A Can of Phishbait: from Surveys to Rule Changes to Your Boss’s Boss
Employees need to continue being wary of phishing scams as they begin to return to the office, according to Roger Kay at INKY. Kay describes several phishing templates that INKY has intercepted in recent months, including one that informed recipients that they needed to fill out a compliance form related to COVID-19 risks. “Reasonably well […]
Posted: April 14, 2021 | View More »Vaccine Research Companies are the Target of New Ransomware Attacks
The U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) warns financial organizations to be aware of campaigns actively targeting vaccine companies If you’re a ransomware gang and you want to maximize your ransom, who do you attack? An organization working feverishly to potentially make billions of dollars via a desperately needed vaccine, of course! Take […]
Posted: February 4, 2021 | View More »[HEADS UP] Allowing Site Notifications Can be Very Costly
Krebs on Security reported that there have been an increasing number of websites asking visitors to approve ‘notifications’. In most cases these notifications are not malicious, but several firms are paying site owners to install notification scripts to sell to scammers. Normally, a website will ask permission to send notifications (as long as you approve […]
Posted: February 4, 2021 | View More »New “Back to Work” HR-Themed Phishing Scam Works to Steal Internal User Credentials
Using a fake internal memo from HR, per-user custom-named email attachments, SharePoint Online, and a realistic-looking HR form, this phishing attack has all the ingredients to trick your users. This far into the pandemic, there are groups of users within your organization begging to come back to the office, as well as those that never […]
Posted: February 4, 2021 | View More »BEC Incidents Intent on Invoice or Payment Fraud Increase 155% Across All Industries
Business Email Compromise appears to be back in the saddle again, as attackers use simple social engineering and domain impersonation to trick victims into paying up. In the midst of adjusting to working-while-COVID, ransomware seemed to be at the forefront of attacks. But new data from Abnormal Security’s Q3 Quarterly BEC Report shows that business email compromise has recently grown in interest […]
Posted: December 3, 2020 | View More »Thinking Skeptically About Smishing
Organizations need to train their employees to be on the lookout for SMS phishing (smishing), according to Jennifer Bosavage at Dark Reading. Bosavage explains that attackers exploit normal human behavior to gain access or information from employees. “Cyberattackers leverage the way people typically respond to certain social situations to trick them into disclosing sensitive information about themselves, […]
Posted: December 3, 2020 | View More »20 Ways to Build Your Security Fortress From Anywhere
At Home Have separate devices for work and personal use Connect to Ethernet (wired) or at least WPA2 (Wi-Fi Protected Access 2) for a secure wireless connection Use a VPN (Virtual Private Network) whenever possible to access employer systems/data Keep router and modem firmware up-to-date Secure IoT devices (smart speakers, appliances, etc.) – use strong, […]
Posted: November 2, 2020 | View More »National Security Awareness Podcasts
Tune into our podcasts each week! Week 1: October 9Introduction to IT360 & Cybersecurity in 2020 Week 2: October 16Cybersecurity Training for Employees Week 3: October 23Cyber Insurance Week 4: October 30Remote Working
Posted: October 8, 2020 | View More »[Heads Up] DarkSide: Sophisticated New Customized Ransomware Strain Demands Millions Of Dollars
Breaking News: A new ransomware operation named DarkSide began attacking organizations earlier this month with customized attacks that have already earned them million-dollar payouts. But here is the clincher: When performing attacks, DarkSide will create a customized ransomware executable for the specific company they are attacking. Our friends at Bleepingcomputer said: “Starting around August 10th, […]
Posted: October 8, 2020 | View More »Australian Financial Services Company is Sued for Repeatedly Being Hacked… and Doing Zero About It
The Australian Securities and Investments Commission (ASIC) is suing RI Advice Group for being hacked multiple times over a year’s time that includes 155 hours of undetected hacker activity. If you are the victim of ransomware once, it’s probably inevitable. But if you’re a ransomware victim again, and then hacked on a third occasion, you’re probably not […]
Posted: October 8, 2020 | View More »