The Overlooked Truth: User Experience in Cybersecurity

We live in a world where the term "cybersecurity" tends to make folks either shiver with anxiety or yawn with boredom. The narrative has always been about hacking, phishing, and all sorts ...
Continue Reading

Russia’s Military Intelligence Service Launches Spear Phishing Attacks

Researchers at Recorded Future warn that BlueDelta, a threat actor tied to Russia’s GRU, is launching spear phishing attacks against European defense and transportation entities.
Continue Reading

Scam Service Attempts to Bypass Multi-factor Authentication

A scam operation called “Estate” has attempted to trick nearly a hundred thousand people into handing over multi-factor authentication codes over the past year, according to Zack ...
Continue Reading

Google’s Multi-Party Approval Process Is Great, but Not Unphishable

Like most observers, I celebrated Google’s recent announcement on April 9th about new multi-party approvals for a handful or so of common actions accomplished by super admins in Google ...
Continue Reading

Is RogerLovesTaco$24 a Strong Password?

Is "RogerLovesTaco$24" a strong password? No! Everyone has a ton of passwords. They should be strong and unique for every site and service you use. Everyone knows this.
Continue Reading

Targeted Smishing Attacks by Threat Group “The Com” On The Rise

Cyber activity by the group "The Com," which leverages (SIM) swapping, cryptocurrency theft, swatting, and corporate intrusions, is increasing.
Continue Reading

Next Week is World Password Day!

May 2nd is World Password Day. Despite the computer industry telling us for decades that our passwords will soon be gone, we now have more than ever!
Continue Reading

AI-Assisted Phishing Attacks Are on the Rise

Threat actors are increasingly using generative AI tools to improve their phishing campaigns, according to a new report from Zscaler.
Continue Reading

Phishing Campaign Exploits Nespresso Domain

Attackers are launching phishing campaigns using an open-redirect vulnerability affecting a website belonging to coffee machine company Nespresso, according to researchers at Perception ...
Continue Reading

AI Voice Cloning and Bank Voice Authentication: A Recipe for Disaster?

New advancements in generative AI voice cloning come at a time when banks are looking for additional ways to authenticate their customers – and they’re choosing your voice.
Continue Reading

Critical Improvements To The Seven Most Common Pieces of Cybersecurity Advice

I have been in the cybersecurity industry for over 35 years and I am the author of 14 books and over 1,400 articles on cybersecurity.
Continue Reading

New Phishing-as-a-Service (PhaaS) platform, 'Tycoon 2FA', Targets Microsoft 365 and Gmail Accounts

A new PhaaS service brings the power of bypassing multi-factor authentication (MFA) to the world’s most-used email platforms.
Continue Reading

Apple Users Become the Latest Targets of MFA Attacks

A new string of multi-factor authentication (MFA) attacks targeting the reset of Apple IDs seem to be popping up in a likely attempt to steal the victim’s digital identity and more.
Continue Reading

New Phishing-as-a-Service Kit Attempts to Bypass MFA

A Phishing-as-a-Service (PhaaS) platform called “Tycoon 2FA” has surged in popularity over the past several months, according to researchers at Sekoia. The phishing kit is notable for its ...
Continue Reading

AI-Driven Voice Cloning Tech Used in Vishing Campaigns

Scammers are using AI technology to assist in voice phishing (vishing) campaigns, the Better Business Bureau (BBB) warns. Generative AI tools can now be used to create convincing ...
Continue Reading

Three Essential Truths Every CISO Should Know To Guide Their Career

According to my research, it became clear that if CISO's focused on these three items, it would take care of 99% of the vulnerabilities.
Continue Reading

Game-Changer: Biometric-Stealing Malware

I have been working in cybersecurity for a long time, since 1987, over 35 years. And, surprisingly to many readers/observers, I often say I have not seen anything new in the ...
Continue Reading

When Threat Actors Don’t Have a Viable Email Platform to Phish From, They Just Steal Yours

New analysis of a phishing campaign shows how cybercriminals use brand impersonation of the platforms they need to compromise accounts and takeover legitimate services.
Continue Reading

Credential Theft Is Mostly Due To Phishing

According to IBM X-Force’s latest Threat Intelligence Index, 30% of all cyber incidents in 2023 involved abuse of valid credentials. X-Force’s report stated that abuse of valid ...
Continue Reading

Anyone Can Be Scammed and Phished, With Examples

I recently read an article about a bright, sophisticated woman who fell victim to an unbelievable scam. By unbelievable, I mean most people reading or hearing about it could not believe ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews