social engineering

Untrained users are the greatest weakness in a cyber defense plan

Posted on by Admin
Untrained users are the greatest weakness in a cyber defense plan

KnowBe4 has released its 2024 Phishing by Industry Benchmarking Report. This report measures the likelihood that an organization’s employees would fall for a phishing or social engineering scam, assessing the status of security preparedness and awareness across global industries such as government, healthcare and critical infrastructure.  54 million simulated phishing tests were analyzed in the report. These tests involved more than 11.9 million individuals from 55,675 organizations across 19 industries. Through this analysis, the report found…

Read More

Navigating political polarization in the workplace

Posted on by Admin
Navigating political polarization in the workplace

In this episode of The Security Podcasts featuring Scott McHugh, retired CSO at LyondellBasell Chemical Company and Faculty at Rice University, we discuss the challenges security leaders face when navigating political polarization in the workplace. “This is actually not a new phenomenon,” Scott McHugh says. “It really started in the late ’90s, in the Clinton administration, and it’s just been manifesting itself through the years ever since then. And it’s become much more of a…

Read More

Olympics 2024: Cyber Attackers are Targeting Companies Associated With Paris Games

Posted on by Admin
Olympics 2024: Cyber Attackers are Targeting Companies Associated With Paris Games

Organisations linked to the Paris Olympics 2024 have an increased risk of cyber attacks, including ransomware, credential leaks and phishing campaigns, a study has found. Insikt Group, the threat research division of security firm Recorded Future, has already observed posts advertising access to Games-related organisations in France and compromised credentials using “paris2024[dot]org” domains on the Dark Web. These findings were published in a new report highlighting high-priority threats to the Games, based on an assessment…

Read More

IBM X-Force Report: Grandoreiro Malware Targets More Than 1,500 Banks in 60 Countries

Posted on by Admin
IBM X-Force Report: Grandoreiro Malware Targets More Than 1,500 Banks in 60 Countries

A new report from IBM X-Force exposes changes in the Grandoreiro malware landscape. The banking trojan is now capable of targeting more than 1,500 global banks in more than 60 countries, and it has been updated with new features. Also, Grandoreiro’s targeting has become wider, as it initially only targeted Spanish-speaking countries, while recent attack campaigns targeted countries in Europe, Asia and Africa. In addition, the malware is now sending phishing emails directly from the…

Read More

How Can Businesses Defend Themselves Against Cyberthreats?

Posted on by Admin
How Can Businesses Defend Themselves Against Cyberthreats?

Today, all businesses are at risk of cyberattack, and that risk is constantly growing. Digital transformations are resulting in more sensitive and valuable data being moved onto online systems capable of exploitation, thus increasing the profitability of a successful breach. Furthermore, launching a cyberattack is becoming more accessible. Exploit kits and malware-as-a-service offerings are getting cheaper, while open-source AI tools are making masquerading as a trusted executive and exploiting vulnerabilities easier. TechRepublic consolidated expert advice…

Read More

Verizon 2024 Data Breach Report shows the risk of the human element

Posted on by Admin
Verizon 2024 Data Breach Report shows the risk of the human element

Verizon Business released its 17th-annual Data Breach Investigations Report (DBIR), highlighting the role that the human element plays in cyber threats. This report examined 30,458 security incidents as well as 10,626 verified breaches in 2023, representing a two-fold increase from 2022. Out of the breaches analyzed, more than two-thirds (68%) included a non-malicious human element — in other words, these incidents involved insider errors or people falling for social engineering schemes. This percentage remains consistent…

Read More

The art of information gathering.

Posted on by Admin
The art of information gathering.

Greg Lesnewich, senior threat researcher at Proofpoint, sits down to discuss “From Social Engineering to DMARC Abuse: TA427’s Art of Information Gathering.” Since 2023, TA427 has directly solicited foreign policy experts for their opinions on nuclear disarmament, US-ROK policies, and sanction topics via benign conversation starting emails.  The research states “While our researchers have consistently observed TA427 rely on social engineering tactics and regularly rotating its email infrastructure, in December 2023 the threat actor began to abuse…

Read More

XZ Utils Supply Chain Attack: A Threat Actor Spent Two Years to Implement a Linux Backdoor

Posted on by Admin
XZ Utils Supply Chain Attack: A Threat Actor Spent Two Years to Implement a Linux Backdoor

A threat actor quietly spent the last two years integrating themself in the core team of maintainers of XZ Utils, a free software command-line data compressor widely used in Linux systems. The attacker slowly managed to integrate a backdoor in the software that was designed to interfere with SSHD and allow remote code execution via an SSH login certificate. The backdoor was discovered a few days before being released on several Linux systems worldwide. The…

Read More

Navigating the identity security landscape

Posted on by Admin
Navigating the identity security landscape

In this episode of The Security Podcasts featuring Jeff Reich, Executive Director of the Identity Defined Security Alliance, we discuss the challenges security professionals are facing in the evolving landscape of identity security threats. “Something we see often is when we were asking the question, ‘how long do account stay active or in your system after someone leaves your organization?’ And certainly there are a number of organizations that say within two days it’s been…

Read More

UK's NCSC Issues Warning as SVR Hackers Target Cloud Services

Posted on by Admin
UK's NCSC Issues Warning as SVR Hackers Target Cloud Services

Russian state hackers are adapting their techniques to target organizations moving to the cloud, an advisory from the UK National Cyber Security Centre and international security agencies has warned. The advisory details how cyber espionage group APT29 is directly targeting weaknesses in cloud services used by victim organizations to gain initial access to their systems. APT29 is also expanding the scope of its attacks beyond governments, think tanks, healthcare and energy providers to include victims…

Read More
1 2 3 4 6