Microsoft: Octo Tempest is one of the most dangerous financial hacking groups

October 26, 2023 at 07:11PM Octo Tempest is a threat actor group tracked by Microsoft, specializing in data extortion and ransomware attacks. They have evolved their tactics over time, targeting organizations in various sectors and partnering with the ALPHV/BlackCat ransomware group. With advanced social engineering capabilities, they gain initial access through phishing, social engineering, and … Read more

Microsoft: Octo Tempest one of the most dangerous financial hacking groups

October 26, 2023 at 06:56PM Octo Tempest, a native English-speaking threat actor tracked by Microsoft, has evolved from selling SIM swaps and stealing cryptocurrency accounts to conducting data extortion and ransomware attacks. The group targets companies in various sectors and has partnered with the ALPHV/BlackCat ransomware group. They employ advanced social engineering techniques, physical threats, … Read more

1Password Detects Suspicious Activity Following Okta Support Breach

October 24, 2023 at 01:51AM Password management solution 1Password had a breach of its Okta instance, but no user data was accessed. The breach involved a threat actor attempting to access an IT team member’s user dashboard and manipulate authentication flows. Measures have been taken to enhance security, including tighter MFA rules and reducing the … Read more

From Snooze to Enthuse: Security Awareness Training That Sticks

October 20, 2023 at 05:32PM Employees experience a physical “escape room” to enhance security awareness. They role-play as criminal social engineers and identify vulnerabilities in a mock office space. The aim is for employees to understand the importance of physical security and remember practices like keeping whiteboards clean, locking laptops, and hiding or shredding documents. … Read more

Fighting off cyberattacks? Make sure user credentials aren’t compromised

October 17, 2023 at 10:04AM Threat actors are constantly finding new ways to trick end-users into giving up their credentials, leading to a rise in credential theft. Cybercriminals target credentials because people often reuse the same login information across multiple sites, giving hackers access to sensitive accounts. They use social engineering tactics like tailgating, spear … Read more

530K people’s info feared stolen from cloud PC gaming biz Shadow

October 13, 2023 at 03:05PM French cloud service Shadow has confirmed that criminals stole a database containing customer data in a social-engineering attack against one of its employees. The stolen data includes personal information such as names, email addresses, dates of birth, billing addresses, and credit card expiration dates. The company reassured customers that no … Read more

DarkGate Malware Spreading via Messaging Services Posing as PDF Files

October 13, 2023 at 07:06AM DarkGate, a piece of malware, is being spread through instant messaging platforms like Skype and Microsoft Teams. The malware is delivered disguised as a PDF document and triggers the download and execution of an AutoIt script that launches the malware. The malware can harvest sensitive data, conduct cryptocurrency mining, and … Read more

October 10, 2023 at 10:06AM – Old-School Attacks Are Still a Danger, Despite Newer Techniques

October 10, 2023 at 10:06AM Many cybercriminals still rely on non-sophisticated attacks because they are effective. These include phishing attacks and credential harvesting, often obtained through social engineering. Automation and AI are increasingly being used by bad actors to conduct attacks more efficiently. To defend against these attacks, organizations need to bolster human defenses through … Read more