[BREAKING] NSA, Partners Release Cybersecurity Advisory on Brute Force Global Cyber Campaign

Jul 1, 2021 12:15:33 PM By Stu Sjouwerman

NSA and its US and British partners (the UK's NCSC and the US FBI and CISA) late this morning released an advisory detailing a Russian campaign ("almost certainly ongoing") to brute-force ...

New IcedID and QBot Phishing Campaigns Are Running Amuck

Jul 1, 2021 10:48:05 AM By Stu Sjouwerman

Researchers at Kaspersky recently spotted two widespread phishing campaigns delivering the IcedID and QBot banking Trojans. The majority of users targeted by the IcedID campaign were ...

How to Get The Most Out of Your Compliance Platform

Jul 1, 2021 10:48:01 AM By Lecio DePaula

What do some of the world's biggest organizations have in common? Is it a superior product, better management, or more funding? While all of these factors can play a role in the success ...

Almost All LinkedIn User’s Data Has Been Scraped and is Up for Sale on the Dark Web

Jun 30, 2021 4:31:12 PM By Stu Sjouwerman

700 Million LinkedIn user’s personal details were posted for sale earlier this month, putting 92% of their userbase at risk of social engineering and spear phishing attacks.

Spear Phishing Impersonation Attacks Take on New Tactics to Become More Convincing and Effective

Jun 30, 2021 4:31:09 PM By Stu Sjouwerman

As part of Business Email Compromise attacks, spear phishing now plays a material role, with impersonation sitting firmly at the core of their social engineering tactics… in more ways ...

Yet Another Disk Image File Format Spotted in the Wild Used to Deliver Malware

Jun 29, 2021 2:00:41 PM By Stu Sjouwerman

Disguised as an invoice, cybercriminals use a Windows-supported disk image to obfuscate malware from email gateways and security scanners. The question is how viable will it be?

35% of All Security Incidents are Business Email Compromise Phishing Attacks

Jun 29, 2021 2:00:38 PM By Stu Sjouwerman

With the bad guys looking for the fastest means to get from attack to a big payout, BEC tactics are shifting tactics to adjust to organizations being better prepared.

[Eye Opener] The Biggest Bitcoin Heist Ever: A Whopping 3.6 Billion Dollars!

Jun 29, 2021 10:28:11 AM By Stu Sjouwerman

I'm not sure why this is not all over the press. Bloomberg picked up on this though. A pair of South African brothers have vanished, along with Bitcoin worth $3.6 billion from their ...

CyberheistNews Vol 11 #25 [Heads Up] Attackers Abuse Your Google Docs With a New Phishing Angle

Jun 29, 2021 9:40:45 AM By Stu Sjouwerman

New Phishing Attack Adds a Call Center Step to Get You to Download Malware

Jun 29, 2021 9:37:55 AM By Stu Sjouwerman

Unlike traditional phishing emails that simply attach or link to a malicious file, a new scam from cybercriminal group BazaCall makes victims call in and be instructed to download the ...

Cybersecurity and Business Priorities Don’t Appear to Be Aligning – and That’s Bad for Your Security Stance

Jun 29, 2021 9:37:51 AM By Stu Sjouwerman

Despite organizational leadership believing cyber security initiatives can support business goals, the way businesses approach cybersecurity seems to prove otherwise.

An Unusual Attachment is Most Likely a Phishing Campaign

Jun 29, 2021 9:37:48 AM By Stu Sjouwerman

A phishing campaign is using Windows Imaging Format (WIM) files to deliver malware, according to researchers at Trustwave. WIM files aren’t commonly thought of as potentially malicious, ...

Misconfigured Cloud Database Increases Risk of Social Engineering

Jun 28, 2021 8:49:19 AM By Stu Sjouwerman

DreamHost, a major website hosting provider, exposed 814 million user account records in an unsecured database, researchers at Website Planet have found. The data exposed included a ...

[HEADS UP] Over 400% Increase in Ransomware Victims

Jun 24, 2021 4:41:14 PM By Stu Sjouwerman

According to a recent report by OODA Loop, "Mandiant claims to have detected a 422% increase in victim organizations announced by ransomware groups via their leak sites year-on-year ...

Threat Actors use Google Ads to Target People Migrating to Encrypted Messaging Services like Signal and Telegram

Jun 24, 2021 10:34:26 AM By Stu Sjouwerman

Researchers at eSentire warn that threat actors have been using Google Ads to target people migrating from WhatsApp to other encrypted messaging services, particularly Signal and Telegram.

Attackers Abuse Google Docs for Phishing Attacks

Jun 24, 2021 8:48:29 AM By Stu Sjouwerman

Attackers are using a new technique to exploit Google Docs for phishing attacks, according to researchers at Avanan. The attackers take advantage of the fact that Google Docs ...

ADATA Ransomware Attack Results in the Publishing of 700GB of Data Stolen

Jun 24, 2021 8:33:40 AM By Stu Sjouwerman

The headline alone sounds the warning that ransomware gangs aren’t just threatening to release exfiltrated data; they’re full out retaliating when they don’t get their ransoms paid.

60% of Orgs Needed New Security Policies to Secure Their Remote Workforce

Jun 24, 2021 8:33:36 AM By Stu Sjouwerman

According to security compliance vendor ThreatSwitch in their 2021 Industrial Security Benchmark Report, organizations are waking up to the need for better awareness training.

Turning Compliance Into Tangible Security

Jun 23, 2021 1:44:50 PM By Roger Grimes

Compliance and security are supposedly about risk management. Both seek to reduce the chances that threats and their risks will be able to successfully exploit a target. But they are ...

80% of Ransomware Victim Organizations Experience a Second Attack

Jun 22, 2021 10:16:11 AM By Stu Sjouwerman

The impact of ransomware attacks is much more than just the sensationalized cost of ransoms. New data spells out how victim organizations have suffered at the hands of ransomware.