Monthly Archives: February 2023

By Joe Fay Not even a pyramid scheme – they just convince people to give away their money.  A network of crypto scammers has been able to game YouTube’s algorithms to publicize and amplify fraudulent investment apps without triggering the … Read More

BlackBerry has published a report on a threat actor, Blind Eagle, also known as APT-C-36, which has been operating against targets in Ecuador and Colombia since at least 2019. Its most recent activity has been directed at organizations in Colombia. … Read More

An international cybercriminal operation responsible for millions of dollars in business email compromise (BEC) scams has finally been dismantled.

CyberheistNews Vol 13 #09  |   February 28th, 2023 [Eye Opener] Should You Click on Unsubscribe? By Roger A. Grimes. Some common questions we get are “Should I click on an unwanted email’s ‘Unsubscribe’ link? Will that lead to more … Read More

By Joe Fay  Australia to scrap cybersecurity rules as part of a new regime, ransoms bankroll further ransomware attacks, Dole and PyPi attacked, while the European Commission calls time on TikTok.  Australia to Overhaul Cybersecurity Rules  The Australian government is … Read More

Most computer security practitioners have understood for many years the importance of having an aggressive security awareness training program. As social engineering is involved in 70% to 90% of all successful hacking attacks, not addressing the human element is not … Read More

Researchers at Checkmarx warn that attackers uploaded more than 15,000 packages to NPM, the open-source repository for JavaScript packages, to distribute phishing links. The packages themselves weren’t malicious, but they contained README text files with links to phishing sites.

As part of its expanded diversity, equity and inclusion (DEI) initiative, (ISC)² and its partner, BUiLT (Blacks United in Leading Technology, Inc.), are releasing four new toolkits aimed at increasing the number of Black and underrepresented professionals entering, staying and … Read More

By John E. Dunn Forget vanilla phishing attacks – cybercriminals today have much more interesting tricks up their sleeves. MFA Fatigue Attacks  When push notification via smartphone first appeared, it looked as if the industry had finally found a type … Read More

An FBI cyber incident, GoDaddy’s third breach in three years and an NHS data leak highlight a week of major cybersecurity events. Here are the latest threats and advisories for the week of February 24, 2023.  Threat Advisories and Alerts  … Read More

By Vivek Soni, CCSP Key Risk Indicators (KRIs) are critical predictors/indicators of undesirable events that can adversely impact the organisation. These are the kind of metrics which are forward looking and contribute to the early warning sign that facilitates enterprise … Read More

Practitioners from across the cybersecurity industry and the (ISC)² member community are invited to submit their session proposals as the cyber world begins its journey to Nashville.  (ISC)² today launched its call for presentations for its annual (ISC)² Security Congress … Read More

New data shows users aren’t scrutinizing emails used in business email compromise (BEC) attacks, allowing critical changes in banking details that would impact the victim’s organization financially.

New cyber attack data from 2022 is providing insight into what to expect in 2023, including ransomware campaigns.

Email scammers can’t pass up a tried and true theme that is almost guaranteed to produce results. And with W-2 forms being sent out, it marks the start of this year’s expected campaigns.

With nearly 280 million phishing emails detected by just one vendor, and the increase in the number of unique emails, organizations have a lot to be worried about in 2023.

At (ISC)², we pride ourselves in our steadfast dedication to maintaining the relevance and quality of all the certifications in our portfolio. (ISC)² certifications are constantly being reviewed and updated to make sure they are serving the needs of professionals … Read More

We received great feedback from many of you after sharing data about completion percentages last month so much that we thought, “What other things can we share from our vast amount of training data?” 

Coinbase describes a targeted social engineering attack that led to the theft of some employee data. The attacker first sent smishing messages to several Coinbase employees, urging them to click a link and log in to their Coinbase work account. … Read More

The latest (ISC)² research report, How the Cybersecurity Workforce Will Weather a Recession, found that despite looming recession concerns, cybersecurity teams will be least impacted by staffing cuts in 2023.   To assess the impact of a potential economic downturn … Read More