Monthly Archives: June 2023

The Wall Street Journal today revealed that North Korea’s hacker army managed to steal a huge amount of cryptocurrency amounting to $3 billion to finance their nuclear program. US officials have confirmed this news. 

Verizon’s DBIR always has a lot of information to unpack, so I’ll continue my review by covering how stolen credentials play a role in attacks.

We occasionally learn of articles and papers that claim that security awareness training and/or simulated phishing campaigns are not effective. We don’t want to disparage what these individuals have found in their own experience, and we encourage everyone to find … Read More

While your users are getting ready for their next beach vacation, cybercriminals are preparing for their opportunity to strike. Check Point Research warns about this and common phishing attacks related to summer vacations.

People are one of the most common factors contributing to successful data breaches. Let’s dive in deeper into the latest Verizon Data-Breach Investigations Report (DBIR) to find out how and why users are a contributor to the problem.

The New Verizon DBIR is a treasure trove of data. As we covered here, and here, people are one of the most common factors contributing to successful data breaches. Let’s drill down a bit more in the Social Engineering section. 

My analysis of this year’s newly-released Verizon Data Breach Investigations Report begins with ransomware findings that point back to users as a big problem.

A Chinese-speaking phishing gang has expanded its targeting from the Asia-Pacific region to the Middle East, researchers at Group-IB have found. The gang, which the researchers call “PostalFurious,” impersonated a toll operator and a postal service in the Middle East.

For years, KnowBe4 has been a long-time proponent of everyone using PHISHING-RESISTANT multi-factor authentication (MFA) whenever possible.

The U.S. and South Korean governments have issued a joint advisory outlining a North Korean phishing campaign, The Register reports. The threat actor, known as “Kimsuky,” is targeting “individuals employed by research centers and think tanks, academic institutions, and news … Read More

CyberheistNews Vol 13 #23  |   June 6th, 2023 [Wake-Up Call] It’s Time to Focus More on Preventing Spear Phishing Fighting spear phishing attacks is the single best thing you can do to prevent breaches. Social engineering is involved in … Read More

Today, the FBI alerted warned against a new even more disgusting type of sextortion. Previously, these schemes involved coerced or stolen digital material, but now some criminals are using technology to create explicit content from innocent images or videos found … Read More

A phishing campaign is using hyperlinked images in order to trick users into visiting malicious sites, according to Jeremy Fuchs at Avanan. The emails contain images that offer gift cards or promotions for Delta or Kohls.

All, I thought it was necessary to have an independent, vendor-neutral Cert so we would have a real Certified Security Awareness and Culture Professional (SACP)™. I funded the effort after finding the great team at H Layer Credentialing. This is … Read More

Forced verification fraud and deepfake fraud are on the rise in the US and Canada, according to researchers at Sumsub. Pavel Goldman-Kalaydin, Sumsub’s Head of AI & ML, explains that forced verification involves bypassing biometric data checks.

A new study found that ChatGPT can accurately recall any sensitive information fed to it as part of a query at a later date without controls in place to protect who can retrieve it.

As digital transformation continues to shape the healthcare industry, it is crucial for healthcare organizations to prioritize cybersecurity. These organizations are entrusted with sensitive personal information from patients, making them a prime target for cybercriminals who steal, exploit or sell … Read More