“Operation Endgame” Ends with the Arrest of 4 Cybercriminal Suspects and 100 Servers

Coordinated efforts between law enforcement agencies across nine countries has resulted in a major disruption of a threat group’s malware and ransomware operations.
Continue Reading

26% of Global Organizations Lack Security Training Programs

More than a quarter (26%) of organizations around the world provide no security awareness training for their employees, according to a survey by Hornetsecurity. The researchers found that ...
Continue Reading

Best Buy/Geek Squad Impersonation Scams Surged in 2023

The US Federal Trade Commission (FTC) has found that Best Buy, and its tech support subsidiary Geek Squad, were the most commonly impersonated brands by scammers in 2023.
Continue Reading

Email Compromise Continues to Dominate as Top Threat Incident Type as Tactics Evolve

As email compromise attacks increase, analysis of tactics provides context on how organizations need to evolve their defenses.
Continue Reading

Russia’s Military Intelligence Service Launches Spear Phishing Attacks

Researchers at Recorded Future warn that BlueDelta, a threat actor tied to Russia’s GRU, is launching spear phishing attacks against European defense and transportation entities.
Continue Reading

New Transparent Phishing Attacks Leverage Cloudflare Worker Serverless Computing

An increasing number of phishing campaigns from several threat groups are being tracked as they leverage legitimate Cloudflare services as part of account compromise attacks.
Continue Reading

91% of Every Ransomware Attack Today Includes Exfiltrating Your Data

New insight into ransomware attacks show that cyber attacks are a top concern for organizations – with many not aware they were a victim until after the attack.
Continue Reading

Cybercriminals Target Hajj Pilgrims

Criminals are launching a variety of scams targeting Muslims around the world who are planning on making the Hajj pilgrimage to Mecca, according to researchers at Resecurity.
Continue Reading

Criminals Abuse Cloud Storage Platforms to Host Phishing Sites

Threat actors are abusing cloud storage platforms to host phishing sites that can more easily evade detection by security scanners, according to researchers at Enea. Criminals are ...
Continue Reading

Threat Actor Void Manticore Uses Cyber Weapon “Wipers” to Destroy Data and Systems

This Pro-Hamas hacktivist group has updated their payload arsenal to include updated versions of their BiBi Wiper malware, and two new wiper variants.
Continue Reading

China Threat Actor Targeting African and Caribbean Entities With Spear Phishing Attacks

The China-aligned threat actor “Sharp Dragon” is launching spear phishing attacks against government entities in African and Caribbean countries, according to researchers at Check Point.
Continue Reading

CISA Releases Cybersecurity Resources for High-Risk Communities

Working to ensure all communities within the United States are educated and prepared, the Cybersecurity and Infrastructure Security Agency (CISA) has released a set of tools, services and ...
Continue Reading

As Many as 1 in 7 Emails Make it Past Your Email Filters

Fluctuations in consecutive quarterly reports demonstrates that organizations should be worried that their cyber defenses may not be strong enough to stop phishing attacks.
Continue Reading

New Research Finds Phishing Scams Targeting Popular PDF Viewer

Several phishing campaigns are targeting users of the Foxit PDF Reader, according to researchers at Check Point. Foxit is a popular alternative to Adobe Acrobat Reader for viewing PDF ...
Continue Reading

From Boredom to Engagement: Gamification in Cybersecurity Awareness

As someone who can barely keep up when my 10-year-old shows me around his Minecraft worlds, I was a bit apprehensive about writing a review of our gamified cybersecurity awareness module. ...
Continue Reading

UK Cybersecurity Org Offers Advice for Thwarting BEC Attacks

The UK’s National Cyber Security Centre (NCSC) has issued guidance to help medium-sized organizations defend themselves against business email compromise (BEC) attacks, especially those ...
Continue Reading

Malicious Use of Generative AI Large Language Models Now Comes in Multiple Flavors

Analysis of malicious large language model (LLM) offerings on the dark web uncovers wide variation in service quality, methodology and value – with some being downright scams.
Continue Reading

Announcing KnowBe4 Student Edition: Cybersecurity Education Tailored for the Next Generation

I recently heard another heartbreaking story of students who were scammed out of financial aid by a phishing attack. We have also heard stories of employment scams and social media based ...
Continue Reading

Newly Updated Grandoreiro Banking Trojan Distributed Via Phishing Campaigns

Researchers at IBM X-Force are tracking several large phishing campaigns spreading an updated version of the Grandoreiro banking trojan.
Continue Reading

Cyber Insurance Claims Rise Due To Phishing and Social Engineering Cyber Attacks

New data covering cyber insurance claims through 2023 shows claims have increased while reaffirming what we already know: phishing and social engineering are the real problem.
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews