Newly Updated Grandoreiro Banking Trojan Distributed Via Phishing Campaigns

May 21, 2024 3:33:47 PM By Stu Sjouwerman

Researchers at IBM X-Force are tracking several large phishing campaigns spreading an updated version of the Grandoreiro banking trojan.

Cyber Insurance Claims Rise Due To Phishing and Social Engineering Cyber Attacks

May 21, 2024 3:31:34 PM By Stu Sjouwerman

New data covering cyber insurance claims through 2023 shows claims have increased while reaffirming what we already know: phishing and social engineering are the real problem.

CyberheistNews Vol 14 #21 How Come Unknown Attack Vectors Are Surging in Ransomware Infections?

May 21, 2024 9:03:37 AM By Stu Sjouwerman

New Threat Report Finds Nearly 90% of Cyber Threats Involve Social Engineering

May 20, 2024 2:55:38 PM By Stu Sjouwerman

Analysis of over 3.5 billion attacks provides insight into where threat actors are placing their efforts and where you should focus your cyber defenses.

Verizon: The Human Element is Behind Two-Thirds of Data Breaches

May 17, 2024 3:02:47 PM By Stu Sjouwerman

Despite growing security investments in prevention, detection and response to threats, users are still making uninformed mistakes and causing breaches.

8 out of 10 Organizations Experience a Cyber Attack and Attribute Users as the Problem

May 17, 2024 2:58:11 PM By Stu Sjouwerman

Regardless of whether your environment is on-premises, in the cloud or hybrid, new data makes it clear that users are the top cybersecurity concern, and we cover what you can do about it.

Scam Service Attempts to Bypass Multi-factor Authentication

May 16, 2024 12:54:05 PM By Stu Sjouwerman

A scam operation called “Estate” has attempted to trick nearly a hundred thousand people into handing over multi-factor authentication codes over the past year, according to Zack ...

Black Basta Ransomware Uses Phishing Flood to Compromise Orgs

May 16, 2024 12:54:01 PM By Roger Grimes

Rapid7 reports an interesting social engineering scheme that easily bypasses content filtering defenses and creatively uses a fake help desk to supposedly “help” users put down the attack.

Phishing and Pretexting Dominate Social Engineering-Related Data Breaches

May 15, 2024 11:15:31 AM By Stu Sjouwerman

New data shows that despite the massive evolution of the cybercrime economy, threat actors are sticking with the basics in social engineering attacks, with a goal at stealing data.

FBI Warns of AI-Assisted Phishing Campaigns

May 15, 2024 11:15:28 AM By Stu Sjouwerman

The US Federal Bureau of Investigation’s (FBI’s) San Francisco division warns that threat actors are increasingly using AI tools to improve their social engineering attacks.

How Come Unknown Attack Vectors are Surging in Ransomware Infections?

May 14, 2024 2:30:08 PM By Stu Sjouwerman

Trend analysis of ransomware attacks in the first quarter of this year reveals a continual increase in the number of "unknown" initial attack vectors, and I think I understand why.

Attackers Leveraging XSS To Make Phishing Emails Increasingly Evasive

May 14, 2024 2:30:02 PM By Stu Sjouwerman

Attackers are exploiting Reflected Cross-Site Scripting (XSS) flaws to bypass security filters, according to a new report from Vipre. This technique allows attackers to send benign links ...

CyberheistNews Vol 14 #20 Verizon: Nearly 80% of Data Breaches Involve Phishing and the Misuse of Credentials

May 14, 2024 9:00:00 AM By Stu Sjouwerman

Alert: Nova Scotians Hit by Surge of Sophisticated Spear Phishing Scams

May 14, 2024 8:37:34 AM By Stu Sjouwerman

The Royal Canadian Mounted Police (RCMP) in Nova Scotia is warning of spear phishing attacks that impersonate company managers. The scammers text company employees requesting a payment to ...

New Research: Number of Successful Ransomware Attacks Rise 29% in a Just One Year

May 14, 2024 8:37:31 AM By Stu Sjouwerman

New analysis of Q1’s ransomware attacks uncovers a single group responsible for the majority and discusses what makes them so successful.

Reality Hijacked: Deepfakes, GenAI, and the Emergent Threat of Synthetic Media

May 13, 2024 8:00:00 AM By Stu Sjouwerman

"Reality Hijacked" isn't just a title—it's a wake-up call. The advent and acceleration of GenAI is redefining our relationship with 'reality' and challenging our grip on the truth.

[Beware] Ransomware Targets Execs' Kids to Coerce Payouts

May 13, 2024 7:00:00 AM By Stu Sjouwerman

Just when you think bad actors cannot sink any lower, they find a way to. In a recent chilling evolution of ransomware tactics, attackers are now also targeting the families of corporate ...

Google’s Multi-Party Approval Process Is Great, but Not Unphishable

May 10, 2024 1:49:20 PM By Roger Grimes

Like most observers, I celebrated Google’s recent announcement on April 9th about new multi-party approvals for a handful or so of common actions accomplished by super admins in Google ...

Ransomware Detection Time Shortens by 44% as Organizations Attempt to Keep Up with Attackers

May 10, 2024 1:49:17 PM By Stu Sjouwerman

New data shows organizations are improving their ability to detect and respond to ransomware attacks, but is it fast enough to make a difference and stop attacks?

Phishing-as-a-Service Platform LabHost Disrupted by Law Enforcement Crackdown

May 10, 2024 8:43:26 AM By Stu Sjouwerman

One of the largest phishing-as-a-service platforms, LabHost, was severely disrupted by law enforcement in 19 countries during a year-long operation that resulted in 37 arrests.

Security Awareness Training Blog

View Topics