Tag: security awareness training

Organizations Working From Home Opens Wider Target for Cybercriminals

With so many people working from home, more attackers are adapting their strategies to focus on employees as a way to bypass organizations’ defenses, FCW reports. During a webcast hosted by Venable, several Federal and industry experts discussed the challenges associated with remote work, particularly in organizations that previously required physical modes of identification. Sean […]

Crowdstrike: “More Cyberattacks in the First Half of 2020 Than in All of 2019”

According to a recent study conducted by cybersecurity firm CrowdStrike, recent threat activity throughout its customers’ networks has shown more intrusion attempts within the first half of 2020 than in all of 2019. This may be due to the pandemic and subsequent lockdown measures forcing employees to mass shift to teleworking. This may also be […]

[Heads Up] Apparently Slack Phishing Got So Bad They Had To Do Something About It

Slack has announced a slew of new security features, certificates and integrations, including a verification system that adds an additional layer to protect against phishing scams. The announcement follows on from Slack Connect, launched in June, which allows organizations to create shared channels with other companies. This is the company’s big play in its attempt […]

Paying the Ransom After a Ransomware Attack May Become More Complicated, Thanks to the U.S. Treasury

With many organizations considering to pay the ransom should they experience an attack, new guidance from the U.S. Treasury may put a damper on an organization’s ability to pay. When hit with a modern ransomware attack today, the idea of paying the ransom has been brought back into the spotlight due to multiple ransomware variants […]

Explosion of Zoom Meeting Phishing Attacks Over Spring and Summer of 2020 and Targeting Office365 and Outlook Credentials

Researchers at INKY have observed an “explosion” of Zoom-themed phishing attacks over the Spring and Summer of 2020. Most of the attacks are aimed at stealing credentials to services like Outlook and Office 365 by directing users to spoofed login pages. The researchers say they’ve observed the emails being sent from legitimate, compromised accounts as […]

Leaked U.S.-UK Trade Documents Show How Devastating Compromised Email Can Be

An ongoing criminal investigation highlights how classified documents stolen by Russian hackers from former U.K. trade minister Liam Fox may have been used to impact the British 2019 election. Late last year, these trade documents were leaked and disseminated online by a Russian disinformation campaign. The new addition to this story, according to Reuters, is […]

GitHub is the Latest Target of Social Engineering Phishing Attacks

Using simple alert-style email notices, scammers look to steal credentials to gain access to development code, intellectual property, and project details. While the preponderance of impersonation attacks focus on brands like Office 365, Facebook, and others, it’s only a matter of time until cybercriminals decided going after developers was a good idea. Last month, GitHub […]

Sawfish Spearphishing Attacks Continue, Prompting Password Resets on GitHub and DeepSource

A new wave of attacks on GitHub users via app developer DeepSource has raised concerns over access to user credentials and development code. I’ve written about phishing attacks targeting GitHub users previously. But this month, users of GitHub partner DeepSource were notified of a security incident in which at least one of DeepSource’s employee credentials […]

1 in 3 Employees Rarely or Never Think About Cybersecurity

Eye-opening data around the impact of human error demonstrates how simple user mistakes can compromise your organization’s cybersecurity posture. It’s something we all know – employees that aren’t paying attention to corporate security aren’t helping. But new data from email security vendor Tessian quantifies this notion with some pretty surprising data. In their Psychology of […]

New Phishing Attack Targets 200M+ Microsoft 365 Accounts Via Malicious Excel .SLK Files to Bypass Security

Using an old (but supported) Excel filetype, attackers can bypass both Exchange Online Protection and Advanced Threat Protection to run malicious macros. Security researchers at Avanan have discovered a new attack method where cybercriminals send phishing emails that contain what appears to be an Excel spreadsheet. The file is actually an SLK file – a […]