Chinese Hacker Group Debuts After 3 Years of Testing with a Previously Unseen Backdoor Exploit

Jun 8, 2021 1:37:27 PM By Stu Sjouwerman

Dubbed ‘SharpPanda’, this Chinese APT group uses malicious Word docs, .RTF templates, and the RoyalRoad malware to install a powerful backdoor DLL giving them all kinds of access.

Everyone Has It Wrong. It Is Not Double Extortion, It Is Quintuple Extortion!

Jun 3, 2021 2:12:53 PM By Roger Grimes

I keep seeing a new ransomware term, “double extortion” being discussed. It is the hot, new buzzword surrounding ransomware. This term attempts to summarize how ransomware is no longer ...

Ransomware's Impact Highlights the Threat of Social Engineering

Jun 3, 2021 2:10:23 PM By Stu Sjouwerman

Ransomware actors are continuing to shift their focus to disrupting operations that affect people’s daily lives, according to the Wall Street Journal. A ransomware attack on Wednesday ...

New Email Attack Takes a Phishing-Turned-Vishing Angle to Steal Credit Card Info

May 28, 2021 9:56:51 AM By Stu Sjouwerman

Details on this new scam demonstrate how cybercriminal gangs are working to try use new mediums and social engineering methods to trick users into becoming victims.

Business Email Compromise Attacks Are Evolving, Becoming More Convincing and More Expensive

May 28, 2021 9:51:22 AM By Stu Sjouwerman

The “business” of BEC is becoming increasingly more lucrative for cybercriminals, as they develop new ways to defraud individuals and organizations of their money.

Call Centers Used to Distribute BazarLoader

May 27, 2021 9:21:37 AM By Stu Sjouwerman

Cybercriminals are using call centers to trick users into downloading the BazarLoader malware, according to researchers at Palo Alto Networks’ Unit 42. By relying on social engineering to ...

A Popular Fraud Combo is Back: Elon Musk and Bitcoin

May 26, 2021 1:56:37 PM By Stu Sjouwerman

Researchers at Bitdefender warn that cybercriminals continue to impersonate Elon Musk in Bitcoin scams. One campaign that started on May 15 involved sending thousands of emails telling ...

Cybersecurity Insurance Landscape Is Fundamentally Changing Right Now

May 26, 2021 8:36:48 AM By Roger Grimes

By Roger Grimes. Ransomware is stealing so much money and interrupting so many businesses that it might be the beginning of their undoing. It is certainly radically changing the ...

Low-Grade Ways of Bypassing Email Scanners

May 24, 2021 9:38:59 AM By Stu Sjouwerman

Cybercriminals are replacing common words in phishing scams with synonyms in order to bypass security filters, according to researchers at Avanan. For example, one phishing lure contained ...

The FBI’s Internet Crime Complaint Center Marks Its 6 Millionth Complaint as Pace Accelerates

May 21, 2021 1:11:14 PM By Stu Sjouwerman

The rate at which cyberattacks are increasing are being noticed by both their victims and the FBI, who are seeing more people affected by online crimes and scams.

When Cryptocurrency Investments Really Are Too Good To Be True

May 19, 2021 2:49:41 PM By Stu Sjouwerman

The US Federal Trade Commission (FTC) reports that victims have lost more than $80 million in cryptocurrency scams since October of last year, with about $2 million of that total going to ...

Transparent Tribe Uses Spoofed Domains in Social Engineering Attacks

May 18, 2021 10:29:59 AM By Stu Sjouwerman

Researchers at Cisco Talos warn that the threat actor known as “Transparent Tribe” (also known as APT36 and Mythic Leopard) is using spoofed websites and malicious documents to deliver ...

FBI Finds Phishing Sites Abusing Search Results and Ads to Steal Banking Credentials

May 13, 2021 8:56:37 AM By Stu Sjouwerman

The US Federal Bureau of Investigation has sent out a private industry notification (PIN) warning that cybercriminals are using search engine ads and search results to spread phishing ...

A New Smishing Trojan is Out and About

May 12, 2021 9:49:21 AM By Stu Sjouwerman

Researchers at Pradeo have observed a new Android malware campaign that uses text messages asking victims to pay a small fee for a delivery. The messages contain a link that will install ...

Email-Based Threats Increase 64% as Attacks Grow in Sophistication and Volume

May 12, 2021 8:18:54 AM By Stu Sjouwerman

New data from Mimecast shows how email-based threats are not only the greatest perceived concern, but are proving to be the reason for increased experienced attacks.

Your Organization Needs to Take Security Awareness Training More Seriously

May 11, 2021 4:08:50 PM By Roger Grimes

Your organization needs to take security awareness training (SAT) more seriously. I mean truly serious, really serious, and not relegated to some quasi-, semi-serious status that the vast ...

Huge Business Email Compromise Campaign Targets More Than 120 Organizations

May 11, 2021 12:00:00 PM By Stu Sjouwerman

According to Bleeping Computer, Microsoft reported that a large business email compromise (BEC) campaign has targeted dozens of organizations. The industries targeted varied from real ...

Fake Court Order Used to Take Over Domains

May 11, 2021 9:00:39 AM By Stu Sjouwerman

Motherboard reports that a scammer used a phony court order to trick a domain registrar into giving them control over a domain that posted links to dark web drug markets. The scammer then ...

Cybersecurity Spend Is Now More Than 20% of the Average IT Budget As 91% of Organizations Suffering an Attack had Operations Impacted

May 6, 2021 8:58:25 AM By Stu Sjouwerman

The latest data from the Hiscox Cyber Readiness Report highlights how organizations are experiencing cyber threats and how they are responding to increase their readiness for next time.

Genesis Market: a Study in the C2C Economy

May 5, 2021 8:55:19 AM By Stu Sjouwerman

Researchers at Digital Shadows describe Genesis Market, a criminal-to-criminal marketplace that aggregates and sells digital fingerprints to facilitate cyberattacks. The researchers say ...

Security Awareness Training Blog

Social Engineering Blog

View Topics