Cybercrime Group "Scattered Spider" is a Social Engineering Threat

Nov 20, 2023 3:08:35 PM By Stu Sjouwerman
The US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have released a joint Cybersecurity Advisory describing the Scattered Spider cybercriminal gang’s activities.
Continue Reading

Targeted Social Engineering on the Rise With Lowering Phishing-as-a-Service Costs

Nov 7, 2023 1:46:47 PM By Stu Sjouwerman
Targeted individuals were the most common victims of social engineering attacks in the second half of 2022 and the first half of 2023, according to researchers at AtlasVPN.
Continue Reading

Spear Phishing Becomes Most Common Attack Technique in Q3 2023

Nov 6, 2023 9:18:13 AM By Stu Sjouwerman
Spear phishing was the most common attack technique in the third quarter of 2023, according to researchers at ReliaQuest.
Continue Reading

Cybercriminal Group Octo Tempest and Its Menacing Phishbait

Oct 31, 2023 10:07:28 AM By Stu Sjouwerman
Microsoft is tracking a cybercriminal group called “Octo Tempest” that uses threats of violence as part of its social engineering and data theft extortion campaigns.
Continue Reading

A Brief History of Phishing, and Other Forms of Social Engineering

Oct 23, 2023 10:23:52 AM By Stu Sjouwerman
Social engineering attacks have a very long history, though the Internet has made it easier to launch these attacks en masse, according to Sean McNee at DomainTools. McNee points to an ...
Continue Reading

[HEADS UP] If You're a LastPass User, You May be the Next Phishing Email Target

Sep 28, 2023 9:17:38 AM By Stu Sjouwerman
Cybercriminals are not holding back on LastPass users as a new phishing campaign has recently launched with the intent to steal your data.
Continue Reading

MFA Defenses Fall Victim to New Phishing-As-A-Service Offerings

Sep 25, 2023 8:00:00 AM By Stu Sjouwerman
ZeroFox warns that phishing-as-a-service (PhaaS) offerings are increasingly including features to bypass multi-factor authentication.
Continue Reading

Can Someone Guess My Password From the Wi-Fi Signal On My Phone?

Sep 14, 2023 7:41:24 AM By Martin Kraemer
Cybercriminals can't ascertain your phone password just from a Wi-Fi signal, but they can come close according to a method described in a recent research paper. Researchers have ...
Continue Reading

Cybercriminals Selling "Golden Tickets" to Phish Microsoft 365... $500,000 in Sales in 10 Months

Sep 12, 2023 7:45:00 AM By Stu Sjouwerman
In the movie, "Willy Wonka and the Chocolate Factory," kids unwrap chocolate bars in hopes of winning a golden ticket, giving the holder an inside tour of the sugar factory. The W3LL ...
Continue Reading

Scary New IT Admin Attack Exposes Your MFA Weakness

Sep 7, 2023 8:44:27 AM By Stu Sjouwerman
Identity and authentication management provider Okta has warned of social engineering attacks that are targeting IT workers in an attempt to gain administrative privileges within ...
Continue Reading

How Secure Is Your Authentication Method?

Sep 6, 2023 8:53:21 AM By Roger Grimes
I frequently write about authentication, including PKI, multi-factor authentication (MFA), password managers, FIDO, Open Authentication, and biometrics. I have written dozens of articles ...
Continue Reading

New Adversary in the Middle Platform Circumvents MFA Protections “At Scale”

Sep 1, 2023 10:21:34 AM By Stu Sjouwerman
As Phishing as a Service (PhaaS) kits continue to evolve, news like recent attacks using the Greatness toolkit demonstrate how easy it is for novice attackers to access accounts despite ...
Continue Reading

Quishing: QR Codes as Phishbait

Aug 30, 2023 9:12:55 AM By Stu Sjouwerman
Researchers at Trustwave are tracking an increase in the use of QR codes to spread phishing links.
Continue Reading

Wordfence Becomes the Latest Brand to be Impersonated Putting 800 Million Sites at Risk

Aug 9, 2023 1:55:27 PM By Stu Sjouwerman
With its wide use and trusted state among Wordpress developers and website admins, a new campaign impersonating the website security brand could put hundreds of millions of websites at ...
Continue Reading

Most Organizations Using Weak Multifactor Authentication

Aug 8, 2023 10:10:03 AM By Stu Sjouwerman
Most organizations are still using weak forms of multi-factor authentication (MFA), a survey by Nok Nok has found. These forms of MFA can be bypassed if an employee falls for a social ...
Continue Reading

Russian Hackers Breached Government Agencies' MFA Using Microsoft Teams: Is Your Business Next?

Aug 6, 2023 10:22:10 AM By Stu Sjouwerman
Microsoft's recent blog post raised eyebrows through the cybersecurity community. State-backed hackers linked to Russia, known as APT29 or Cozy Bear, have executed “highly targeted” ...
Continue Reading

[Eye Opener] HTML Phishing Attacks Surge by 100% in 12 Months

May 7, 2023 11:57:55 AM By Stu Sjouwerman
The Cyberwire reported: "Barracuda released a study this morning indicating that HTML attacks have doubled since last year.
Continue Reading

Will AI and Deepfakes Weaken Biometric MFA

Feb 17, 2023 9:31:39 AM By Roger Grimes
You should use phishing-resistant multi-factor authentication (MFA) when you can to protect valuable data and systems. But most biometrics and MFA are not as strong as touted and much of ...
Continue Reading

A Close Call – PayPal Scam Warning

Feb 6, 2023 2:00:39 PM By Martin Kraemer
On Sunday, I received an urgent message from a friend. PayPal had sent him an email saying that a co-worker had sent him money. This was not unexpected, as he was collecting contributions ...
Continue Reading

Is Your Organization’s Password Complexity Requirement Strong Enough? Probably Not

Jan 17, 2023 8:15:27 AM By Roger Grimes
Is your organization’s password complexity strong enough?
Continue Reading
Subscribe

Search Our Blog


Comprehensive Anti-Phishing Guide

Subscribe To Our Blog

Posts By Topic

View all

Get the latest about social engineering

Subscribe to CyberheistNews