Monthly Archives: June 2023

The U.S. Federal Trade Commission (FTC) has published a data spotlight outlining the most common text message scams in 2022. Phony bank fraud prevention alerts were the most common type of text scam last year.

A researcher was alerted to a fake website containing fake quotes that appeared to be written by himself. The age of generative artificial intelligence (AI) toying with our public personas has truly arrived. As cybersecurity professionals we must ask, what … Read More

Legitimate services can be exploited in social engineering, including business email compromise (BEC) attacks.  Researchers at Check Point describe one current BEC campaign that’s using Soda PDF to send messages encouraging the recipients to call a phone number. Should they … Read More

CyberheistNews Vol 13 #25  |   June 20th, 2023 [Fingerprints All Over] Stolen Credentials Are the No. 1 Root Cause of Data Breaches Verizon’s DBIR always has a lot of information to unpack, so I’ll continue my review by covering … Read More

Cybercriminals still know that the easiest way to successfully infiltrate an organization is through its people. 

The recent conviction of a U.K. man for cyber crimes committed in 2018 brings to light a cyber attack where this attacker manually performed the “in-the-middle” part of an attack.

Details from a simple impersonation phishing attack show how well thought out these attacks really are in order to heighten their ability to fool victims and harvest credentials.

A survey by PasswordManager.com has found that one in three job seekers has fallen for, and responded to, fake job scams over the past two years.

Real-time security coaching helps improve your organization’s security culture by enabling real-time coaching of your users in response to risky security behaviors. 

The French government is taking a stand against the increasing threat of digital warfare. Publicly accusing Russia of conducting an extensive online manipulation campaign, France is fighting back against typosquatting of major media outlets and the French Foreign Ministry.

While artificial intelligence (AI) has been the hot topic of this year, a theme that I continue to see is that AI is being used for good and evil.

A phishing campaign is spoofing the major German media conference Anga Com, according to Jeremy Fuchs at Avanan.

Microsoft describes a sophisticated phishing campaign that targeted several financial organizations.

As government-sponsored and widespread vulnerability attacks continue to result in larger damages, cyber insurers are looking for opportunities to still meet demand without incurring risk.

Ransomware attacks are as pervasive as ever, with new data demonstrating just how impactful the attacks really are.

CyberheistNews Vol 13 #24  |   June 13th, 2023 [The Mind’s Bias] Pretexting Now Tops Phishing in Social Engineering Attacks The New Verizon DBIR is a treasure trove of data. As we will cover a bit below, Verizon reported that … Read More

What really makes a “strong” password? And why are you and your end-users continually tortured by them? How do hackers crack your passwords with ease? And what can/should you do to improve your organization’s authentication methods?

New data makes it crystal clear that spear phishing is a real problem… and organizations may not properly be prepared to detect and address it.

Wouldn’t it be great if your cybersecurity strategy only had to focus on just a few threats? Sigh… if only life were that easy. But new predictions for this year’s most prevalent cyber threats from analyst firm Forrester should help … Read More

New data puts the spotlight on the human factor in U.K. cyber attacks, where users continue to be susceptible to social engineering, creating the so-called “Human Risk.”