphae.fr/article.php?IdArticle=8371738 False None None 2.0000000000000000 knowbe4 - cybersecurity services Ransomware attaque la montée en flèche alors que l'IA génératrice devient un outil de marchandise dans l'arsenal de l'acteur de menace Ransomware Attacks Surge as Generative AI Becomes a Commodity Tool in the Threat Actor\\'s Arsenal $Ransomware Attacks Surge as Generative AI Becomes a Commodity Tool in the Threat Actor\'s Arsenal$ ]]> 2023-08-16T18:00:17+00:00 https://blog.knowbe4.com/ransomware-generative-ai-attacks-surge www.secnews.physaphae.fr/article.php?IdArticle=8370848 False Ransomware,Tool,Threat None 2.0000000000000000 knowbe4 - cybersecurity services Les plateformes de médias sociaux deviennent la moitié de toutes les cibles d'attaque de phishing Social Media Platforms Become Half of all Phishing Attack Targets

Social Media Platforms Become Half of all Phishing Attack Targets

]]> 2023-08-16T18:00:08+00:00 https://blog.knowbe4.com/social-media-half-phishing-attack www.secnews.physaphae.fr/article.php?IdArticle=8370849 False None None 4.0000000000000000 knowbe4 - cybersecurity services Le paradoxe de la ransomware \\: pourquoi la baisse des taux de monétisation s'accompagne de paiements de rançon en rançon - une analyse incontournable. Ransomware\\'s Paradox: Why Falling Monetization Rates Are Accompanied by Soaring Ransom Payments - A Must-Read Analysis. $Ransomware\'s Paradox: Why Falling Monetization Rates Are Accompanied by Soaring Ransom Payments - A Must-Read Analysis.$ ]]> 2023-08-16T14:14:42+00:00 https://blog.knowbe4.com/ransomwares-paradox-why-falling-monetization-rates-are-accompanied-by-soaring-ransom-payments-a-must-read-analysis www.secnews.physaphae.fr/article.php?IdArticle=8370743 False None None 2.0000000000000000 knowbe4 - cybersecurity services Les logiciels malveillants de Gootloader utilisent l'ingénierie sociale pour cibler les cabinets d'avocats (ou leurs clients) Gootloader Malware Uses Social Engineering to Target Law Firms (or their Clients)

Gootloader Malware Uses Social Engineering to Target Law Firms (or their Clients)

]]> 2023-08-14T14:56:30+00:00 https://blog.knowbe4.com/gootloader-malware-social-engineering www.secnews.physaphae.fr/article.php?IdArticle=8369940 False Malware None 2.0000000000000000 knowbe4 - cybersecurity services Comcast: 9 tentatives sur 10 pour violer les réseaux de clients commencent par un phish Comcast: 9 out of 10 Attempts to Breach Customer Networks Start with a Phish

Comcast: 9 out of 10 Attempts to Breach Customer Networks Start with a Phish

]]> 2023-08-11T12:21:30+00:00 https://blog.knowbe4.com/customer-network-breaches-phishing www.secnews.physaphae.fr/article.php?IdArticle=8368918 False None None 2.0000000000000000 knowbe4 - cybersecurity services Le rôle de l'AI \\ dans la cybersécurité: Black Hat USA 2023 révèle comment les grands modèles de langage façonnent l'avenir des attaques de phishing et de la défense AI\\'s Role in Cybersecurity: Black Hat USA 2023 Reveals How Large Language Models Are Shaping the Future of Phishing Attacks and Defense $Rôle Ai \\ dans la cybersécurité: Black Hat USA 2023 révèle la façon dont les modèles de langue façonnentL'avenir des attaques de phishing et de la défense$ à Black Hat USA 2023, une session dirigée par une équipe de chercheurs en sécurité, dont Fredrik Heiding, Bruce Schneier, Arun Vishwanath et Jeremy Bernstein, ont dévoilé une expérience intrigante.Ils ont testé de grands modèles de langue (LLM) pour voir comment ils ont fonctionné à la fois dans l'écriture de courriels de phishing convaincants et les détecter.Ceci est le PDF document technique . L'expérience: l'élaboration des e-mails de phishing L'équipe a testé quatre LLM commerciaux, y compris le chatppt de l'Openai \\, Bard de Google \\, Claude \\ de Google et Chatllama, dans des attaques de phishing expérimentales contre les étudiants de Harvard.L'expérience a été conçue pour voir comment la technologie de l'IA pouvait produire des leurres de phishing efficaces. Heriding, chercheur à Harvard, a souligné qu'une telle technologie a déjà eu un impact sur le paysage des menaces en facilitant la création de courriels de phishing.Il a dit: "GPT a changé cela. Vous n'avez pas besoin d'être un orateur anglais natif, vous n'avez pas besoin de faire beaucoup. Vous pouvez entrer une invite rapide avec seulement quelques points de données." L'équipe a envoyé des e-mails de phishing offrant des cartes-cadeaux Starbucks à 112 étudiants, en comparant Chatgpt avec un modèle non AI appelé V-Triad.Les résultats ont montré que l'e-mail V-Triad était le plus efficace, avec un taux de clic de 70%, suivi d'une combinaison V-Triad-Chatgpt à 50%, Chatgpt à 30% et le groupe témoin à 20%. Cependant, dans une autre version du test, Chatgpt a fonctionné beaucoup mieux, avec un taux de clic de près de 50%, tandis que la combinaison V-Triad-Chatgpt a mené avec près de 80%.Heriding a souligné qu'un LLM non formé et à usage général a pu créer rapidement des attaques de phishing très efficaces. Utilisation de LLMS pour la détection de phishing La deuxième partie de l'expérience s'est concentrée sur l'efficacité des LLM pour déterminer l'intention des e-mails suspects.L'équipe a utilisé les e-mails de Starbucks de la première partie de l'expérience et a demandé aux LLM de déterminer l'intention, qu'elle ait été composée par un humain ou une IA, d'identifier tout aspect suspect et d'offrir des conseils sur la façon de répondre. Les résultats étaient à la fois surprenants et encourageants.Les modèles avaient des taux de réussite élevés dans l'identification des e-mails marketing, mais ont eu des difficultés avec l'intention des e-mails de phishing V-Triad et Chatgpt.Ils se sont mieux comportés lorsqu'ils sont chargés d'identifier le contenu suspect, les résultats de Claude \\ étant mis en évidence pour non seulement pour obtenir des résultats élevés dans les tests de détection mais aussi fournir des conseils judicieux pour les utilisateurs. La puissance de phishing de LLMS Dans l'ensemble, Heriding a conclu que les LLMS prêtesété formé sur toutes les données de sécurité.Il a déclaré: "C'est vraiment quelque chose que tout le monde peut utiliser en ce moment. C'est assez puissant." L'expér]]> 2023-08-10T18:39:58+00:00 https://blog.knowbe4.com/ais-role-in-cybersecurity-black-hat-usa-2023-reveals-how-large-language-models-are-shaping-the-future-of-phishing-attacks-and-defense www.secnews.physaphae.fr/article.php?IdArticle=8368532 False Tool,Threat ChatGPT,ChatGPT 2.0000000000000000 knowbe4 - cybersecurity services Chapeau noir: "cinq cyber phases de la guerre hybride de la Russie" Black Hat: "Five cyber phases of Russia\\'s hybrid war"

]]> 2023-08-10T15:44:01+00:00 https://blog.knowbe4.com/black-hat-five-cyber-phases-of-russias-hybrid-war www.secnews.physaphae.fr/article.php?IdArticle=8368424 False None None 2.0000000000000000 knowbe4 - cybersecurity services Les nouvelles exigences de mot de passe PCI pourraient être l'impulsion pour les escroqueries de récolte des informations d'identification New PCI Password Requirements Could Be the Impetus for Credential Harvesting Scams

New PCI Password Requirements Could Be the Impetus for Credential Harvesting Scams

]]> 2023-08-09T17:55:02+00:00 https://blog.knowbe4.com/new-pci-password-requirements-scams www.secnews.physaphae.fr/article.php?IdArticle=8367975 False None None 2.0000000000000000 knowbe4 - cybersecurity services 5 façons intrigantes de l'IA change le paysage des cyberattaques 5 Intriguing Ways AI Is Changing the Landscape of Cyber Attacks 2023-08-08T12:36:07+00:00 https://blog.knowbe4.com/ai-changing-cyber-attack-landscape www.secnews.physaphae.fr/article.php?IdArticle=8367275 False None None 2.0000000000000000 knowbe4 - cybersecurity services [Infographie] Q2 2023 Résultats des tests de phishing de premier clique [INFOGRAPHIC] Q2 2023 Top-Clicked Phishing Test Results Favor HR-Related Subjects 2023-08-08T12:00:00+00:00 https://blog.knowbe4.com/q2-2023-top-clicked-phishing www.secnews.physaphae.fr/article.php?IdArticle=8367193 False None None 2.0000000000000000 knowbe4 - cybersecurity services Les attaques d'extorsion de vol de données augmentent de 25% en seulement un quart et prennent la première place d'attaque Data Theft Extortion Attacks Rise 25 Percent in Just One Quarter and Take Top Attack Spot

Data Theft Extortion Attacks Rise 25 Percent in Just One Quarter and Take Top Attack Spot

]]> 2023-08-07T11:39:14+00:00 https://blog.knowbe4.com/data-theft-extortion-attacks-rise www.secnews.physaphae.fr/article.php?IdArticle=8366748 False None None 2.0000000000000000 knowbe4 - cybersecurity services Les attaques de phishing continuent d'utiliser les pièces jointes car les fichiers HTML contenant Java dominent Phishing Attacks Continue to Use Attachments as HTML Files Containing Java Dominate

Phishing Attacks Continue to Use Attachments as HTML Files Containing Java Dominate

]]> 2023-08-07T11:39:05+00:00 https://blog.knowbe4.com/phishing-attacks-html-attachments www.secnews.physaphae.fr/article.php?IdArticle=8366749 False None None 2.0000000000000000 knowbe4 - cybersecurity services Les pirates russes ont violé les agences gouvernementales \\ 'MFA utilisant des équipes Microsoft: votre entreprise est-elle la prochaine? Russian Hackers Breached Government Agencies\\' MFA Using Microsoft Teams: Is Your Business Next? $Les pirates russes ont violé les agences gouvernementales \\ 'MFA utilisant des équipes Microsoft: votre entreprise est-elle la prochaine?$ récent de Microsoft \\ Article de blog Les sourcils ont haussé les sourcils à travers la communauté de la cybersécurité.Les pirates d'État liés à la Russie, connus sous le nom d'APT29 ou confortable, ont exécuté des attaques de phishing «hautement ciblées» via la plate-forme des équipes de Microsoft \\.Ce sont les mêmes pirates derrière l'historique Solarwinds Hack en 2020 et la violation de 2016 du Comité national démocrate. La méthode était à la fois sophistiquée et alarmante.En compromettant les comptes Microsoft 365 appartenant à des petites entreprises, les pirates ont créé des domaines pour tromper leurs cibles via des messages Microsoft Teams.Ils ont engagé des utilisateurs et obtenu l'approbation des invites en MFA, contournant ce qui est généralement considéré comme une mesure de sécurité robuste. & Nbsp;

$Russian Hackers Breached Government Agencies\' MFA Using Microsoft Teams: Is Your Business Next?$ Microsoft\'s recent blog post raised eyebrows through the cybersecurity community. State-backed hackers linked to Russia, known as APT29 or Cozy Bear, have executed “highly targeted” phishing attacks through Microsoft\'s Teams platform. These are the same hackers behind the historic SolarWinds hack in 2020 and the 2016 breach of the Democratic National Committee.The method was both sophisticated and alarmingly simple. By compromising Microsoft 365 accounts owned by small businesses, the hackers created domains to deceive their targets through Microsoft Teams messages. They engaged users and elicited approval of MFA prompts, bypassing what is usually considered a robust security measure. ]]> 2023-08-06T14:22:10+00:00 https://blog.knowbe4.com/russian-hackers-breached-government-agencies-mfa-using-microsoft-teams-is-your-business-next www.secnews.physaphae.fr/article.php?IdArticle=8366414 False None APT 29,APT 29 4.0000000000000000 knowbe4 - cybersecurity services Le besoin urgent de cyber-résilience dans les soins de santé The Urgent Need For Cyber Resilience in Healthcare 2023-08-02T18:46:03+00:00 https://blog.knowbe4.com/need-cyber-resilience-healthcare www.secnews.physaphae.fr/article.php?IdArticle=8364869 False Ransomware None 2.0000000000000000 knowbe4 - cybersecurity services Bad Actor utilise un faux chat Android pour installer des logiciels malveillants Bad Actor Uses Fake Android Chat to Install Malware

Bad Actor Uses Fake Android Chat to Install Malware

]]> 2023-08-02T12:52:08+00:00 https://blog.knowbe4.com/bad-actor-fake-android-install-malware www.secnews.physaphae.fr/article.php?IdArticle=8364734 False Malware None 2.0000000000000000 knowbe4 - cybersecurity services La CISA découvre que le phishing de lance et le compromis de compte valide sont les vecteurs d'attaque les plus courants CISA Discovers Spear Phishing and Valid Account Compromise Are the Most Common Attack Vectors 2023-07-31T15:00:38+00:00 https://blog.knowbe4.com/spear-phishing-common-attack-vector www.secnews.physaphae.fr/article.php?IdArticle=8363892 False None None 2.0000000000000000 knowbe4 - cybersecurity services Les chercheurs découvrent une méthode surprenante pour pirater les garde-corps des LLM Researchers uncover surprising method to hack the guardrails of LLMs

]]> 2023-07-29T13:12:49+00:00 https://blog.knowbe4.com/researchers-uncover-surprising-method-to-hack-the-guardrails-of-llms www.secnews.physaphae.fr/article.php?IdArticle=8363207 False Hack None 3.0000000000000000 knowbe4 - cybersecurity services Les numéros d'attaque par e-mail de phishing «baisse» tandis que les volumes de logiciels malveillants augmentent de 15% Phishing Email Attack Numbers “Decline” While Malware Volumes Increase 15%

Phishing Email Attack Numbers “Decline” While Malware Volumes Increase 15%

]]> 2023-07-27T18:26:27+00:00 https://blog.knowbe4.com/phishing-decline-while-malware-increase www.secnews.physaphae.fr/article.php?IdArticle=8362363 False Malware None 3.0000000000000000 knowbe4 - cybersecurity services Comment Knowbe4 peut vous aider à lutter contre le phishing des lances How KnowBe4 Can Help You Fight Spear Phishing 2023-07-27T12:00:00+00:00 https://blog.knowbe4.com/knowbe4-help-fight-spear-phishing www.secnews.physaphae.fr/article.php?IdArticle=8362199 False None None 1.00000000000000000000 knowbe4 - cybersecurity services Le nouveau rapport IBM révèle que le coût d'une violation de données dépasse désormais 4,45 millions de dollars New IBM report reveals the cost of a data breach now tops $4.45 million

nouveau rapport IBM révèle que le coût d'une violation de données dépasse désormais 4,45 millions de dollars

IBM Security a publié son coût annuel d'un rapport de violation de données, révélant que le coût moyen mondial d'une violation de données a atteint 4,45 millions de dollars en 2023. Cela marque une augmentation significative de 15% au cours des 3 dernières années, faisant deC'est le coût le plus enregistré dans l'histoire du rapport.Notamment, les coûts de détection et d'escalade ont connu une augmentation substantielle de 42% au cours de la même période, indiquant un passage à des enquêtes de violation plus complexes.

New IBM report reveals the cost of a data breach now tops $4.45 million

IBM Security has released its annual Cost of a Data Breach Report, revealing that the global average cost of a data breach reached $4.45 million in 2023. This marks a significant increase of 15% over the past 3 years, making it the highest recorded cost in the history of the report. Notably, detection and escalation costs have seen a substantial rise of 42% during the same period, indicating a shift towards more complex breach investigations.]]> 2023-07-26T19:21:29+00:00 https://blog.knowbe4.com/new-ibm-report-reveals-the-cost-of-a-data-breach-now-tops-4.45-million www.secnews.physaphae.fr/article.php?IdArticle=8361865 False Data Breach None 2.0000000000000000 knowbe4 - cybersecurity services Les soins de santé de l'Union européenne voit le nombre de cyber-incidents doubler en 2023 European Union Healthcare Sees the Number of Cyber Incidents Double in 2023 Un nouveau rapport axé sur le secteur des soins de santé met en lumière l'état des cyberattaques de l'Union européenne, y compris les types d'attaques, les motivations ciblées de qui, et qui ont été responsables. .

EU Healthcare Sees the Number of Cyber Incidents Double in 2023

A new report focused on the healthcare sector sheds light on the state of cyber attacks in the European Union, including the types of attacks, who\'s targeted, motivations, and who\'s responsible.]]> 2023-07-20T19:25:40+00:00 https://blog.knowbe4.com/eu-healthcare-cyber-incidents-double www.secnews.physaphae.fr/article.php?IdArticle=8359391 False None None 2.0000000000000000 knowbe4 - cybersecurity services Le nombre de compromis de données saute de 50% dans H1 2023, dépassant chaque année The Number of Data Compromises Jumps 50% in H1 2023, Outpacing Every Year on Record Les nouvelles données du Centre de ressources de vol d'identité (ITRC) couvrant le premier semestre de cette année montre une augmentation significative du nombre de cyberattaques réussies axées sur le vol de données d'entreprise.

The Number of Data Compromises Jumps 50% in H1 2023 Outpacing Every Year on Record

New data from the Identity Theft Resource Center (ITRC) covering the first half of this year shows a significant rise in the number of successful cyber attacks focused on stealing corporate data.]]> 2023-07-20T19:25:33+00:00 https://blog.knowbe4.com/data-compromises-jumps www.secnews.physaphae.fr/article.php?IdArticle=8359392 False None None 2.0000000000000000 knowbe4 - cybersecurity services Wormpt, un générateur de texte de cybercriminalité "sans éthique" WormGPT, an "ethics-free" Cyber Crime text generator Cyberwire a écrit: "Les chercheurs de Slashnext & nbsp; Décrire & nbsp; Un outil de cybercriminalité générateur d'IA appelé« Wormgpt », qui est annoncé sur les forums souterrains comme« une alternative Blackhat aux modèles GPT, conçue spécifiquement pour des activités malveillantes. "L'outil peut générer une sortie que les modèles d'IA légitimes essaient d'empêcher, tels que le code malware ou les modèles de phishing. & Nbsp;

CyberWire wrote: "Researchers at SlashNext describe a generative AI cybercrime tool called “WormGPT,” which is being advertised on underground forums as “a blackhat alternative to GPT models, designed specifically for malicious activities.” The tool can generate output that legitimate AI models try to prevent, such as malware code or phishing templates. ]]> 2023-07-17T17:26:05+00:00 https://blog.knowbe4.com/wormgpt-an-ethics-free-cyber-crime-text-generator www.secnews.physaphae.fr/article.php?IdArticle=8357853 False Malware,Tool None 2.0000000000000000 knowbe4 - cybersecurity services Près d'un quart de tous les e-mails sont considérés comme malveillants Nearly One-Quarter of All Emails Are Considered to be Malicious

Nearly One-Quarter of All Emails Are Considered to be Malicious

]]> 2023-07-14T12:14:31+00:00 https://blog.knowbe4.com/one-quarter-all-emails-malicious www.secnews.physaphae.fr/article.php?IdArticle=8356525 False None None 3.0000000000000000 knowbe4 - cybersecurity services Détails bancaires malvertising Attack se déguise comme une annonce USPS USPS infaillible Banking Detail Malvertising Attack Disguises Itself as a Foolproof USPS Google Ad

Banking Detail Malvertising Attack Disguises Itself as a Foolproof USPS Google Ad

]]> 2023-07-14T12:14:27+00:00 https://blog.knowbe4.com/banking-detail-malvertising-attack www.secnews.physaphae.fr/article.php?IdArticle=8356526 False None None 2.0000000000000000 knowbe4 - cybersecurity services [Découvert] une nouvelle attaque de désinformation de l'IA maléfique appelée \\ 'poisongpt \\' [Discovered] An evil new AI disinformation attack called \\'PoisonGPT\\' $[Discovered] An evil new AI disinformation attack called \'PoisonGPT\'$ ]]> 2023-07-13T20:39:42+00:00 https://blog.knowbe4.com/discovered-an-evil-new-ai-disinformation-attack-called-poisongpt www.secnews.physaphae.fr/article.php?IdArticle=8356196 False None None 3.0000000000000000 knowbe4 - cybersecurity services Les attaques de phishing utilisant des codes QR capturent les informations d'identification des utilisateurs Phishing Attacks Employing QR Codes Are Capturing User Credentials

Phishing Attacks Employing QR Codes Are Capturing User Credentials

]]> 2023-07-12T14:11:56+00:00 https://blog.knowbe4.com/phishing-attacks-qr-codes www.secnews.physaphae.fr/article.php?IdArticle=8355327 False None None 3.0000000000000000 knowbe4 - cybersecurity services Cyberheistnews Vol 13 # 28 [méfiez-vous] Microsoft Teams Exploit utilise l'ingénierie sociale pour répandre les logiciels malveillants CyberheistNews Vol 13 #28 [Beware] Microsoft Teams Exploit Uses Social Engineering to Spread Malware

]]> 2023-07-11T13:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-28-beware-microsoft-teams-exploit-uses-social-engineering-to-spread-malware www.secnews.physaphae.fr/article.php?IdArticle=8354404 False Malware None 2.0000000000000000 knowbe4 - cybersecurity services Nouveaux références de phishing déverrouillées: votre organisation est-elle d'avance sur la courbe en 2023 New Phishing Benchmarks Unlocked: Is Your Organization Ahead of the Curve in 2023

New Phishing Benchmarks Unlocked: Is Your Organization Ahead of the Curve in 2023

]]> 2023-07-10T14:51:29+00:00 https://blog.knowbe4.com/new-phishing-benchmarks-unlocked www.secnews.physaphae.fr/article.php?IdArticle=8354012 False None None 2.0000000000000000 knowbe4 - cybersecurity services Le nombre de cas d'attaque de phishing à Singapour saute de 185% The Number of Phishing Attack Cases in Singapore Jump by 185%

The Number of Phishing Attack Cases in Singapore Jump by 185%

]]> 2023-07-07T15:15:00+00:00 https://blog.knowbe4.com/phishing-attack-singapore-increase www.secnews.physaphae.fr/article.php?IdArticle=8353406 False None None 3.0000000000000000 knowbe4 - cybersecurity services Smartwatch non sollicité gratuit dans le courrier et je suis dans l'armée?Qu'est ce qui pourrait aller mal??? Free Unsolicited Smartwatch in the Mail and I\\'m in the Military? What Could Possibly Go Wrong??? 2023-07-07T15:00:00+00:00 https://blog.knowbe4.com/free-smart-watch-mail-military-scam www.secnews.physaphae.fr/article.php?IdArticle=8353379 False Threat None 2.0000000000000000 knowbe4 - cybersecurity services Le groupe Camaro Dragon apt continue d'employer des appareils USB comme vecteur d'attaque initial Camaro Dragon APT Group Continues to Employ USB Devices as Initial Attack Vector

Camaro Dragon APT Group Continues to Employ USB Devices as Initial Attack Vector

]]> 2023-07-07T14:50:41+00:00 https://blog.knowbe4.com/camaro-dragon-apt-group-usb-devices-attack-vector www.secnews.physaphae.fr/article.php?IdArticle=8353380 False None None 3.0000000000000000 knowbe4 - cybersecurity services Les cyberattaques par e-mail en Europe augmentent 7 fois en un an seulement Email-Based Cyber Attacks in Europe Increase 7-Fold in Just One Year

Email-Based Cyber Attacks in Europe Increase 7-Fold in Just One Year

]]> 2023-07-07T14:50:09+00:00 https://blog.knowbe4.com/email-cyber-attacks-europe-increase-one-year www.secnews.physaphae.fr/article.php?IdArticle=8353381 False None None 3.0000000000000000 knowbe4 - cybersecurity services Microsoft Teams Cyber Attack Exploit Tool s'appuie sur l'ingénierie sociale pour fournir des logiciels malveillants Microsoft Teams Cyber Attack Exploit Tool Relies on Social Engineering to Deliver Malware exploited Microsoft Teams CyberL'outil d'attaque s'appuie sur l'ingénierie sociale pour livrer des logiciels malveillants

exploited Microsoft Teams CyberL'outil d'attaque s'appuie sur l'ingénierie sociale pour livrer des logiciels malveillants

Si votre organisation utilise des équipes Microsoft, alors vous voulez vraiment entendre parler d'une nouvelle façon dont les mauvais acteurs exploitent cet outil de cyber-attaque nouvellement découvert.

Exploited Microsoft Teams Cyber Attack Tool Relies on Social Engineering to Deliver Malware

If your organization uses Microsoft Teams, then you definitely want to hear about a new way bad actors are exploiting this newly discovered cyber attack tool. ]]> 2023-07-07T12:00:00+00:00 https://blog.knowbe4.com/microsoft-teams-exploit-social-engineering www.secnews.physaphae.fr/article.php?IdArticle=8353340 False Malware,Tool None 3.0000000000000000 knowbe4 - cybersecurity services Nerve Center: Protégez votre réseau contre les nouvelles souches de ransomware avec notre dernière mise à jour RANSIM Nerve Center: Protect Your Network Against New Ransomware Strains with Our Latest RanSim Update simulateur de ransomware gratuit

ransomware continue d'être une menace majeure pour toutes les organisations et, selon le Verizon 2023 Data Breach Investigations Report , est toujours présent dans 24% des violations.

Ransomware continues to be a major threat for all organizations and, according to the Verizon 2023 Data Breach Investigations Report, is still present in 24% of breaches. ]]> 2023-07-06T12:00:00+00:00 https://blog.knowbe4.com/updated-ransomware-simulator www.secnews.physaphae.fr/article.php?IdArticle=8352869 False Ransomware,Data Breach,Threat None 2.0000000000000000 knowbe4 - cybersecurity services Le plus grand port du Japon est la dernière victime d'une attaque de ransomware Japan\\'s Largest Port is the Latest Victim of a Ransomware Attack $Japan\'s Largest Port is the Latest Victim of a Ransomware Attack$ ]]> 2023-07-05T13:23:22+00:00 https://blog.knowbe4.com/japans-largest-port-ransomware www.secnews.physaphae.fr/article.php?IdArticle=8352481 False Ransomware None 2.0000000000000000 knowbe4 - cybersecurity services Cyberheistnews Vol 13 # 27 [tête haute] La campagne de phishing d'identité massive imite plus de 100 marques et des milliers de domaines CyberheistNews Vol 13 #27 [Heads Up] Massive Impersonation Phishing Campaign Imitates Over 100 Brands and Thousands of Domains

CyberheistNews Vol 13 #27 | July 5th, 2023 [Heads Up] Massive Impersonation Phishing Campaign Imitates Over 100 Brands and Thousands of Domains A year-long phishing campaign has been uncovered that impersonates 100+ popular clothing, footwear, and apparel brands using at least 10 fake domains impersonating each brand. We\'ve seen plenty of attacks that impersonated a single brand along with a few domains used to ensure victims can be taken to a website that seeks to harvest credentials or steal personal information. But I don\'t think an attack of such magnitude as the one identified by security researchers at Internet security monitoring vendor Bolster. According to Bolster, the 13-month long campaign used over 3000 live domains (and another 3000+ domains that are no longer in use) to impersonate over 100 well-known brands. We\'re talking about brands like Nike, Guess, Fossil, Tommy Hilfiger, Skechers, and many more. Some of the domains have even existed long enough to be displayed at the top of natural search results. And these sites are very well made; so much so that they mimic their legitimate counterparts enough that visitors are completing online shopping visits, providing credit card and other payment details. The impersonation seen in this widespread attack can just as easily be used to target corporate users with brands utilized by employees; all that\'s needed is to put the time and effort into building out a legitimate enough looking impersonated website and create a means to get the right users to visit said site (something most often accomplished through phishing attacks). This latest impersonation campaign makes the case for ensuring users are vigilant when interacting with the web – something accomplished through continual Security Awareness Training. Blog post with links:https://blog.knowbe4.com/massive-impersonation-phishing-campaign [Live Demo] Ridiculously Easy Security Awareness Training and Phishing Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense. Join us Wednesday, July 12, @ 2:00 PM (ET), for a live demonstra]]> 2023-07-05T13:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-27-heads-up-massive-impersonation-phishing-campaign-imitates-over-100-brands-and-thousands-of-domains www.secnews.physaphae.fr/article.php?IdArticle=8352450 False Malware,Hack,Threat,Cloud None 2.0000000000000000 knowbe4 - cybersecurity services L'utilisation de piscines d'exploitation de crypto pour blanchir les fonds de rançon augmente de 100 000% sur 5 ans Use of Crypto Mining Pools to Launder Ransom Funds Grows 100,000% Over 5 Years

Use of Crypto Mining Pools to Launder Ransom Funds Grows 100,000% Over 5 Years

]]> 2023-06-29T17:18:18+00:00 https://blog.knowbe4.com/crypto-mining-pools-ransom-funds www.secnews.physaphae.fr/article.php?IdArticle=8350707 False None None 2.0000000000000000 knowbe4 - cybersecurity services Acteur de menace iranienne Chichette Chichette à l'aide de la campagne de phishing de lance pour distribuer des logiciels malveillants Iranian Threat Actor Charming Kitten Using Spear Phishing Campaign To Distribute Malware 2023-06-29T17:18:11+00:00 https://blog.knowbe4.com/charming-kitten-spear-phishing www.secnews.physaphae.fr/article.php?IdArticle=8350708 False Malware,Threat APT 35 2.0000000000000000 knowbe4 - cybersecurity services Le National Cyber Security Center Notes Les cabinets d'avocats britanniques sont principaux pour les cybercriminels National Cyber Security Centre Notes UK Law Firms are Main Target for Cybercriminals

National Cyber Security Centre Notes UK Law Firms are Main Target for Cybercriminals

]]> 2023-06-28T15:16:46+00:00 https://blog.knowbe4.com/uk-law-firms-cybercriminal-target www.secnews.physaphae.fr/article.php?IdArticle=8350187 False None None 2.0000000000000000 knowbe4 - cybersecurity services Cyberheistnews Vol 13 # 26 [Eyes Open] La FTC révèle les cinq dernières escroqueries par SMS CyberheistNews Vol 13 #26 [Eyes Open] The FTC Reveals the Latest Top Five Text Message Scams

CyberheistNews Vol 13 #26 | June 27th, 2023 [Eyes Open] The FTC Reveals the Latest Top Five Text Message Scams The U.S. Federal Trade Commission (FTC) has published a data spotlight outlining the most common text message scams. Phony bank fraud prevention alerts were the most common type of text scam last year. "Reports about texts impersonating banks are up nearly tenfold since 2019 with median reported individual losses of $3,000 last year," the report says. These are the top five text scams reported by the FTC: Copycat bank fraud prevention alerts Bogus "gifts" that can cost you Fake package delivery problems Phony job offers Not-really-from-Amazon security alerts "People get a text supposedly from a bank asking them to call a number ASAP about suspicious activity or to reply YES or NO to verify whether a transaction was authorized. If they reply, they\'ll get a call from a phony \'fraud department\' claiming they want to \'help get your money back.\' What they really want to do is make unauthorized transfers. "What\'s more, they may ask for personal information like Social Security numbers, setting people up for possible identity theft." Fake gift card offers took second place, followed by phony package delivery problems. "Scammers understand how our shopping habits have changed and have updated their sleazy tactics accordingly," the FTC says. "People may get a text pretending to be from the U.S. Postal Service, FedEx, or UPS claiming there\'s a problem with a delivery. "The text links to a convincing-looking – but utterly bogus – website that asks for a credit card number to cover a small \'redelivery fee.\'" Scammers also target job seekers with bogus job offers in an attempt to steal their money and personal information. "With workplaces in transition, some scammers are using texts to perpetrate old-school forms of fraud – for example, fake \'mystery shopper\' jobs or bogus money-making offers for driving around with cars wrapped in ads," the report says. "Other texts target people who post their resumes on employment websites. They claim to offer jobs and even send job seekers checks, usually with instructions to send some of the money to a different address for materials, training, or the like. By the time the check bounces, the person\'s money – and the phony \'employer\' – are long gone." Finally, scammers impersonate Amazon and send fake security alerts to trick victims into sending money. "People may get what looks like a message from \'Amazon,\' asking to verify a big-ticket order they didn\'t place," the FTC says. "Concerned ]]> 2023-06-27T13:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-26-eyes-open-the-ftc-reveals-the-latest-top-five-text-message-scams www.secnews.physaphae.fr/article.php?IdArticle=8349704 False Ransomware,Spam,Malware,Hack,Tool,Threat ChatGPT,ChatGPT,APT 15,APT 28,FedEx 2.0000000000000000 knowbe4 - cybersecurity services Le nouveau rapport de Singapore Cyber Landscape 2022 montre que les conflits de la Russie-Ukraine, les attaques de phishing et les attaques de ransomware augmentent, et bien plus encore New Singapore Cyber Landscape 2022 Report Shows Russia-Ukraine Conflict, Phishing and Ransomware Attack Increases, and Much More

New Singapore Cyber Landscape 2022 Report Shows Russia-Ukraine Conflict, Phishing and Ransomware Attack Increases, and Much More

]]> 2023-06-27T12:54:20+00:00 https://blog.knowbe4.com/singapore-cyber-landscape-2022-report www.secnews.physaphae.fr/article.php?IdArticle=8349705 False Ransomware None 3.0000000000000000 knowbe4 - cybersecurity services Solarwinds \\ 'Head refuse de reculer au milieu d'une action réglementaire américaine potentielle sur le piratage russe SolarWinds\\' Head Refuses to Back Down Amid Potential US Regulatory Action over Russian hack $SolarWinds\' Head Refuses to Back Down Amid Potential US Regulatory Action over Russian hack$ ]]> 2023-06-24T14:43:00+00:00 https://blog.knowbe4.com/solarwinds-head-refuses-to-back-down-amid-potential-us-regulatory-action-over-russian-hack www.secnews.physaphae.fr/article.php?IdArticle=8348919 False Hack None 2.0000000000000000 knowbe4 - cybersecurity services La technique d'attaque de phishing «Image in Picture» est si simple, cela fonctionne “Picture in Picture” Phishing Attack Technique Is So Simple, It Works

“Picture in Picture” Phishing Attack Technique Is So Simple, It Works

]]> 2023-06-23T15:35:38+00:00 https://blog.knowbe4.com/picture-in-picture-phishing-attack www.secnews.physaphae.fr/article.php?IdArticle=8348560 False None None 3.0000000000000000 knowbe4 - cybersecurity services La moitié des chefs d'entreprise croient que les utilisateurs ne sont pas conscients de la sécurité, malgré la plupart d'un programme en place Half of Business Leaders Believe Users Aren\\'t Security Aware, Despite Most Having a Program in Place $Half of Business Leaders Believe Users Aren\'t Security Aware, Despite Most Having a Program in Place$ ]]> 2023-06-23T15:35:18+00:00 https://blog.knowbe4.com/business-leaders-users-arent-security-aware www.secnews.physaphae.fr/article.php?IdArticle=8348561 False None None 2.0000000000000000 knowbe4 - cybersecurity services Cyberheistnews Vol 13 # 25 [empreintes digitales partout] Les informations d'identification volées sont la cause profonde n ° 1 des violations de données CyberheistNews Vol 13 #25 [Fingerprints All Over] Stolen Credentials Are the No. 1 Root Cause of Data Breaches

CyberheistNews Vol 13 #25 | June 20th, 2023 [Fingerprints All Over] Stolen Credentials Are the No. 1 Root Cause of Data Breaches Verizon\'s DBIR always has a lot of information to unpack, so I\'ll continue my review by covering how stolen credentials play a role in attacks. This year\'s Data Breach Investigations Report has nearly 1 million incidents in their data set, making it the most statistically relevant set of report data anywhere. So, what does the report say about the most common threat actions that are involved in data breaches? Overall, the use of stolen credentials is the overwhelming leader in data breaches, being involved in nearly 45% of breaches – this is more than double the second-place spot of "Other" (which includes a number of types of threat actions) and ransomware, which sits at around 20% of data breaches. According to Verizon, stolen credentials were the "most popular entry point for breaches." As an example, in Basic Web Application Attacks, the use of stolen credentials was involved in 86% of attacks. The prevalence of credential use should come as no surprise, given the number of attacks that have focused on harvesting online credentials to provide access to both cloud platforms and on-premises networks alike. And it\'s the social engineering attacks (whether via phish, vish, SMiSh, or web) where these credentials are compromised - something that can be significantly diminished by engaging users in security awareness training to familiarize them with common techniques and examples of attacks, so when they come across an attack set on stealing credentials, the user avoids becoming a victim. Blog post with links:https://blog.knowbe4.com/stolen-credentials-top-breach-threat [New PhishER Feature] Immediately Add User-Reported Email Threats to Your M365 Blocklist Now there\'s a super easy way to keep malicious emails away from all your users through the power of the KnowBe4 PhishER platform! The new PhishER Blocklist feature lets you use reported messages to prevent future malicious email with the same sender, URL or attachment from reaching other users. Now you can create a unique list of blocklist entries and dramatically improve your Microsoft 365 email filters without ever l]]> 2023-06-20T13:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-25-fingerprints-all-over-stolen-credentials-are-the-no1-root-cause-of-data-breaches www.secnews.physaphae.fr/article.php?IdArticle=8347292 False Ransomware,Data Breach,Spam,Malware,Hack,Vulnerability,Threat,Cloud ChatGPT,ChatGPT 2.0000000000000000 knowbe4 - cybersecurity services Déchange d'une attaque d'identité: utiliser des IPF et une personnalisation pour améliorer le succès de l'attaque Breakdown of an Impersonation Attack: Using IPFS and Personalization to Improve Attack Success

Breakdown of an Impersonation Attack: Using IPFS and Personalization to Improve Attack Success

]]> 2023-06-15T19:20:18+00:00 https://blog.knowbe4.com/breakdown-of-impersonation-attack www.secnews.physaphae.fr/article.php?IdArticle=8345857 False None None 2.0000000000000000 knowbe4 - cybersecurity services Un attaquant britannique responsable d'une attaque littérale «man-in-the-middle» est finalement traduit en justice UK Attacker Responsible for a Literal “Man-in-the-Middle” Ransomware Attack is Finally Brought to Justice

UK Attacker Responsible for a Literal “Man-in-the-Middle” Ransomware Attack is Finally Brought to Justice

]]> 2023-06-15T19:20:15+00:00 https://blog.knowbe4.com/uk-attacker-ransomware-arrest www.secnews.physaphae.fr/article.php?IdArticle=8345858 False Ransomware None 2.0000000000000000 knowbe4 - cybersecurity services 85% des organisations ont connu au moins une attaque de ransomware au cours de la dernière année 85% of Organizations Have Experienced At Least One Ransomware Attack in the Last Year

85% of Organizations Have Experienced At Least One Ransomware Attack in the Last Year

]]> 2023-06-13T13:56:50+00:00 https://blog.knowbe4.com/85-organizations-experienced-ransomware-attack www.secnews.physaphae.fr/article.php?IdArticle=8344823 False Ransomware None 2.0000000000000000 knowbe4 - cybersecurity services Les cyberattaques basées sur l'État continuent d'être une épine du côté du cyber-assureur State-Based Cyber Attacks Continue to Be a Thorn in the Cyber Insurer\\'s Side $State-Based Cyber Attacks Continue to Be a Thorn in the Cyber Insurer\'s Side$ ]]> 2023-06-13T13:56:46+00:00 https://blog.knowbe4.com/state-based-cyber-attacks www.secnews.physaphae.fr/article.php?IdArticle=8344824 False None None 2.0000000000000000 knowbe4 - cybersecurity services CyberheistNews Vol 13 # 24 [Le biais de l'esprit \\] le prétexage dépasse désormais le phishing dans les attaques d'ingénierie sociale CyberheistNews Vol 13 #24 [The Mind\\'s Bias] Pretexting Now Tops Phishing in Social Engineering Attacks

CyberheistNews Vol 13 #24 | June 13th, 2023 [The Mind\'s Bias] Pretexting Now Tops Phishing in Social Engineering Attacks The New Verizon DBIR is a treasure trove of data. As we will cover a bit below, Verizon reported that 74% of data breaches Involve the "Human Element," so people are one of the most common factors contributing to successful data breaches. Let\'s drill down a bit more in the social engineering section. They explained: "Now, who has received an email or a direct message on social media from a friend or family member who desperately needs money? Probably fewer of you. This is social engineering (pretexting specifically) and it takes more skill. "The most convincing social engineers can get into your head and convince you that someone you love is in danger. They use information they have learned about you and your loved ones to trick you into believing the message is truly from someone you know, and they use this invented scenario to play on your emotions and create a sense of urgency. The DBIR Figure 35 shows that Pretexting is now more prevalent than Phishing in Social Engineering incidents. However, when we look at confirmed breaches, Phishing is still on top." A social attack known as BEC, or business email compromise, can be quite intricate. In this type of attack, the perpetrator uses existing email communications and information to deceive the recipient into carrying out a seemingly ordinary task, like changing a vendor\'s bank account details. But what makes this attack dangerous is that the new bank account provided belongs to the attacker. As a result, any payments the recipient makes to that account will simply disappear. BEC Attacks Have Nearly Doubled It can be difficult to spot these attacks as the attackers do a lot of preparation beforehand. They may create a domain doppelganger that looks almost identical to the real one and modify the signature block to show their own number instead of the legitimate vendor. Attackers can make many subtle changes to trick their targets, especially if they are receiving many similar legitimate requests. This could be one reason why BEC attacks have nearly doubled across the DBIR entire incident dataset, as shown in Figure 36, and now make up over 50% of incidents in this category. Financially Motivated External Attackers Double Down on Social Engineering Timely detection and response is crucial when dealing with social engineering attacks, as well as most other attacks. Figure 38 shows a steady increase in the median cost of BECs since 2018, now averaging around $50,000, emphasizing the significance of quick detection. However, unlike the times we live in, this section isn\'t all doom and ]]> 2023-06-13T13:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-24-the-minds-bias-pretexting-now-tops-phishing-in-social-engineering-attacks www.secnews.physaphae.fr/article.php?IdArticle=8344804 False Spam,Malware,Vulnerability,Threat,Patching ChatGPT,ChatGPT,APT 43,APT 37,Uber 2.0000000000000000 knowbe4 - cybersecurity services La moitié des entreprises du Royaume-Uni ont été victimes de cyberattaques au cours des trois dernières années Half of U.K. Companies Have Been a Cyber Attack Victim in the Last Three Years

Half of U.K. Companies Have Been a Cyber Attack Victim in the Last Three Years

]]> 2023-06-12T13:18:26+00:00 https://blog.knowbe4.com/half-uk-companies-cyber-attack-victim www.secnews.physaphae.fr/article.php?IdArticle=8344403 False None None 2.0000000000000000 knowbe4 - cybersecurity services Forrester: L'IA, le cloud computing et la géopolitique sont des cyber-états émergents en 2023 Forrester: AI, Cloud Computing, and Geopolitics are Emerging Cyberthreats in 2023

Forrester: AI, Cloud Computing, and Geopolitics are Emerging Cyberthreats in 2023

]]> 2023-06-12T13:18:07+00:00 https://blog.knowbe4.com/forrester-emerging-cyberthreats-2023 www.secnews.physaphae.fr/article.php?IdArticle=8344404 False Cloud None 2.0000000000000000 knowbe4 - cybersecurity services Les organisations prennent 43 heures pour détecter une cyberattaque de phishing de lance Organizations Take 43 Hours to Detect an Spear Phishing Cyber Attack

Organizations Take 43 Hours to Detect an Spear Phishing Cyber Attack

]]> 2023-06-12T13:17:52+00:00 https://blog.knowbe4.com/organizations-detect-spear-phishing www.secnews.physaphae.fr/article.php?IdArticle=8344405 False None None 2.0000000000000000 knowbe4 - cybersecurity services Comment les cybercriminels de NK \\ ont volé 3 milliards de crypto pour financer leurs armes nucléaires How NK\\'s Cyber Criminals Stole 3 Billion in Crypto To Fund Their Nukes $How NK\'s Cyber Criminals Stole 3 Billion in Crypto To Fund Their Nukes$ ]]> 2023-06-12T00:01:42+00:00 https://blog.knowbe4.com/how-nks-cyber-criminals-stole-3-billion-in-crypto-to-fund-their-nukes www.secnews.physaphae.fr/article.php?IdArticle=8344202 False None None 2.0000000000000000 knowbe4 - cybersecurity services Verizon: Email Reigns Supreme comme vecteur d'attaque initial pour les attaques de ransomwares Verizon: Email Reigns Supreme as Initial Attack Vector for Ransomware Attacks

Verizon: Email Reigns Supreme as Initial Attack Vector for Ransomware Attacks

]]> 2023-06-07T17:27:13+00:00 https://blog.knowbe4.com/email-attack-vector-ransomware-attacks www.secnews.physaphae.fr/article.php?IdArticle=8343070 False Ransomware None 2.0000000000000000 knowbe4 - cybersecurity services Cyberheistnews Vol 13 # 23 [réveil] Il est temps de se concentrer davantage sur la prévention du phishing de lance CyberheistNews Vol 13 #23 [Wake-Up Call] It\\'s Time to Focus More on Preventing Spear Phishing

CyberheistNews Vol 13 #23 | June 6th, 2023 [Wake-Up Call] It\'s Time to Focus More on Preventing Spear Phishing Fighting spear phishing attacks is the single best thing you can do to prevent breaches. Social engineering is involved in 70% to 90% of successful compromises. It is the number one way that all hackers and malware compromise devices and networks. No other initial root cause comes close (unpatched software and firmware is a distant second being involved in about 33% of attacks). A new, HUGE, very important, fact has been gleaned by Barracuda Networks which should impact the way that EVERYONE does security awareness training. Everyone needs to know about this fact and react accordingly. This is that fact: "...spear phishing attacks that use personalized messages... make up only 0.1% of all email-based attacks according to Barracuda\'s data but are responsible for 66% of all breaches." Let that sink in for a moment. What exactly is spear phishing? Spear phishing is when a social engineering attacker uses personal or confidential information they have learned about a potential victim or organization in order to more readily fool the victim into performing a harmful action. Within that definition, spear phishing can be accomplished in thousands of different ways, ranging from basic attacks to more advanced, longer-range attacks. [CONTINUED] at KnowBe4 blog:https://blog.knowbe4.com/wake-up-call-its-time-to-focus-more-on-preventing-spear-phishing [Live Demo] Ridiculously Easy Security Awareness Training and Phishing Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense. Join us TOMORROW, Wednesday, June 7, @ 2:00 PM (ET), for a live demonstration of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing. Get a look at THREE NEW FEATURES and see how easy it is to train and phish your users. NEW! Executive Reports - Can create, tailor and deliver advanced executive-level reports NEW! KnowBe4 ]]> 2023-06-06T13:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-23-wake-up-call-its-time-to-focus-more-on-preventing-spear-phishing www.secnews.physaphae.fr/article.php?IdArticle=8342545 False Ransomware,Malware,Hack,Tool,Threat None 2.0000000000000000 knowbe4 - cybersecurity services Être un professionnel certifié de sensibilisation à la sécurité et de la culture (SACP) ™ Be a Certified Security Awareness and Culture Professional (SACP)™ ]]> 2023-06-05T14:00:28+00:00 https://blog.knowbe4.com/be-a-certified-security-awareness-and-culture-professional-sacp www.secnews.physaphae.fr/article.php?IdArticle=8342154 False Threat None 3.0000000000000000 knowbe4 - cybersecurity services Protéger les données des patients: l'importance de la cybersécurité dans les soins de santé Protecting Patient Data: The Importance of Cybersecurity in Healthcare 2023-06-01T17:37:09+00:00 https://blog.knowbe4.com/cybersecurity-in-healthcare www.secnews.physaphae.fr/article.php?IdArticle=8341281 False None None 2.0000000000000000 knowbe4 - cybersecurity services Cyberheistnews Vol 13 # 22 [Eye on Fraud] Un examen plus approfondi de la hausse massive de 72% des attaques de phishing financier CyberheistNews Vol 13 #22 [Eye on Fraud] A Closer Look at the Massive 72% Spike in Financial Phishing Attacks

CyberheistNews Vol 13 #22 | May 31st, 2023 [Eye on Fraud] A Closer Look at the Massive 72% Spike in Financial Phishing Attacks With attackers knowing financial fraud-based phishing attacks are best suited for the one industry where the money is, this massive spike in attacks should both surprise you and not surprise you at all. When you want tires, where do you go? Right – to the tire store. Shoes? Yup – shoe store. The most money you can scam from a single attack? That\'s right – the financial services industry, at least according to cybersecurity vendor Armorblox\'s 2023 Email Security Threat Report. According to the report, the financial services industry as a target has increased by 72% over 2022 and was the single largest target of financial fraud attacks, representing 49% of all such attacks. When breaking down the specific types of financial fraud, it doesn\'t get any better for the financial industry: 51% of invoice fraud attacks targeted the financial services industry 42% were payroll fraud attacks 63% were payment fraud To make matters worse, nearly one-quarter (22%) of financial fraud attacks successfully bypassed native email security controls, according to Armorblox. That means one in five email-based attacks made it all the way to the Inbox. The next layer in your defense should be a user that\'s properly educated using security awareness training to easily identify financial fraud and other phishing-based threats, stopping them before they do actual damage. Blog post with links:https://blog.knowbe4.com/financial-fraud-phishing [Live Demo] Ridiculously Easy Security Awareness Training and Phishing Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense. Join us Wednesday, June 7, @ 2:00 PM (ET), for a live demonstration of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing. Get a look at THREE NEW FEATURES and see how easy it is to train and phish your users. ]]> 2023-05-31T13:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-22-eye-on-fraud-a-closer-look-at-the-massive-72-percent-spike-in-financial-phishing-attacks www.secnews.physaphae.fr/article.php?IdArticle=8340859 False Ransomware,Malware,Hack,Tool,Threat,Conference ChatGPT,ChatGPT,Uber,Guam 2.0000000000000000 knowbe4 - cybersecurity services Batloader malware est désormais distribué dans des attaques d'entraînement BatLoader Malware is Now Distributed in Drive-By Attacks 2023-05-24T12:52:37+00:00 https://blog.knowbe4.com/batloader-malware-drive-bys-attacks www.secnews.physaphae.fr/article.php?IdArticle=8339012 False Malware None 2.0000000000000000 knowbe4 - cybersecurity services Cyberheistnews Vol 13 # 21 [Double Trouble] 78% des victimes de ransomwares sont confrontées à plusieurs extensions en tendance effrayante CyberheistNews Vol 13 #21 [Double Trouble] 78% of Ransomware Victims Face Multiple Extortions in Scary Trend

CyberheistNews Vol 13 #21 | May 23rd, 2023 [Double Trouble] 78% of Ransomware Victims Face Multiple Extortions in Scary Trend New data sheds light on how likely your organization will succumb to a ransomware attack, whether you can recover your data, and what\'s inhibiting a proper security posture. You have a solid grasp on what your organization\'s cybersecurity stance does and does not include. But is it enough to stop today\'s ransomware attacks? CyberEdge\'s 2023 Cyberthreat Defense Report provides some insight into just how prominent ransomware attacks are and what\'s keeping orgs from stopping them. According to the report, in 2023: 7% of organizations were victims of a ransomware attack 7% of those paid a ransom 73% were able to recover data Only 21.6% experienced solely the encryption of data and no other form of extortion It\'s this last data point that interests me. Nearly 78% of victim organizations experienced one or more additional forms of extortion. CyberEdge mentions threatening to publicly release data, notifying customers or media, and committing a DDoS attack as examples of additional threats mentioned by respondents. IT decision makers were asked to rate on a scale of 1-5 (5 being the highest) what were the top inhibitors of establishing and maintaining an adequate defense. The top inhibitor (with an average rank of 3.66) was a lack of skilled personnel – we\'ve long known the cybersecurity industry is lacking a proper pool of qualified talent. In second place, with an average ranking of 3.63, is low security awareness among employees – something only addressed by creating a strong security culture with new-school security awareness training at the center of it all. Blog post with links:https://blog.knowbe4.com/ransomware-victim-threats [Free Tool] Who Will Fall Victim to QR Code Phishing Attacks? Bad actors have a new way to launch phishing attacks to your users: weaponized QR codes. QR code phishing is especially dangerous because there is no URL to check and messages bypass traditional email filters. With the increased popularity of QR codes, users are more at ]]> 2023-05-23T13:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-21-double-trouble-78-percent-of-ransomware-victims-face-multiple-extortions-in-scary-trend www.secnews.physaphae.fr/article.php?IdArticle=8338709 False Ransomware,Hack,Tool,Vulnerability,Threat,Prediction ChatGPT 2.0000000000000000 knowbe4 - cybersecurity services Cyber Insurance: Is Paying a Ransom Counter-Productive?

Cyber Insurance: Payant une rançon contre-productive?

Food à réflexion comme indiqué le 18 mai 2023, un article publié dans Le Conseil de l'assurance australien: Banning Paying A Ransom to Cyber Thaskers est les brouettes Cyber sont les brouettes de cyber l'est les brouettes du cyberCounter-Productive où Andrew Hall, directeur général du Conseil d'assurance de l'Australie (ICA), a déclaré que «tente d'interdire aux entreprises de payer des rançons pour les risques de cyberattaques érodantsconfiance et relations avec le gouvernement. »

Cyber Insurance: Is Paying a Ransom Counter-Productive?

Food for thought as discussed on May 18, 2023, an article posted in The Australian Insurance Council: Banning paying a ransom to cyber hackers is counter-productive where Andrew Hall, the Chief Executive of the Insurance Council of Australia (ICA), stated that “attempts to ban businesses from paying ransoms for cyber attacks risks eroding trust and relationships with government.”]]> 2023-05-22T12:00:00+00:00 https://blog.knowbe4.com/cyber-insurance-paying-a-ransom-counter-productive www.secnews.physaphae.fr/article.php?IdArticle=8338392 False None None 2.0000000000000000 knowbe4 - cybersecurity services Le phishing est en tête de liste dans le monde en tant que vecteur d'attaque initial et dans le cadre des cyberattaques Phishing Tops the List Globally as Both Initial Attack Vector and as part of Cyberattacks

Phishing Tops the List Globally as Both Initial Attack Vector and as part of Cyberattacks

]]> 2023-05-18T20:22:37+00:00 https://blog.knowbe4.com/phishing-tops-list-globally www.secnews.physaphae.fr/article.php?IdArticle=8337744 False None None 2.0000000000000000 knowbe4 - cybersecurity services CyberheistNews Vol 13 # 20 [pied dans la porte] Les escroqueries de phishing du Q1 2023 \\ |Infographie CyberheistNews Vol 13 #20 [Foot in the Door] The Q1 2023\\'s Top-Clicked Phishing Scams | INFOGRAPHIC

CyberheistNews Vol 13 #20 | May 16th, 2023 [Foot in the Door] The Q1 2023\'s Top-Clicked Phishing Scams | INFOGRAPHIC KnowBe4\'s latest reports on top-clicked phishing email subjects have been released for Q1 2023. We analyze "in the wild" attacks reported via our Phish Alert Button, top subjects globally clicked on in phishing tests, top attack vector types, and holiday email phishing subjects. IT and Online Services Emails Drive Dangerous Attack Trend This last quarter\'s results reflect the shift to IT and online service notifications such as laptop refresh or account suspension notifications that can affect your end users\' daily work. Cybercriminals are constantly increasing the damage they cause to organizations by luring unsuspecting employees into clicking on malicious links or downloading fake attachments that seem realistic. Emails that are disguised as coming from an internal source, such as the IT department, are especially dangerous because they appear to come from a trusted place where an employee would not necessarily question it or be as skeptical. Building up your organization\'s human firewall by fostering a strong security culture is essential to outsmart bad actors. The report covers the following: Common "In-The-Wild" Emails for Q1 2023 Top Phishing Email Subjects Globally Top 5 Attack Vector Types Top 10 Holiday Phishing Email Subjects in Q1 2023 This post has a full PDF infographic you can download and share with your users:https://blog.knowbe4.com/q1-2023-top-clicked-phishing [New PhishER Feature] Immediately Add User-Reported Email Threats to Your M365 Blocklist Now there\'s a super easy way to keep malicious emails away from all your users through the power of the KnowBe4 PhishER platform! The new PhishER Blocklist feature lets you use reported messages to prevent future malicious email with the same sender, URL or attachment from reaching other users. Now you can create a unique list of blocklist entries and dramatically improve your Microsoft 365 email filters without ever leaving the PhishER console. Join us TOMORROW, Wednesday, May 17, @ 2:00 PM (ET) for a l]]> 2023-05-16T13:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-20-foot-in-the-door-the-q1-2023s-top-clicked-phishing-scams-infographic www.secnews.physaphae.fr/article.php?IdArticle=8336951 False Ransomware,Spam,Malware,Hack,Tool,Threat None 2.0000000000000000 knowbe4 - cybersecurity services L'état des cyber-défenses organisationnelles a un impact The State of Organizational Cyber Defenses Impacts Cyber Insurance Availability, Cost, and Terms

The State of Organizational Cyber Defenses Impacts Cyber Insurance Availability, Cost, and Terms

]]> 2023-05-15T18:25:35+00:00 https://blog.knowbe4.com/cyber-defenses-impact-insurance www.secnews.physaphae.fr/article.php?IdArticle=8336748 False None None 2.0000000000000000 knowbe4 - cybersecurity services Ransomware Gangs are “Big Game Hunting” as Victim Org Sizes and Ransom Payments Continue to Rise

Ransomware Gangs are “Big Game Hunting” as Victim Org Sizes and Ransom Payments Continue to Rise

]]> 2023-05-15T12:09:55+00:00 https://blog.knowbe4.com/ransomware-gangs-big-game-hunting www.secnews.physaphae.fr/article.php?IdArticle=8336594 False Ransomware None 2.0000000000000000 knowbe4 - cybersecurity services La demande de cyber-assurance augmente à mesure que la cybercriminalité devrait atteindre 24 billions de dollars d'ici 2027 Cyber Insurance Demand Grows as Cybercrime is Expected to Rise to $24 Trillion by 2027

Cyber Insurance Demand Grows as Cybercrime is Expected to Rise to $24 Trillion by 2027

]]> 2023-05-11T12:14:18+00:00 https://blog.knowbe4.com/cyber-insurance-demand-grows www.secnews.physaphae.fr/article.php?IdArticle=8335622 False None None 2.0000000000000000 knowbe4 - cybersecurity services Munich Re: "3x croissance estimée en cas de cybercriminalité au cours des 4 prochaines années" Munich Re: "3x growth estimated in cyber crime costs over the next 4 years" La demande de cyber-assurance augmente à mesure que la cybercriminalité devrait atteindre 24 billions de dollars d'ici 2027

La demande de cyber-assurance augmente à mesure que la cybercriminalité devrait atteindre 24 billions de dollars d'ici 2027

Alors que les cyberattaques continuent de croître en sophistication et en fréquence, les cyber-assureurs s'attendent à ce que leur marché double au cours des deux prochaines années.

As cyber attacks continue to grow in sophistication and frequency, cyber insurers are expecting their market to double in the next two years.]]> 2023-05-11T12:14:18+00:00 https://blog.knowbe4.com/cyber-munich-3x-growth-estimated-in-cyber-crime-costs-over-the-next-4-years www.secnews.physaphae.fr/article.php?IdArticle=8336296 False None None 2.0000000000000000 knowbe4 - cybersecurity services [Doigt sur la gâchette] Comment le FBI a nuculé le vol de données de data de serpent russe [Finger on the Trigger] How the FBI Nuked Russian FSB\\'s Snake Data Theft Malware $[Finger on the Trigger] How the FBI Nuked Russian FSB\'s Snake Data Theft Malware$ ]]> 2023-05-09T20:43:09+00:00 https://blog.knowbe4.com/finger-on-the-trigger-how-the-fbi-nuked-russian-fsbs-snake-data-theft-malware www.secnews.physaphae.fr/article.php?IdArticle=8334946 False Malware None 2.0000000000000000 knowbe4 - cybersecurity services [Infographie] [INFOGRAPHIC] 2023-05-09T14:03:14+00:00 https://blog.knowbe4.com/q1-2023-top-clicked-phishing www.secnews.physaphae.fr/article.php?IdArticle=8334800 False None None 4.0000000000000000 knowbe4 - cybersecurity services Cyberheistnews Vol 13 # 19 [Watch Your Back] Nouvelle fausse erreur de mise à jour Chrome Attaque cible vos utilisateurs CyberheistNews Vol 13 #19 [Watch Your Back] New Fake Chrome Update Error Attack Targets Your Users

CyberheistNews Vol 13 #19 | May 9th, 2023 [Watch Your Back] New Fake Chrome Update Error Attack Targets Your Users Compromised websites (legitimate sites that have been successfully compromised to support social engineering) are serving visitors fake Google Chrome update error messages. "Google Chrome users who use the browser regularly should be wary of a new attack campaign that distributes malware by posing as a Google Chrome update error message," Trend Micro warns. "The attack campaign has been operational since February 2023 and has a large impact area." The message displayed reads, "UPDATE EXCEPTION. An error occurred in Chrome automatic update. Please install the update package manually later, or wait for the next automatic update." A link is provided at the bottom of the bogus error message that takes the user to what\'s misrepresented as a link that will support a Chrome manual update. In fact the link will download a ZIP file that contains an EXE file. The payload is a cryptojacking Monero miner. A cryptojacker is bad enough since it will drain power and degrade device performance. This one also carries the potential for compromising sensitive information, particularly credentials, and serving as staging for further attacks. This campaign may be more effective for its routine, innocent look. There are no spectacular threats, no promises of instant wealth, just a notice about a failed update. Users can become desensitized to the potential risks bogus messages concerning IT issues carry with them. Informed users are the last line of defense against attacks like these. New school security awareness training can help any organization sustain that line of defense and create a strong security culture. Blog post with links:https://blog.knowbe4.com/fake-chrome-update-error-messages A Master Class on IT Security: Roger A. Grimes Teaches You Phishing Mitigation Phishing attacks have come a long way from the spray-and-pray emails of just a few decades ago. Now they\'re more targeted, more cunning and more dangerous. And this enormous security gap leaves you open to business email compromise, session hijacking, ransomware and more. Join Roger A. Grimes, KnowBe4\'s Data-Driven Defense Evangelist, ]]> 2023-05-09T13:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-19-watch-your-back-new-fake-chrome-update-error-attack-targets-your-users www.secnews.physaphae.fr/article.php?IdArticle=8334782 False Ransomware,Data Breach,Spam,Malware,Tool,Threat,Prediction ChatGPT,ChatGPT,NotPetya,NotPetya,APT 28 2.0000000000000000 knowbe4 - cybersecurity services Le département de police de Dallas est la dernière victime d'une attaque de ransomware Dallas Police Department is the Latest Victim of a Ransomware Attack

Dallas Police Department is the Latest Victim of a Ransomware Attack

]]> 2023-05-09T12:00:00+00:00 https://blog.knowbe4.com/dallas-police-department-ransomware www.secnews.physaphae.fr/article.php?IdArticle=8334758 False Ransomware None 2.0000000000000000 knowbe4 - cybersecurity services Améligations anti-phishing complètes: un aperçu rapide Comprehensive Anti-Phishing Mitigations: A Quick Overview

Comprehensive Anti-Phishing Mitigations: A Quick Overview

]]> 2023-05-08T13:59:46+00:00 https://blog.knowbe4.com/anti-phishing-mitigations-overview www.secnews.physaphae.fr/article.php?IdArticle=8334271 False None None 2.0000000000000000 knowbe4 - cybersecurity services Les cyberattaques mondiales continuent d'augmenter alors que le premier trimestre voit une augmentation de 7% Global Cyber Attacks Continue to Rise as Q1 Sees a 7% Increase

Global Cyber Attacks Continue to Rise as Q1 Sees a 7% Increase

]]> 2023-05-04T12:39:05+00:00 https://blog.knowbe4.com/global-cyber-attacks-rise www.secnews.physaphae.fr/article.php?IdArticle=8333450 False None None 2.0000000000000000 knowbe4 - cybersecurity services Téléchargements de logiciels malveillants facilités par l'ingénierie sociale Malware Downloads Facilitated by Social Engineering

Malware Downloads Facilitated by Social Engineering

]]> 2023-05-04T12:28:47+00:00 https://blog.knowbe4.com/malware-by-social-engineering www.secnews.physaphae.fr/article.php?IdArticle=8333451 False Malware None 2.0000000000000000 knowbe4 - cybersecurity services [Kit de ressources gratuit] Nouveau kit de ressources de sécurité de mot de passe pour célébrer la Journée mondiale des mots de passe! [FREE RESOURCE KIT] New Password Security Resource Kit to Celebrate World Password Day!

[FREE RESOURCE KIT] New Password Security Resource Kit to Celebrate World Password Day!

]]> 2023-05-04T12:00:00+00:00 https://blog.knowbe4.com/free-password-security-resource-kit www.secnews.physaphae.fr/article.php?IdArticle=8333425 False None None 3.0000000000000000 knowbe4 - cybersecurity services Faux messages d'erreur de mise à jour Chrome Fake Chrome Update Error Messages

]]> 2023-05-02T14:34:03+00:00 https://blog.knowbe4.com/fake-chrome-update-error-messages www.secnews.physaphae.fr/article.php?IdArticle=8332857 False None None 2.0000000000000000 knowbe4 - cybersecurity services Cyberheistnews Vol 13 # 18 [Eye on Ai] Chatgpt a-t-il la cybersécurité indique-t-elle? CyberheistNews Vol 13 #18 [Eye on AI] Does ChatGPT Have Cybersecurity Tells?

CyberheistNews Vol 13 #18 | May 2nd, 2023 [Eye on AI] Does ChatGPT Have Cybersecurity Tells? Poker players and other human lie detectors look for "tells," that is, a sign by which someone might unwittingly or involuntarily reveal what they know, or what they intend to do. A cardplayer yawns when they\'re about to bluff, for example, or someone\'s pupils dilate when they\'ve successfully drawn a winning card. It seems that artificial intelligence (AI) has its tells as well, at least for now, and some of them have become so obvious and so well known that they\'ve become internet memes. "ChatGPT and GPT-4 are already flooding the internet with AI-generated content in places famous for hastily written inauthentic content: Amazon user reviews and Twitter," Vice\'s Motherboard observes, and there are some ways of interacting with the AI that lead it into betraying itself for what it is. "When you ask ChatGPT to do something it\'s not supposed to do, it returns several common phrases. When I asked ChatGPT to tell me a dark joke, it apologized: \'As an AI language model, I cannot generate inappropriate or offensive content,\' it said. Those two phrases, \'as an AI language model\' and \'I cannot generate inappropriate content,\' recur so frequently in ChatGPT generated content that they\'ve become memes." That happy state of easy detection, however, is unlikely to endure. As Motherboard points out, these tells are a feature of "lazily executed" AI. With a little more care and attention, they\'ll grow more persuasive. One risk of the AI language models is that they can be adapted to perform social engineering at scale. In the near term, new-school security awareness training can help alert your people to the tells of automated scamming. And in the longer term, that training will adapt and keep pace with the threat as it evolves. Blog post with links:https://blog.knowbe4.com/chatgpt-cybersecurity-tells [Live Demo] Ridiculously Easy Security Awareness Training and Phishing Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense. Join us TOMORROW, Wednesday, May 3, @ 2:00 PM (ET), for a live demonstration of how KnowBe4]]> 2023-05-02T13:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-18-eye-on-ai-does-chatgpt-have-cybersecurity-tells www.secnews.physaphae.fr/article.php?IdArticle=8332823 False Ransomware,Malware,Hack,Threat ChatGPT,ChatGPT 2.0000000000000000 knowbe4 - cybersecurity services Les deux meilleures choses que vous pouvez faire pour vous protéger et l'organisation The Two Best Things You Can Do To Protect Yourself and Organization

Les deux meilleures choses que vous pouvez faire pour vous protéger et l'organisation

Depuis le début, deux types d'attaques informatiques (appelés Exploits de cause racine initiale ) ont composé la grande majorité des attaques réussies: Génie social et exploiter les vulnérabilités non corrigées.Ces deux causes profondes représentent entre 50% et 90% de toutes les attaques réussies.Il y a des tonnes d'autres façons dont vous pouvez être attaqué (par exemple, devinettes de mot de passe, une mauvaise configuration, des écoutes, des attaques physiques, etc.), mais tous les autres types d'attaques additionnés ne sont pas égaux à l'une ou l'autre des deux autres méthodes les plus populaires.

The Two Best Things You Can Do To Protect Yourself and Organization

Since the beginning, two types of computer attacks (known as initial root cause exploits) have composed the vast majority of successful attacks: social engineering and exploiting unpatched vulnerabilities. These two root causes account for somewhere between 50% to 90% of all successful attacks. There are tons of other ways you can be attacked (e.g., password guessing, misconfiguration, eavesdropping, physical attacks, etc.), but all other types of attacks added up all together do not equal either of the other two more popular methods.]]> 2023-05-02T12:22:23+00:00 https://blog.knowbe4.com/two-best-ways-to-protect-your-organization www.secnews.physaphae.fr/article.php?IdArticle=8332824 False None None 2.0000000000000000 knowbe4 - cybersecurity services Phishing comme tactique d'espionnage pour les cybercriminels Phishing as an Espionage Tactic for Cybercriminals 2023-05-02T12:21:31+00:00 https://blog.knowbe4.com/phishing-espionage-tactic www.secnews.physaphae.fr/article.php?IdArticle=8332825 False None None 2.0000000000000000 knowbe4 - cybersecurity services La fréquence d'attaque de phishing augmente près de 50% à mesure que certains secteurs augmentent jusqu'à 576% Phishing Attack Frequency Rises Nearly 50% as Some Sectors Increase by as Much as 576%

Phishing Attack Frequency Rises Nearly 50% as Some Sectors Increase by as Much as 576%

]]> 2023-05-01T14:31:33+00:00 https://blog.knowbe4.com/phishing-attack-frequency-rises www.secnews.physaphae.fr/article.php?IdArticle=8332548 False None None 3.0000000000000000 knowbe4 - cybersecurity services Les dernières attaques QBOT utilisent un mélange de pièces jointes PDF et de fichiers hôtes de script Windows pour infecter les victimes Latest QBot Attacks Use a Mixture of PDF Attachments and Windows Scripting Host Files to Infect Victims 2023-04-27T12:08:22+00:00 https://blog.knowbe4.com/qbot-attacks-pdfs-windows-scripting-host-files www.secnews.physaphae.fr/article.php?IdArticle=8331544 False Malware None 2.0000000000000000 knowbe4 - cybersecurity services Malgré la majorité des organisations croyant qu'elles étaient préparées pour les cyberattaques, la moitié étaient toujours victimes Despite a Majority of Organizations Believing They\\'re Prepared for Cyber Attacks, Half Were Still Victims $Despite a Majority of Organizations Believing They\'re Prepared for Cyber Attacks, Half Were Still Victims$ ]]> 2023-04-27T12:07:48+00:00 https://blog.knowbe4.com/cyber-attack-preparedness-overconfidence www.secnews.physaphae.fr/article.php?IdArticle=8331545 False None None 2.0000000000000000 knowbe4 - cybersecurity services Cyberheistnews Vol 13 # 17 [Head Start] Méthodes efficaces Comment enseigner l'ingénierie sociale à une IA CyberheistNews Vol 13 #17 [Head Start] Effective Methods How To Teach Social Engineering to an AI

CyberheistNews Vol 13 #16 | April 18th, 2023 [Finger on the Pulse]: How Phishers Leverage Recent AI Buzz Curiosity leads people to suspend their better judgment as a new campaign of credential theft exploits a person\'s excitement about the newest AI systems not yet available to the general public. On Tuesday morning, April 11th, Veriti explained that several unknown actors are making false Facebook ads which advertise a free download of AIs like ChatGPT and Google Bard. Veriti writes "These posts are designed to appear legitimate, using the buzz around OpenAI language models to trick unsuspecting users into downloading the files. However, once the user downloads and extracts the file, the Redline Stealer (aka RedStealer) malware is activated and is capable of stealing passwords and downloading further malware onto the user\'s device." Veriti describes the capabilities of the Redline Stealer malware which, once downloaded, can take sensitive information like credit card numbers, passwords, and personal information like user location, and hardware. Veriti added "The malware can upload and download files, execute commands, and send back data about the infected computer at regular intervals." Experts recommend using official Google or OpenAI websites to learn when their products will be available and only downloading files from reputable sources. With the rising use of Google and Facebook ads as attack vectors experts also suggest refraining from clicking on suspicious advertisements promising early access to any product on the Internet. Employees can be helped to develop sound security habits like these by stepping them through monthly social engineering simulations. Blog post with links:https://blog.knowbe4.com/ai-hype-used-for-phishbait [New PhishER Feature] Immediately Add User-Reported Email Threats to Your M365 Blocklist Now there\'s a super easy way to keep malicious emails away from all your users through the power of the KnowBe4 PhishER platform! The new PhishER Blocklist feature lets you use reported messages to prevent future malicious email with the same sender, URL or attachment from reaching other users. Now you can create a unique list of blocklist entries and dramatically improve your Microsoft 365 email filters with]]> 2023-04-25T13:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-17-head-start-effective-methods-how-to-teach-social-engineering-to-an-ai www.secnews.physaphae.fr/article.php?IdArticle=8330904 False Spam,Malware,Hack,Threat ChatGPT,ChatGPT,APT 28 3.0000000000000000 knowbe4 - cybersecurity services [Heads Up] Le nouveau service Fednow ouvre une nouvelle surface d'attaque massive [Heads Up] The New FedNow Service Opens Massive New Attack Surface

[Heads Up] Le nouveau service FedNow ouvre une nouvelle surface d'attaque massive

Vous n'avez peut-être pas entendu parler de ce service prévu pour juillet 2023, mais cela promet unMassive Nouveau Génie social Surface d'attaque.Ceci provient de leur site Web: "À propos du service FedNowsm. Le service Fednow est une nouvelle infrastructure de paiement instantané développée par la Réserve fédérale qui permetServices de paiement. "Grâce à des institutions financières participant au service Fednow, les entreprises et les particuliers peuvent envoyer et recevoir des paiements instantanés en temps réel, 24 heures sur 24, tous les jours de l'année.Les institutions financières et leur service & nbsp;Les fournisseurs peuvent utiliser le service pour fournir des services de paiement instantané innovants aux clients, et les destinataires auront un accès complet aux fonds immédiatement, ce qui permet une plus grande flexibilité financière lors de la mise en temps sensible au temps. "Ceci est le site: https://www.frbservices.org/financial-services/fednow/about.html VousPeut imaginer la boîte de Pandora \\ que cela s'ouvre. Nous, chez Knowbe4, organisons un concours interne pour trouver des exploits d'ingénierie sociale potentiels et phishing Modèles. Nous avons un tas de personnes très créatives travaillant ici, ce sont les principales soumissions:

[Heads Up] The New FedNow Service Opens Massive New Attack Surface

You may not have heard of this service planned for July 2023, but it promises a massive new social engineering attack surface. This is from their website:"About the FedNowSM Service. The FedNow Service is a new instant payment infrastructure developed by the Federal Reserve that allows financial institutions of every size across the U.S. to provide safe and efficient instant payment services."Through financial institutions participating in the FedNow Service, businesses and individuals can send and receive instant payments in real time, around the clock, every day of the year. Financial institutions and their service providers can use the service to provide innovative instant payment services to customers, and recipients will have full access to funds immediately, allowing for greater financial flexibility when making time-sensitive payments." This is the site: https://www.frbservices.org/financial-services/fednow/about.htmlYou can imagine the pandora\'s box this opens up. We at KnowBe4 ran an internal contest to come up with potential social engineering exploits and phishing templates. We have a bunch of very creative people working here, these are the top submissions:]]> 2023-04-22T12:48:10+00:00 https://blog.knowbe4.com/heads-up-the-new-fednow-service-opens-massive-new-attack-surface www.secnews.physaphae.fr/article.php?IdArticle=8330223 False None None 2.0000000000000000 knowbe4 - cybersecurity services Plus d'entreprises avec cyber-assurance sont touchées par des ransomwares que ceux sans More Companies with Cyber Insurance Are Hit by Ransomware Than Those Without

More Companies with Cyber Insurance Are Hit by Ransomware Than Those Without

]]> 2023-04-20T12:22:15+00:00 https://blog.knowbe4.com/cyber-insurance-hit-by-ransomware www.secnews.physaphae.fr/article.php?IdArticle=8329651 False Ransomware None 4.0000000000000000 knowbe4 - cybersecurity services Près de la moitié des professionnels de l'informatique sont invités à se taire sur les violations de sécurité Nearly One-Half of IT Pros are Told to Keep Quiet About Security Breaches

Nearly One-Half of IT Pros are Told to Keep Quiet About Security Breaches

]]> 2023-04-20T12:21:59+00:00 https://blog.knowbe4.com/it-pros-told-keep-quiet-about-security-breaches www.secnews.physaphae.fr/article.php?IdArticle=8329652 False None None 2.0000000000000000 knowbe4 - cybersecurity services Le volume des e-mails de phishing double au premier trimestre alors que l'utilisation de logiciels malveillants dans les attaques diminue légèrement Phishing Email Volume Doubles in Q1 as the use of Malware in Attacks Slightly Declines

Phishing Email Volume Doubles in Q1 as the use of Malware in Attacks Slightly Declines

]]> 2023-04-20T12:21:53+00:00 https://blog.knowbe4.com/phishing-email-volume-doubles www.secnews.physaphae.fr/article.php?IdArticle=8329653 False Malware None 2.0000000000000000 knowbe4 - cybersecurity services [ARM et une jambe] Les cyber-assureurs s'inquiètent du coût des attaques à longue queue [Arm and a Leg] Cyber Insurers Are Worried About The Long-tail Cost of Attacks

[ARM et une jambe] Les cyber-assureurs sont préoccupés par le coût à longue queue des attaques

[munitions budgétaires] James Rundle au Wall Street Journal a publié aujourd'hui un article très intéressant sur les coûts à long terme des cyberattaques et le faitQue les cyber-assureurs deviennent de plus en plus inquiets que leurs modèles ne couvrent pas ces répercussions à longue queue.L'un des problèmes est qu'il existe un nombre important de réclamations qui ne se sont pas encore réglées devant les tribunaux, ce qui pourrait prendre des années pour être finalement conclu. & Nbsp;

[Arm and a Leg] Cyber Insurers Are Worried About The Long-tail Cost of Attacks

[BUDGET AMMO] James Rundle at the The Wall Street Journal today published a very interesting article about the long-term costs of cyber attacks and the fact that cyber insurers are getting more and more worried that their models do not cover these long-tail repercussions. One of the problems is that there are a significant number of claims that have not settled out in the courts yet, which might take years to get finally concluded. ]]> 2023-04-18T18:43:56+00:00 https://blog.knowbe4.com/arm-and-a-leg-cyber-insurers-are-worried-about-the-long-tail-cost-of-attacks www.secnews.physaphae.fr/article.php?IdArticle=8328995 False None None 2.0000000000000000 knowbe4 - cybersecurity services Cyberheistnews Vol 13 # 16 [doigt sur le pouls]: comment les phishers tirent parti de l'IA récent Buzz CyberheistNews Vol 13 #16 [Finger on the Pulse]: How Phishers Leverage Recent AI Buzz

CyberheistNews Vol 13 #16 | April 18th, 2023 [Finger on the Pulse]: How Phishers Leverage Recent AI Buzz Curiosity leads people to suspend their better judgment as a new campaign of credential theft exploits a person\'s excitement about the newest AI systems not yet available to the general public. On Tuesday morning, April 11th, Veriti explained that several unknown actors are making false Facebook ads which advertise a free download of AIs like ChatGPT and Google Bard. Veriti writes "These posts are designed to appear legitimate, using the buzz around OpenAI language models to trick unsuspecting users into downloading the files. However, once the user downloads and extracts the file, the Redline Stealer (aka RedStealer) malware is activated and is capable of stealing passwords and downloading further malware onto the user\'s device." Veriti describes the capabilities of the Redline Stealer malware which, once downloaded, can take sensitive information like credit card numbers, passwords, and personal information like user location, and hardware. Veriti added "The malware can upload and download files, execute commands, and send back data about the infected computer at regular intervals." Experts recommend using official Google or OpenAI websites to learn when their products will be available and only downloading files from reputable sources. With the rising use of Google and Facebook ads as attack vectors experts also suggest refraining from clicking on suspicious advertisements promising early access to any product on the Internet. Employees can be helped to develop sound security habits like these by stepping them through monthly social engineering simulations. Blog post with links:https://blog.knowbe4.com/ai-hype-used-for-phishbait [New PhishER Feature] Immediately Add User-Reported Email Threats to Your M365 Blocklist Now there\'s a super easy way to keep malicious emails away from all your users through the power of the KnowBe4 PhishER platform! The new PhishER Blocklist feature lets you use reported messages to prevent future malicious email with the same sender, URL or attachment from reaching other users. Now you can create a unique list of blocklist entries and dramatically improve your Microsoft 365 email filters without ever leav]]> 2023-04-18T13:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-16-finger-on-the-pulse-how-phishers-leverage-recent-ai-buzz www.secnews.physaphae.fr/article.php?IdArticle=8328885 False Spam,Malware,Hack,Threat ChatGPT,ChatGPT,APT 28 3.0000000000000000 knowbe4 - cybersecurity services La plate-forme de billetterie indienne des passagères révèle la fraude en ligne Indian Rail Passenger Ticketing Platform Warns of Online Fraud

Indian Rail Passenger Ticketing Platform Warns of Online Fraud

]]> 2023-04-17T15:39:56+00:00 https://blog.knowbe4.com/indian-rail-ticketing-platform-warns-online-fraud www.secnews.physaphae.fr/article.php?IdArticle=8328643 False None None 2.0000000000000000 knowbe4 - cybersecurity services Gagnez les guerres d'IA pour améliorer la sécurité et réduire le cyber-risque Win The AI Wars To Enhance Security And Decrease Cyber Risk 2023-04-12T12:20:54+00:00 https://blog.knowbe4.com/win-ai-wars www.secnews.physaphae.fr/article.php?IdArticle=8327066 False None ChatGPT,ChatGPT 2.0000000000000000 knowbe4 - cybersecurity services Cyberheistnews Vol 13 # 15 [Le nouveau visage de la fraude] FTC fait la lumière sur les escroqueries d'urgence familiale améliorées AI-AI CyberheistNews Vol 13 #15 [The New Face of Fraud] FTC Sheds Light on AI-Enhanced Family Emergency Scams

CyberheistNews Vol 13 #15 | April 11th, 2023 [The New Face of Fraud] FTC Sheds Light on AI-Enhanced Family Emergency Scams The Federal Trade Commission is alerting consumers about a next-level, more sophisticated family emergency scam that uses AI which imitates the voice of a "family member in distress." They started out with: "You get a call. There\'s a panicked voice on the line. It\'s your grandson. He says he\'s in deep trouble - he wrecked the car and landed in jail. But you can help by sending money. You take a deep breath and think. You\'ve heard about grandparent scams. But darn, it sounds just like him. How could it be a scam? Voice cloning, that\'s how." "Don\'t Trust The Voice" The FTC explains: "Artificial intelligence is no longer a far-fetched idea out of a sci-fi movie. We\'re living with it, here and now. A scammer could use AI to clone the voice of your loved one. All he needs is a short audio clip of your family member\'s voice - which he could get from content posted online - and a voice-cloning program. When the scammer calls you, he\'ll sound just like your loved one. "So how can you tell if a family member is in trouble or if it\'s a scammer using a cloned voice? Don\'t trust the voice. Call the person who supposedly contacted you and verify the story. Use a phone number you know is theirs. If you can\'t reach your loved one, try to get in touch with them through another family member or their friends." Full text of the alert is at the FTC website. Share with friends, family and co-workers:https://blog.knowbe4.com/the-new-face-of-fraud-ftc-sheds-light-on-ai-enhanced-family-emergency-scams A Master Class on IT Security: Roger A. Grimes Teaches Ransomware Mitigation Cybercriminals have become thoughtful about ransomware attacks; taking time to maximize your organization\'s potential damage and their payoff. Protecting your network from this growing threat is more important than ever. And nobody knows this more than Roger A. Grimes, Data-Driven Defense Evangelist at KnowBe4. With 30+ years of experience as a computer security consultant, instructor, and award-winning author, Roger has dedicated his life to making]]> 2023-04-11T13:16:54+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-15-the-new-face-of-fraud-ftc-sheds-light-on-ai-enhanced-family-emergency-scams www.secnews.physaphae.fr/article.php?IdArticle=8326650 False Ransomware,Data Breach,Spam,Malware,Hack,Tool,Threat ChatGPT,ChatGPT 2.0000000000000000 knowbe4 - cybersecurity services Top à emporter, vous pourriez manquer ma prochaine classe de maître de ransomware Top Takeaways You Could be Missing Out on my Upcoming Ransomware Master Class

]]> 2023-04-11T12:20:01+00:00 https://blog.knowbe4.com/top-takeaways-you-could-be-missing-out-on-my-upcoming-ransomware-master-class www.secnews.physaphae.fr/article.php?IdArticle=8326633 False Ransomware None 2.0000000000000000 knowbe4 - cybersecurity services [Outil gratuit] Voir quels utilisateurs sont susceptibles de se faire un comportement de sécurité risqué avec l'aperçu gratuit de SecurityCoach! [Free Tool] See Which Users Are Susceptible to Risky Security Behavior with SecurityCoach Free Preview! 2023-04-11T12:00:00+00:00 https://blog.knowbe4.com/free-tool-securitycoach-free-preview www.secnews.physaphae.fr/article.php?IdArticle=8326601 False Data Breach,Hack None 2.0000000000000000 knowbe4 - cybersecurity services La campagne alarmante de phishing fiscal nous cible avec des logiciels malveillants Alarming Tax Phishing Campaign Targets US with Malware

Alarming Tax Phishing Campaign Targets US with Malware

]]> 2023-04-10T14:21:40+00:00 https://blog.knowbe4.com/tax-phishing-campaign www.secnews.physaphae.fr/article.php?IdArticle=8326345 False Malware None 2.0000000000000000 knowbe4 - cybersecurity services New Emotet Phishing Campaign fait semblant d'être les formulaires IRS livrant W-9 New Emotet Phishing Campaign Pretends to be the IRS Delivering W-9 Forms

New Emotet Phishing Campaign Pretends to be the IRS Delivering W-9 Forms

]]> 2023-04-06T12:33:39+00:00 https://blog.knowbe4.com/emotet-phishing-campaign-irs-w9s www.secnews.physaphae.fr/article.php?IdArticle=8325434 False None None 2.0000000000000000 knowbe4 - cybersecurity services FBI: Les attaques de compromis par courrier électronique d'entreprise sont utilisées pour effectuer des achats de marchandises en vrac auprès des fournisseurs FBI: Business Email Compromise Attacks Are Being Used to Make Bulk Goods Purchases from Vendors

FBI: Business Email Compromise Attacks Are Being Used to Make Bulk Goods Purchases from Vendors

]]> 2023-04-06T12:33:35+00:00 https://blog.knowbe4.com/business-email-compromise-bulk-purchases www.secnews.physaphae.fr/article.php?IdArticle=8325435 False None None 2.0000000000000000