New Ransomware Threat Group, RansomHub, is so Effective, the NSA is Already Warning You About Them

The latest evolution of the ransomware service model, RansomHub, has only been around since February of this year, but its affiliates are already successfully exfiltrating data.
Continue Reading

Email Compromise Remains Top Threat Incident Type for the Third Quarter in a Row

New analysis of Q2 threats shows a consistent pattern of behavior on the part of threat actors and threat groups, providing organizations with a clear path to protect themselves.
Continue Reading

Ransomware Recovery Costs Have Doubled for State and Local Governments

Thirty-four percent of state and local government entities were hit by ransomware in 2024, a new report from Sophos has found. While this is a decrease compared to the attack rate in ...
Continue Reading

The Long Road to Recovery Following a Ransomware Attack

When it comes to the duration of a ransomware attack and the subsequent recovery process, the numbers are staggering and vary wildly. Partly because there’s no single source which ...
Continue Reading

Hacker Stories: A Facebook Physical Threat

Most people take a lot of measures to secure their online bank accounts, credit card accounts, retirement accounts and other financial accounts. This often means enabling some form of ...
Continue Reading

New Malvertising Campaign Impersonates Google Authenticator

Researchers at Malwarebytes spotted a malvertising campaign that abused Google Ads to target people searching for Google Authenticator.
Continue Reading

Phishing Attacks Target High Profile YouTube Accounts

Researchers at ESET warn of phishing attacks that are attempting to hack high-profile YouTube channels in order to spread scams or malware.
Continue Reading

FBI Warns of Phishing Campaign Targeting the Healthcare Industry

The US FBI and the Department of Health and Human Services (HHS) have released a joint advisory warning of a social engineering campaign that’s targeting the healthcare industry.
Continue Reading

The Overlooked Truth: User Experience in Cybersecurity

We live in a world where the term "cybersecurity" tends to make folks either shiver with anxiety or yawn with boredom. The narrative has always been about hacking, phishing, and all sorts ...
Continue Reading

Russia’s Military Intelligence Service Launches Spear Phishing Attacks

Researchers at Recorded Future warn that BlueDelta, a threat actor tied to Russia’s GRU, is launching spear phishing attacks against European defense and transportation entities.
Continue Reading

Scam Service Attempts to Bypass Multi-factor Authentication

A scam operation called “Estate” has attempted to trick nearly a hundred thousand people into handing over multi-factor authentication codes over the past year, according to Zack ...
Continue Reading

Google’s Multi-Party Approval Process Is Great, but Not Unphishable

Like most observers, I celebrated Google’s recent announcement on April 9th about new multi-party approvals for a handful or so of common actions accomplished by super admins in Google ...
Continue Reading

Is RogerLovesTaco$24 a Strong Password?

Is "RogerLovesTaco$24" a strong password? No! Everyone has a ton of passwords. They should be strong and unique for every site and service you use. Everyone knows this.
Continue Reading

Targeted Smishing Attacks by Threat Group “The Com” On The Rise

Cyber activity by the group "The Com," which leverages (SIM) swapping, cryptocurrency theft, swatting, and corporate intrusions, is increasing.
Continue Reading

Next Week is World Password Day!

May 2nd is World Password Day. Despite the computer industry telling us for decades that our passwords will soon be gone, we now have more than ever!
Continue Reading

AI-Assisted Phishing Attacks Are on the Rise

Threat actors are increasingly using generative AI tools to improve their phishing campaigns, according to a new report from Zscaler.
Continue Reading

Phishing Campaign Exploits Nespresso Domain

Attackers are launching phishing campaigns using an open-redirect vulnerability affecting a website belonging to coffee machine company Nespresso, according to researchers at Perception ...
Continue Reading

AI Voice Cloning and Bank Voice Authentication: A Recipe for Disaster?

New advancements in generative AI voice cloning come at a time when banks are looking for additional ways to authenticate their customers – and they’re choosing your voice.
Continue Reading

Critical Improvements To The Seven Most Common Pieces of Cybersecurity Advice

I have been in the cybersecurity industry for over 35 years and I am the author of 14 books and over 1,400 articles on cybersecurity.
Continue Reading

New Phishing-as-a-Service (PhaaS) platform, 'Tycoon 2FA', Targets Microsoft 365 and Gmail Accounts

A new PhaaS service brings the power of bypassing multi-factor authentication (MFA) to the world’s most-used email platforms.
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews