Manufacturing Sector Is the Latest Target of Advanced Credential Harvesting Attacks

Sep 5, 2024 11:22:13 AM By Stu Sjouwerman

A new attack runs slow and steady, focused on compromising large manufacturing companies using contextual social engineering to trick victims into giving up credentials.

Phishing is Still the Top Initial Access Vector

Sep 5, 2024 11:21:58 AM By Stu Sjouwerman

Phishing remains a top initial access vector for threat actors, according to researchers at ReliaQuest. Phishing and other social engineering tactics can bypass security technologies by ...

Threat Actors Increasingly Exploit Deepfakes for Social Engineering

Sep 4, 2024 11:10:59 AM By Stu Sjouwerman

The availability of deepfake technology has given threat actors a valuable tool for social engineering attacks, according to researchers at BlackBerry.

Organizations in the Middle East Targeted By Malware Impersonating Palo Alto GlobalProtect VPN

Sep 3, 2024 2:46:10 PM By Stu Sjouwerman

A social engineering campaign is targeting entities in the Middle East using malware that impersonates Palo Alto Networks’ GlobalProtect VPN, according to researchers at Trend Micro.

Major Scam Operation Uses Deepfake Videos

Sep 3, 2024 2:46:07 PM By Stu Sjouwerman

Researchers at Palo Alto Networks’ Unit 42 are tracking dozens of scam campaigns that are using deepfake videos to impersonate CEOs, news anchors, and high-profile government officials.

Scammers Use Fake Funeral LiveStream Social Media Posts to Extort Victims

Aug 30, 2024 12:03:13 PM By Stu Sjouwerman

In a troubling new low, cybercriminals are targeting individuals grieving the loss of a loved one by charging their credit cards with excessive fees through a heartless scam. According to ...

Nearly Half of Mid-Market and Enterprise Organizations Have Experienced Four or More Ransomware Attacks in the Last Year

Aug 30, 2024 12:03:10 PM By Stu Sjouwerman

New data exposes the reality of ransomware attacks today, including their frequency, impact, ransom payment – and the involvement of human error.

Threat Actors Abuse Microsoft Sway to Launch QR Code Phishing Attacks

Aug 30, 2024 8:23:54 AM By Stu Sjouwerman

Researchers at Netskope last month observed a 2000-fold increase in traffic to phishing pages delivered through Microsoft Sway.

Fewer, High-Profile Ransomware Attacks Are Yielding Higher Ransoms

Aug 29, 2024 8:52:20 AM By Stu Sjouwerman

Analysis of cryptocurrency payments made on the blockchain highlights shifts in the size and frequency of ransomware attacks and may paint a bleak picture for the remainder of the year.

Iran’s APT42 Targets WhatsApp Users With Spear-Phishing Attacks

Aug 29, 2024 8:52:16 AM By Stu Sjouwerman

Researchers at Meta have published details on Iranian spear-phishing attacks targeting WhatsApp accounts. The activity is attributed to APT42, a threat actor tied to Iran’s Islamic ...

Email Compromise Remains Top Threat Incident Type for the Third Quarter in a Row

Aug 28, 2024 8:26:11 AM By Stu Sjouwerman

New analysis of Q2 threats shows a consistent pattern of behavior on the part of threat actors and threat groups, providing organizations with a clear path to protect themselves.

Phishing Attacks Are Increasingly Targeting Social Media and Smartphone Users

Aug 28, 2024 8:26:08 AM By Stu Sjouwerman

Threat actors are increasingly tailoring their attacks to target social media apps and smartphone users, according to a new report from the Anti-Phishing Working Group (APWG).

Ransomware Recovery Costs Have Doubled for State and Local Governments

Aug 27, 2024 7:30:00 AM By Stu Sjouwerman

Thirty-four percent of state and local government entities were hit by ransomware in 2024, a new report from Sophos has found. While this is a decrease compared to the attack rate in ...

Business Email Compromise Scams Rise 20%, Making up Nearly Half of all Spam Emails

Aug 23, 2024 3:07:33 PM By Stu Sjouwerman

New research on email threats points to AI-based tools to assist in generating BEC content. And the overwhelming targeted role may or may not surprise you.

The Number of Email-Based Cyber Attacks Detected Surge 239% in 1H 2024

Aug 23, 2024 3:07:30 PM By Stu Sjouwerman

New data shows the most prevalent and obvious path into an organization – email – continues to be exploited by a growing number of cybercriminals.

Malvertising Campaign Impersonates Dozens of Google Products

Aug 23, 2024 8:48:25 AM By Stu Sjouwerman

A malvertising campaign is abusing Google ads to impersonate Google’s entire product line, according to researchers at Malwarebytes. The malicious ads are designed to lure victims into a ...

US Political Campaigns Targeted by Iranian Spear Phishing Attacks

Aug 21, 2024 4:02:10 PM By Stu Sjouwerman

Researchers at Recorded Future’s Insikt Group warn that the Iranian state-sponsored threat actor “GreenCharlie” is launching spear phishing attacks against US political campaigns.

Phishing Scammers Leverage Microsoft Dynamics 365 to Target US Government Contractors

Aug 21, 2024 4:02:07 PM By Stu Sjouwerman

Analysis of a phishing campaign targeting thousands of government contractors, dubbed “Operation Uncle Sam,” takes advantage of some sophisticated steps to avoid detection.

Threat Actors Abuse URL Rewriting to Mask Phishing Links

Aug 21, 2024 2:33:55 PM By Stu Sjouwerman

Threat actors are abusing a technique called “URL rewriting” to hide their phishing links from security filters, according to researchers at Perception Point.

U.K. Management Almost Twice as Likely to Fall for Phishing Attacks Versus Entry-Level Employees

Aug 19, 2024 1:58:47 PM By Stu Sjouwerman

Highlights from a new survey focused on employee compliance reveals just how targeted and susceptible U.K. businesses are to phishing attempts.

Security Awareness Training Blog

View Topics