Monthly Archives: September 2023

The United States FBI, NSA, and CISA have released a joint report outlining the various social engineering threats posed by deepfakes.

A malwareless and linkless phishing attack uses sextortion and the threat of legal action to get the attention of potential victims and get them to respond.

A new report takes an exhaustive look at how cybersecurity professionals see the current and future state of attacks, and how well vendors are keeping up.

Do you want to bridge the gap between IT, cybersecurity, and the business to enhance collaboration and integration? Are you seeking a solution to align cybersecurity efforts with business goals?

As the aftermath unfolds, the details around the recent attack on MGM Resorts, providing crucial insight into the attacks impact, who’s responsible, and how it started.

Four days later, $52 million in lost revenues and counting, a cyber attack on MGM Resorts International, a $14 billion Las Vegas gaming empire with Hollywood-famous hotel spreads like the Bellagio, Cosmopolitan, Excalibur, Luxor, and the MGM Grand itself, had … Read More

Cybercriminals can’t ascertain your phone password just from a Wi-Fi signal, but they can come close according to a method described in a recent research paper. Researchers have demonstrated a method that uses Wi-Fi signals to infer numerical passwords, and … Read More

Researchers at Cyfirma outline trends in phishing campaigns around the world, finding that Singapore is disproportionately targeted by phishing attacks.

The Associated Press (AP) has disclosed a data breach affecting the legacy AP Stylebook website that led to phishing attacks against impacted customers, BleepingComputer reports.

In the movie, “Willy Wonka and the Chocolate Factory,” kids unwrap chocolate bars in hopes of winning a golden ticket, giving the holder an inside tour of the sugar factory. The W3LL store is selling advanced phishing kits – a … Read More

Phishing attacks have always been detected through broken English, but now generative artificial intelligence (AI) tools are eliminating all those red flags. OpenAI ChatGPT, for instance, can fix spelling mistakes, odd grammar, and other errors that are common in phishing … Read More

Researchers at Truesec are tracking a phishing campaign that’s distributing the DarkGate Loader malware via external Microsoft Teams messages.

The use of lookalike domains has reached critical mass with not just one counterfeit website, but many.

The Telekopye toolkit allows scammers to create phishing websites, send fraudulent SMS messages and emails, and target popular Russian and non-Russian online marketplaces.

Organizations have started to recognize the importance of tying executive pay to cybersecurity metrics. This practice is gaining traction among the largest U.S. companies, with nine Fortune 100 companies incorporating cyber goals into the calculation of short-term bonuses for top … Read More

The Interisle Consulting Group has published a paper looking at the phishing landscape in 2023, KrebsOnSecurity reports. Notably, Interisle found that the .us top-level domain is being widely abused in phishing attacks.

Identity and authentication management provider Okta has warned of social engineering attacks that are targeting IT workers in an attempt to gain administrative privileges within organizations’ networks.

The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that scammers are exploiting the recent hurricanes that have hit the US. Criminals frequently impersonate charities and related organizations following natural disasters.

I frequently write about authentication, including PKI, multi-factor authentication (MFA), password managers, FIDO, Open Authentication, and biometrics. I have written dozens of articles on LinkedIn and have presented during many KnowBe4 webinars about different authentication subjects.