Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

Google’s Multi-Party Approval Process Is Great, but Not Unphishable

May 10, 2024 1:49:20 PM By Roger Grimes
Like most observers, I celebrated Google’s recent announcement on April 9th about new multi-party approvals for a handful or so of common actions accomplished by super admins in Google ...
Continue Reading

Is RogerLovesTaco$24 a Strong Password?

May 2, 2024 3:32:01 PM By Roger Grimes
Is "RogerLovesTaco$24" a strong password? No! Everyone has a ton of passwords. They should be strong and unique for every site and service you use. Everyone knows this.
Continue Reading

Targeted Smishing Attacks by Threat Group “The Com” On The Rise

Apr 29, 2024 2:03:09 PM By Stu Sjouwerman
Cyber activity by the group "The Com," which leverages (SIM) swapping, cryptocurrency theft, swatting, and corporate intrusions, is increasing.
Continue Reading

Next Week is World Password Day!

Apr 26, 2024 8:20:19 AM By Roger Grimes
May 2nd is World Password Day. Despite the computer industry telling us for decades that our passwords will soon be gone, we now have more than ever!
Continue Reading

AI-Assisted Phishing Attacks Are on the Rise

Apr 25, 2024 8:23:39 AM By Stu Sjouwerman
Threat actors are increasingly using generative AI tools to improve their phishing campaigns, according to a new report from Zscaler.
Continue Reading

Phishing Campaign Exploits Nespresso Domain

Apr 23, 2024 11:37:04 AM By Stu Sjouwerman
Attackers are launching phishing campaigns using an open-redirect vulnerability affecting a website belonging to coffee machine company Nespresso, according to researchers at Perception ...
Continue Reading

AI Voice Cloning and Bank Voice Authentication: A Recipe for Disaster?

Apr 18, 2024 8:39:02 AM By Stu Sjouwerman
New advancements in generative AI voice cloning come at a time when banks are looking for additional ways to authenticate their customers – and they’re choosing your voice.
Continue Reading

Critical Improvements To The Seven Most Common Pieces of Cybersecurity Advice

Apr 9, 2024 2:05:26 PM By Roger Grimes
I have been in the cybersecurity industry for over 35 years and I am the author of 14 books and over 1,400 articles on cybersecurity.
Continue Reading

New Phishing-as-a-Service (PhaaS) platform, 'Tycoon 2FA', Targets Microsoft 365 and Gmail Accounts

Apr 9, 2024 2:05:22 PM By Stu Sjouwerman
A new PhaaS service brings the power of bypassing multi-factor authentication (MFA) to the world’s most-used email platforms.
Continue Reading

Apple Users Become the Latest Targets of MFA Attacks

Apr 4, 2024 1:28:45 PM By Stu Sjouwerman
A new string of multi-factor authentication (MFA) attacks targeting the reset of Apple IDs seem to be popping up in a likely attempt to steal the victim’s digital identity and more.
Continue Reading

New Phishing-as-a-Service Kit Attempts to Bypass MFA

Mar 26, 2024 11:38:48 AM By Stu Sjouwerman
A Phishing-as-a-Service (PhaaS) platform called “Tycoon 2FA” has surged in popularity over the past several months, according to researchers at Sekoia. The phishing kit is notable for its ...
Continue Reading

AI-Driven Voice Cloning Tech Used in Vishing Campaigns

Mar 13, 2024 9:30:10 AM By Stu Sjouwerman
Scammers are using AI technology to assist in voice phishing (vishing) campaigns, the Better Business Bureau (BBB) warns. Generative AI tools can now be used to create convincing ...
Continue Reading

Three Essential Truths Every CISO Should Know To Guide Their Career

Mar 11, 2024 9:11:56 AM By Roger Grimes
According to my research, it became clear that if CISO's focused on these three items, it would take care of 99% of the vulnerabilities.
Continue Reading

Game-Changer: Biometric-Stealing Malware

Feb 28, 2024 2:25:55 PM By Roger Grimes
I have been working in cybersecurity for a long time, since 1987, over 35 years. And, surprisingly to many readers/observers, I often say I have not seen anything new in the ...
Continue Reading

When Threat Actors Don’t Have a Viable Email Platform to Phish From, They Just Steal Yours

Feb 28, 2024 12:21:15 PM By Stu Sjouwerman
New analysis of a phishing campaign shows how cybercriminals use brand impersonation of the platforms they need to compromise accounts and takeover legitimate services.
Continue Reading

Credential Theft Is Mostly Due To Phishing

Feb 28, 2024 12:21:10 PM By Roger Grimes
According to IBM X-Force’s latest Threat Intelligence Index, 30% of all cyber incidents in 2023 involved abuse of valid credentials. X-Force’s report stated that abuse of valid ...
Continue Reading

Anyone Can Be Scammed and Phished, With Examples

Feb 21, 2024 3:23:29 PM By Roger Grimes
I recently read an article about a bright, sophisticated woman who fell victim to an unbelievable scam. By unbelievable, I mean most people reading or hearing about it could not believe ...
Continue Reading

IBM Tests Audio-Based Large Language Model to Hijack Live Conversations

Feb 20, 2024 1:03:01 PM By Stu Sjouwerman
With the idea in mind to “audio-jack” a live call-based banking transaction, security researchers were successful in inserting cybercriminal-controlled account details.
Continue Reading

Cybersecurity Resiliency and Your Board of Directors

Feb 8, 2024 2:41:03 PM By Roger Grimes
Growing cybersecurity threats, especially ransomware attacks, and the Securities and Exchange Commission’s (SEC) recent rules have made having a cybersecurity-aware Board of Directors ...
Continue Reading

Fake “I Can’t Believe He’s Gone” Posts Seek to Steal Facebook Credentials

Feb 5, 2024 4:58:17 PM By Stu Sjouwerman
A new scam relies on a victim's sense of curiosity, brand impersonation, and the hopes of a new login to compromise Facebook credentials.
Continue Reading
Subscribe

Search Our Blog


Comprehensive Anti-Phishing Guide

Subscribe To Our Blog

Posts By Topic

View all

Get the latest about social engineering

Subscribe to CyberheistNews