Monthly Archives: March 2023

CyberheistNews Vol 13 #12  |   March 21st, 2023 [Heads Up] This Week’s New SVB Meltdown Social Engineering Attacks On Saturday March 11, I warned about the coming wave of phishing attacks that would undoubtedly follow the SVB collapse. We … Read More

Researchers at ReliaQuest warn that organizations should continue to be on the lookout for social engineering attacks related to Silicon Valley Bank (SVB).

By John E. Dunn  Phishing attacks depend on creating huge numbers of lookalike ‘confusable’ domains. A new report has highlighted the most prevalent examples and suggested a way to detect phishing domains before they are used in anger.   Ever since … Read More

Secureworks has published a report looking at cybercrime over the course of 2022, finding that business email compromise (BEC) attacks nearly doubled last year. Additionally, attacks in which phishing was used as the initial access vector (IAV) increased by nearly … Read More

Yikes. Loz Blain at NewAtlas just reported that Stanford has copied the ChatGPT AI for less than $600. The article started out with: “Stanford’s Alpaca AI performs similarly to the astonishing ChatGPT on many tasks – but it’s built on … Read More

A new law in Québec, Canada, that goes into effect this June  will require all policies and training materials assigned to employees within the province be provided in French. 

This month, we asked women in the (ISC)² Blog Volunteers group to weigh in on a few questions from their perspective as a female working in cybersecurity. While their experiences in the industry have varied, this group unanimously responded that … Read More

Mea Culpa. When you make a mistake, admit you made a mistake.

It’s a familiar story: scam artists impersonate a trusted brand, a trusted business or a trusted authority in emails and on bogus sites designed to exploit that very trust to commit fraud. Generally, this isn’t the fault of the person … Read More

Are you ready to take your (ISC)² exam? If so, there is a slight change to the process! When you’re ready to schedule your exam, please log in to your account at isc2.org.* Whether you’re pursuing your first (ISC)² certification, … Read More

New data shows that not only has just about every organization experienced a successful phishing attack, but that they are also paying the price in a number of impactful ways.

New data looking back at the cyber attacks observed in 2022 shows that phishing continues to dominate as initial access brokers seem to be growing their business using backdoors.

By Dave Cartwright, CISSP  A week is a long time in most business sectors. In the intertwined world of banking and startups, it feels like an eternity as both sides deal with the fallout from the collapse of Silicon Valley … Read More

Cybercriminals pounce on SVB collapse, privacy concerns around ChatGPT and the FBI warns of a rise in crypto scams. Here are the latest threats and advisories for the week of March 17, 2023.    By John Weiler  Threat Advisories and Alerts  … Read More

I talk and present often about DMARC (and SPF and DKIM), including here. A lot of people who think they understand how DMARC works, do not really understand it as well as they think they do. This post is aimed … Read More

Attackers are increasingly using techniques to prevent their phishing pages from being detected by security firms, a new report from BlueVoyant has found. The report found that in 2022 there was a 240% increase in phishing pages that attempted to … Read More

Phishing emails increase in volume every month and every year, so we created this free resource kit to help you defend against attacks. Request your kit now to learn phishing mitigation strategies, what new trends and attack vectors you need … Read More

By John E. Dunn  Two arrests for alleged ransomware crimes and some useful intel. But will the latest Europol action make any difference?  Following an international operation encompassing law enforcement agencies in Germany, Ukraine, the Netherlands and the U.S., Europol … Read More

As cybercriminals increasingly turn to malwareless phishing attacks, the ability for security solutions to correctly identify a malicious email is becoming more and more difficult.

New data on the state of email security shows that nearly every organization has been the target of a phishing attack as attacks increase in sophistication.