#PhishingAwareness

Microsoft: Creative Abuse of Cloud Files Bolsters BEC Attacks

by

October 9, 2024 at 09:11AM Threat actors are enhancing business email compromise (BEC) campaigns by using legitimate cloud file-sharing services like Dropbox and OneDrive, combined with social engineering tactics. This approach bypasses traditional security measures, allowing attackers to phish credentials and conduct further malicious activities. Microsoft advises enterprises to implement extended detection and response (XDR) … Read more

Cybersecurity Is Serious — but It Doesn’t Have to Be Boring

by

October 4, 2024 at 09:31AM Humor is emerging as a powerful asset in cybersecurity, boosting engagement, retention, and fostering a resilient security culture. Examples include gamification and humor-based competitions, effectively increasing motivation and productivity. However, implementing humor carries risks and challenges, such as trivializing threats or lacking cultural sensitivity. Nevertheless, humor can combat security fatigue, … Read more

Sophisticated Vishing Campaigns Take World by Storm

by

March 11, 2024 at 07:06PM Voice phishing, known as vishing, is on the rise globally, including in South Korea, where recent scams have caused significant financial losses. These schemes involve sophisticated social engineering tactics and impersonation of law enforcement, exploiting cultural and legal understanding. Vishing operators are utilizing technology and apps, such as SecretCalls, to … Read more

Cybercrooks book a stay in hotel email inboxes to trick staff into spilling credentials

by

December 20, 2023 at 04:33PM Cybercriminals are targeting hotel staff by sending emails that exploit their emotions and urgency to download password-stealing malware. Examples include false complaints, requests for assistance, and emotional scenarios. The ultimate goal is to steal hotel management credentials, which have been used in attacks against Booking.com customers. This has led to … Read more

UK Cyber CTO: Vendors’ Security Failings Are Rampant

by

December 6, 2023 at 02:48PM At the Black Hat Europe 2023 event, Ollie Whitehouse of the NCSC stated that current cybersecurity is inadequate to counter advanced threats. He criticized security vendors for creating closed ecosystems with up-charges for better security and lacking transparency, especially regarding SaaS vulnerabilities. He advocated for basic security improvements and greater … Read more

Okta: October data breach affects all customer support system users

by

November 29, 2023 at 08:32AM Okta’s customer support system was breached, affecting all support system users and exposing names, emails, and other details. Less than 1% of customers had session tokens stolen. Okta advises all users, especially unsecured admins, to implement multi-factor authentication and increase vigilance against phishing. No credentials were exposed. Previous attacks included … Read more

This Cybersecurity Awareness Month, Don’t Lose Sight of Human Risk

by

October 24, 2023 at 05:10PM Cybersecurity Awareness Month celebrates its 20th anniversary by promoting the importance of cybersecurity education. The initiative, which began in the US and has now become a global movement, encourages proactive measures and knowledge-sharing to address human risk, which accounts for over 80% of cybersecurity incidents. Microsoft recommends focusing on enabling … Read more

The Need for a Cybersecurity-Centric Business Culture

by

October 18, 2023 at 10:07AM Creating a culture of cybersecurity requires more than just technology and skilled resources. It starts at the top, with leadership understanding and investing in cybersecurity. Demonstrating the importance of cybersecurity through communication and engagement with employees is essential. Educating employees and regularly testing their knowledge is also crucial. Ultimately, the … Read more