Monthly Archives: January 2023

With Microsoft disabling macros by default on Office documents, cybercriminals are left needing another means to launch malware that’s victim-supported by default.

New data showcasing the state of ransomware shows that while organizations are likely getting better at recovery (and not paying the ransom), cybercriminals are shifting focus to ensure the make money.

Threat actors are using malicious attachments in OneNote in order to distribute malware, BleepingComputer reports. The attackers attach VBS files that instruct the user to double-click on the file. Most of the phishing lures pose as shipping notifications, invoices, or … Read More

New analysis of December and January emails shows massive spikes in attacks aimed at stealing personal information and credit cards under the guise of once-in-a-lifetime travel deals.

By: Joe Fay U.S. looks for half a million cybersecurity professionals, ransomware victims less likely to pay up, analyst warns on Chinese smart device spy threat…but RSA encryption safe from Quantum cracking for now. U.S. struggles with shortage of cybersecurity … Read More

By: Joe Fay  Simon Thompson, CEO of the U.K.’s Royal Mail, has confirmed in a session with MPs that the crippling of its ability to send parcels and letters abroad was down to a “cyberattack” and that it was “ongoing”.  … Read More

At least two federal civilian agencies were the unfortunate victims of a refund scam campaign, perpetrated through the use of remote monitoring and management (RMM) software. CISA, the NSA and the MS-ISAC discovered the campaign in October, but it appears … Read More

The UK’s National Cyber Security Centre (NCSC) has described two separate spear phishing campaigns launched by Russia’s SEABORGIUM threat actor and Iran’s TA453 (also known as Charming Kitten). The NCSC says both threat actors have targeted entities in the UK, … Read More

By: Joe Fay  Data Privacy Day (known as Data Protection Day in Europe) falls this Saturday (January 28) and if you haven’t worked out how to mark the day yet, tech vendors and organizations are more than willing to help.  … Read More

Is alert fatigue getting to you? I found a guide that allows you some well-deserved personal downtime, and still has something to do with work so that you can justify getting away with taking some PTO and veg out. But … Read More

Alerts from national cybersecurity agencies, gaming developer attacks and the Mailchimp/FanDuel breach. Here are the latest threats and advisories for the week of January 27, 2023.  Threat Advisories and Alerts  CISA Publishes Report to Help Protect Schools from Cyberthreats  The … Read More

Completion percentages on compliance and security training campaigns have become a popular topic of discussion.

I have read a lot of Sci-fi. Thousands of books actually. You can’t help but start recognizing patterns. One of my favorite movies is Blade Runner. Main character Rick Deckard states: “Replicants are like any other machine – they’re either … Read More

Yeah, quantum computers are likely to be able to crack passwords from every angle.

For the second time in less than a year, Mailchimp has found itself in a precarious situation, having to admit that it has been breached. It appears that a social engineering attack tricked Mailchimp employees and contractors into giving up … Read More

Researchers at Safeguard Cyber describe a phishing campaign that’s posing as a Japanese rail ticket reservation company.

In our latest episode of Security Masterminds, we have the pleasure of interviewing Roger Grimes, Data-Driven Defense Evangelist for KnowBe4, who has held various roles throughout his career. In the episode, Roger discusses his early days of malware disassembly, the … Read More

(ISC)² launched a new initiative for individuals pursuing or considering a career in cybersecurity. The goal? To create new pathways to cybersecurity career success and decrease the global workforce gap. Within three months of launching this initiative, we had more … Read More

KnowBe4’s latest reports on top-clicked phishing email subjects have been released for 2022 and Q4 2022. We analyze ‘in the wild’ attacks reported via our Phish Alert Button, top subjects globally clicked on in phishing tests, top attack vector types, and … Read More