Ransomware Group “RA World” Changes Its’ Name and Begins Targeting Countries Around the Globe

Mar 21, 2024 11:37:10 AM By Stu Sjouwerman

The threat group "RA World" (formerly RA Group) has shifted from country-specific ransomware attacks to include specific industries via a new - not previously seen - method of extortion.

[Heads-Up] Phishing Campaign Delivers VCURMS RAT

Mar 21, 2024 8:37:17 AM By Stu Sjouwerman

Researchers at Fortinet are tracking a phishing campaign that’s distributing a new version of the VCURMS remote access Trojan (RAT).

CISA Recommends Continuous Cybersecurity Training

Mar 21, 2024 8:37:04 AM By Roger Grimes

In an age when 70% - 90% of successful data breaches involve social engineering (which gets past all other defenses), sufficient training is needed to best reduce human-side cybersecurity ...

[Heads Up] Reinforce Your Defenses Against Rising Supply-Chain Cyber Threats

Mar 20, 2024 10:57:05 AM By Stu Sjouwerman

James Rundle at The Wall Street Journal today reported that in response to escalating supply-chain cyberattacks, companies are intensifying their scrutiny over suppliers to protect ...

AI and the Boardroom: Bridging Innovation and Security

Mar 19, 2024 1:18:09 PM By James McQuiggan

Today, artificial intelligence (AI) is no longer a futuristic concept but a tool that is driving operational efficiency, customer experience, and decision-making processes. Organizations ...

Phishing Tops 2023’s Most Common Cyber Attack Initial Access Method

Mar 19, 2024 1:18:05 PM By Stu Sjouwerman

New analysis shows that the combination of phishing, email, remote access, and compromised accounts are the focus for most threat actors.

State-Sponsored Russian Phishing Campaigns Target a Variety of Industries

Mar 19, 2024 1:18:02 PM By Stu Sjouwerman

Researchers at IBM X-Force are monitoring several ongoing phishing campaigns by the Russian state-sponsored threat actor ITG05 (also known as “APT28” or “Fancy Bear”). APT28 has been tied ...

Phishing-as-a-Service Platforms LabHost and Frappo Help Threat Actors Target Canadian Banks

Mar 19, 2024 9:41:29 AM By Stu Sjouwerman

Analysis of attacks on banking institutions in Canada can be almost perfectly tied to the use and availability of phishing-as-a-service platforms, indicating increased use by threat ...

CyberheistNews Vol 14 #12 [HEADS UP] I Am Announcing AIDA: Artificial Intelligence Defense Agents!

Mar 19, 2024 9:00:00 AM By Stu Sjouwerman

CISA: Healthcare Organizations Should Be Wary of Increased Ransomware Attacks by ALPHV Blackcat

Mar 18, 2024 10:14:00 AM By Stu Sjouwerman

A joint cybersecurity advisory published last week discusses ransomware attack impacts on healthcare, along with ALPHV’s attack techniques, indicators of compromise (IoCs) and proper ...

If Social Engineering Accounts for up to 90% of Attacks, Why Is It Ignored?

Mar 15, 2024 10:32:57 AM By Roger Grimes

Social engineering and phishing are involved in 70% to 90% of all successful cybersecurity attacks. No other initial root hacking cause comes close.

Sophos: Over 75% of Cyber Incidents Target Small Businesses

Mar 15, 2024 10:31:48 AM By Stu Sjouwerman

New analysis of incident data shows threat actors are evolving their attack techniques to take advantage of budget and resource-strapped small businesses.

Organizations Are Vulnerable to Image-based and QR Code Phishing

Mar 14, 2024 10:23:31 AM By Stu Sjouwerman

A majority of organizations have a false sense of security regarding their resistance to phishing attacks, according to a new report from researchers at IRONSCALES and Osterman Research.

Despite Feeling Prepared for Image-Based Attacks, Most Organizations Have Been Compromised by Them

Mar 14, 2024 10:20:00 AM By Stu Sjouwerman

With QR-code phishing attacks on the rise, new data sheds light on just how unprepared organizations actually are in stopping and detecting these device-shifting attacks.

New Research: BEC Attacks Rose 246% in 2023

Mar 14, 2024 10:18:23 AM By Stu Sjouwerman

Business email compromise (BEC) attacks surged by 246% last year, according to researchers at ReliaQuest.The researchers believe the increase is due to widely available phishing kits that ...

Compromised Credentials Postings on the Dark Web Increase 20% in Just One Year

Mar 13, 2024 9:31:15 AM By Stu Sjouwerman

Data trends show a clear upward momentum of posts from initial access brokers on the dark web, putting the spotlight on what may become cybersecurity’s greatest challenge.

AI-Driven Voice Cloning Tech Used in Vishing Campaigns

Mar 13, 2024 9:30:10 AM By Stu Sjouwerman

Scammers are using AI technology to assist in voice phishing (vishing) campaigns, the Better Business Bureau (BBB) warns. Generative AI tools can now be used to create convincing ...

[Security Masterminds] The Art of Defending Against Social Engineering in the Age of AI: Insights from Rachel Tobac

Mar 13, 2024 9:27:38 AM By James McQuiggan

Social engineering attacks can seem unpredictable and challenging to defend against. However, with the right approach, organizations can better protect themselves.

I am announcing AIDA: Artificial Intelligence Defense Agents!

Mar 12, 2024 1:52:05 PM By Stu Sjouwerman

AI is evolving at breakneck speed. Elon Musk recently said: "I've never seen any technology advance faster than AI compute. We are on the edge of the biggest technology revolution ever. ...

Dodging Digital Deception: How to Spot Fake Recruiters and Shield Your Career Search from Phishing Scams

Mar 12, 2024 9:28:58 AM By Stu Sjouwerman

Scammers are impersonating job-seeking platform Dice with phony employment opportunities designed to steal victims’ information.

Security Awareness Training Blog

View Topics