Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.

Northrop Grumman can make a stealth bomber – but falls for W-2 phishing attack

US military contractor Northrop Grumman notified their employees that hackers managed to gain access to their W-2 tax records. 

As The Register just reported, the makers of America’s stealth bomber acknowledged in a letter sent to employees and the California Attorney General’s office that hackers infiltrated its online portal at various times over the course of almost a year, gaining access to workers’ W-2 paperwork for the 2016 tax year.

Newark City Hall Computers Infected With Ransomware

NEWARK, N.J. (CBSNewYork) — . The City of Newark’s computer system has been disabled by hackers demanding thousands in ransom money, according to a published report.

Hackers are demanding payment of 24 Bitcoins, which at the moment equals around $30,000, TAPintoNewark reported, citing a document they obtained.

Cyber Insurer Beazley Sees New Phishing Threats Emerge

New York, April 25, 2017 - Beazley, a pioneer in cyber and data breach response insurance, today released its Beazley Breach Insights – April 2017 findings based on its response to client data breaches in the first three months of 2017. The specialized Beazley Breach Response (BBR) Services unit observed phishing scams aimed at accessing direct deposit funds emerge as a growing danger in the first quarter of 2017, particularly in the higher education sector.

French Presidential Candidate Target Of Russian Hacker Phishing Attack

The French presidential election has been hit with a case of déjà vu. Emmanuel Macron's campaign said its staff received phishing emails meant to steal their passwords.

Trend Micro said in a report set to be published today that they have found evidence of a phishing attack targeting French presidential candidate Emmanuel Macron. The emails and fake sites sites could have tricked campaign staff into entering their credentials and allow malware to infect their computers, their researchers stated. 

This Week's Top "In The Wild" Phishing Attacks

And here are this week's Top 10 "In The Wild" phishing attacks that we received from our customers by employees clicking the Phish Alert Button and sending the email to us for analysis.

We "defang" these attacks and have them updated real-time in a campaign that customers can run regularly to test employees against the "real thing".

U.S. Court Sentences Russian Hacker to a Record-Setting 27 Years

On Friday, a Seattle Federal District Court judge sentenced 32 year old Roman Valerevich Seleznev  to 27 years in prison for running a vast credit card and identity theft operation, selling millions of credit card numbers on the black market. This was the longest sentence handed down for hacking-related charges in the United States.

NIST Releases Update to Cybersecurity Framework

The National Institute of Standards and Technology (NIST) has issued a draft update (PDF) to the Framework for Improving Critical Infrastructure Cybersecurity—also known as the Cybersecurity Framework.

And Just When You Thought Locky Ransomware Had Disappeared...

Locky ransomware reappeared with a vengeance Friday, this time not using Office documents combined with social engineering to have the user enable macros, but with a PDF that has a Word file hidden within, which executes a macro script when opened by the user.  This scenario allows the phishing email to bypass sandboxes.

[ALERT] Aaron Hernandez Death Phishing Scams

Low-life scum is exploiting the deaths of famous people, such as the suicide yesterday of former N.E. Patriots player and convicted murderer Aaron Hernandez.

Subscribe To Our Blog

Phish Your Users

Get the latest about social engineering

Subscribe to CyberheistNews