CyberheistNews Vol 11 #44
[Heads Up] Multi-Stage Vishing Attacks Are Coming to an Inbox Near You
New attacks initially coming in via email are directing victims to make phone calls to attacker-controlled call centers in order to provide banking and credit card details.
I’ve brought these kind of phishing-turned-vishing attacks to your attention previously with examples of fake Amazon password resets or fake orders for expensive items – both pointing recipients to call phone numbers. But new examples of these kinds of increasingly frequent attacks are coming to light.
Rather than sending an email referencing an invoice attachment (usually for the purposes of installing malware), these scams simply use the email as the invoice or payment notice and drive readers towards calling a phone number to dispute the charge.
These scams are intent on getting recipients to divulge their credit card or banking details – all in the name of “getting you a refund”.
Once again, this very-much unsolicited email should raise a red flag with anyone that receives it, erring on the side of “this is utter garbage” instead of “Oh my! I don’t owe that!” (which is exactly what the scammers want.)
Security awareness training is your secret weapon to train your users to stay in that ever-vigilant mode when interacting with email and the web. Instead of taking everything at face value and believe it by default, your users will interact with unfamiliar content far more skeptically and are less likely to become victims.
Blog post with links and example screenshot:
https://blog.knowbe4.com/multi-stage-vishing-attacks-are-coming-to-an-inbox-near-you
New attacks initially coming in via email are directing victims to make phone calls to attacker-controlled call centers in order to provide banking and credit card details.
I’ve brought these kind of phishing-turned-vishing attacks to your attention previously with examples of fake Amazon password resets or fake orders for expensive items – both pointing recipients to call phone numbers. But new examples of these kinds of increasingly frequent attacks are coming to light.
Rather than sending an email referencing an invoice attachment (usually for the purposes of installing malware), these scams simply use the email as the invoice or payment notice and drive readers towards calling a phone number to dispute the charge.
These scams are intent on getting recipients to divulge their credit card or banking details – all in the name of “getting you a refund”.
Once again, this very-much unsolicited email should raise a red flag with anyone that receives it, erring on the side of “this is utter garbage” instead of “Oh my! I don’t owe that!” (which is exactly what the scammers want.)
Security awareness training is your secret weapon to train your users to stay in that ever-vigilant mode when interacting with email and the web. Instead of taking everything at face value and believe it by default, your users will interact with unfamiliar content far more skeptically and are less likely to become victims.
Blog post with links and example screenshot:
https://blog.knowbe4.com/multi-stage-vishing-attacks-are-coming-to-an-inbox-near-you
Hacking Your Organization: 7 Steps Cybercriminals Use To Take Total Control of Your Network
The scary fact is that the majority of data breaches are caused by human error. With so many technical controls in place hackers are still getting through to your end users. How are they so easily manipulated into giving the cybercriminals what they want? Well, hackers are crafty. And the best way to beat them is to understand the way they work.
In this webinar Roger Grimes, KnowBe4’s Data-Driven Defense Evangelist, will take you through the "Cyber Kill Chain" in detail to show you how a single email slip up can lead to the total takeover of your network.
Roger will show you:
Date/Time: TOMORROW, Wednesday, November 10 @ 2:00 PM (ET)
Save My Spot!
https://event.on24.com/wcc/r/3494648/743FB36BAFF45AFC0DD60785A3628219?partnerref=CHN2
The scary fact is that the majority of data breaches are caused by human error. With so many technical controls in place hackers are still getting through to your end users. How are they so easily manipulated into giving the cybercriminals what they want? Well, hackers are crafty. And the best way to beat them is to understand the way they work.
In this webinar Roger Grimes, KnowBe4’s Data-Driven Defense Evangelist, will take you through the "Cyber Kill Chain" in detail to show you how a single email slip up can lead to the total takeover of your network.
Roger will show you:
- How detailed data is harvested using public databases and surprising techniques
- Tricks used to craft a compelling social engineering attack that your users WILL click
- Cunning ways hackers deliver malicious code to take control of an endpoint
- Taking over your domain controller and subsequently your entire network
Date/Time: TOMORROW, Wednesday, November 10 @ 2:00 PM (ET)
Save My Spot!
https://event.on24.com/wcc/r/3494648/743FB36BAFF45AFC0DD60785A3628219?partnerref=CHN2
How Not To Get Phished: It Is the Message Not the Medium
By Roger Grimes.
Back in the early 1990s, when I was first getting into the IT field as a full-time network administrator, I was tasked with writing up our corporation’s new email policy. Email was just coming on as a mainstream tool and users were beginning to use it as a regular, integrated part of their lives.
There was much debate over whether users would be able to send any personal emails using their employer’s email systems without getting in trouble. It seems funny that this was a big deal back then, but it was. There were users sending inappropriate emails, such as sexist and racist jokes, ads selling products or services for side jobs, etc., that management absolutely wanted to clamp down on.
With that in mind, I was tasked with writing my first corporate email policy concerning what was and was not appropriate. After the first draft was reviewed by senior management, the CEO added a note saying, “Make sure to state that sexual harassment by email is forbidden.”
While I agreed with that sentiment, I laughed in my head at the time because I wondered why the special callout concerning email was needed. Sexual harassment was already illegal in U.S. workplaces, period, no matter what the medium. It was not like sexually harassing someone via fax or text messaging was allowed either. The problem is the message, not the medium.
Same thing applies with social engineering and phishing. It is the message and not the medium.
CONTINUED (with a great graphic at the end):
https://blog.knowbe4.com/how-not-to-get-phished-it-is-the-message-not-the-medium
By Roger Grimes.
Back in the early 1990s, when I was first getting into the IT field as a full-time network administrator, I was tasked with writing up our corporation’s new email policy. Email was just coming on as a mainstream tool and users were beginning to use it as a regular, integrated part of their lives.
There was much debate over whether users would be able to send any personal emails using their employer’s email systems without getting in trouble. It seems funny that this was a big deal back then, but it was. There were users sending inappropriate emails, such as sexist and racist jokes, ads selling products or services for side jobs, etc., that management absolutely wanted to clamp down on.
With that in mind, I was tasked with writing my first corporate email policy concerning what was and was not appropriate. After the first draft was reviewed by senior management, the CEO added a note saying, “Make sure to state that sexual harassment by email is forbidden.”
While I agreed with that sentiment, I laughed in my head at the time because I wondered why the special callout concerning email was needed. Sexual harassment was already illegal in U.S. workplaces, period, no matter what the medium. It was not like sexually harassing someone via fax or text messaging was allowed either. The problem is the message, not the medium.
Same thing applies with social engineering and phishing. It is the message and not the medium.
CONTINUED (with a great graphic at the end):
https://blog.knowbe4.com/how-not-to-get-phished-it-is-the-message-not-the-medium
[New PhishER Feature] Turn the Tables on the Cybercriminals With PhishFlip
Cybercriminals are always coming up with new, devious phishing techniques to trick your users. PhishFlip is a new PhishER feature that allows you to respond in real time and turn the tables on these threat actors. With PhishFlip, you can now immediately ‘flip’ a dangerous attack into an instant real-world training opportunity for your users.
Your users are likely already reporting potentially dangerous emails in some fashion within your organization. You can now combine your existing PhishRIP email quarantine capability with the new PhishFlip feature which automatically replaces active phishing threats with a new defanged look-alike back into your users’ mailbox.
The new PhishFlip feature is included in PhishER—yes you read that right, no extra cost— so now you can turn the tables on these threat actors and flip targeted phishing attacks into a simulated phishing test for all users. This new feature dramatically reduces data breach risk and the burden on your IT and InfoSec teams.
See how you can best manage your user-reported messages.
Join us Wednesday, November 17 @ 2:00 PM (ET) for a live 30-minute demo of the PhishER product including our new PhishFlip feature. With PhishER you can:
Date/Time: Wednesday, November 17 @ 2:00 PM (ET)
Save My Spot!
https://event.on24.com/wcc/r/3458487/8062FBFB292DA8751BAAF34C4A3423EA?partnerref=CHN
Cybercriminals are always coming up with new, devious phishing techniques to trick your users. PhishFlip is a new PhishER feature that allows you to respond in real time and turn the tables on these threat actors. With PhishFlip, you can now immediately ‘flip’ a dangerous attack into an instant real-world training opportunity for your users.
Your users are likely already reporting potentially dangerous emails in some fashion within your organization. You can now combine your existing PhishRIP email quarantine capability with the new PhishFlip feature which automatically replaces active phishing threats with a new defanged look-alike back into your users’ mailbox.
The new PhishFlip feature is included in PhishER—yes you read that right, no extra cost— so now you can turn the tables on these threat actors and flip targeted phishing attacks into a simulated phishing test for all users. This new feature dramatically reduces data breach risk and the burden on your IT and InfoSec teams.
See how you can best manage your user-reported messages.
Join us Wednesday, November 17 @ 2:00 PM (ET) for a live 30-minute demo of the PhishER product including our new PhishFlip feature. With PhishER you can:
- NEW! Automatically flip active phishing attacks into safe simulated phishing campaigns with PhishFlip. You can even replace active phishing emails with safe look-alikes in your user’s inbox.
- Easily search, find, and remove email threats with PhishRIP, PhishER’s email quarantine feature for Microsoft 365 and G Suite
- Cut through your Incident Response inbox noise and respond to the most dangerous threats more quickly
- Automate message prioritization by rules you set into one of three categories: Clean, Spam or Threat
- Easy integration with KnowBe4’s email add-in button, Phish Alert, or forwarding to a mailbox works too!
Date/Time: Wednesday, November 17 @ 2:00 PM (ET)
Save My Spot!
https://event.on24.com/wcc/r/3458487/8062FBFB292DA8751BAAF34C4A3423EA?partnerref=CHN
[INFOGRAPHIC] KnowBe4's Q3 2021 Top-Clicked Phishing Email Report Includes New Global Data
KnowBe4's latest quarterly report on top-clicked phishing email subjects is here. We are now looking at the top categories globally, general subjects (in the United States and Europe, Middle East and Africa), and 'in the wild' attacks .
Business, Online Services, and HR-Related Messages Get the Most Clicks
Business phishing emails are the most clicked subject category around the world. These range from messages purporting to be from internal organizational departments, to external requests for information that convey a sense of urgency and entice users to take an action. Online Services includes messages that claim to be from well-known companies and often fool users. HR-related messages that could potentially affect daily work are always a popular ploy.
Social engineering attacks continue to be one of the top ways malicious hackers breach organizations and/or cause damage. We are seeing a continued increase in phishing, including more use of common HR types of communications and less reliance on obvious social media phishing campaigns.
By equipping security professionals with more data on likely tactics and templates used by cybercriminals executing phishing attacks, infosec pros can strengthen their human firewall. Now more than ever, end users need to remain vigilant and remember to stop and think before they click.”
Behavioral Differences Between the U.S. and EMEA
In the U.S., most of the email subjects appear to originate from inside the users’ organization. Most of these appear to be from HR, and we also see a password warning. However, in EMEA, the top subjects are related to users’ everyday tasks, and we see two subjects that look like LinkedIn notifications.
See the Full Infographic with Top Messages in Each Category for Last Quarter:
https://blog.knowbe4.com/q3-2021-top-clicked-phishing-report-infographic-with-global-data
KnowBe4's latest quarterly report on top-clicked phishing email subjects is here. We are now looking at the top categories globally, general subjects (in the United States and Europe, Middle East and Africa), and 'in the wild' attacks .
Business, Online Services, and HR-Related Messages Get the Most Clicks
Business phishing emails are the most clicked subject category around the world. These range from messages purporting to be from internal organizational departments, to external requests for information that convey a sense of urgency and entice users to take an action. Online Services includes messages that claim to be from well-known companies and often fool users. HR-related messages that could potentially affect daily work are always a popular ploy.
Social engineering attacks continue to be one of the top ways malicious hackers breach organizations and/or cause damage. We are seeing a continued increase in phishing, including more use of common HR types of communications and less reliance on obvious social media phishing campaigns.
By equipping security professionals with more data on likely tactics and templates used by cybercriminals executing phishing attacks, infosec pros can strengthen their human firewall. Now more than ever, end users need to remain vigilant and remember to stop and think before they click.”
Behavioral Differences Between the U.S. and EMEA
In the U.S., most of the email subjects appear to originate from inside the users’ organization. Most of these appear to be from HR, and we also see a password warning. However, in EMEA, the top subjects are related to users’ everyday tasks, and we see two subjects that look like LinkedIn notifications.
See the Full Infographic with Top Messages in Each Category for Last Quarter:
https://blog.knowbe4.com/q3-2021-top-clicked-phishing-report-infographic-with-global-data
Are Your Users' Passwords... P@ssw0rd?
Are your users' passwords…P@ssw0rd? Verizon's Data Breach Report showed that 81% of hacking-related breaches used either stolen and/or weak passwords.
Employees are the weakest link in your network security, using weak passwords and falling for phishing and social engineering attacks.
KnowBe4's complimentary Weak Password Test checks your Active Directory for 10 different types of weak password related threats and reports any fails so that you can take action.
This will take you 5 minutes and may give you some insights you never expected!
Find your weak passwords:
https://info.knowbe4.com/weak-password-test-chn
Are your users' passwords…P@ssw0rd? Verizon's Data Breach Report showed that 81% of hacking-related breaches used either stolen and/or weak passwords.
Employees are the weakest link in your network security, using weak passwords and falling for phishing and social engineering attacks.
KnowBe4's complimentary Weak Password Test checks your Active Directory for 10 different types of weak password related threats and reports any fails so that you can take action.
This will take you 5 minutes and may give you some insights you never expected!
Find your weak passwords:
https://info.knowbe4.com/weak-password-test-chn
Could You Do Me a Favor? Vote for KnowBe4 in the 2021 Computing Security Awards!
Has your team benefited from our security awareness training and simulated phishing? Share your success with us by voting for KnowBe4 in the Computing Security Awards! We have been nominated for six different categories this year:
Please Vote Here Today:
Thanks so much in advance. :-D
https://computingsecurityawards.co.uk/?page=knowbe4_csa2021vote
Let's stay safe out there.
Has your team benefited from our security awareness training and simulated phishing? Share your success with us by voting for KnowBe4 in the Computing Security Awards! We have been nominated for six different categories this year:
- Security Company of the Year
- Security Education and Training Provider of the Year
- SME Security Solution of the Year
- Customer Service Award -- Security
- Anti Phishing Solution of the Year
- Anti Malware Solution of the Year
Please Vote Here Today:
Thanks so much in advance. :-D
https://computingsecurityawards.co.uk/?page=knowbe4_csa2021vote
Let's stay safe out there.
Warm Regards,
Stu Sjouwerman
Founder and CEO
KnowBe4, Inc
PS: Your KnowBe4 Fresh Content Updates from October 2021:
https://blog.knowbe4.com/your-knowbe4-fresh-content-updates-from-october-2021
Quotes of the Week
"True happiness comes from the joy of deeds well done, the zest of creating things new."
- Antoine de Saint-Exupéry - Writer (1900 - 1944)
"Believe in yourself! Have faith in your abilities! Without a humble but reasonable confidence in your own powers you cannot be successful or happy."
- Norman Vincent Peale - Author (1898 – 1993)
Thanks for reading CyberheistNews
- Antoine de Saint-Exupéry - Writer (1900 - 1944)
"Believe in yourself! Have faith in your abilities! Without a humble but reasonable confidence in your own powers you cannot be successful or happy."
- Norman Vincent Peale - Author (1898 – 1993)
Thanks for reading CyberheistNews
Security News
NEW BOOK: Ransomware Protection Playbook
Roger A. Grimes' 13th book, called the Ransomware Protection Playbook is winning insider accolades as THE comprehensive guide to preventing and dealing with ransomware. It discusses what ransomware does and the many ways it can be prevented from successfully exploiting your environment. As KnowBe4's Data-Driven Defense evangelist, Roger is no stranger to the power of security awareness training and he brings the data to show how helping employees to be less phishable, along with better patching and password hygiene, is the only way to stop ransomware attacks.
The majority of the book is an hour-by-hour, day-by-day, task list of what you need to be doing if you end up being a ransomware victim. Roger discusses what your ransomware response plan should include and what common mistakes to avoid. No other ransomware protection source has as much material to help you prevent and respond to a ransomware event.
Check out the book at Amazon:
https://www.amazon.com/Ransomware-Protection-Playbook-Roger-Grimes/dp/1119849128
Roger A. Grimes' 13th book, called the Ransomware Protection Playbook is winning insider accolades as THE comprehensive guide to preventing and dealing with ransomware. It discusses what ransomware does and the many ways it can be prevented from successfully exploiting your environment. As KnowBe4's Data-Driven Defense evangelist, Roger is no stranger to the power of security awareness training and he brings the data to show how helping employees to be less phishable, along with better patching and password hygiene, is the only way to stop ransomware attacks.
The majority of the book is an hour-by-hour, day-by-day, task list of what you need to be doing if you end up being a ransomware victim. Roger discusses what your ransomware response plan should include and what common mistakes to avoid. No other ransomware protection source has as much material to help you prevent and respond to a ransomware event.
Check out the book at Amazon:
https://www.amazon.com/Ransomware-Protection-Playbook-Roger-Grimes/dp/1119849128
FBI Warns That Financial Events (Like M&A) are Occasions for Extortion
The US Federal Bureau of Investigation (FBI) has warned that ransomware operators are targeting companies that are going through financial events. The timing is designed to elicit and exploit information in ways that will exert additional pressure on the victims.
“The FBI assesses ransomware actors are very likely using significant financial events, such as mergers and acquisitions, to target and leverage victim companies for ransomware infections,” the Bureau says. “Prior to an attack, ransomware actors research publicly available information, such as a victim’s stock valuation, as well as material nonpublic information.
If victims do not pay a ransom quickly, ransomware actors will threaten to disclose this information publicly, causing potential investor backlash.” The FBI explains that ransomware operators select their victims based on the value of the information they have access to, and thus the potential for a big payout.
“Ransomware actors are targeting companies involved in significant, time-sensitive financial events to incentivize ransom payment by these victims,” the FBI says. “Ransomware is often a two-stage process beginning with an initial intrusion through a trojan malware, which allows an access broker to perform reconnaissance and determine how to best monetize the access.
However, while this malware is often mass distributed, most victims of trojans are not also victims of ransomware, indicating ransomware targets are often carefully selected from a pool based on information gleaned from the initial reconnaissance.
Once ransomware operators are within a network, they search for sensitive information that they can use to further incentivize victims to pay. “During the initial reconnaissance phase, cyber criminals identify non-publicly available information, which they threaten to release or use as leverage during the extortion to entice victims to comply with ransom demands,” the Bureau says.
“Impending events that could affect a victim’s stock value, such as announcements, mergers, and acquisitions, encourage ransomware actors to target a network or adjust their timeline for extortion where access is established.” That reconnaissance phase is often the work of initial access brokers, who pick victims likely to be attractive to the brokers’ criminal customers.
The vast majority of ransomware attacks begin via phishing attacks or technical vulnerabilities like exposed RDP ports. New-school security awareness training can give your organization an essential layer of defense by helping your employees to recognize phishing and other social engineering attacks.
The FBI has the story:
https://www.ic3.gov/Media/News/2021/211101.pdf
The US Federal Bureau of Investigation (FBI) has warned that ransomware operators are targeting companies that are going through financial events. The timing is designed to elicit and exploit information in ways that will exert additional pressure on the victims.
“The FBI assesses ransomware actors are very likely using significant financial events, such as mergers and acquisitions, to target and leverage victim companies for ransomware infections,” the Bureau says. “Prior to an attack, ransomware actors research publicly available information, such as a victim’s stock valuation, as well as material nonpublic information.
If victims do not pay a ransom quickly, ransomware actors will threaten to disclose this information publicly, causing potential investor backlash.” The FBI explains that ransomware operators select their victims based on the value of the information they have access to, and thus the potential for a big payout.
“Ransomware actors are targeting companies involved in significant, time-sensitive financial events to incentivize ransom payment by these victims,” the FBI says. “Ransomware is often a two-stage process beginning with an initial intrusion through a trojan malware, which allows an access broker to perform reconnaissance and determine how to best monetize the access.
However, while this malware is often mass distributed, most victims of trojans are not also victims of ransomware, indicating ransomware targets are often carefully selected from a pool based on information gleaned from the initial reconnaissance.
Once ransomware operators are within a network, they search for sensitive information that they can use to further incentivize victims to pay. “During the initial reconnaissance phase, cyber criminals identify non-publicly available information, which they threaten to release or use as leverage during the extortion to entice victims to comply with ransom demands,” the Bureau says.
“Impending events that could affect a victim’s stock value, such as announcements, mergers, and acquisitions, encourage ransomware actors to target a network or adjust their timeline for extortion where access is established.” That reconnaissance phase is often the work of initial access brokers, who pick victims likely to be attractive to the brokers’ criminal customers.
The vast majority of ransomware attacks begin via phishing attacks or technical vulnerabilities like exposed RDP ports. New-school security awareness training can give your organization an essential layer of defense by helping your employees to recognize phishing and other social engineering attacks.
The FBI has the story:
https://www.ic3.gov/Media/News/2021/211101.pdf
What KnowBe4 Customers Say
"Stu, I just wanted to take a moment to thank you for hiring such good people. Our CSM, ShannonR, is one of the best customer service reps that I work with. She constantly provides me with fresh ideas and is always helpful with any issue that I must deal with in the KnowBe4 system. We are all so busy and I’m guilty of putting things that run well on autopilot, like our KnowBe4 program, but she helps keep us in line with innovative ideas that return my focus to our security awareness system.
I wanted to come up with a contest for our employees using the Phish Alert Button and run it during the entire month of October for the Cybersecurity Awareness Month and had no idea how to set it up. It took her about 30 minutes after her initial reply to my email and she had taken my idea and whipped it into a month-long plan. She’s definitely a keeper! Thank you for having great employees."
- S.S. Vice President / CIO
"Stu, I just wanted to take a moment to thank you for hiring such good people. Our CSM, ShannonR, is one of the best customer service reps that I work with. She constantly provides me with fresh ideas and is always helpful with any issue that I must deal with in the KnowBe4 system. We are all so busy and I’m guilty of putting things that run well on autopilot, like our KnowBe4 program, but she helps keep us in line with innovative ideas that return my focus to our security awareness system.
I wanted to come up with a contest for our employees using the Phish Alert Button and run it during the entire month of October for the Cybersecurity Awareness Month and had no idea how to set it up. It took her about 30 minutes after her initial reply to my email and she had taken my idea and whipped it into a month-long plan. She’s definitely a keeper! Thank you for having great employees."
- S.S. Vice President / CIO
The 10 Interesting News Items This Week
- New map plotting ransomware attacks across the US:
https://www.comparitech.com/ransomware-attack-map/ - CISA orders federal agencies to fix hundreds of exploited security flaws:
https://www.bleepingcomputer.com/news/security/cisa-orders-federal-agencies-to-fix-hundreds-of-exploited-security-flaws/ - Nation-States Will Weaponize Social and Recruit Bad Guys with Benefits in 2022:
https://www.mcafee.com/blogs/enterprise/mcafee-enterprise-atr/nation-states-will-weaponize-social-and-recruit-bad-guys-with-benefits-in-2022/ - How tackling cybersecurity training from a companywide lens leads to better preparedness:
https://www.businessinsider.com/tackling-cybersecurity-training-from-a-companywide-lens-2021-11 - Microsoft Defender for Windows is getting a massive overhaul:
https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-for-windows-is-getting-a-massive-overhaul/ - Canada ranks third for ransomware attacks:
https://www.canadianunderwriter.ca/insurance/canada-ranks-third-for-ransomware-attacks-1004214013/ - Ukraine discloses identity of Gamaredon members, links it to Russia’s FSB:
https://therecord.media/ukraine-discloses-identity-of-gamaredon-members-links-it-to-russias-fsb/ - US House Passes Acts to Help SMBs with Cybersecurity:
https://www.infosecurity-magazine.com/news/house-helps-smbs-cybersecurity/ - Ransomware HQ: Moscow’s Tallest Tower Is a Cybercriminal Cash Machine:
https://www.bloomberg.com/news/articles/2021-11-03/bitcoin-money-laundering-happening-in-moscow-s-vostok-tower-experts-say - US State Department puts 10M bounty on DarkSide Ransomware leaders:
https://www.bleepingcomputer.com/news/security/us-targets-darkside-ransomware-rebrands-with-10-million-reward/
Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff
- Your 1st Virtual Vaca Hike in Switzerland, the Via Ferrata. Do not watch when you have vertigo:
https://www.youtube.com/watch?v=WbMycOtOx9s - Your 2nd Virtual Vaca in Mexico by bike!:
https://www.youtube.com/watch?v=00PB3Ng5hhY - Third Virtual Vaca back in time! Spectacular Paris and its beautiful buildings in 1912 in color! [A.I. enhanced & colorized]:
https://www.flixxy.com/spectacular-paris-and-its-beautiful-buildings-in-1912-in-color.htm?utm_source=4 - The beauty of paragliding. Enjoy a few minutes above it all:
https://www.youtube.com/watch?v=LLgbWMPI5l0 - People Are Awesome - Best of the Week is back with another round of ordinary people doing extraordinary things!:
https://www.flixxy.com/people-are-awesome-best-of-the-week-102.htm?utm_source=4 - Compilation of some stunning cinematic drone shots, watch full screen!:
https://www.youtube.com/watch?v=-tW3YE1Qzzk - Fascinating, the Progression of Land Speed Records over time. These guys were going really FAST super early:
https://www.youtube.com/watch?v=gqTd3rgpok4
- Epic pre-war wet car control in sliding laps:
https://www.youtube.com/watch?v=Uz2eEj9051cc
- The highway where trucks work like electric trains:
https://youtu.be/_3P_S7pL7Yg
- FIA Hill Climb Masters 2021 - Keith Camilleri Radical Prosport. Buckle up!:
https://www.youtube.com/watch?v=73qMRkojlsY
- Interview: Shin Lim's magic:
https://www.youtube.com/watch?v=ZMvjNlIiDp4 - GoPro: MTB Through the French Alps with Kilian Bron:
https://www.youtube.com/watch?v=nBRbf9F0HJEnBRbf9F0HJE
- Where does the phrase "dead as a doornail" come from? | Boing Boing:
https://boingboing.net/2021/11/04/where-does-the-phrase-dead-as-a-doornail-come-from.html - For Da Kids #1 - Dog Abandoned On The Road Falls In Love With His Rescuer:
https://www.youtube.com/watch?v=R5zay_HxjuE - For Da Kids #2 - Baby Otter Learns To Swim With A Family Of Dogs:
https://www.youtube.com/watch?v=uq2AyLeTTsc - For Da Kids #3 - Watch This Caterpillar Turn Into A Puss Moth:
https://www.youtube.com/watch?v=xix6MPHQRa4 - For Da Kids #4 - Baby Animals Figure Out Life:
https://www.youtube.com/watch?v=k04yzvQXXW0