This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-06-03T05:22:02+00:00 www.secnews.physaphae.fr knowbe4 - cybersecurity services Une version trojanisée de l'application McAfee Security installe le Trojan Android Banking «Vultur», selon les chercheurs de Fox-It.Les attaquants diffusent des liens vers l'application malveillante via des SMS et des appels téléphoniques.

---

A trojanized version of the McAfee Security app is installing the Android banking Trojan “Vultur,” according to researchers at Fox-IT. The attackers are spreading links to the malicious app via text messages and phone calls.]]> 2024-04-03T16:36:29+00:00 https://blog.knowbe4.com/malicious-app-impersonates-mcafee-to-distribute-malware www.secnews.physaphae.fr/article.php?IdArticle=8475327 False Malware,Mobile None 2.0000000000000000 knowbe4 - cybersecurity services 2024-03-29T15:06:12+00:00 https://blog.knowbe4.com/malware-agent-tesla-delivered-via-phishin www.secnews.physaphae.fr/article.php?IdArticle=8472607 False Malware None 2.0000000000000000 knowbe4 - cybersecurity services ]]> 2024-03-27T17:03:56+00:00 https://blog.knowbe4.com/number-new-pieces-malware-per-minute-quadrupled www.secnews.physaphae.fr/article.php?IdArticle=8471477 False Malware None 3.0000000000000000 knowbe4 - cybersecurity services 2024-03-27T17:03:46+00:00 https://blog.knowbe4.com/simple-payment-underway-phishing-email-downloads-rats www.secnews.physaphae.fr/article.php?IdArticle=8471478 False Malware None 3.0000000000000000 knowbe4 - cybersecurity services 2024-03-06T19:24:15+00:00 https://blog.knowbe4.com/day-old-domains-spikes-showing-malicious-activity www.secnews.physaphae.fr/article.php?IdArticle=8459978 False Malware None 3.0000000000000000 knowbe4 - cybersecurity services a PHIGHISH La campagne vise des utilisateurs au Mexique avec des leurres sur le thème des impôts, selon les chercheurs de Cisco Talos. Les e-mails de phishing disent que les utilisateurs vers un site Web qui tentent de les inciter à télécharger une nouvelle souche de logiciels malveillants de volée d'informations appelés «Timbrester».

---

A phishing campaign is targeting users in Mexico with tax-themed lures, according to researchers at Cisco Talos. The phishing emails direct users to a website that attempts to trick them into downloading a new strain of information-stealing malware called “TimbreStealer.”]]> 2024-02-28T19:25:59+00:00 https://blog.knowbe4.com/phishing-campaign-targets-mexican-taxpayers www.secnews.physaphae.fr/article.php?IdArticle=8456587 False Malware None 2.0000000000000000 knowbe4 - cybersecurity services ]]> 2024-02-28T19:25:55+00:00 https://blog.knowbe4.com/game-changer-biometric-stealing-malware www.secnews.physaphae.fr/article.php?IdArticle=8456588 False Malware None 2.0000000000000000 knowbe4 - cybersecurity services ]]> 2024-02-21T20:23:19+00:00 https://blog.knowbe4.com/malware-delivered-through-phishing-surges-276 www.secnews.physaphae.fr/article.php?IdArticle=8453356 False Malware None 3.0000000000000000 knowbe4 - cybersecurity services ]]> 2024-02-15T20:13:38+00:00 https://blog.knowbe4.com/over-half-of-malware-downloads-originate-from-saas-apps www.secnews.physaphae.fr/article.php?IdArticle=8450558 False Malware,Cloud None 3.0000000000000000 knowbe4 - cybersecurity services 2024-02-08T13:00:00+00:00 https://blog.knowbe4.com/malvertising-on-the-rise www.secnews.physaphae.fr/article.php?IdArticle=8447997 False Ransomware,Malware None 2.0000000000000000 knowbe4 - cybersecurity services 2024-01-10T19:52:40+00:00 https://blog.knowbe4.com/phishing-spreads-pikabot-malware www.secnews.physaphae.fr/article.php?IdArticle=8437614 False Malware,Threat,Prediction None 2.0000000000000000 knowbe4 - cybersecurity services 2024-01-03T15:18:25+00:00 https://blog.knowbe4.com/attraction-cryptocurrencies-thieves www.secnews.physaphae.fr/article.php?IdArticle=8433750 False Malware None 3.0000000000000000 knowbe4 - cybersecurity services ]]> 2023-12-18T16:56:48+00:00 https://blog.knowbe4.com/malware-cyber-attacks-increases www.secnews.physaphae.fr/article.php?IdArticle=8424874 False Malware None 2.0000000000000000 knowbe4 - cybersecurity services 2023-11-02T14:20:30+00:00 https://blog.knowbe4.com/analyze-emails-crowdstrike-falcon-knowbe4-phisher-plus www.secnews.physaphae.fr/article.php?IdArticle=8404725 False Ransomware,Malware,Threat None 2.0000000000000000 knowbe4 - cybersecurity services 2023-10-24T20:36:29+00:00 https://blog.knowbe4.com/fake-job-postings-deliver-malware www.secnews.physaphae.fr/article.php?IdArticle=8399872 False Malware None 2.0000000000000000 knowbe4 - cybersecurity services ]]> 2023-10-24T13:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-43-phishing-attacks-surge-by-173-percent-in-q3-malware-threats-soar-by-110-percent www.secnews.physaphae.fr/article.php?IdArticle=8399707 False Malware,Studies None 3.0000000000000000 knowbe4 - cybersecurity services 2023-10-18T18:30:05+00:00 https://blog.knowbe4.com/phishing-threats-surge www.secnews.physaphae.fr/article.php?IdArticle=8397387 False Malware,Studies None 3.0000000000000000 knowbe4 - cybersecurity services ]]> 2023-09-28T20:19:23+00:00 https://blog.knowbe4.com/facebook-messenger-malware-delivery www.secnews.physaphae.fr/article.php?IdArticle=8389199 False Malware None 2.0000000000000000 knowbe4 - cybersecurity services ]]> 2023-09-28T13:17:22+00:00 https://blog.knowbe4.com/red-cross-impersonation-malware www.secnews.physaphae.fr/article.php?IdArticle=8389055 False Malware,Threat None 2.0000000000000000 knowbe4 - cybersecurity services ]]> 2023-09-26T13:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-39-how-chinese-bad-actors-infected-networks-with-thumb-stick-malware www.secnews.physaphae.fr/article.php?IdArticle=8387982 False Malware None 3.0000000000000000 knowbe4 - cybersecurity services Les résultats récents dans un rapport Spycloud montrent que les entreprises commencent à reconnaître et à déplacer leurs priorités pour se défendre contre Ransomware Attaques, mais l'utilisationdes logiciels malveillants d'infostealer ont toujours un taux de réussite élevé pour les cybercriminels.

---

Recent findings in a SpyCloud report shows companies are starting to recognize and shift their priorities to defend against ransomware attacks, but the use of infostealer malware still has a high success rate for cybercriminals. ]]> 2023-09-25T13:53:35+00:00 https://blog.knowbe4.com/organizations-understand-impact-ransomware-but-not-enough-to-defeat-infostealer-malware www.secnews.physaphae.fr/article.php?IdArticle=8387607 False Ransomware,Malware None 2.0000000000000000 knowbe4 - cybersecurity services ]]> 2023-09-21T19:46:21+00:00 https://blog.knowbe4.com/chinese-spies-infected-dozens-of-networks-with-thumb-drive-malware www.secnews.physaphae.fr/article.php?IdArticle=8386422 False Malware None 2.0000000000000000 knowbe4 - cybersecurity services ]]> 2023-09-11T12:55:42+00:00 https://blog.knowbe4.com/microsoft-teams-phishing-distributes-malware www.secnews.physaphae.fr/article.php?IdArticle=8381256 False Malware None 2.0000000000000000 knowbe4 - cybersecurity services La manière numéro un pour les pirates et les logiciels malveillants compromettent les personnes, les appareils et les réseaux est Génie social .Personne ne le soutient plus, mais ce n'était pas toujours connu ou discuté de cette façon.Même si l'ingénierie sociale a été la première façon dont les pirates et les logiciels malveillants exploitent les personnes et les appareils depuis le début des ordinateurs réseau, il n'était généralement pas connu ou discuté comme tel qu'il y a seulement cinq ou 10 ans.Oui, tout le monde savait que c'était un gros problème de cybersécurité, mais la plupart des gens ne savaient pas que c'était le problème numéro un… de loin.

---

The number one way that hackers and malware compromise people, devices, and networks is social engineering. No one argues that anymore, but it was not always known or discussed that way. Even though social engineering has been the number one way hackers and malware exploit people and devices since the beginning of network computers, it was not generally known or discussed as such until just five or 10 years ago. Yes, everyone knew it was a big cybersecurity problem, but most people did not know it was the number one problem…by far.]]> 2023-08-23T17:10:11+00:00 https://blog.knowbe4.com/social-engineering-number-one-cybersecurity-problem www.secnews.physaphae.fr/article.php?IdArticle=8373752 False Malware None 3.0000000000000000 knowbe4 - cybersecurity services ]]> 2023-08-14T14:56:30+00:00 https://blog.knowbe4.com/gootloader-malware-social-engineering www.secnews.physaphae.fr/article.php?IdArticle=8369940 False Malware None 2.0000000000000000 knowbe4 - cybersecurity services ]]> 2023-08-02T12:52:08+00:00 https://blog.knowbe4.com/bad-actor-fake-android-install-malware www.secnews.physaphae.fr/article.php?IdArticle=8364734 False Malware None 2.0000000000000000 knowbe4 - cybersecurity services ]]> 2023-07-27T18:26:27+00:00 https://blog.knowbe4.com/phishing-decline-while-malware-increase www.secnews.physaphae.fr/article.php?IdArticle=8362363 False Malware None 3.0000000000000000 knowbe4 - cybersecurity services Cyberwire a écrit: "Les chercheurs de Slashnext & nbsp; Décrire & nbsp; Un outil de cybercriminalité générateur d'IA appelé« Wormgpt », qui est annoncé sur les forums souterrains comme« une alternative Blackhat aux modèles GPT, conçue spécifiquement pour des activités malveillantes. "L'outil peut générer une sortie que les modèles d'IA légitimes essaient d'empêcher, tels que le code malware ou les modèles de phishing. & Nbsp;

---

CyberWire wrote: "Researchers at SlashNext describe a generative AI cybercrime tool called “WormGPT,” which is being advertised on underground forums as “a blackhat alternative to GPT models, designed specifically for malicious activities.” The tool can generate output that legitimate AI models try to prevent, such as malware code or phishing templates. ]]> 2023-07-17T17:26:05+00:00 https://blog.knowbe4.com/wormgpt-an-ethics-free-cyber-crime-text-generator www.secnews.physaphae.fr/article.php?IdArticle=8357853 False Malware,Tool None 2.0000000000000000 knowbe4 - cybersecurity services ]]> 2023-07-11T13:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-28-beware-microsoft-teams-exploit-uses-social-engineering-to-spread-malware www.secnews.physaphae.fr/article.php?IdArticle=8354404 False Malware None 2.0000000000000000 knowbe4 - cybersecurity services Si votre organisation utilise des équipes Microsoft, alors vous voulez vraiment entendre parler d'une nouvelle façon dont les mauvais acteurs exploitent cet outil de cyber-attaque nouvellement découvert.

---

If your organization uses Microsoft Teams, then you definitely want to hear about a new way bad actors are exploiting this newly discovered cyber attack tool. ]]> 2023-07-07T12:00:00+00:00 https://blog.knowbe4.com/microsoft-teams-exploit-social-engineering www.secnews.physaphae.fr/article.php?IdArticle=8353340 False Malware,Tool None 3.0000000000000000 knowbe4 - cybersecurity services CyberheistNews Vol 13 #27  |   July 5th, 2023 [Heads Up] Massive Impersonation Phishing Campaign Imitates Over 100 Brands and Thousands of Domains A year-long phishing campaign has been uncovered that impersonates 100+ popular clothing, footwear, and apparel brands using at least 10 fake domains impersonating each brand. We\'ve seen plenty of attacks that impersonated a single brand along with a few domains used to ensure victims can be taken to a website that seeks to harvest credentials or steal personal information. But I don\'t think an attack of such magnitude as the one identified by security researchers at Internet security monitoring vendor Bolster. According to Bolster, the 13-month long campaign used over 3000 live domains (and another 3000+ domains that are no longer in use) to impersonate over 100 well-known brands. We\'re talking about brands like Nike, Guess, Fossil, Tommy Hilfiger, Skechers, and many more. Some of the domains have even existed long enough to be displayed at the top of natural search results. And these sites are very well made; so much so that they mimic their legitimate counterparts enough that visitors are completing online shopping visits, providing credit card and other payment details. The impersonation seen in this widespread attack can just as easily be used to target corporate users with brands utilized by employees; all that\'s needed is to put the time and effort into building out a legitimate enough looking impersonated website and create a means to get the right users to visit said site (something most often accomplished through phishing attacks). This latest impersonation campaign makes the case for ensuring users are vigilant when interacting with the web – something accomplished through continual Security Awareness Training. Blog post with links:https://blog.knowbe4.com/massive-impersonation-phishing-campaign [Live Demo] Ridiculously Easy Security Awareness Training and Phishing Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense. Join us Wednesday, July 12, @ 2:00 PM (ET), for a live demonstra]]> 2023-07-05T13:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-27-heads-up-massive-impersonation-phishing-campaign-imitates-over-100-brands-and-thousands-of-domains www.secnews.physaphae.fr/article.php?IdArticle=8352450 False Malware,Hack,Threat,Cloud None 2.0000000000000000 knowbe4 - cybersecurity services 2023-06-29T17:18:11+00:00 https://blog.knowbe4.com/charming-kitten-spear-phishing www.secnews.physaphae.fr/article.php?IdArticle=8350708 False Malware,Threat APT 35 2.0000000000000000 knowbe4 - cybersecurity services CyberheistNews Vol 13 #26  |   June 27th, 2023 [Eyes Open] The FTC Reveals the Latest Top Five Text Message Scams The U.S. Federal Trade Commission (FTC) has published a data spotlight outlining the most common text message scams. Phony bank fraud prevention alerts were the most common type of text scam last year. "Reports about texts impersonating banks are up nearly tenfold since 2019 with median reported individual losses of $3,000 last year," the report says. These are the top five text scams reported by the FTC: Copycat bank fraud prevention alerts Bogus "gifts" that can cost you Fake package delivery problems Phony job offers Not-really-from-Amazon security alerts "People get a text supposedly from a bank asking them to call a number ASAP about suspicious activity or to reply YES or NO to verify whether a transaction was authorized. If they reply, they\'ll get a call from a phony \'fraud department\' claiming they want to \'help get your money back.\' What they really want to do is make unauthorized transfers. "What\'s more, they may ask for personal information like Social Security numbers, setting people up for possible identity theft." Fake gift card offers took second place, followed by phony package delivery problems. "Scammers understand how our shopping habits have changed and have updated their sleazy tactics accordingly," the FTC says. "People may get a text pretending to be from the U.S. Postal Service, FedEx, or UPS claiming there\'s a problem with a delivery. "The text links to a convincing-looking – but utterly bogus – website that asks for a credit card number to cover a small \'redelivery fee.\'" Scammers also target job seekers with bogus job offers in an attempt to steal their money and personal information. "With workplaces in transition, some scammers are using texts to perpetrate old-school forms of fraud – for example, fake \'mystery shopper\' jobs or bogus money-making offers for driving around with cars wrapped in ads," the report says. "Other texts target people who post their resumes on employment websites. They claim to offer jobs and even send job seekers checks, usually with instructions to send some of the money to a different address for materials, training, or the like. By the time the check bounces, the person\'s money – and the phony \'employer\' – are long gone." Finally, scammers impersonate Amazon and send fake security alerts to trick victims into sending money. "People may get what looks like a message from \'Amazon,\' asking to verify a big-ticket order they didn\'t place," the FTC says. "Concerned ]]> 2023-06-27T13:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-26-eyes-open-the-ftc-reveals-the-latest-top-five-text-message-scams www.secnews.physaphae.fr/article.php?IdArticle=8349704 False Ransomware,Spam,Malware,Hack,Tool,Threat ChatGPT,ChatGPT,APT 15,APT 28,FedEx 2.0000000000000000 knowbe4 - cybersecurity services CyberheistNews Vol 13 #25  |   June 20th, 2023 [Fingerprints All Over] Stolen Credentials Are the No. 1 Root Cause of Data Breaches Verizon\'s DBIR always has a lot of information to unpack, so I\'ll continue my review by covering how stolen credentials play a role in attacks. This year\'s Data Breach Investigations Report has nearly 1 million incidents in their data set, making it the most statistically relevant set of report data anywhere. So, what does the report say about the most common threat actions that are involved in data breaches? Overall, the use of stolen credentials is the overwhelming leader in data breaches, being involved in nearly 45% of breaches – this is more than double the second-place spot of "Other" (which includes a number of types of threat actions) and ransomware, which sits at around 20% of data breaches. According to Verizon, stolen credentials were the "most popular entry point for breaches." As an example, in Basic Web Application Attacks, the use of stolen credentials was involved in 86% of attacks. The prevalence of credential use should come as no surprise, given the number of attacks that have focused on harvesting online credentials to provide access to both cloud platforms and on-premises networks alike. And it\'s the social engineering attacks (whether via phish, vish, SMiSh, or web) where these credentials are compromised - something that can be significantly diminished by engaging users in security awareness training to familiarize them with common techniques and examples of attacks, so when they come across an attack set on stealing credentials, the user avoids becoming a victim. Blog post with links:https://blog.knowbe4.com/stolen-credentials-top-breach-threat [New PhishER Feature] Immediately Add User-Reported Email Threats to Your M365 Blocklist Now there\'s a super easy way to keep malicious emails away from all your users through the power of the KnowBe4 PhishER platform! The new PhishER Blocklist feature lets you use reported messages to prevent future malicious email with the same sender, URL or attachment from reaching other users. Now you can create a unique list of blocklist entries and dramatically improve your Microsoft 365 email filters without ever l]]> 2023-06-20T13:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-25-fingerprints-all-over-stolen-credentials-are-the-no1-root-cause-of-data-breaches www.secnews.physaphae.fr/article.php?IdArticle=8347292 False Ransomware,Data Breach,Spam,Malware,Hack,Vulnerability,Threat,Cloud ChatGPT,ChatGPT 2.0000000000000000 knowbe4 - cybersecurity services CyberheistNews Vol 13 #24  |   June 13th, 2023 [The Mind\'s Bias] Pretexting Now Tops Phishing in Social Engineering Attacks The New Verizon DBIR is a treasure trove of data. As we will cover a bit below, Verizon reported that 74% of data breaches Involve the "Human Element," so people are one of the most common factors contributing to successful data breaches. Let\'s drill down a bit more in the social engineering section. They explained: "Now, who has received an email or a direct message on social media from a friend or family member who desperately needs money? Probably fewer of you. This is social engineering (pretexting specifically) and it takes more skill. "The most convincing social engineers can get into your head and convince you that someone you love is in danger. They use information they have learned about you and your loved ones to trick you into believing the message is truly from someone you know, and they use this invented scenario to play on your emotions and create a sense of urgency. The DBIR Figure 35 shows that Pretexting is now more prevalent than Phishing in Social Engineering incidents. However, when we look at confirmed breaches, Phishing is still on top." A social attack known as BEC, or business email compromise, can be quite intricate. In this type of attack, the perpetrator uses existing email communications and information to deceive the recipient into carrying out a seemingly ordinary task, like changing a vendor\'s bank account details. But what makes this attack dangerous is that the new bank account provided belongs to the attacker. As a result, any payments the recipient makes to that account will simply disappear. BEC Attacks Have Nearly Doubled It can be difficult to spot these attacks as the attackers do a lot of preparation beforehand. They may create a domain doppelganger that looks almost identical to the real one and modify the signature block to show their own number instead of the legitimate vendor. Attackers can make many subtle changes to trick their targets, especially if they are receiving many similar legitimate requests. This could be one reason why BEC attacks have nearly doubled across the DBIR entire incident dataset, as shown in Figure 36, and now make up over 50% of incidents in this category. Financially Motivated External Attackers Double Down on Social Engineering Timely detection and response is crucial when dealing with social engineering attacks, as well as most other attacks. Figure 38 shows a steady increase in the median cost of BECs since 2018, now averaging around $50,000, emphasizing the significance of quick detection. However, unlike the times we live in, this section isn\'t all doom and ]]> 2023-06-13T13:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-24-the-minds-bias-pretexting-now-tops-phishing-in-social-engineering-attacks www.secnews.physaphae.fr/article.php?IdArticle=8344804 False Spam,Malware,Vulnerability,Threat,Patching ChatGPT,ChatGPT,APT 43,APT 37,Uber 2.0000000000000000 knowbe4 - cybersecurity services CyberheistNews Vol 13 #23  |   June 6th, 2023 [Wake-Up Call] It\'s Time to Focus More on Preventing Spear Phishing Fighting spear phishing attacks is the single best thing you can do to prevent breaches. Social engineering is involved in 70% to 90% of successful compromises. It is the number one way that all hackers and malware compromise devices and networks. No other initial root cause comes close (unpatched software and firmware is a distant second being involved in about 33% of attacks). A new, HUGE, very important, fact has been gleaned by Barracuda Networks which should impact the way that EVERYONE does security awareness training. Everyone needs to know about this fact and react accordingly. This is that fact: "...spear phishing attacks that use personalized messages... make up only 0.1% of all email-based attacks according to Barracuda\'s data but are responsible for 66% of all breaches." Let that sink in for a moment. What exactly is spear phishing? Spear phishing is when a social engineering attacker uses personal or confidential information they have learned about a potential victim or organization in order to more readily fool the victim into performing a harmful action. Within that definition, spear phishing can be accomplished in thousands of different ways, ranging from basic attacks to more advanced, longer-range attacks. [CONTINUED] at KnowBe4 blog:https://blog.knowbe4.com/wake-up-call-its-time-to-focus-more-on-preventing-spear-phishing [Live Demo] Ridiculously Easy Security Awareness Training and Phishing Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense. Join us TOMORROW, Wednesday, June 7, @ 2:00 PM (ET), for a live demonstration of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing. Get a look at THREE NEW FEATURES and see how easy it is to train and phish your users. NEW! Executive Reports - Can create, tailor and deliver advanced executive-level reports NEW! KnowBe4 ]]> 2023-06-06T13:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-23-wake-up-call-its-time-to-focus-more-on-preventing-spear-phishing www.secnews.physaphae.fr/article.php?IdArticle=8342545 False Ransomware,Malware,Hack,Tool,Threat None 2.0000000000000000 knowbe4 - cybersecurity services CyberheistNews Vol 13 #22  |   May 31st, 2023 [Eye on Fraud] A Closer Look at the Massive 72% Spike in Financial Phishing Attacks With attackers knowing financial fraud-based phishing attacks are best suited for the one industry where the money is, this massive spike in attacks should both surprise you and not surprise you at all. When you want tires, where do you go? Right – to the tire store. Shoes? Yup – shoe store. The most money you can scam from a single attack? That\'s right – the financial services industry, at least according to cybersecurity vendor Armorblox\'s 2023 Email Security Threat Report. According to the report, the financial services industry as a target has increased by 72% over 2022 and was the single largest target of financial fraud attacks, representing 49% of all such attacks. When breaking down the specific types of financial fraud, it doesn\'t get any better for the financial industry: 51% of invoice fraud attacks targeted the financial services industry 42% were payroll fraud attacks 63% were payment fraud To make matters worse, nearly one-quarter (22%) of financial fraud attacks successfully bypassed native email security controls, according to Armorblox. That means one in five email-based attacks made it all the way to the Inbox. The next layer in your defense should be a user that\'s properly educated using security awareness training to easily identify financial fraud and other phishing-based threats, stopping them before they do actual damage. Blog post with links:https://blog.knowbe4.com/financial-fraud-phishing [Live Demo] Ridiculously Easy Security Awareness Training and Phishing Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense. Join us Wednesday, June 7, @ 2:00 PM (ET), for a live demonstration of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing. Get a look at THREE NEW FEATURES and see how easy it is to train and phish your users. ]]> 2023-05-31T13:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-22-eye-on-fraud-a-closer-look-at-the-massive-72-percent-spike-in-financial-phishing-attacks www.secnews.physaphae.fr/article.php?IdArticle=8340859 False Ransomware,Malware,Hack,Tool,Threat,Conference ChatGPT,ChatGPT,Uber,Guam 2.0000000000000000 knowbe4 - cybersecurity services 2023-05-24T12:52:37+00:00 https://blog.knowbe4.com/batloader-malware-drive-bys-attacks www.secnews.physaphae.fr/article.php?IdArticle=8339012 False Malware None 2.0000000000000000 knowbe4 - cybersecurity services CyberheistNews Vol 13 #20  |   May 16th, 2023 [Foot in the Door] The Q1 2023\'s Top-Clicked Phishing Scams | INFOGRAPHIC KnowBe4\'s latest reports on top-clicked phishing email subjects have been released for Q1 2023. We analyze "in the wild" attacks reported via our Phish Alert Button, top subjects globally clicked on in phishing tests, top attack vector types, and holiday email phishing subjects. IT and Online Services Emails Drive Dangerous Attack Trend This last quarter\'s results reflect the shift to IT and online service notifications such as laptop refresh or account suspension notifications that can affect your end users\' daily work. Cybercriminals are constantly increasing the damage they cause to organizations by luring unsuspecting employees into clicking on malicious links or downloading fake attachments that seem realistic. Emails that are disguised as coming from an internal source, such as the IT department, are especially dangerous because they appear to come from a trusted place where an employee would not necessarily question it or be as skeptical. Building up your organization\'s human firewall by fostering a strong security culture is essential to outsmart bad actors. The report covers the following: Common "In-The-Wild" Emails for Q1 2023 Top Phishing Email Subjects Globally Top 5 Attack Vector Types Top 10 Holiday Phishing Email Subjects in Q1 2023 This post has a full PDF infographic you can download and share with your users:https://blog.knowbe4.com/q1-2023-top-clicked-phishing [New PhishER Feature] Immediately Add User-Reported Email Threats to Your M365 Blocklist Now there\'s a super easy way to keep malicious emails away from all your users through the power of the KnowBe4 PhishER platform! The new PhishER Blocklist feature lets you use reported messages to prevent future malicious email with the same sender, URL or attachment from reaching other users. Now you can create a unique list of blocklist entries and dramatically improve your Microsoft 365 email filters without ever leaving the PhishER console. Join us TOMORROW, Wednesday, May 17, @ 2:00 PM (ET) for a l]]> 2023-05-16T13:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-20-foot-in-the-door-the-q1-2023s-top-clicked-phishing-scams-infographic www.secnews.physaphae.fr/article.php?IdArticle=8336951 False Ransomware,Spam,Malware,Hack,Tool,Threat None 2.0000000000000000 knowbe4 - cybersecurity services ]]> 2023-05-09T20:43:09+00:00 https://blog.knowbe4.com/finger-on-the-trigger-how-the-fbi-nuked-russian-fsbs-snake-data-theft-malware www.secnews.physaphae.fr/article.php?IdArticle=8334946 False Malware None 2.0000000000000000 knowbe4 - cybersecurity services CyberheistNews Vol 13 #19  |   May 9th, 2023 [Watch Your Back] New Fake Chrome Update Error Attack Targets Your Users Compromised websites (legitimate sites that have been successfully compromised to support social engineering) are serving visitors fake Google Chrome update error messages. "Google Chrome users who use the browser regularly should be wary of a new attack campaign that distributes malware by posing as a Google Chrome update error message," Trend Micro warns. "The attack campaign has been operational since February 2023 and has a large impact area." The message displayed reads, "UPDATE EXCEPTION. An error occurred in Chrome automatic update. Please install the update package manually later, or wait for the next automatic update." A link is provided at the bottom of the bogus error message that takes the user to what\'s misrepresented as a link that will support a Chrome manual update. In fact the link will download a ZIP file that contains an EXE file. The payload is a cryptojacking Monero miner. A cryptojacker is bad enough since it will drain power and degrade device performance. This one also carries the potential for compromising sensitive information, particularly credentials, and serving as staging for further attacks. This campaign may be more effective for its routine, innocent look. There are no spectacular threats, no promises of instant wealth, just a notice about a failed update. Users can become desensitized to the potential risks bogus messages concerning IT issues carry with them. Informed users are the last line of defense against attacks like these. New school security awareness training can help any organization sustain that line of defense and create a strong security culture. Blog post with links:https://blog.knowbe4.com/fake-chrome-update-error-messages A Master Class on IT Security: Roger A. Grimes Teaches You Phishing Mitigation Phishing attacks have come a long way from the spray-and-pray emails of just a few decades ago. Now they\'re more targeted, more cunning and more dangerous. And this enormous security gap leaves you open to business email compromise, session hijacking, ransomware and more. Join Roger A. Grimes, KnowBe4\'s Data-Driven Defense Evangelist, ]]> 2023-05-09T13:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-19-watch-your-back-new-fake-chrome-update-error-attack-targets-your-users www.secnews.physaphae.fr/article.php?IdArticle=8334782 False Ransomware,Data Breach,Spam,Malware,Tool,Threat,Prediction ChatGPT,ChatGPT,NotPetya,NotPetya,APT 28 2.0000000000000000 knowbe4 - cybersecurity services ]]> 2023-05-04T12:28:47+00:00 https://blog.knowbe4.com/malware-by-social-engineering www.secnews.physaphae.fr/article.php?IdArticle=8333451 False Malware None 2.0000000000000000 knowbe4 - cybersecurity services CyberheistNews Vol 13 #18  |   May 2nd, 2023 [Eye on AI] Does ChatGPT Have Cybersecurity Tells? Poker players and other human lie detectors look for "tells," that is, a sign by which someone might unwittingly or involuntarily reveal what they know, or what they intend to do. A cardplayer yawns when they\'re about to bluff, for example, or someone\'s pupils dilate when they\'ve successfully drawn a winning card. It seems that artificial intelligence (AI) has its tells as well, at least for now, and some of them have become so obvious and so well known that they\'ve become internet memes. "ChatGPT and GPT-4 are already flooding the internet with AI-generated content in places famous for hastily written inauthentic content: Amazon user reviews and Twitter," Vice\'s Motherboard observes, and there are some ways of interacting with the AI that lead it into betraying itself for what it is. "When you ask ChatGPT to do something it\'s not supposed to do, it returns several common phrases. When I asked ChatGPT to tell me a dark joke, it apologized: \'As an AI language model, I cannot generate inappropriate or offensive content,\' it said. Those two phrases, \'as an AI language model\' and \'I cannot generate inappropriate content,\' recur so frequently in ChatGPT generated content that they\'ve become memes." That happy state of easy detection, however, is unlikely to endure. As Motherboard points out, these tells are a feature of "lazily executed" AI. With a little more care and attention, they\'ll grow more persuasive. One risk of the AI language models is that they can be adapted to perform social engineering at scale. In the near term, new-school security awareness training can help alert your people to the tells of automated scamming. And in the longer term, that training will adapt and keep pace with the threat as it evolves. Blog post with links:https://blog.knowbe4.com/chatgpt-cybersecurity-tells [Live Demo] Ridiculously Easy Security Awareness Training and Phishing Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense. Join us TOMORROW, Wednesday, May 3, @ 2:00 PM (ET), for a live demonstration of how KnowBe4]]> 2023-05-02T13:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-18-eye-on-ai-does-chatgpt-have-cybersecurity-tells www.secnews.physaphae.fr/article.php?IdArticle=8332823 False Ransomware,Malware,Hack,Threat ChatGPT,ChatGPT 2.0000000000000000 knowbe4 - cybersecurity services 2023-04-27T12:08:22+00:00 https://blog.knowbe4.com/qbot-attacks-pdfs-windows-scripting-host-files www.secnews.physaphae.fr/article.php?IdArticle=8331544 False Malware None 2.0000000000000000 knowbe4 - cybersecurity services CyberheistNews Vol 13 #16  |   April 18th, 2023 [Finger on the Pulse]: How Phishers Leverage Recent AI Buzz Curiosity leads people to suspend their better judgment as a new campaign of credential theft exploits a person\'s excitement about the newest AI systems not yet available to the general public. On Tuesday morning, April 11th, Veriti explained that several unknown actors are making false Facebook ads which advertise a free download of AIs like ChatGPT and Google Bard. Veriti writes "These posts are designed to appear legitimate, using the buzz around OpenAI language models to trick unsuspecting users into downloading the files. However, once the user downloads and extracts the file, the Redline Stealer (aka RedStealer) malware is activated and is capable of stealing passwords and downloading further malware onto the user\'s device." Veriti describes the capabilities of the Redline Stealer malware which, once downloaded, can take sensitive information like credit card numbers, passwords, and personal information like user location, and hardware. Veriti added "The malware can upload and download files, execute commands, and send back data about the infected computer at regular intervals." Experts recommend using official Google or OpenAI websites to learn when their products will be available and only downloading files from reputable sources. With the rising use of Google and Facebook ads as attack vectors experts also suggest refraining from clicking on suspicious advertisements promising early access to any product on the Internet. Employees can be helped to develop sound security habits like these by stepping them through monthly social engineering simulations. Blog post with links:https://blog.knowbe4.com/ai-hype-used-for-phishbait [New PhishER Feature] Immediately Add User-Reported Email Threats to Your M365 Blocklist Now there\'s a super easy way to keep malicious emails away from all your users through the power of the KnowBe4 PhishER platform! The new PhishER Blocklist feature lets you use reported messages to prevent future malicious email with the same sender, URL or attachment from reaching other users. Now you can create a unique list of blocklist entries and dramatically improve your Microsoft 365 email filters with]]> 2023-04-25T13:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-17-head-start-effective-methods-how-to-teach-social-engineering-to-an-ai www.secnews.physaphae.fr/article.php?IdArticle=8330904 False Spam,Malware,Hack,Threat ChatGPT,ChatGPT,APT 28 3.0000000000000000 knowbe4 - cybersecurity services ]]> 2023-04-20T12:21:53+00:00 https://blog.knowbe4.com/phishing-email-volume-doubles www.secnews.physaphae.fr/article.php?IdArticle=8329653 False Malware None 2.0000000000000000 knowbe4 - cybersecurity services CyberheistNews Vol 13 #16  |   April 18th, 2023 [Finger on the Pulse]: How Phishers Leverage Recent AI Buzz Curiosity leads people to suspend their better judgment as a new campaign of credential theft exploits a person\'s excitement about the newest AI systems not yet available to the general public. On Tuesday morning, April 11th, Veriti explained that several unknown actors are making false Facebook ads which advertise a free download of AIs like ChatGPT and Google Bard. Veriti writes "These posts are designed to appear legitimate, using the buzz around OpenAI language models to trick unsuspecting users into downloading the files. However, once the user downloads and extracts the file, the Redline Stealer (aka RedStealer) malware is activated and is capable of stealing passwords and downloading further malware onto the user\'s device." Veriti describes the capabilities of the Redline Stealer malware which, once downloaded, can take sensitive information like credit card numbers, passwords, and personal information like user location, and hardware. Veriti added "The malware can upload and download files, execute commands, and send back data about the infected computer at regular intervals." Experts recommend using official Google or OpenAI websites to learn when their products will be available and only downloading files from reputable sources. With the rising use of Google and Facebook ads as attack vectors experts also suggest refraining from clicking on suspicious advertisements promising early access to any product on the Internet. Employees can be helped to develop sound security habits like these by stepping them through monthly social engineering simulations. Blog post with links:https://blog.knowbe4.com/ai-hype-used-for-phishbait [New PhishER Feature] Immediately Add User-Reported Email Threats to Your M365 Blocklist Now there\'s a super easy way to keep malicious emails away from all your users through the power of the KnowBe4 PhishER platform! The new PhishER Blocklist feature lets you use reported messages to prevent future malicious email with the same sender, URL or attachment from reaching other users. Now you can create a unique list of blocklist entries and dramatically improve your Microsoft 365 email filters without ever leav]]> 2023-04-18T13:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-16-finger-on-the-pulse-how-phishers-leverage-recent-ai-buzz www.secnews.physaphae.fr/article.php?IdArticle=8328885 False Spam,Malware,Hack,Threat ChatGPT,ChatGPT,APT 28 3.0000000000000000 knowbe4 - cybersecurity services CyberheistNews Vol 13 #15  |   April 11th, 2023 [The New Face of Fraud] FTC Sheds Light on AI-Enhanced Family Emergency Scams The Federal Trade Commission is alerting consumers about a next-level, more sophisticated family emergency scam that uses AI which imitates the voice of a "family member in distress." They started out with: "You get a call. There\'s a panicked voice on the line. It\'s your grandson. He says he\'s in deep trouble - he wrecked the car and landed in jail. But you can help by sending money. You take a deep breath and think. You\'ve heard about grandparent scams. But darn, it sounds just like him. How could it be a scam? Voice cloning, that\'s how." "Don\'t Trust The Voice" The FTC explains: "Artificial intelligence is no longer a far-fetched idea out of a sci-fi movie. We\'re living with it, here and now. A scammer could use AI to clone the voice of your loved one. All he needs is a short audio clip of your family member\'s voice - which he could get from content posted online - and a voice-cloning program. When the scammer calls you, he\'ll sound just like your loved one. "So how can you tell if a family member is in trouble or if it\'s a scammer using a cloned voice? Don\'t trust the voice. Call the person who supposedly contacted you and verify the story. Use a phone number you know is theirs. If you can\'t reach your loved one, try to get in touch with them through another family member or their friends." Full text of the alert is at the FTC website. Share with friends, family and co-workers:https://blog.knowbe4.com/the-new-face-of-fraud-ftc-sheds-light-on-ai-enhanced-family-emergency-scams A Master Class on IT Security: Roger A. Grimes Teaches Ransomware Mitigation Cybercriminals have become thoughtful about ransomware attacks; taking time to maximize your organization\'s potential damage and their payoff. Protecting your network from this growing threat is more important than ever. And nobody knows this more than Roger A. Grimes, Data-Driven Defense Evangelist at KnowBe4. With 30+ years of experience as a computer security consultant, instructor, and award-winning author, Roger has dedicated his life to making]]> 2023-04-11T13:16:54+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-15-the-new-face-of-fraud-ftc-sheds-light-on-ai-enhanced-family-emergency-scams www.secnews.physaphae.fr/article.php?IdArticle=8326650 False Ransomware,Data Breach,Spam,Malware,Hack,Tool,Threat ChatGPT,ChatGPT 2.0000000000000000 knowbe4 - cybersecurity services ]]> 2023-04-10T14:21:40+00:00 https://blog.knowbe4.com/tax-phishing-campaign www.secnews.physaphae.fr/article.php?IdArticle=8326345 False Malware None 2.0000000000000000 knowbe4 - cybersecurity services CyberheistNews Vol 13 #14  |   April 4th, 2023 [Eyes on the Prize] How Crafty Cons Attempted a 36 Million Vendor Email Heist The details in this thwarted VEC attack demonstrate how the use of just a few key details can both establish credibility and indicate the entire thing is a scam. It\'s not every day you hear about a purely social engineering-based scam taking place that is looking to run away with tens of millions of dollars. But, according to security researchers at Abnormal Security, cybercriminals are becoming brazen and are taking their shots at very large prizes. This attack begins with a case of VEC – where a domain is impersonated. In the case of this attack, the impersonated vendor\'s domain (which had a .com top level domain) was replaced with a matching .cam domain (.cam domains are supposedly used for photography enthusiasts, but there\'s the now-obvious problem with it looking very much like .com to the cursory glance). The email attaches a legitimate-looking payoff letter complete with loan details. According to Abnormal Security, nearly every aspect of the request looked legitimate. The telltale signs primarily revolved around the use of the lookalike domain, but there were other grammatical mistakes (that can easily be addressed by using an online grammar service or ChatGPT). This attack was identified well before it caused any damage, but the social engineering tactics leveraged were nearly enough to make this attack successful. Security solutions will help stop most attacks, but for those that make it past scanners, your users need to play a role in spotting and stopping BEC, VEC and phishing attacks themselves – something taught through security awareness training combined with frequent simulated phishing and other social engineering tests. Blog post with screenshots and links:https://blog.knowbe4.com/36-mil-vendor-email-compromise-attack [Live Demo] Ridiculously Easy Security Awareness Training and Phishing Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense. Join us TOMORROW, Wednesday, April 5, @ 2:00 PM (ET), for a live demo of how KnowBe4 i]]> 2023-04-04T13:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-14-eyes-on-the-price-how-crafty-cons-attempted-a-36-million-vendor-email-heist www.secnews.physaphae.fr/article.php?IdArticle=8324667 False Ransomware,Malware,Hack,Threat ChatGPT,ChatGPT,APT 43 2.0000000000000000 knowbe4 - cybersecurity services CyberheistNews Vol 13 #13  |   March 28th, 2023 [Eye Opener] How to Outsmart Sneaky AI-Based Phishing Attacks Users need to adapt to an evolving threat landscape in which attackers can use AI tools like ChatGPT to craft extremely convincing phishing emails, according to Matthew Tyson at CSO. "A leader tasked with cybersecurity can get ahead of the game by understanding where we are in the story of machine learning (ML) as a hacking tool," Tyson writes. "At present, the most important area of relevance around AI for cybersecurity is content generation. "This is where machine learning is making its greatest strides and it dovetails nicely for hackers with vectors such as phishing and malicious chatbots. The capacity to craft compelling, well-formed text is in the hands of anyone with access to ChatGPT, and that\'s basically anyone with an internet connection." Tyson quotes Conal Gallagher, CIO and CISO at Flexera, as saying that since attackers can now write grammatically correct phishing emails, users will need to pay attention to the circumstances of the emails. "Looking for bad grammar and incorrect spelling is a thing of the past - even pre-ChatGPT phishing emails have been getting more sophisticated," Gallagher said. "We must ask: \'Is the email expected? Is the from address legit? Is the email enticing you to click on a link?\' Security awareness training still has a place to play here." Tyson explains that technical defenses have become very effective, so attackers focus on targeting humans to bypass these measures. "Email and other elements of software infrastructure offer built-in fundamental security that largely guarantees we are not in danger until we ourselves take action," Tyson writes. "This is where we can install a tripwire in our mindsets: we should be hyper aware of what it is we are acting upon when we act upon it. "Not until an employee sends a reply, runs an attachment, or fills in a form is sensitive information at risk. The first ring of defense in our mentality should be: \'Is the content I\'m looking at legit, not just based on its internal aspects, but given the entire context?\' The second ring of defense in our mentality then has to be, \'Wait! I\'m being asked to do something here.\'" New-school security awareness training with simulated phishing tests enables your employees to recognize increasingly sophisticated phishing attacks and builds a strong security culture. Remember: Culture eats strategy for breakfast and is always top-down. Blog post with links:https://blog.knowbe4.com/identifying-ai-enabled-phishing ]]> 2023-03-28T13:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-13-eye-opener-how-to-outsmart-sneaky-ai-based-phishing-attacks www.secnews.physaphae.fr/article.php?IdArticle=8322503 False Ransomware,Malware,Hack,Tool,Threat,Guideline ChatGPT,ChatGPT 3.0000000000000000 knowbe4 - cybersecurity services CyberheistNews Vol 13 #11  |   March 14th, 2023 [Heads Up] Employees Are Feeding Sensitive Biz Data to ChatGPT, Raising Security Fears Robert Lemos at DARKReading just reported on a worrying trend. The title said it all, and the news is that more than 4% of employees have put sensitive corporate data into the large language model, raising concerns that its popularity may result in massive leaks of proprietary information. Yikes. I'm giving you a short extract of the story and the link to the whole article is below. "Employees are submitting sensitive business data and privacy-protected information to large language models (LLMs) such as ChatGPT, raising concerns that artificial intelligence (AI) services could be incorporating the data into their models, and that information could be retrieved at a later date if proper data security isn't in place for the service. "In a recent report, data security service Cyberhaven detected and blocked requests to input data into ChatGPT from 4.2% of the 1.6 million workers at its client companies because of the risk of leaking confidential info, client data, source code, or regulated information to the LLM. "In one case, an executive cut and pasted the firm's 2023 strategy document into ChatGPT and asked it to create a PowerPoint deck. In another case, a doctor input his patient's name and their medical condition and asked ChatGPT to craft a letter to the patient's insurance company. "And as more employees use ChatGPT and other AI-based services as productivity tools, the risk will grow, says Howard Ting, CEO of Cyberhaven. "'There was this big migration of data from on-prem to cloud, and the next big shift is going to be the migration of data into these generative apps," he says. "And how that plays out [remains to be seen] - I think, we're in pregame; we're not even in the first inning.'" Your employees need to be stepped through new-school security awareness training so that they understand the risks of doing things like this. Blog post with links:https://blog.knowbe4.com/employees-are-feeding-sensitive-biz-data-to-chatgpt-raising-security-fears [New PhishER Feature] Immediately Add User-Reported Email Threats to Your M365 Blockl]]> 2023-03-14T13:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-11-heads-up-employees-are-feeding-sensitive-biz-data-to-chatgpt-raising-security-fears www.secnews.physaphae.fr/article.php?IdArticle=8318404 False Ransomware,Data Breach,Spam,Malware,Threat,Guideline,Medical ChatGPT,ChatGPT 2.0000000000000000 knowbe4 - cybersecurity services ]]> 2023-03-10T14:46:12+00:00 https://blog.knowbe4.com/malware-decreases-exploits-skyrocket www.secnews.physaphae.fr/article.php?IdArticle=8317259 False Malware None 2.0000000000000000 knowbe4 - cybersecurity services CyberheistNews Vol 13 #09  |   February 28th, 2023 [Eye Opener] Should You Click on Unsubscribe? By Roger A. Grimes. Some common questions we get are "Should I click on an unwanted email's 'Unsubscribe' link? Will that lead to more or less unwanted email?" The short answer is that, in general, it is OK to click on a legitimate vendor's unsubscribe link. But if you think the email is sketchy or coming from a source you would not want to validate your email address as valid and active, or are unsure, do not take the chance, skip the unsubscribe action. In many countries, legitimate vendors are bound by law to offer (free) unsubscribe functionality and abide by a user's preferences. For example, in the U.S., the 2003 CAN-SPAM Act states that businesses must offer clear instructions on how the recipient can remove themselves from the involved mailing list and that request must be honored within 10 days. Note: Many countries have laws similar to the CAN-SPAM Act, although with privacy protection ranging the privacy spectrum from very little to a lot more protection. The unsubscribe feature does not have to be a URL link, but it does have to be an "internet-based way." The most popular alternative method besides a URL link is an email address to use. In some cases, there are specific instructions you have to follow, such as put "Unsubscribe" in the subject of the email. Other times you are expected to craft your own message. Luckily, most of the time simply sending any email to the listed unsubscribe email address is enough to remove your email address from the mailing list. [CONTINUED] at the KnowBe4 blog:https://blog.knowbe4.com/should-you-click-on-unsubscribe [Live Demo] Ridiculously Easy Security Awareness Training and Phishing Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense. Join us TOMORROW, Wednesday, March 1, @ 2:00 PM (ET), for a live demo of how KnowBe4 introduces a new-school approac]]> 2023-02-28T14:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-09-eye-opener-should-you-click-on-unsubscribe www.secnews.physaphae.fr/article.php?IdArticle=8314155 False Malware,Hack,Tool,Vulnerability,Threat,Guideline,Prediction APT 38,ChatGPT 3.0000000000000000 knowbe4 - cybersecurity services ]]> 2023-02-23T16:28:45+00:00 https://blog.knowbe4.com/malware-report-the-number-of-unique-phishing-emails-in-q4-rose-by-36 www.secnews.physaphae.fr/article.php?IdArticle=8312891 False Malware None 3.0000000000000000 knowbe4 - cybersecurity services ]]> 2023-01-31T20:04:16+00:00 https://blog.knowbe4.com/microsoft-onenote-attachments-spread-malware www.secnews.physaphae.fr/article.php?IdArticle=8305978 False Malware None 2.0000000000000000 knowbe4 - cybersecurity services In our latest episode of Security Masterminds, we have the pleasure of interviewing Roger Grimes, Data-Driven Defense Evangelist for KnowBe4, who has held various roles throughout his career. In the episode, Roger discusses his early days of malware disassembly, the trials and tribulations of public speaking, and his magnum opus, his book about data-driven defense.]]> 2023-01-25T15:50:54+00:00 https://blog.knowbe4.com/security-masterminds-analyzing-malware-to-understand-the-cybercriminal www.secnews.physaphae.fr/article.php?IdArticle=8303984 False Malware None 2.0000000000000000 knowbe4 - cybersecurity services ]]> 2022-12-27T14:20:16+00:00 https://blog.knowbe4.com/qbot-malware-attacks-use-svg-files-to-perform-html-smuggling www.secnews.physaphae.fr/article.php?IdArticle=8295247 True Malware None 1.00000000000000000000 knowbe4 - cybersecurity services ]]> 2022-12-22T14:44:21+00:00 https://blog.knowbe4.com/polymorphic-wiper-malware-leaves-attacked-environments-unrecoverable www.secnews.physaphae.fr/article.php?IdArticle=8293717 False Malware None 2.0000000000000000 knowbe4 - cybersecurity services ]]> 2022-12-21T13:59:29+00:00 https://blog.knowbe4.com/xll-files-used-to-deliver-malware www.secnews.physaphae.fr/article.php?IdArticle=8293385 False Malware None 3.0000000000000000 knowbe4 - cybersecurity services ]]> 2022-12-14T19:02:41+00:00 https://blog.knowbe4.com/interest-in-infostealer-malware-within-cyberattacks-spikes-as-mfa-fatigue-attacks-increase www.secnews.physaphae.fr/article.php?IdArticle=8291287 False Malware None 2.0000000000000000 knowbe4 - cybersecurity services ]]> 2022-12-07T15:44:32+00:00 https://blog.knowbe4.com/archives-overtake-office-documents-as-the-most-popular-file-type-to-deliver-malware www.secnews.physaphae.fr/article.php?IdArticle=8288735 False Malware None 3.0000000000000000 knowbe4 - cybersecurity services According to nearly every study conducted over the last decade, social engineering is involved in the vast majority of cyber attacks. The figures range from about 30% to 90% of all hacking and malware attacks. There is no other root exploitation cause that organizations can focus on mitigating that would decrease cybersecurity risk more.]]> 2022-09-26T12:00:00+00:00 https://blog.knowbe4.com/you-need-aggressive-cybersecurity-training www.secnews.physaphae.fr/article.php?IdArticle=7149233 False Malware None None knowbe4 - cybersecurity services ]]> 2022-08-31T13:30:07+00:00 https://blog.knowbe4.com/lost-in-translation-new-cryptomining-malware-attacks-based-in-turkey-cause-suspicion www.secnews.physaphae.fr/article.php?IdArticle=6646506 False Malware None None knowbe4 - cybersecurity services Threat actors are sending out the stealthy “more_eggs” malware in spear phishing emails that target hiring managers, according to researchers at eSentire's Threat Response Unit (TRU).]]> 2022-04-26T12:49:59+00:00 https://blog.knowbe4.com/more_eggs-malware-distributed-via-spear-phishing www.secnews.physaphae.fr/article.php?IdArticle=4508071 False Malware,Threat None None knowbe4 - cybersecurity services It appears that the use of Microsoft CHM files is gaining popularity, and from the way this latest attack works, it's a rather ingenious and flexible method that could become more prevalent.]]> 2022-04-05T18:37:54+00:00 https://blog.knowbe4.com/info-stealer-malware-vidar-uses-microsoft-help-files-to-launch-attacks www.secnews.physaphae.fr/article.php?IdArticle=4401001 False Malware None None knowbe4 - cybersecurity services Researchers at Intezer warn that attackers are hijacking email conversations to distribute the IcedID banking Trojan. This technique makes the phishing emails appear more legitimate and helps them bypass security filters.]]> 2022-03-29T13:03:08+00:00 https://blog.knowbe4.com/email-conversation-hacking-to-distribute-malware www.secnews.physaphae.fr/article.php?IdArticle=4359411 False Malware None None knowbe4 - cybersecurity services As if stealing all your credentials, cookies, and email wasn't bad enough, this new version of QakBot inserts itself into your emails, impersonating you to gain access to more victims.]]> 2022-03-23T18:00:06+00:00 https://blog.knowbe4.com/qakbot-takes-over-email-conversations-to-spread-malware www.secnews.physaphae.fr/article.php?IdArticle=4330504 False Malware None None knowbe4 - cybersecurity services There is a new ransomware-as-a-service (RaaS) strain called LokiLocker, researchers at Blackberry warn. The malware uses rare code obfuscation and includes a file wiper component that attackers can deploy if their victims don't pay. "It shouldn't be confused with an older ransomware family called Locky, which was notorious in 2016, or LokiBot, which is an infostealer. ]]> 2022-03-17T12:43:59+00:00 https://blog.knowbe4.com/heads-up-new-evil-ransomware-feature-disk-wiper-if-you-dont-pay www.secnews.physaphae.fr/article.php?IdArticle=4298335 False Ransomware,Malware None None knowbe4 - cybersecurity services Newly discovered data-destroying malware was found this week in attacks targeting Ukrainian organizations and deleting data across systems on compromised networks. "This new malware erases user data and partition information from attached drives," ESET Research Labs explained.]]> 2022-03-15T20:10:10+00:00 https://blog.knowbe4.com/eye-opener-ukraine-is-now-being-hit-with-4-different-strains-of-wiper-malware www.secnews.physaphae.fr/article.php?IdArticle=4287449 False Malware None None knowbe4 - cybersecurity services New analysis of attacks in 2021 show massive increases across the board, painting a very concerning picture for this year around cyberattacks of all types.]]> 2022-03-11T15:28:20+00:00 https://blog.knowbe4.com/email-based-vishing-attacks-skyrocket-554-percent www.secnews.physaphae.fr/article.php?IdArticle=4261108 False Malware None None knowbe4 - cybersecurity services [Heads Up] The Ukraine War Started A New Wiper Malware Spillover Risk   Email not displaying? | CyberheistNews Vol 12 #09  |   Mar. 1st., 2022 [Heads Up] The Ukraine War Started A New Wiper Malware Spillover Risk   The war in Ukraine increases the risk of wiper malware to spill over. I'm sure you remember NotPetya, which caused billions of dollars of downtime damage. The WSJ reports that Symantec observed wiper malware was put in motion just hours before Russian tanks arrived in Ukraine. ]]> 2022-03-01T19:07:44+00:00 https://blog.knowbe4.com/cyberheistnews-vol-12-09-heads-up-the-ukraine-war-started-a-new-wiper-malware-spillover www.secnews.physaphae.fr/article.php?IdArticle=4209918 True Malware NotPetya None knowbe4 - cybersecurity services The war in Ukraine increases the risk of wiper malware to spill over. I'm sure you remember NotPetya, which caused billions of dollars of downtime damage. The WSJ reports that Symantec observed wiper malware was put in motion just hours before Russian tanks arrived in Ukraine.  ]]> 2022-02-25T12:12:46+00:00 https://blog.knowbe4.com/heads-up-the-ukraine-war-started-a-new-wiper-malware-spillover-risk www.secnews.physaphae.fr/article.php?IdArticle=4182126 False Malware NotPetya None knowbe4 - cybersecurity services [Heads Up] FBI Warns Against New Criminal QR Code Scams   Email not displaying? | CyberheistNews Vol 12 #07  |   Feb. 15th., 2022 [Heads Up] FBI Warns Against New Criminal QR Code Scams QR codes have been around for many years. While they were adopted for certain niche uses, they never did quite reach their full potential. They are a bit like Rick Astley in that regard, really popular for one song, but well after the boat had sailed. Do not get me wrong, Rick Astley achieved a lot. In recent years, he has become immortalized as a meme and Rick roller, but he could have been so much more. However, in recent years, with lockdown and the drive to keep things at arms length, QR codes have become an efficient way to facilitate contactless communications, or the transfer of offers without physically handing over a coupon. As this has grown in popularity, more people have become familiar with how to generate their own QR codes and how to use them as virtual business cards, discount codes, links to videos and all sorts of other things. QRime Codes As with most things, once they begin to gain a bit of popularity, criminals move in to see how they can manipulate the situation to their advantage. Recently, we have seen fake QR codes stuck to parking meters enticing unwitting drivers to scan the code, and hand over their payment details believing they were paying for parking, whereas they were actually handing over their payment information to criminals. The rise in QR code fraud resulted in the FBI releasing an advisory warning against fake QR codes that are being used to scam users. In many cases, a fake QR code will lead people to a website that looks like the intended legitimate site. So, the usual verification process of checking the URL and any other red flags apply. CONTINUED with links and 4 example malicious QR codes on the KnowBe4 blog: https://blog.knowbe4.com/qr-codes-in-the-time-of-cybercrime ]]> 2022-02-15T14:24:51+00:00 https://blog.knowbe4.com/cyberheistnews-vol-12-07-heads-up-fbi-warns-against-new-criminal-qr-code-scams www.secnews.physaphae.fr/article.php?IdArticle=4133418 False Ransomware,Data Breach,Spam,Malware,Threat,Guideline APT 43,APT 15 None knowbe4 - cybersecurity services [Heads Up] Beware of New QuickBooks Payment Scams   Email not displaying? | CyberheistNews Vol 12 #06  |   Feb. 8th., 2022 [Heads Up] Beware of New QuickBooks Payment Scams Many small and mid-sized companies use Intuit's popular QuickBooks program. They usually start out using its easy-to-use base accounting program and then the QuickBooks program aggressively pushes other complimentary features. One of those add-on features is the ability to send customers' invoices via email. The payee can click on a “Review and pay” button in the email to pay the invoice. It used to be a free, but less mature, feature years ago, but these days, it costs extra. Still, if you are using QuickBooks for your accounting, the ability to generate, send, receive and electronically track invoices all in one place is a pretty easy sell. Unfortunately, phishing criminals are using QuickBooks' popularity to send business email compromise (BEC) scams. The emails appear as if they are coming from a legitimate vendor using QuickBooks, but if the potential victim takes the bait, the invoice they pay will be to the scammer. Worse, the payment request can require that the payee use ACH (automated clearing house) method, which requires the payee to input their bank account details. So, if the victim falls for the scam, the criminal now has their bank account information. Not good. Note: Some other QuickBooks scam warnings will tell you that QuickBooks will never ask for your ACH or banking details. This is not completely true. QuickBooks, the company and its support staff, never will, but QuickBooks email payment requests often do. Warn your users in Accounting. CONTINUED at the KnowBe4 blog with both legit and malicious example screenshots: https://blog.knowbe4.com/beware-of-quickbooks-payment-scams ]]> 2022-02-08T14:23:51+00:00 https://blog.knowbe4.com/cyberheistnews-vol-12-06-heads-up-beware-of-new-quickbooks-payment-scams www.secnews.physaphae.fr/article.php?IdArticle=4094184 False Malware,Hack,Threat,Conference APT 35 None knowbe4 - cybersecurity services Security Threat Researchers at Symantec have published details about malware being put out by the “Gamaredon” threat group (who have been tied to Russian Federal Security Service), responsible for attacks in the Ukraine since 2013.]]> 2022-02-01T19:40:07+00:00 https://blog.knowbe4.com/8-new-malware-payloads-spotted-as-part-of-attacks-against-ukrainian-targets www.secnews.physaphae.fr/article.php?IdArticle=4067225 False Malware,Threat None None knowbe4 - cybersecurity services   ]]> 2022-02-01T14:37:29+00:00 https://blog.knowbe4.com/cyberheistnews-vol-12-05-dhs-sounds-alarm-on-new-russian-destructive-disk-wiper-attack-potential www.secnews.physaphae.fr/article.php?IdArticle=4065596 False Ransomware,Malware,Hack,Tool,Threat,Guideline NotPetya,NotPetya,APT 27,APT 27,Wannacry,Wannacry None knowbe4 - cybersecurity services With the ubiquitous use of Microsoft Office today, it should come as no surprise that malicious macro-laden documents continue to reign, with PPT files delivering AgentTesla taking the spotlight.]]> 2022-01-27T14:13:49+00:00 https://blog.knowbe4.com/malicious-office-documents-jump-to-37-of-all-malware-downloads-at-the-end-of-2021 www.secnews.physaphae.fr/article.php?IdArticle=4041463 False Malware None None knowbe4 - cybersecurity services More than half (55%) of phishing attacks target IT departments, according to research commissioned by OpenText. Additionally, nearly half of survey respondents said they had fallen for a malware phishing attack.]]> 2021-12-28T16:19:30+00:00 https://blog.knowbe4.com/the-impacts-of-phishing-attacks www.secnews.physaphae.fr/article.php?IdArticle=3899360 False Malware None None