Q1 2018 Top Clicked Phishing Email Subjects [INFOGRAPHIC]

May 4, 2018 5:05:27 PM By Stu Sjouwerman

This is the second year we've published quarterly results of the most-clicked phishing email subjects across a few categories. We separate the data into subjects related to social media ...

Chinese Cyber Spies Focus On Spear Phishing... YOU!

May 4, 2018 4:43:32 PM By Stu Sjouwerman

Catalin Cimpanu at Bleepingcomputer reported: "Chinese cyber spies are evolving their tactics, focusing on IT staffers, relying more and more on spear phishing instead of malware, and ...

Are Bad Guys Swapping TeamViewer For AnyDesk to install Blackheart Ransomware?

May 3, 2018 3:09:00 PM By Stu Sjouwerman

According to Trend Micro researchers a new ransomware strain called Blackheart drops its payload alongside the perfectly legitimate AnyDesk remote desktop tool, highly likely as a way to ...

Cylance: "Phishing and drive-by downloads lead infection methods."

May 2, 2018 10:30:46 AM By Stu Sjouwerman

The most common infection vectors are still email phishing and drive-by downloads according to the latest threat report from AI security specialist Cylance. The report provides a ...

86% Of Passwords Are Terrible And Employees Reuse Them All The Time

May 2, 2018 7:18:46 AM By Stu Sjouwerman

Troy Hunt, the founder of Haveibeenpwned came out with some brand new numbers that show there's bad news and there's more bad news. A few months ago he launched V2 of his Pwned Passwords ...

Massachusetts School District Pays $10K to Ransomware Attackers

May 2, 2018 6:28:53 AM By Stu Sjouwerman

"A school district located in Massachusetts paid attackers $10,000 after they infected its computer network with crypto-ransomware. Officials at Leominster Public Schools decided to meet ...

Gone Phishing: Travelers Claims Plan Doesn’t Cover Cyber Losses

May 1, 2018 5:14:19 PM By Stu Sjouwerman

Daniel R. Stoller at Bloomberg Law had an excellent observation about the risks of phishing related to general crime policies. Here is a short excerpt and the whole article is warmly ...

"It can't hurt to open one little attachment, can it?"

May 1, 2018 4:49:48 PM By Stu Sjouwerman

Brad Haan sent me this riot cartoon:

PhishLabs Reports That Credential Phishing Has Shifted To The Enterprise

May 1, 2018 10:23:34 AM By Stu Sjouwerman

Why is credentials phishing moving from consumers to the enterprise, just like ransomware has done in the last 2 years? The answer might surprise you. Elliot Volkman at the PhishLabs ...

CyberheistNews Vol 8 #18 Scam of the Week: World's No. 1 Criminal Phishing Botnet Turns Even More Tricky

May 1, 2018 9:51:43 AM By Stu Sjouwerman

ModStore Update: "2018 Safe Web Browsing" and "Ransomware" Localized in 20 Languages

Apr 30, 2018 5:10:35 PM By Stu Sjouwerman

We have some good news! The "2018 Safe Web Browsing" and "2018 Ransomware" module's 20 language versions are now better than ever. As of today, the following improvements are now present ...

Phishing threats still dwarf vulnerabilities and zero-days

Apr 30, 2018 4:13:16 PM By Stu Sjouwerman

Rob Wright at SearchSecurity wrote: "Proofpoint research shows that while phishing attacks now require victims to take more steps, the success rate for such attacks hasn't declined and ...

Gone Phishing: Employer Faces Liability for Mistakenly Disclosing W-2 Forms to Scammer

Apr 30, 2018 7:05:00 AM By Stu Sjouwerman

Attorneys Zuckerman Spaeder noted on JDSUPRA: "When employers are caught off guard, they can face not only the loss of their own assets, but also liability to their employees. For ...

Scam Of The Week: World's Largest Phishing Botnet Grows Evasive

Apr 28, 2018 11:01:06 AM By Stu Sjouwerman

The notorious Necurs botnet is one of the oldest and largest spam and phishing delivery systems in existence. It controls millions of machines that the criminal botmasters use to send ...

PDF Files Can Be Abused to Steal Windows Credentials

Apr 27, 2018 5:51:44 PM By Stu Sjouwerman

PDF files can be weaponized by malicious actors to steal Windows credentials (NTLM hashes) without any user interaction, and only by opening a file, according to Assaf Baharav, a security ...

Ransomware up 350% says 2018 Global Threat Intelligence Report

Apr 27, 2018 4:27:33 PM By Stu Sjouwerman

NTT Security 2018 Global Threat Intelligence Report (GTIR): Ransomware up 350% and spyware ranks first in volume of malware at 26% reflecting attackers' desire for long-term presence for ...

Researchers discover next generation phishing kit

Apr 26, 2018 1:22:10 PM By Stu Sjouwerman

Researchers at Check Point and CyberInt, have discovered a new generation of phishing kit that is readily available on the Dark Web. The new kit, compiled and offered by a criminal whose ...

Center for Orthopaedic Specialists notifies 85,000 patients of ransomware infection

Apr 25, 2018 5:25:21 PM By Stu Sjouwerman

Another indicator that a ransomware infection is seen as a HIPAA data breach and needs to be reported. The Center for Orthopaedic Specialists (COS) in California has three locations in ...

Yahoo Pays $35 Million Penalty For The Hot Mess Of Their Massive Data Breach

Apr 25, 2018 7:09:20 AM By Stu Sjouwerman

This is the first time that a public company gets fined by regulators for failure to properly investigate their 2014 data breach, and disclose it to shareholders. Technically this is not ...

Mysterious “double kill” Word/IE zero-day allegedly in the wild as phishing attack

Apr 25, 2018 6:40:16 AM By Stu Sjouwerman

“Double kill” is a bragging term from the world of violent video gaming – it means you finished off two assailants with a single shot. In the world of cybercrime, it’s the name given by ...

Security Awareness Training Blog

View Topics