Cybersecurity Awareness Month is a great time to educate yourself and your users. Not sure where to start? We’ve got you covered! Here’s a set of resources from our Partner KnowBe4 that you can use to help your users make smarter security decisions this month and beyond. You’ll get: Access to free resources for you […]
So, Your MFA is Phishable, What To Do Next
Most MFA is Easily Phishable Many people are shocked when we show them how easy it is to bypass or hack most MFA solutions. In the majority of cases, it’s as easy to do as phishing a password. Here’s a good example video demonstrating how easy it is to phish past most MFA solutions. Use […]
[Whoa] Ransomware Strains Almost Double in Six Months from 5,400 to 10,666
A recent report from FortiGuard Labs saw ransomware variants double in total so far compared to 2021, and the year is not over yet. In a statement from FortiGuard Lab’s Chief Strategist, “Cyber adversaries are advancing their playbooks to thwart defense and scale their criminal affiliate networks. They are using aggressive execution strategies such as […]
What’s Next for the 3.8 Billion Entries in the Clubhouse-Facebook Database? Plenty of Social Engineering Attacks
What do you get when you add a totally free 1.3 Billion set of phone numbers and data from millions of Facebook profiles? A massive dox database of users now up for sale for $100,000. The Clubhouse data breach earlier this year, while headline-worthy, resulted in a big nothing where all the phone numbers exfiltrated […]
Google Ads Abused to Deliver Malware
Cybercriminals are using malicious Google Ads to deliver the ZLoader banking Trojan, ZDNet reports. Researchers at Microsoft stated on Twitter that attackers are purchasing Google Ads that point to compromised websites, then redirect the user to a malicious website that delivers the malware. The criminals use the ads to target people who search Google for […]
Large Phishing Campaign Abuses Open Redirects
Researchers at Microsoft have observed a widespread phishing campaign that’s abusing open redirectors to fool users into visiting credential-harvesting pages. Open redirects are often used for legitimate purposes, such as tracking click rates. However, they can also be abused to disguise a link to a phishing page. “The use of open redirects in email communications […]
Android Trojan Goes After Facebook Accounts
A new Android Trojan has hijacked more than 10,000 Facebook accounts by stealing session cookies, according to researchers at Zimperium. The malware uses social engineering to trick users into installing malicious apps from the Google Play Store and third-party app stores. “The threat actors made use of several themes that users would find appealing such […]
12 Steps to a Security Ignorance Program
Most people working for organizations have been exposed at some point in their careers to security awareness programs. Some of these programs are well-executed and delivered, while others consist of a disinterested security person talking through slides for 45 minutes. I’ve seen many good security awareness programs over the years, and at the same time, […]
Two of the Most Common and Successful Ransomware Attack Methods are Exposed
Researchers at Coveware recently analyzed ransomware attacks during Q2 of this year and noticed a similar trend in ransomware attack methods by cybercriminals. These are the two ransomware attack methods that are gaining popularity by ransomware gangs: Email Phishing Attacks – The most common form of a cyberattack. Cybercriminals are including a malicious attachment in […]
A Popular Fraud Combo is Back: Elon Musk and Bitcoin
Researchers at Bitdefender warn that cybercriminals continue to impersonate Elon Musk in Bitcoin scams. One campaign that started on May 15 involved sending thousands of emails telling users to register for a $5,000 Bitcoin giveaway organized by Tesla. “79.72% of scam emails appear to be sent from IP addresses in Germany, targeting users in Europe […]