So, Your MFA is Phishable, What To Do Next

Aug 31, 2022 9:54:49 AM By Roger Grimes

We’ve written a lot about multi-factor authentication (MFA) not being the Holy Grail to prevent phishing attacks, including here:

Phishing Attacks Leveraging Legitimate SaaS Platforms Soars 1100%

Aug 31, 2022 9:30:27 AM By Stu Sjouwerman

As threat actors look for ways to evade detection by security solutions, the use of cloud applications has seen a material jump in the last 12 months, according to new data.

Phishing and Malicious Emails Are Still the Primary Initial Attack Vector

Aug 31, 2022 9:30:19 AM By Stu Sjouwerman

As cybercriminals continue to evolve their techniques, they continue to rely on phishing as the most successful tried and true method of initial attack, according to new data from Acronis.

LockBit Ransomware Group Steps Up Their Game with Triple Extortion as the Next Evolution

Aug 31, 2022 9:30:12 AM By Stu Sjouwerman

After suffering a taste of their own medicine as part of a response effort from victim organization Entrust, LockBit appears to have bounced back even stronger than before.

Lost in Translation? New Cryptomining Malware Attacks Based in Turkey Cause Suspicion

Aug 31, 2022 9:30:07 AM By Stu Sjouwerman

Researchers at Check Point warn that attackers based in Turkey are distributing cryptomining malware via free software distribution websites, including Softpedia and uptodown. The ...

[KREBS ON SECURITY] How 1-Time Passcodes Became a Corporate Liability

Aug 30, 2022 11:45:43 AM By Stu Sjouwerman

[The following article is at it appears at Krebs on Security here.] Phishers are enjoying remarkable success using text messages to steal remote access credentials and one-time passcodes ...

The Extent of Social Engineering

Aug 30, 2022 10:25:14 AM By Stu Sjouwerman

Researchers at NordVPN have published the results of a survey that found that 84% of Americans have experienced some form of social engineering, although only 54% have heard of the term ...

CyberheistNews Vol 12 #35 [Heads Up] Check This Highly Sophisticated LinkedIn Job Offer Scam

Aug 30, 2022 9:18:32 AM By Stu Sjouwerman

Researchers warn of darkverse emerging from the metaverse

Aug 26, 2022 8:03:03 AM By Stu Sjouwerman

ARN just reported: "The metaverse is seen by many companies as a great business opportunity and for new ways of working. Security provider Trend Micro, however, warns in a recent research ...

State-Based Cyberattacks to be Excluded from Lloyd’s of London Cyber Insurance Policies

Aug 25, 2022 9:14:31 AM By Stu Sjouwerman

As cyber insurers evolve their understanding of the cyber attack landscape, who’s responsible, and what’s at stake, a logical next step is taken by Lloyd’s to better isolate what is ...

The Crypto Collapse Will Only Add Fuel to the Cyberattack Fire

Aug 25, 2022 9:14:22 AM By Stu Sjouwerman

Despite the crypto market’s loss of over $1 trillion in value since the beginning of the year, the value of the digital currency isn’t what makes it a popular choice for cybercriminals.

BlackByte Ransomware Gang Comes Back to Life with a New Extortion Strategy

Aug 25, 2022 9:14:14 AM By Stu Sjouwerman

First debuted in July 2021, this ransomware gang that engages in their own attacks and offers a RWaaS model, has come back into the limelight offering victims several extortion payment ...

Phishing Remains the Initial Infection Vector in 78% of Attacks Against OT-Heavy Industries

Aug 25, 2022 9:14:05 AM By Stu Sjouwerman

Companies heavily reliant on operational technology (OT) to function are just as much a target as businesses relying in traditional IT and are facing some of the same challenges to stop ...

Report: Deepfakes Used in Scams

Aug 25, 2022 9:13:56 AM By Stu Sjouwerman

Scammers created a deepfake video of Patrick Hillmann, Chief Communications Officer at cryptocurrency exchange Binance, in order to scam people. Hillmann explained in a blog post that he ...

[HEADS UP] Highly Sophisticated Job Offer Scam

Aug 25, 2022 8:55:44 AM By Stu Sjouwerman

If you've been approached by recruiters on LinkedIn for a potential job opportunity, you may want to pay attention to this recent scam.

Dueling Clauses, or, not all Fraud is the Same

Aug 24, 2022 10:47:04 AM By Stu Sjouwerman

There are, famously, three things you can do with risk: accept it, mitigate it, or transfer it. And you transfer risk by buying insurance against it.

[BUDGET AMMO] Companies Are Ditching Cybersecurity Insurance as Premiums Rise, Coverage Shrinks

Aug 24, 2022 8:45:22 AM By Stu Sjouwerman

As the CEO of a public InfoSec company I have a variety of news sources. One of these is called '"The Information" which covers in-depth tech stories usually earlier than anywhere else. ...

Teach Two Things to Decrease Phishing Attack Success

Aug 24, 2022 8:25:03 AM By Roger Grimes

We know everyone is busy. Everyone already has too much on their plate and is trying to learn as much as they can every day.

Vishing is a Rising Threat to the Enterprise

Aug 23, 2022 10:05:48 AM By Stu Sjouwerman

Most of us are all too familiar with vishing, the scam voice calls that offer to erase your credit card debt, to extend your automobile warranty, to get you to donate to that worthy cause ...

CyberheistNews Vol 12 #34 [Eye Opener] The Cisco Hack Was Caused by Initial Access Broker Phishing

Aug 23, 2022 9:30:00 AM By Stu Sjouwerman

Security Awareness Training Blog

View Topics