[Heads Up] Iran Has Launched Evil New Malware That Wipes Your Windows Workstations

Dec 5, 2019 8:16:15 AM By Stu Sjouwerman

Zak Doffman posted: "Iran’s state-sponsored hackers have deployed a new strain of malicious malware, warns IBM, which has been aimed at the “industrial and energy sectors” in the Middle ...

You Have Not Suffered A Data Breach But How Do You Prevent Credential-Stuffing Attacks?

Dec 5, 2019 7:02:26 AM By Stu Sjouwerman

Frequent data breaches and the widespread availability of automated tools to take advantage of the compromised information have greatly increased the efficiency of credential stuffing ...

Europol Finds Majority of Attack Groups Rely on Spear Phishing as Primary Infection Vector

Dec 4, 2019 6:52:41 AM By Stu Sjouwerman

A new report from Europol’s European Cybercrime Center (EC3) breaks down how targeted phishing attacks are being done, and how to avoid becoming a victim.

Gift Card Scams are Decreasing in Light of Other Business Email Compromise Scams

Dec 4, 2019 6:48:49 AM By Stu Sjouwerman

New data from email security vendor Agari shows Business Email Compromise (BEC) attacks shifting tactics last quarter, in favor of scams resulting in larger payouts.

Identity Deception-Based Phishing Attacks Show an Increase in Impersonating Individuals

Dec 4, 2019 6:45:59 AM By Stu Sjouwerman

The use of impersonating a person or brand as part of an attack in on the rise, giving attackers the upper hand, establishing instant credibility and lowering the defenses of the ...

Phishing for Gamers Uses A Fake Skin Giveaway

Dec 4, 2019 6:42:02 AM By Stu Sjouwerman

BleepingComputer warns that a fake Steam skin giveaway site is stealing users’ Steam credentials. The site appears to be running a 26-day promotion giving away free skins for ...

Insecure Database Exposes Millions of Private SMS Messages

Dec 3, 2019 7:00:00 AM By Stu Sjouwerman

Researchers discovered an unprotected TrueDialog database hosted by Microsoft Azure with diverse and business-related data from tens of millions of users.

Netflix "Account Freeze" Phishing Campaign In The Wild

Dec 3, 2019 6:26:54 AM By Stu Sjouwerman

A Netflix phishing scam is going after users’ payment information and Netflix credentials, according to Naked Security. The phishing emails inform recipients that they’ve missed a payment ...

Pervasive Ransomware Infection Cost German Software Company Pilz Tens Of Millions Of Euros

Dec 2, 2019 2:43:30 PM By Stu Sjouwerman

A pervasive ransomware infection cost the German automation company Pilz an estimated tens of millions of euros, says Jan Tournois, director of the Dutch department of the multinational.

You Can’t Always Trust a Dot-Gov Domain

Dec 2, 2019 7:12:15 AM By Stu Sjouwerman

It may be easier than one thinks to register a dot-gov domain, according to KrebsOnSecurity. People have tended to regard urls with the top-level domain dot gov as generally reliable, but ...

Business Email Compromise Topples Over $26 Billion in Losses

Dec 2, 2019 7:00:00 AM By Stu Sjouwerman

This lucrative business of tricking companies into fraudulently transferring funds into cybercriminal-owned bank accounts is showing signs of growing. Scammers use many forms of attack to ...

Global Utilities See Cyberattacks as Greater Threat to Operations than IT with Half Experiencing Outages

Dec 2, 2019 7:00:00 AM By Stu Sjouwerman

Global industrial organizations are seeing and feeling the effects of cyberattacks, recognizing the material impact potential upon operations.

Over Half of SMBs Experience Phishing and Social Engineering Attacks

Dec 2, 2019 7:00:00 AM By Stu Sjouwerman

The assertion that SMBs aren’t a cyber-target is officially dead. SMBs are victims of the very same attacks as enterprises in growing numbers, according to new research.

Insurers Get Serious About Social Engineering Attacks Citing a Lack of Awareness as the Problem

Dec 2, 2019 7:00:00 AM By Stu Sjouwerman

With specific endorsements to protect against social engineering scams, insurers are realizing where the true risk lies in cyberattacks and make recommendations of how to mitigate it.

Merchant fined for failing to train employees — Former NYDFS Superintendent Vullo Talks About Cybersecurity Regs

Nov 30, 2019 1:09:56 PM By Stu Sjouwerman

Mark Harrop, Director of Communications, Corporates at Thomson Reuters made me aware of a very interesting interview with Maria Vullo, the former Superintendent of New York’s Department ...

‘Professional’ ransomware gang targets 1,800 large organizations worldwide, Dutch investigators find

Nov 30, 2019 12:40:01 PM By Stu Sjouwerman

Filip Truta at Bitdefender blogged: "A confidential report from the Netherlands’ National Cyber Security Center warns that ransomware operators are targeting at least 1,800 large ...

Phishing scams on the up in the Netherlands

Nov 30, 2019 12:30:08 PM By Stu Sjouwerman

Mina Solanki, an expat in Holland wrote: "After years of declining, phishing is on the up. In 2018, the (monetary) damage caused by it had almost quadrupled compared to previous years. ...

Singapore government must realise human error also a security breach

Nov 30, 2019 12:24:04 PM By Stu Sjouwerman

Eileen Yu, for By The Way at ZDNet wrote: "A recent data breach has highlighted a need for the Singapore government to realise human errors are cybersecurity risks that need to be ...

The Top Lesson From The Recent Louisiana 2,000-server Ransomware Infection: "User Education, User Education, User Education"

Nov 29, 2019 11:57:37 AM By Stu Sjouwerman

Louisiana suffered a ransomware attack last week that took down more than two thousand of the state’s computers and servers. The ransomware apparently entered the network after a user ...

Google Sent 12K Nation-State Phishing Warnings In Three Months

Nov 27, 2019 6:54:24 AM By Stu Sjouwerman

Google's Threat Analysis Group (TAG) delivered thousands of alerts of government-backed attempts to spearphish gmail users over just a three-month period earlier this year, they reported.

Security Awareness Training Blog